github.com/outbrain/consul@v1.4.5/agent/connect/ca/plugin/transport_grpc.go

github.com/outbrain/consul@v1.4.5/agent/connect/ca/plugin/transport_grpc.go (about)

     1  package plugin
     2  
     3  import (
     4  	"context"
     5  	"crypto/x509"
     6  	"encoding/json"
     7  
     8  	"github.com/hashicorp/consul/agent/connect/ca"
     9  	"google.golang.org/grpc"
    10  )
    11  
    12  // providerPluginGRPCServer implements the CAServer interface for gRPC.
    13  type providerPluginGRPCServer struct {
    14  	impl ca.Provider
    15  }
    16  
    17  func (p *providerPluginGRPCServer) Configure(_ context.Context, req *ConfigureRequest) (*Empty, error) {
    18  	var rawConfig map[string]interface{}
    19  	if err := json.Unmarshal(req.Config, &rawConfig); err != nil {
    20  		return nil, err
    21  	}
    22  
    23  	return &Empty{}, p.impl.Configure(req.ClusterId, req.IsRoot, rawConfig)
    24  }
    25  
    26  func (p *providerPluginGRPCServer) GenerateRoot(context.Context, *Empty) (*Empty, error) {
    27  	return &Empty{}, p.impl.GenerateRoot()
    28  }
    29  
    30  func (p *providerPluginGRPCServer) ActiveRoot(context.Context, *Empty) (*ActiveRootResponse, error) {
    31  	pem, err := p.impl.ActiveRoot()
    32  	return &ActiveRootResponse{CrtPem: pem}, err
    33  }
    34  
    35  func (p *providerPluginGRPCServer) GenerateIntermediateCSR(context.Context, *Empty) (*GenerateIntermediateCSRResponse, error) {
    36  	pem, err := p.impl.GenerateIntermediateCSR()
    37  	return &GenerateIntermediateCSRResponse{CsrPem: pem}, err
    38  }
    39  
    40  func (p *providerPluginGRPCServer) SetIntermediate(_ context.Context, req *SetIntermediateRequest) (*Empty, error) {
    41  	return &Empty{}, p.impl.SetIntermediate(req.IntermediatePem, req.RootPem)
    42  }
    43  
    44  func (p *providerPluginGRPCServer) ActiveIntermediate(context.Context, *Empty) (*ActiveIntermediateResponse, error) {
    45  	pem, err := p.impl.ActiveIntermediate()
    46  	return &ActiveIntermediateResponse{CrtPem: pem}, err
    47  }
    48  
    49  func (p *providerPluginGRPCServer) GenerateIntermediate(context.Context, *Empty) (*GenerateIntermediateResponse, error) {
    50  	pem, err := p.impl.GenerateIntermediate()
    51  	return &GenerateIntermediateResponse{CrtPem: pem}, err
    52  }
    53  
    54  func (p *providerPluginGRPCServer) Sign(_ context.Context, req *SignRequest) (*SignResponse, error) {
    55  	csr, err := x509.ParseCertificateRequest(req.Csr)
    56  	if err != nil {
    57  		return nil, err
    58  	}
    59  
    60  	crtPEM, err := p.impl.Sign(csr)
    61  	return &SignResponse{CrtPem: crtPEM}, err
    62  }
    63  
    64  func (p *providerPluginGRPCServer) SignIntermediate(_ context.Context, req *SignIntermediateRequest) (*SignIntermediateResponse, error) {
    65  	csr, err := x509.ParseCertificateRequest(req.Csr)
    66  	if err != nil {
    67  		return nil, err
    68  	}
    69  
    70  	crtPEM, err := p.impl.SignIntermediate(csr)
    71  	return &SignIntermediateResponse{CrtPem: crtPEM}, err
    72  }
    73  
    74  func (p *providerPluginGRPCServer) CrossSignCA(_ context.Context, req *CrossSignCARequest) (*CrossSignCAResponse, error) {
    75  	crt, err := x509.ParseCertificate(req.Crt)
    76  	if err != nil {
    77  		return nil, err
    78  	}
    79  
    80  	crtPEM, err := p.impl.CrossSignCA(crt)
    81  	return &CrossSignCAResponse{CrtPem: crtPEM}, err
    82  }
    83  
    84  func (p *providerPluginGRPCServer) Cleanup(context.Context, *Empty) (*Empty, error) {
    85  	return &Empty{}, p.impl.Cleanup()
    86  }
    87  
    88  // providerPluginGRPCClient implements ca.Provider for acting as a client
    89  // to a remote CA provider plugin over gRPC.
    90  type providerPluginGRPCClient struct {
    91  	client     CAClient
    92  	clientConn *grpc.ClientConn
    93  	doneCtx    context.Context
    94  }
    95  
    96  func (p *providerPluginGRPCClient) Configure(
    97  	clusterId string,
    98  	isRoot bool,
    99  	rawConfig map[string]interface{}) error {
   100  	config, err := json.Marshal(rawConfig)
   101  	if err != nil {
   102  		return err
   103  	}
   104  
   105  	_, err = p.client.Configure(p.doneCtx, &ConfigureRequest{
   106  		ClusterId: clusterId,
   107  		IsRoot:    isRoot,
   108  		Config:    config,
   109  	})
   110  	return p.err(err)
   111  }
   112  
   113  func (p *providerPluginGRPCClient) GenerateRoot() error {
   114  	_, err := p.client.GenerateRoot(p.doneCtx, &Empty{})
   115  	return p.err(err)
   116  }
   117  
   118  func (p *providerPluginGRPCClient) ActiveRoot() (string, error) {
   119  	resp, err := p.client.ActiveRoot(p.doneCtx, &Empty{})
   120  	if err != nil {
   121  		return "", p.err(err)
   122  	}
   123  
   124  	return resp.CrtPem, nil
   125  }
   126  
   127  func (p *providerPluginGRPCClient) GenerateIntermediateCSR() (string, error) {
   128  	resp, err := p.client.GenerateIntermediateCSR(p.doneCtx, &Empty{})
   129  	if err != nil {
   130  		return "", p.err(err)
   131  	}
   132  
   133  	return resp.CsrPem, nil
   134  }
   135  
   136  func (p *providerPluginGRPCClient) SetIntermediate(intermediatePEM, rootPEM string) error {
   137  	_, err := p.client.SetIntermediate(p.doneCtx, &SetIntermediateRequest{
   138  		IntermediatePem: intermediatePEM,
   139  		RootPem:         rootPEM,
   140  	})
   141  	return p.err(err)
   142  }
   143  
   144  func (p *providerPluginGRPCClient) ActiveIntermediate() (string, error) {
   145  	resp, err := p.client.ActiveIntermediate(p.doneCtx, &Empty{})
   146  	if err != nil {
   147  		return "", p.err(err)
   148  	}
   149  
   150  	return resp.CrtPem, nil
   151  }
   152  
   153  func (p *providerPluginGRPCClient) GenerateIntermediate() (string, error) {
   154  	resp, err := p.client.GenerateIntermediate(p.doneCtx, &Empty{})
   155  	if err != nil {
   156  		return "", p.err(err)
   157  	}
   158  
   159  	return resp.CrtPem, nil
   160  }
   161  
   162  func (p *providerPluginGRPCClient) Sign(csr *x509.CertificateRequest) (string, error) {
   163  	resp, err := p.client.Sign(p.doneCtx, &SignRequest{
   164  		Csr: csr.Raw,
   165  	})
   166  	if err != nil {
   167  		return "", p.err(err)
   168  	}
   169  
   170  	return resp.CrtPem, nil
   171  }
   172  
   173  func (p *providerPluginGRPCClient) SignIntermediate(csr *x509.CertificateRequest) (string, error) {
   174  	resp, err := p.client.SignIntermediate(p.doneCtx, &SignIntermediateRequest{
   175  		Csr: csr.Raw,
   176  	})
   177  	if err != nil {
   178  		return "", p.err(err)
   179  	}
   180  
   181  	return resp.CrtPem, nil
   182  }
   183  
   184  func (p *providerPluginGRPCClient) CrossSignCA(crt *x509.Certificate) (string, error) {
   185  	resp, err := p.client.CrossSignCA(p.doneCtx, &CrossSignCARequest{
   186  		Crt: crt.Raw,
   187  	})
   188  	if err != nil {
   189  		return "", p.err(err)
   190  	}
   191  
   192  	return resp.CrtPem, nil
   193  }
   194  
   195  func (p *providerPluginGRPCClient) Cleanup() error {
   196  	_, err := p.client.Cleanup(p.doneCtx, &Empty{})
   197  	return p.err(err)
   198  }
   199  
   200  func (p *providerPluginGRPCClient) err(err error) error {
   201  	if err := p.doneCtx.Err(); err != nil {
   202  		return err
   203  	}
   204  
   205  	return err
   206  }
   207  
   208  // Verification
   209  var _ CAServer = &providerPluginGRPCServer{}
   210  var _ ca.Provider = &providerPluginGRPCClient{}