Merge pull request #338 from helgi/k8s_certs

feat(certs): add support for wildcard certificates and domains with new cert cli commands

Author: helgi

.travis.yml

@@ -35,7 +35,7 @@ install:
   - make prep-bintray-json
 script:
   - make test
-  - make -C client/ build test
+  - make -C client/ bootstrap build test
   - mv client/deis client/deis-linux-amd64
   - GOOS=darwin GOARCH=amd64 make -C client build
   - mv client/deis client/deis-darwin-amd64

client/Makefile

@@ -3,7 +3,7 @@ export GO15VENDOREXPERIMENT=1
 # the filepath to this repository, relative to $GOPATH/src
 repo_path = github.com/deis/workflow/client
 
-DEV_ENV_IMAGE := quay.io/deis/go-dev:0.4.0
+DEV_ENV_IMAGE := quay.io/deis/go-dev:0.5.0
 DEV_ENV_WORK_DIR := /go/src/${repo_path}
 DEV_ENV_PREFIX := docker run --rm -e GO15VENDOREXPERIMENT=1 -e CGO_ENABLED=0 -v ${CURDIR}:${DEV_ENV_WORK_DIR} -w ${DEV_ENV_WORK_DIR}
 DEV_ENV_CMD := ${DEV_ENV_PREFIX} ${DEV_ENV_IMAGE}

client/cmd/certs.go

@@ -3,9 +3,11 @@ package cmd
 import (
 	"fmt"
 	"io/ioutil"
+	"os"
 	"strings"
+	"time"
 
-	"github.com/deis/pkg/prettyprint"
+	"github.com/olekukonko/tablewriter"
 
 	"github.com/deis/workflow/client/controller/client"
 	"github.com/deis/workflow/client/controller/models/certs"
@@ -34,45 +36,67 @@ func CertsList(results int) error {
 		return nil
 	}
 
-	certMap := make(map[string]string)
-	nameMax := 0
-	expiresMax := 0
+	table := tablewriter.NewWriter(os.Stdout)
+	table.SetAlignment(tablewriter.ALIGN_LEFT)
+	table.SetBorder(false)
+	table.SetAutoFormatHeaders(false)
+	table.SetHeaderLine(true)
+	table.SetHeader([]string{"Name", "Common Name", "SubjectAltName", "Expires", "Fingerprint", "Domains", "Updated", "Created"})
 	for _, cert := range certList {
-		certMap[cert.Name] = cert.Expires
-
-		if len(cert.Name) > nameMax {
-			nameMax = len(cert.Name)
-		}
-		if len(cert.Expires) > nameMax {
-			expiresMax = len(cert.Expires)
+		domains := strings.Join(cert.Domains[:], ",")
+		san := strings.Join(cert.SubjectAltName[:], ",")
+
+		// Make dates more readable
+		now := time.Now()
+		expires := cert.Expires.Time.Format("2 Jan 2006")
+		created := cert.Created.Time.Format("2 Jan 2006")
+		updated := cert.Updated.Time.Format("2 Jan 2006")
+
+		if cert.Expires.Time.Before(now) {
+			expires += " (expired)"
+		} else {
+			// Ghetto solution
+			expires += " (in"
+			year := cert.Expires.Time.Year() - now.Year()
+			month := cert.Expires.Time.Month() - now.Month()
+			day := cert.Expires.Time.Day() - now.Day()
+
+			if year > 0 {
+				expires += fmt.Sprintf(" %d year", year)
+				if year > 1 {
+					expires += "s"
+				}
+			} else if month > 0 {
+				expires += fmt.Sprintf(" %d month", month)
+				if month > 1 {
+					expires += "s"
+				}
+			} else if day != 0 {
+				// special handling on negative days
+				if day < 0 {
+					day *= -1
+				}
+
+				expires += fmt.Sprintf(" %d day", day)
+				if day > 1 {
+					expires += "s"
+				}
+			}
+			expires += ")"
 		}
-	}
 
-	nameHeader := "Common Name"
-	expiresHeader := "Expires"
-	tabSpaces := 5
-	bufferSpaces := tabSpaces
+		// show a shorter version of the fingerprint
+		fingerprint := cert.Fingerprint[:5] + "[...]" + cert.Fingerprint[len(cert.Fingerprint)-5:]
 
-	if nameMax < len(nameHeader) {
-		tabSpaces += len(nameHeader) - nameMax
-		nameMax = len(nameHeader)
-	} else {
-		bufferSpaces += nameMax - len(nameHeader)
+		table.Append([]string{cert.Name, cert.CommonName, san, expires, fingerprint, domains, updated, created})
 	}
+	table.Render()
 
-	if expiresMax < len(expiresHeader) {
-		expiresMax = len(expiresHeader)
-	}
-
-	fmt.Printf("%s%s%s\n", nameHeader, strings.Repeat(" ", bufferSpaces), expiresHeader)
-	fmt.Printf("%s%s%s\n", strings.Repeat("-", nameMax), strings.Repeat(" ", 5),
-		strings.Repeat("-", expiresMax))
-	fmt.Print(prettyprint.PrettyTabs(certMap, tabSpaces))
 	return nil
 }
 
 // CertAdd adds a cert to the controller.
-func CertAdd(cert, key, commonName, sans string) error {
+func CertAdd(cert string, key string, name string) error {
 	c, err := client.New()
 
 	if err != nil {
@@ -81,7 +105,7 @@ func CertAdd(cert, key, commonName, sans string) error {
 
 	fmt.Print("Adding SSL endpoint... ")
 	quit := progress()
-	err = processCertsAdd(c, cert, key, commonName, sans)
+	err = doCertAdd(c, cert, key, name)
 	quit <- true
 	<-quit
 
@@ -93,48 +117,117 @@ func CertAdd(cert, key, commonName, sans string) error {
 	return nil
 }
 
-func processCertsAdd(c *client.Client, cert, key, commonName, sans string) error {
-	if sans != "" {
-		for _, san := range strings.Split(sans, ",") {
-			if err := doCertAdd(c, cert, key, san); err != nil {
-				return err
-			}
-		}
-		return nil
+func doCertAdd(c *client.Client, cert string, key string, name string) error {
+	certFile, err := ioutil.ReadFile(cert)
+	if err != nil {
+		return err
+	}
+
+	keyFile, err := ioutil.ReadFile(key)
+	if err != nil {
+		return err
 	}
 
-	return doCertAdd(c, cert, key, commonName)
+	_, err = certs.New(c, string(certFile), string(keyFile), name)
+	return err
 }
 
-func doCertAdd(c *client.Client, cert string, key string, commonName string) error {
-	certFile, err := ioutil.ReadFile(cert)
+// CertRemove deletes a cert from the controller.
+func CertRemove(name string) error {
+	c, err := client.New()
+	if err != nil {
+		return err
+	}
 
+	fmt.Printf("Removing %s... ", name)
+	quit := progress()
+
+	certs.Delete(c, name)
+
+	quit <- true
+	<-quit
+
+	if err == nil {
+		fmt.Println("done")
+	}
+
+	return err
+}
+
+// CertInfo gets info about certficiate
+func CertInfo(name string) error {
+	c, err := client.New()
 	if err != nil {
 		return err
 	}
 
-	keyFile, err := ioutil.ReadFile(key)
+	cert, err := certs.Get(c, name)
+	if err != nil {
+		return err
+	}
+
+	domains := strings.Join(cert.Domains[:], ",")
+	if domains == "" {
+		domains = "No connected domains"
+	}
+
+	san := strings.Join(cert.SubjectAltName[:], ",")
+	if san == "" {
+		san = "N/A"
+	}
+
+	fmt.Printf("=== %s Certificate\n", cert.Name)
+	fmt.Println("Common Name(s):    ", cert.CommonName)
+	fmt.Println("Expires At:        ", cert.Expires)
+	fmt.Println("Starts At:         ", cert.Starts)
+	fmt.Println("Fingerprint:       ", cert.Fingerprint)
+	fmt.Println("Subject Alt Name:  ", san)
+	fmt.Println("Issuer:            ", cert.Issuer)
+	fmt.Println("Subject:           ", cert.Subject)
+	fmt.Println()
+	fmt.Println("Connected Domains: ", domains)
+	fmt.Println("Owner:             ", cert.Owner)
+	fmt.Println("Created:           ", cert.Created)
+	fmt.Println("Updated:           ", cert.Updated)
+
+	return nil
+}
+
+// CertAttach attaches a certificate to a domain
+func CertAttach(name string, domain string) error {
+	c, err := client.New()
 
 	if err != nil {
 		return err
 	}
 
-	_, err = certs.New(c, string(certFile), string(keyFile), commonName)
+	fmt.Printf("Attaching certificate %s to domain %s... ", name, domain)
+	quit := progress()
+
+	certs.Attach(c, name, domain)
+
+	quit <- true
+	<-quit
+
+	if err == nil {
+		fmt.Println("done")
+	}
+
 	return err
 }
 
-// CertRemove deletes a cert from the controller.
-func CertRemove(commonName string) error {
+// CertDetach detaches a certificate from a domain
+func CertDetach(name string, domain string) error {
 	c, err := client.New()
 
 	if err != nil {
 		return err
 	}
 
-	fmt.Printf("Removing %s... ", commonName)
+	fmt.Printf("Detaching certificate %s from domain %s... ", name, domain)
 	quit := progress()
 
-	certs.Delete(c, commonName)
+	certs.Detach(c, name, domain)
 
 	quit <- true
 	<-quit

client/controller/api/certs.go

@@ -1,20 +1,34 @@
 package api
 
+import "github.com/deis/pkg/time"
+
 // Cert is the definition of the cert object.
 // Some fields are omtempty because they are only
 // returned when creating or getting a cert.
 type Cert struct {
-	Updated string `json:"updated,omitempty"`
-	Created string `json:"created,omitempty"`
-	Name    string `json:"common_name"`
-	Expires string `json:"expires"`
-	Owner   string `json:"owner,omitempty"`
-	ID      int    `json:"id,omitempty"`
+	Updated        time.Time `json:"updated,omitempty"`
+	Created        time.Time `json:"created,omitempty"`
+	Name           string    `json:"name"`
+	CommonName     string    `json:"common_name"`
+	Expires        time.Time `json:"expires"`
+	Starts         time.Time `json:"starts"`
+	Fingerprint    string    `json:"fingerprint"`
+	Issuer         string    `json:"issuer"`
+	Subject        string    `json:"subject"`
+	SubjectAltName []string  `json:"san,omitempty"`
+	Domains        []string  `json:"domains,omitempty"`
+	Owner          string    `json:"owner,omitempty"`
+	ID             int       `json:"id,omitempty"`
 }
 
-// CertCreateRequest is the definition of POST /v2/certs/.
+// CertCreateRequest is the definition of POST and PUT to /v2/certs/
 type CertCreateRequest struct {
 	Certificate string `json:"certificate"`
 	Key         string `json:"key"`
-	Name        string `json:"common_name,omitempty"`
+	Name        string `json:"name"`
+}
+
+// CertAttachRequest is the defintion of post to /v2/certs/<cert>/domain
+type CertAttachRequest struct {
+	Domain string `json:"domain"`
 }

client/controller/models/certs/certs.go

@@ -24,17 +24,15 @@ func List(c *client.Client, results int) ([]api.Cert, int, error) {
 	return res, count, nil
 }
 
-// New creates a new cert.
-func New(c *client.Client, cert string, key string, commonName string) (api.Cert, error) {
-	req := api.CertCreateRequest{Certificate: cert, Key: key, Name: commonName}
+// New creates a cert.
+func New(c *client.Client, cert string, key string, name string) (api.Cert, error) {
+	req := api.CertCreateRequest{Certificate: cert, Key: key, Name: name}
 	reqBody, err := json.Marshal(req)
-
 	if err != nil {
 		return api.Cert{}, err
 	}
 
 	resBody, err := c.BasicRequest("POST", "/v2/certs/", reqBody)
-
 	if err != nil {
 		return api.Cert{}, err
 	}
@@ -47,10 +45,45 @@ func New(c *client.Client, cert string, key string, commonName string) (api.Cert
 	return resCert, nil
 }
 
+// Get information for a certificate
+func Get(c *client.Client, name string) (api.Cert, error) {
+	url := fmt.Sprintf("/v2/certs/%s", name)
+	body, err := c.BasicRequest("GET", url, nil)
+	if err != nil {
+		return api.Cert{}, err
+	}
+
+	res := api.Cert{}
+	if err = json.Unmarshal([]byte(body), &res); err != nil {
+		return api.Cert{}, err
+	}
+
+	return res, nil
+}
+
 // Delete removes a cert.
-func Delete(c *client.Client, commonName string) error {
-	u := fmt.Sprintf("/v2/certs/%s", commonName)
+func Delete(c *client.Client, name string) error {
+	url := fmt.Sprintf("/v2/certs/%s", name)
+	_, err := c.BasicRequest("DELETE", url, nil)
+	return err
+}
+
+// Attach a certificate to a domain
+func Attach(c *client.Client, name string, domain string) error {
+	req := api.CertAttachRequest{Domain: domain}
+	reqBody, err := json.Marshal(req)
+	if err != nil {
+		return err
+	}
+
+	url := fmt.Sprintf("/v2/certs/%s/domain/", name)
+	_, err = c.BasicRequest("POST", url, reqBody)
+	return err
+}
 
-	_, err := c.BasicRequest("DELETE", u, nil)
+// Detach a certificate from a domain
+func Detach(c *client.Client, name string, domain string) error {
+	url := fmt.Sprintf("/v2/certs/%s/domain/%s", name, domain)
+	_, err := c.BasicRequest("DELETE", url, nil)
 	return err
 }