18313eeb5c
This should be a more flexible option since certificates aren't likely to be part of the actual workspace and may be environment-dependent. It also mirrors the kube_certificate, which is nice.
78 lines
1.9 KiB
Go
78 lines
1.9 KiB
Go
package run
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"fmt"
|
|
"github.com/pelotech/drone-helm3/internal/env"
|
|
"io/ioutil"
|
|
)
|
|
|
|
type repoCerts struct {
|
|
*config
|
|
cert string
|
|
certFilename string
|
|
caCert string
|
|
caCertFilename string
|
|
}
|
|
|
|
func newRepoCerts(cfg env.Config) *repoCerts {
|
|
return &repoCerts{
|
|
config: newConfig(cfg),
|
|
cert: cfg.RepoCertificate,
|
|
caCert: cfg.RepoCACertificate,
|
|
}
|
|
}
|
|
|
|
func (rc *repoCerts) write() error {
|
|
if rc.cert != "" {
|
|
file, err := ioutil.TempFile("", "repo********.cert")
|
|
defer file.Close()
|
|
if err != nil {
|
|
return fmt.Errorf("failed to create certificate file: %w", err)
|
|
}
|
|
rc.certFilename = file.Name()
|
|
rawCert, err := base64.StdEncoding.DecodeString(rc.cert)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to base64-decode certificate string: %w", err)
|
|
}
|
|
if rc.debug {
|
|
fmt.Fprintf(rc.stderr, "writing repo certificate to %s\n", rc.certFilename)
|
|
}
|
|
if _, err := file.Write(rawCert); err != nil {
|
|
return fmt.Errorf("failed to write certificate file: %w", err)
|
|
}
|
|
}
|
|
|
|
if rc.caCert != "" {
|
|
file, err := ioutil.TempFile("", "repo********.ca.cert")
|
|
defer file.Close()
|
|
if err != nil {
|
|
return fmt.Errorf("failed to create CA certificate file: %w", err)
|
|
}
|
|
rc.caCertFilename = file.Name()
|
|
rawCert, err := base64.StdEncoding.DecodeString(rc.caCert)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to base64-decode CA certificate string: %w", err)
|
|
}
|
|
if rc.debug {
|
|
fmt.Fprintf(rc.stderr, "writing repo ca certificate to %s\n", rc.caCertFilename)
|
|
}
|
|
if _, err := file.Write(rawCert); err != nil {
|
|
return fmt.Errorf("failed to write CA certificate file: %w", err)
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (rc *repoCerts) flags() []string {
|
|
flags := make([]string, 0)
|
|
if rc.certFilename != "" {
|
|
flags = append(flags, "--cert-file", rc.certFilename)
|
|
}
|
|
if rc.caCertFilename != "" {
|
|
flags = append(flags, "--ca-file", rc.caCertFilename)
|
|
}
|
|
|
|
return flags
|
|
}
|