arangodb · ewoutp · Jun 4, 2018 · May 18, 2018 · May 18, 2018 · May 18, 2018
@@ -50,6 +50,7 @@ ifndef MANIFESTSUFFIX
 endif
 endif
 MANIFESTPATHDEPLOYMENT := manifests/arango-deployment$(MANIFESTSUFFIX).yaml
+MANIFESTPATHDEPLOYMENTREPLICATION := manifests/arango-deployment-replication$(MANIFESTSUFFIX).yaml
 MANIFESTPATHSTORAGE := manifests/arango-storage$(MANIFESTSUFFIX).yaml
 MANIFESTPATHTEST := manifests/arango-test$(MANIFESTSUFFIX).yaml
 ifndef DEPLOYMENTNAMESPACE
@@ -172,7 +173,7 @@ update-generated: $(GOBUILDDIR)
 		"all" \
 		"github.com/arangodb/kube-arangodb/pkg/generated" \
 		"github.com/arangodb/kube-arangodb/pkg/apis" \
-		"deployment:v1alpha storage:v1alpha" \
+		"deployment:v1alpha replication:v1alpha storage:v1alpha" \
 		--go-header-file "./tools/codegen/boilerplate.go.txt" \
 		$(VERIFYARGS)
 
@@ -230,6 +231,7 @@ run-unit-tests: $(GOBUILDDIR) $(SOURCES)
 		golang:$(GOVERSION) \
 		go test $(TESTVERBOSEOPTIONS) \
 			$(REPOPATH)/pkg/apis/deployment/v1alpha \
+			$(REPOPATH)/pkg/apis/replication/v1alpha \
 			$(REPOPATH)/pkg/apis/storage/v1alpha \
 			$(REPOPATH)/pkg/deployment/reconcile \
 			$(REPOPATH)/pkg/deployment/resources \
@@ -270,6 +272,7 @@ endif
 	kubectl apply -f manifests/crd.yaml
 	kubectl apply -f $(MANIFESTPATHSTORAGE)
 	kubectl apply -f $(MANIFESTPATHDEPLOYMENT)
+	kubectl apply -f $(MANIFESTPATHDEPLOYMENTREPLICATION)
 	kubectl apply -f $(MANIFESTPATHTEST)
 	$(ROOTDIR)/scripts/kube_create_storage.sh $(DEPLOYMENTNAMESPACE)
 	$(ROOTDIR)/scripts/kube_run_tests.sh $(DEPLOYMENTNAMESPACE) $(TESTIMAGE) "$(ENTERPRISEIMAGE)" $(TESTTIMEOUT) $(TESTLENGTHOPTIONS)
@@ -345,12 +348,14 @@ minikube-start:
 delete-operator:
 	kubectl delete -f $(MANIFESTPATHTEST) --ignore-not-found
 	kubectl delete -f $(MANIFESTPATHDEPLOYMENT) --ignore-not-found
+	kubectl delete -f $(MANIFESTPATHDEPLOYMENTREPLICATION) --ignore-not-found
 	kubectl delete -f $(MANIFESTPATHSTORAGE) --ignore-not-found
 
 .PHONY: redeploy-operator
 redeploy-operator: delete-operator manifests
 	kubectl apply -f manifests/crd.yaml
 	kubectl apply -f $(MANIFESTPATHSTORAGE)
 	kubectl apply -f $(MANIFESTPATHDEPLOYMENT)
+	kubectl apply -f $(MANIFESTPATHDEPLOYMENTREPLICATION)
 	kubectl apply -f $(MANIFESTPATHTEST)
 	kubectl get pods 
@@ -38,14 +38,13 @@ import (
 	"strings"
 )
 
-// LoadKeyFile loads a SSL keyfile formatted for the arangod server.
-func LoadKeyFile(keyFile string) (tls.Certificate, error) {
-	raw, err := ioutil.ReadFile(keyFile)
-	if err != nil {
-		return tls.Certificate{}, maskAny(err)
-	}
+// Keyfile contains 1 or more certificates and a private key.
+type Keyfile tls.Certificate
 
-	result := tls.Certificate{}
+// NewKeyfile creates a keyfile from given content.
+func NewKeyfile(content string) (Keyfile, error) {
+	raw := []byte(content)
+	result := Keyfile{}
 	for {
 		var derBlock *pem.Block
 		derBlock, raw = pem.Decode(raw)
@@ -56,22 +55,74 @@ func LoadKeyFile(keyFile string) (tls.Certificate, error) {
 			result.Certificate = append(result.Certificate, derBlock.Bytes)
 		} else if derBlock.Type == "PRIVATE KEY" || strings.HasSuffix(derBlock.Type, " PRIVATE KEY") {
 			if result.PrivateKey == nil {
+				var err error
 				result.PrivateKey, err = parsePrivateKey(derBlock.Bytes)
 				if err != nil {
-					return tls.Certificate{}, maskAny(err)
+					return Keyfile{}, maskAny(err)
 				}
 			}
 		}
 	}
+	return result, nil
+}
 
-	if len(result.Certificate) == 0 {
-		return tls.Certificate{}, maskAny(fmt.Errorf("No certificates found in %s", keyFile))
+// Validate the contents of the keyfile
+func (kf Keyfile) Validate() error {
+	if len(kf.Certificate) == 0 {
+		return maskAny(fmt.Errorf("No certificates found in keyfile"))
 	}
-	if result.PrivateKey == nil {
-		return tls.Certificate{}, maskAny(fmt.Errorf("No private key found in %s", keyFile))
+	if kf.PrivateKey == nil {
+		return maskAny(fmt.Errorf("No private key found in keyfile"))
 	}
 
-	return result, nil
+	return nil
+}
+
+// EncodeCACertificates extracts the CA certificate(s) from the given keyfile (if any).
+func (kf Keyfile) EncodeCACertificates() (string, error) {
+	buf := &bytes.Buffer{}
+	for _, derBytes := range kf.Certificate {
+		c, err := x509.ParseCertificate(derBytes)
+		if err != nil {
+			return "", maskAny(err)
+		}
+		if c.IsCA {
+			pem.Encode(buf, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
+		}
+	}
+
+	return buf.String(), nil
+}
+
+// EncodeCertificates extracts all certificates from the given keyfile and encodes them as PEM blocks.
+func (kf Keyfile) EncodeCertificates() string {
+	buf := &bytes.Buffer{}
+	for _, derBytes := range kf.Certificate {
+		pem.Encode(buf, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
+	}
+
+	return buf.String()
+}
+
+// EncodePrivateKey extract the private key from the given keyfile and encodes is as PEM block.
+func (kf Keyfile) EncodePrivateKey() string {
+	buf := &bytes.Buffer{}
+	pem.Encode(buf, pemBlockForKey(kf.PrivateKey))
+	return buf.String()
+}
+
+// LoadKeyFile loads a SSL keyfile formatted for the arangod server.
+func LoadKeyFile(keyFile string) (tls.Certificate, error) {
+	raw, err := ioutil.ReadFile(keyFile)
+	if err != nil {
+		return tls.Certificate{}, maskAny(err)
+	}
+
+	kf, err := NewKeyfile(string(raw))
+	if err != nil {
+		return tls.Certificate{}, maskAny(err)
+	}
+	return tls.Certificate(kf), nil
 }
 
 // ExtractCACertificateFromKeyFile loads a SSL keyfile formatted for the arangod server and