diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..bf7641f --- /dev/null +++ b/LICENSE @@ -0,0 +1,23 @@ +Copyright (c) 2010-2015 Illumina, Inc. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDi +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/README.md b/README.md index 34a587f..d46dc66 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,8 @@ # gobblah +[![Go Report Card](https://goreportcard.com/badge/github.com/TomWright/dasel)](https://goreportcard.com/report/github.com/TomWright/dasel) + +## Usage ```shell NAME: gobblah - Generate SSL certificates against Active Directory @@ -18,3 +21,8 @@ GLOBAL OPTIONS: --k8s-secret, -k output as a kubernetes secret (default: false) --help, -h show help (default: false) ``` + +### Example +```shell +$ gobblah -e myad.example.com -p p4ssw0rd -l host1,host2 -k | kubectl apply -f - +``` diff --git a/pkg/adssl/adssl.go b/pkg/adssl/adssl.go index 9169ee5..cff174e 100644 --- a/pkg/adssl/adssl.go +++ b/pkg/adssl/adssl.go @@ -104,11 +104,11 @@ func getCaCert(endpoint string, username string, password string) (string, error renewal = found[1] } - crtUrl := "https://" + endpoint + "/certsrv/certnew.cer?ReqID=CACert&Enc=b64&Mode=inst&" + renewal - req, err = http.NewRequest("GET", crtUrl, nil) + crtURL := "https://" + endpoint + "/certsrv/certnew.cer?ReqID=CACert&Enc=b64&Mode=inst&" + renewal + req, err = http.NewRequest("GET", crtURL, nil) if err != nil { - return "", fmt.Errorf("failed to request %s: %v", crtUrl, err) + return "", fmt.Errorf("failed to request %s: %v", crtURL, err) } req.SetBasicAuth(username, password) @@ -116,7 +116,7 @@ func getCaCert(endpoint string, username string, password string) (string, error defer resp.Body.Close() if err != nil { - return "", fmt.Errorf("failed to request %s: %v", crtUrl, err) + return "", fmt.Errorf("failed to request %s: %v", crtURL, err) } dataInBytes, err = ioutil.ReadAll(resp.Body) @@ -125,7 +125,7 @@ func getCaCert(endpoint string, username string, password string) (string, error } func genCertRequest(csr string, endpoint string, username string, password string) (string, error) { - var resUrl string + var resURL string data := url.Values{} data.Set("Mode", "newreq") @@ -168,17 +168,16 @@ func genCertRequest(csr string, endpoint string, username string, password strin pageContent := string(dataInBytes) re := regexp.MustCompile("certnew.cer\\?ReqID=([0-9]*)&Enc=b64") - reqId := re.FindString(string(pageContent)) + reqID := re.FindString(string(pageContent)) - if reqId == "" { + if reqID == "" { return "", fmt.Errorf("failed to get new cert ReqID: %v", err) - } else { - resUrl = "https://" + endpoint + "/certsrv/" + reqId - } - return resUrl, nil + } + resURL = "https://" + endpoint + "/certsrv/" + reqID + return resURL, nil } -func fetchCertResult(resUrl string, username string, password string) (string, error) { +func fetchCertResult(resURL string, username string, password string) (string, error) { client := &http.Client{ Transport: ntlmssp.Negotiator{ RoundTripper: &http.Transport{ @@ -186,7 +185,7 @@ func fetchCertResult(resUrl string, username string, password string) (string, e }, }, } - req, err := http.NewRequest("GET", resUrl, nil) + req, err := http.NewRequest("GET", resURL, nil) if err != nil { return "", fmt.Errorf("failed to fetch resulting cert: %v", err) @@ -205,6 +204,7 @@ func fetchCertResult(resUrl string, username string, password string) (string, e return string(dataInBytes), err } +// CreateCertificates returns certs/keys as strings func CreateCertificates(endpoint string, username string, password string, hosts string) (cacrt string, tlskey string, tlscert string, err error) { var privateKey bytes.Buffer @@ -231,13 +231,13 @@ func CreateCertificates(endpoint string, username string, password string, hosts return "", "", "", fmt.Errorf("failed to generate csr: %v", err) } - resUrl, err := genCertRequest(csr.String(), endpoint, username, password) + resURL, err := genCertRequest(csr.String(), endpoint, username, password) if err != nil { return "", "", "", fmt.Errorf("failed to generate csr: %v", err) } - resCrt, err := fetchCertResult(resUrl, username, password) + resCrt, err := fetchCertResult(resURL, username, password) if err != nil { return "", "", "", fmt.Errorf("failed to fetch result: %v", err) diff --git a/pkg/output/files/files.go b/pkg/output/files/files.go index fe5f717..6a99fff 100644 --- a/pkg/output/files/files.go +++ b/pkg/output/files/files.go @@ -6,6 +6,7 @@ import ( "log" ) +// OutputFiles writes certs/keys to files func OutputFiles(cacrt string, tlskey string, tlscrt string) error { log.Println("writing ca.crt") if err := ioutil.WriteFile("ca.crt", []byte(cacrt), 0600); err != nil { diff --git a/pkg/output/kubernetes/kubernetes.go b/pkg/output/kubernetes/kubernetes.go index dfb5158..5bf18aa 100644 --- a/pkg/output/kubernetes/kubernetes.go +++ b/pkg/output/kubernetes/kubernetes.go @@ -7,8 +7,7 @@ import ( "text/template" ) -const secret = ` -apiVersion: v1 +const secret = `apiVersion: v1 kind: Secret name: tls-secret data: @@ -17,6 +16,7 @@ data: tls.crt: {{.Tlscrt}} ` +// OutputSecret prints kubernetes secret of certs/keys func OutputSecret(cacrt string, tlskey string, tlscrt string) error { t := template.Must(template.New("secret").Parse(secret)) r := struct { diff --git a/scripts/lint.sh b/scripts/lint.sh index 0393fc4..3e9e512 100755 --- a/scripts/lint.sh +++ b/scripts/lint.sh @@ -1,5 +1,6 @@ #!/bin/bash golint \ - ./cmd/gobblah \ - ./pkg/gobblah + ./cmd/* \ + ./pkg/output/* \ + ./pkg/*