Skip to content

Commit

Permalink
replace all instances to specify API with origin issuer token (#145)
Browse files Browse the repository at this point in the history 
* replace all instances to specify API with origin issuer token

* update tf vars
  • Loading branch information
Jared Edwards authored Sep 3, 2023
1 parent ac28d98 commit e7de29c
Show file tree
Hide file tree
Showing 14 changed files with 22 additions and 18 deletions.
2 changes: 1 addition & 1 deletion extensions/aws/secrets.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ func BootstrapAWSMgmtCluster(
ObjectMeta: metav1.ObjectMeta{Name: "aws-creds", Namespace: "external-dns"},
Data: map[string][]byte{
"aws-token": []byte("VALUE IGNORED, DOES NOT USE TOKEN, USES SERVICE ACCOUNT"),
"cf-api-token": []byte(cl.CloudflareAuth.Token),
"cf-api-token": []byte(cl.CloudflareAuth.APIToken),
},
},
}
Expand Down
2 changes: 2 additions & 0 deletions extensions/civo/env.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,8 @@ func GetVaultTerraformEnvs(clientset *kubernetes.Clientset, cl *types.Cluster, e
envs["TF_VAR_atlantis_repo_webhook_url"] = cl.AtlantisWebhookURL
envs["TF_VAR_kbot_ssh_private_key"] = cl.GitAuth.PrivateKey
envs["TF_VAR_kbot_ssh_public_key"] = cl.GitAuth.PublicKey
envs["TF_VAR_cloudflare_origin_ca_api_key"] = cl.CloudflareAuth.OriginCaIssuerKey
envs["TF_VAR_cloudflare_api_key"] = cl.CloudflareAuth.APIToken

switch cl.GitProvider {
case "gitlab":
Expand Down
5 changes: 3 additions & 2 deletions extensions/civo/secrets.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,9 @@ func BootstrapCivoMgmtCluster(clientset *kubernetes.Clientset, cl *types.Cluster
{
ObjectMeta: metav1.ObjectMeta{Name: "civo-creds", Namespace: "external-dns"},
Data: map[string][]byte{
"civo-token": []byte(cl.CivoAuth.Token),
"cf-api-token": []byte(cl.CloudflareAuth.Token),
"civo-token": []byte(cl.CivoAuth.Token),
"cf-api-token": []byte(cl.CloudflareAuth.APIToken),
"cloudflare-token": []byte(cl.CloudflareAuth.APIToken),
},
},
}
Expand Down
2 changes: 1 addition & 1 deletion extensions/digitalocean/secrets.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ func BootstrapDigitaloceanMgmtCluster(clientset *kubernetes.Clientset, cl *types
ObjectMeta: metav1.ObjectMeta{Name: "digitalocean-creds", Namespace: "external-dns"},
Data: map[string][]byte{
"digitalocean-token": []byte(cl.DigitaloceanAuth.Token),
"cf-api-token": []byte(cl.CloudflareAuth.Token),
"cf-api-token": []byte(cl.CloudflareAuth.APIToken),
},
},
}
Expand Down
2 changes: 1 addition & 1 deletion extensions/vultr/secrets.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ func BootstrapVultrMgmtCluster(clientset *kubernetes.Clientset, cl *types.Cluste
ObjectMeta: metav1.ObjectMeta{Name: "vultr-creds", Namespace: "external-dns"},
Data: map[string][]byte{
"vultr-token": []byte(cl.VultrAuth.Token),
"cf-api-token": []byte(cl.CloudflareAuth.Token),
"cf-api-token": []byte(cl.CloudflareAuth.APIToken),
},
},
}
Expand Down
2 changes: 1 addition & 1 deletion internal/controller/cluster.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -362,7 +362,7 @@ func (clctrl *ClusterController) ClusterSecretsBootstrap() error {
//create service accounts
var token string
if (clctrl.CloudflareAuth != types.CloudflareAuth{}) {
token = clctrl.CloudflareAuth.Token
token = clctrl.CloudflareAuth.APIToken
}
err = providerConfigs.ServiceAccounts(clientSet, token)
if err != nil {
Expand Down
8 changes: 4 additions & 4 deletions internal/controller/controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,15 +206,15 @@ func (clctrl *ClusterController) InitController(def *types.ClusterDefinition) er
// Instantiate provider configuration
switch clctrl.CloudProvider {
case "aws":
clctrl.ProviderConfig = *providerConfigs.GetConfig(clctrl.ClusterName, clctrl.DomainName, clctrl.GitProvider, clctrl.GitAuth.Owner, clctrl.GitProtocol, clctrl.CloudflareAuth.Token, "")
clctrl.ProviderConfig = *providerConfigs.GetConfig(clctrl.ClusterName, clctrl.DomainName, clctrl.GitProvider, clctrl.GitAuth.Owner, clctrl.GitProtocol, clctrl.CloudflareAuth.APIToken, "")
case "civo":
clctrl.ProviderConfig = *providerConfigs.GetConfig(clctrl.ClusterName, clctrl.DomainName, clctrl.GitProvider, clctrl.GitAuth.Owner, clctrl.GitProtocol, clctrl.CloudflareAuth.Token, "")
clctrl.ProviderConfig = *providerConfigs.GetConfig(clctrl.ClusterName, clctrl.DomainName, clctrl.GitProvider, clctrl.GitAuth.Owner, clctrl.GitProtocol, clctrl.CloudflareAuth.APIToken, "")
clctrl.ProviderConfig.CivoToken = clctrl.CivoAuth.Token
case "digitalocean":
clctrl.ProviderConfig = *providerConfigs.GetConfig(clctrl.ClusterName, clctrl.DomainName, clctrl.GitProvider, clctrl.GitAuth.Owner, clctrl.GitProtocol, clctrl.CloudflareAuth.Token, "")
clctrl.ProviderConfig = *providerConfigs.GetConfig(clctrl.ClusterName, clctrl.DomainName, clctrl.GitProvider, clctrl.GitAuth.Owner, clctrl.GitProtocol, clctrl.CloudflareAuth.APIToken, "")
clctrl.ProviderConfig.DigitaloceanToken = clctrl.DigitaloceanAuth.Token
case "vultr":
clctrl.ProviderConfig = *providerConfigs.GetConfig(clctrl.ClusterName, clctrl.DomainName, clctrl.GitProvider, clctrl.GitAuth.Owner, clctrl.GitProtocol, clctrl.CloudflareAuth.Token, "")
clctrl.ProviderConfig = *providerConfigs.GetConfig(clctrl.ClusterName, clctrl.DomainName, clctrl.GitProvider, clctrl.GitAuth.Owner, clctrl.GitProtocol, clctrl.CloudflareAuth.APIToken, "")
clctrl.ProviderConfig.VultrToken = clctrl.VultrAuth.Token
}

Expand Down
2 changes: 1 addition & 1 deletion internal/controller/domain.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ func (clctrl *ClusterController) DomainLivenessTest() error {
}
case "cloudflare":

client, err := cloudflare_api.NewWithAPIToken(clctrl.CloudflareAuth.Token)
client, err := cloudflare_api.NewWithAPIToken(clctrl.CloudflareAuth.APIToken)
if err != nil {
return err
}
Expand Down
4 changes: 2 additions & 2 deletions internal/router/api/v1/domain.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,14 +83,14 @@ func PostDomains(c *gin.Context) {
domainListResponse.Domains = domains
case "cloudflare":
//check for token, make sure it aint blank
if domainListRequest.CloudflareAuth.Token == "" {
if domainListRequest.CloudflareAuth.APIToken == "" {
c.JSON(http.StatusBadRequest, types.JSONFailureResponse{
Message: "missing authentication credentials in request, please check and try again",
})
return
}

client, err := cloudflare_api.NewWithAPIToken(domainListRequest.CloudflareAuth.Token)
client, err := cloudflare_api.NewWithAPIToken(domainListRequest.CloudflareAuth.APIToken)
if err != nil {
c.JSON(http.StatusBadRequest, types.JSONFailureResponse{
Message: fmt.Sprintf("Could not create cloudflare client, %v", err),
Expand Down
3 changes: 2 additions & 1 deletion internal/types/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@ type CivoAuth struct {

// VultrAuth holds necessary auth credentials for interacting with vultr
type CloudflareAuth struct {
Token string `bson:"token" json:"token"`
APIToken string `bson:"api_token" json:"api_token"`
OriginCaIssuerKey string `bson:"origin_ca_issuer_key" json:"origin_ca_issuer_key"`
}

// DigitaloceanAuth holds necessary auth credentials for interacting with digitalocean
Expand Down
2 changes: 1 addition & 1 deletion providers/aws/delete.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ func DeleteAWSCluster(cl *types.Cluster) error {
telemetryShim.Transmit(cl.UseTelemetry, segmentClient, segment.MetricClusterDeleteStarted, "")

// Instantiate aws config
config := providerConfigs.GetConfig(cl.ClusterName, cl.DomainName, cl.GitProvider, cl.GitAuth.Owner, cl.GitProtocol, cl.CloudflareAuth.Token, "")
config := providerConfigs.GetConfig(cl.ClusterName, cl.DomainName, cl.GitProvider, cl.GitAuth.Owner, cl.GitProtocol, cl.CloudflareAuth.APIToken, "")

err = db.Client.UpdateCluster(cl.ClusterName, "status", constants.ClusterStatusDeleting)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion providers/civo/delete.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ func DeleteCivoCluster(cl *types.Cluster) error {
telemetryShim.Transmit(cl.UseTelemetry, segmentClient, segment.MetricClusterDeleteStarted, "")

// Instantiate civo config
config := providerConfigs.GetConfig(cl.ClusterName, cl.DomainName, cl.GitProvider, cl.GitAuth.Owner, cl.GitProtocol, cl.CloudflareAuth.Token, "")
config := providerConfigs.GetConfig(cl.ClusterName, cl.DomainName, cl.GitProvider, cl.GitAuth.Owner, cl.GitProtocol, cl.CloudflareAuth.APIToken, "")

err = db.Client.UpdateCluster(cl.ClusterName, "status", constants.ClusterStatusDeleting)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion providers/digitalocean/delete.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ func DeleteDigitaloceanCluster(cl *types.Cluster) error {
telemetryShim.Transmit(cl.UseTelemetry, segmentClient, segment.MetricClusterDeleteStarted, "")

// Instantiate digitalocean config
config := providerConfigs.GetConfig(cl.ClusterName, cl.DomainName, cl.GitProvider, cl.GitAuth.Owner, cl.GitProtocol, cl.CloudflareAuth.Token, "")
config := providerConfigs.GetConfig(cl.ClusterName, cl.DomainName, cl.GitProvider, cl.GitAuth.Owner, cl.GitProtocol, cl.CloudflareAuth.APIToken, "")

err = db.Client.UpdateCluster(cl.ClusterName, "status", constants.ClusterStatusDeleting)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion providers/vultr/delete.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ func DeleteVultrCluster(cl *types.Cluster) error {
telemetryShim.Transmit(cl.UseTelemetry, segmentClient, segment.MetricClusterDeleteStarted, "")

// Instantiate vultr config
config := providerConfigs.GetConfig(cl.ClusterName, cl.DomainName, cl.GitProvider, cl.GitAuth.Owner, cl.GitProtocol, cl.CloudflareAuth.Token, "")
config := providerConfigs.GetConfig(cl.ClusterName, cl.DomainName, cl.GitProvider, cl.GitAuth.Owner, cl.GitProtocol, cl.CloudflareAuth.APIToken, "")

err = db.Client.UpdateCluster(cl.ClusterName, "status", constants.ClusterStatusDeleting)
if err != nil {
Expand Down

0 comments on commit e7de29c

Please sign in to comment.