diff --git a/backend/pki-service/cmd/run.go b/backend/pki-service/cmd/run.go index 0069ed6a..967692b6 100644 --- a/backend/pki-service/cmd/run.go +++ b/backend/pki-service/cmd/run.go @@ -31,7 +31,7 @@ var runCmd = &cobra.Command{ } // load Sectigo config - var sectigoCfg cfg.SectigoConfiguration + var sectigoCfg cfg.PKIConfiguration if err := viper.Unmarshal(§igoCfg); err != nil { logger.Panic("config unmarshal failed", zap.Error(err)) } @@ -121,5 +121,7 @@ func init() { runCmd.Flags().String("mail_from", "", "The mail from") runCmd.Flags().String("acme_storage", "", "Storage for the internal acme client") runCmd.Flags().String("acme_email", "", "Email for the acme client") + runCmd.Flags().String("acme_eab", "", "EAB for the acme client") + runCmd.Flags().String("acme_key", "", "Key for the acme client") runCmd.Flags().String("dns_configs", "", "Config file for the dns provider") } diff --git a/backend/pki-service/cmd/sync.go b/backend/pki-service/cmd/sync.go index 87a54830..8d1a7e28 100644 --- a/backend/pki-service/cmd/sync.go +++ b/backend/pki-service/cmd/sync.go @@ -25,7 +25,7 @@ var syncCmd = &cobra.Command{ defer deferFunc(logger) // load HTTP server config - var sectigoCfg cfg.SectigoConfiguration + var sectigoCfg cfg.PKIConfiguration if err := viper.Unmarshal(§igoCfg); err != nil { logger.Panic("config unmarshal failed", zap.Error(err)) } diff --git a/backend/pki-service/pkg/cfg/sectigo.go b/backend/pki-service/pkg/cfg/sectigo.go index c714b0e6..d1aa9b05 100644 --- a/backend/pki-service/pkg/cfg/sectigo.go +++ b/backend/pki-service/pkg/cfg/sectigo.go @@ -9,8 +9,8 @@ import ( "go.uber.org/zap" ) -// SectigoConfiguration handles different configuration properties for the sectigo client -type SectigoConfiguration struct { +// PKIConfiguration handles different configuration properties for the sectigo client +type PKIConfiguration struct { User string `mapstructure:"sectigo_user"` Password string `mapstructure:"sectigo_password"` CustomerURI string `mapstructure:"sectigo_customeruri"` @@ -26,11 +26,13 @@ type SectigoConfiguration struct { SmimeKeyType string `mapstructure:"smime_key_type"` AcmeStorage string `mapstructure:"acme_storage"` AcmeEmail string `mapstructure:"acme_email"` + AcmeEab string `mapstructure:"acme_eab"` + AcmeKey string `mapstructure:"acme_key"` DnsConfigs string `mapstructure:"dns_configs"` } // CheckSectigoConfiguration checks the sectigo configuration for the syntactical correctness. -func (cfg *SectigoConfiguration) CheckSectigoConfiguration() { +func (cfg *PKIConfiguration) CheckSectigoConfiguration() { logger := zap.L() diff --git a/backend/pki-service/pkg/grpc/server.go b/backend/pki-service/pkg/grpc/server.go index 594b81e2..7936686b 100644 --- a/backend/pki-service/pkg/grpc/server.go +++ b/backend/pki-service/pkg/grpc/server.go @@ -29,7 +29,7 @@ import ( type Server struct { logger *zap.Logger config *Config - sectigoCfg *cfg.SectigoConfiguration + sectigoCfg *cfg.PKIConfiguration db *ent.Client } @@ -41,7 +41,7 @@ type Config struct { } // NewServer creates a new GRPC server -func NewServer(config *Config, logger *zap.Logger, sectigoCfg *cfg.SectigoConfiguration, db *ent.Client) (*Server, error) { +func NewServer(config *Config, logger *zap.Logger, sectigoCfg *cfg.PKIConfiguration, db *ent.Client) (*Server, error) { srv := &Server{ logger: logger, sectigoCfg: sectigoCfg, diff --git a/backend/pki-service/pkg/grpc/smime.go b/backend/pki-service/pkg/grpc/smime.go index 8bac6953..10a258a3 100644 --- a/backend/pki-service/pkg/grpc/smime.go +++ b/backend/pki-service/pkg/grpc/smime.go @@ -27,11 +27,11 @@ import ( type smimeAPIServer struct { pb.UnimplementedSmimeServiceServer client *sectigo.Client - cfg *cfg.SectigoConfiguration + cfg *cfg.PKIConfiguration logger *zap.Logger } -func newSmimeAPIServer(client *sectigo.Client, cfg *cfg.SectigoConfiguration) *smimeAPIServer { +func newSmimeAPIServer(client *sectigo.Client, cfg *cfg.PKIConfiguration) *smimeAPIServer { return &smimeAPIServer{client: client, cfg: cfg, logger: zap.L()} } diff --git a/backend/pki-service/pkg/grpc/ssl.go b/backend/pki-service/pkg/grpc/ssl.go index 85f2cdfc..00181f01 100644 --- a/backend/pki-service/pkg/grpc/ssl.go +++ b/backend/pki-service/pkg/grpc/ssl.go @@ -97,7 +97,7 @@ type sslAPIServer struct { pb.UnimplementedSSLServiceServer client *sectigo.Client db *ent.Client - cfg *cfg.SectigoConfiguration + cfg *cfg.PKIConfiguration logger *zap.Logger legoClient *lego.Client @@ -105,7 +105,7 @@ type sslAPIServer struct { duration *time.Duration } -func newSslAPIServer(client *sectigo.Client, cfg *cfg.SectigoConfiguration, db *ent.Client) *sslAPIServer { +func newSslAPIServer(client *sectigo.Client, cfg *cfg.PKIConfiguration, db *ent.Client) *sslAPIServer { var err error legoClient := registerAcme(cfg) @@ -135,7 +135,7 @@ func newSslAPIServer(client *sectigo.Client, cfg *cfg.SectigoConfiguration, db * return instance } -func registerAcme(cfg *cfg.SectigoConfiguration) *lego.Client { +func registerAcme(cfg *cfg.PKIConfiguration) *lego.Client { accountFile := filepath.Join(cfg.AcmeStorage, "reg.json") keyFile := filepath.Join(cfg.AcmeStorage, "reg.key") @@ -317,7 +317,7 @@ func (s *sslAPIServer) IssueCertificate(ctx context.Context, req *pb.IssueSslReq resp, err := s.legoClient.Certificate.ObtainForCSR(legoCert.ObtainForCSRRequest{CSR: csr, Bundle: true}) if err != nil { - return s.handleError("Error while obtaining certificate", err, logger) + return s.handleError("Error while obtaining certificate", err, logger, hub) } hub.AddBreadcrumb(&sentry.Breadcrumb{Message: "Certificate collected", Category: "info", Level: sentry.LevelInfo}, nil) stop := time.Now()