Separate issuers into separate packages

README.md

@@ -22,7 +22,7 @@ Currently implemented issuers:
 
 Create an issuer:
 ```go
-issuer := &certify.VaultIssuer{
+issuer := &vault.Issuer{
     URL: &url.URL{
         Scheme: "https",
         Host: "my-local-vault-instance.com",

certify_test.go

@@ -18,6 +18,8 @@ import (
 	"google.golang.org/grpc/grpclog"
 
 	"github.com/johanbrandhorst/certify"
+	"github.com/johanbrandhorst/certify/issuers/cfssl"
+	"github.com/johanbrandhorst/certify/issuers/vault"
 	"github.com/johanbrandhorst/certify/proto"
 )
 
@@ -29,7 +31,7 @@ var _ = Describe("Issuers", func() {
 		IssuerFn func() certify.Issuer
 	}{
 		{Type: "Vault", IssuerFn: func() certify.Issuer {
-			return &certify.VaultIssuer{
+			return &vault.Issuer{
 				URL:   vaultConf.URL,
 				Token: vaultConf.Token,
 				Role:  vaultConf.Role,
@@ -43,7 +45,7 @@ var _ = Describe("Issuers", func() {
 			}
 		}},
 		{Type: "CFSSL", IssuerFn: func() certify.Issuer {
-			return &certify.CFSSLIssuer{
+			return &cfssl.Issuer{
 				URL: cfsslConf.URL,
 				TLSConfig: &tls.Config{
 					RootCAs:            cfsslConf.CertPool,
@@ -54,7 +56,7 @@ var _ = Describe("Issuers", func() {
 		{Type: "authenticated CFSSL", IssuerFn: func() certify.Issuer {
 			st, err := auth.New(cfsslConf.AuthKey, nil)
 			Expect(err).To(Succeed())
-			return &certify.CFSSLIssuer{
+			return &cfssl.Issuer{
 				URL: cfsslConf.URL,
 				TLSConfig: &tls.Config{
 					RootCAs:            cfsslConf.CertPool,
@@ -90,7 +92,7 @@ var _ = Describe("Issuers", func() {
 				Expect(err).NotTo(HaveOccurred())
 				Expect(caCert.Subject.SerialNumber).To(Equal(tlsCert.Leaf.Issuer.SerialNumber))
 
-				if vIss, ok := iss.(*certify.VaultIssuer); ok {
+				if vIss, ok := iss.(*vault.Issuer); ok {
 					Expect(tlsCert.Leaf.NotBefore).To(BeTemporally("<", time.Now()))
 					Expect(tlsCert.Leaf.NotAfter).To(BeTemporally("~", time.Now().Add(vIss.TimeToLive), 5*time.Second))
 				}
@@ -121,7 +123,7 @@ var _ = Describe("Issuers", func() {
 					Expect(err).NotTo(HaveOccurred())
 					Expect(caCert.Subject.SerialNumber).To(Equal(tlsCert.Leaf.Issuer.SerialNumber))
 
-					if vIss, ok := iss.(*certify.VaultIssuer); ok {
+					if vIss, ok := iss.(*vault.Issuer); ok {
 						Expect(tlsCert.Leaf.NotBefore).To(BeTemporally("<", time.Now()))
 						Expect(tlsCert.Leaf.NotAfter).To(BeTemporally("~", time.Now().Add(vIss.TimeToLive), 5*time.Second))
 					}
@@ -218,9 +220,9 @@ var _ = Describe("Caches", func() {
 
 var _ = Describe("Certify", func() {
 	Context("when using a Vault Issuer", func() {
-		var issuer *certify.VaultIssuer
+		var issuer *vault.Issuer
 		BeforeEach(func() {
-			issuer = &certify.VaultIssuer{
+			issuer = &vault.Issuer{
 				URL:   vaultConf.URL,
 				Token: vaultConf.Token,
 				Role:  vaultConf.Role,
@@ -361,7 +363,7 @@ var _ = Describe("gRPC Test", func() {
 			By("Creating the Certify", func() {
 				cb = &certify.Certify{
 					CommonName: "Certify",
-					Issuer: &certify.VaultIssuer{
+					Issuer: &vault.Issuer{
 						URL:   vaultConf.URL,
 						Token: vaultConf.Token,
 						Role:  vaultConf.Role,

cfssl.go → issuers/cfssl/cfssl.go

@@ -1,4 +1,4 @@
-package certify
+package cfssl
 
 import (
 	"context"
@@ -12,13 +12,15 @@ import (
 	"github.com/cloudflare/cfssl/auth"
 	"github.com/cloudflare/cfssl/csr"
 	"github.com/cloudflare/cfssl/signer"
+
+	"github.com/johanbrandhorst/certify"
 )
 
-// CFSSLIssuer implements the Issuer interface
+// Issuer implements the Issuer interface
 // with a Cloudflare CFSSL CA server backend.
 //
 // URL is required.
-type CFSSLIssuer struct {
+type Issuer struct {
 	// URL specifies the URL to the CFSSL server.
 	URL *url.URL
 	// TLSConfig allows configuration of the TLS config
@@ -40,7 +42,7 @@ type CFSSLIssuer struct {
 // Connect creates a new connection to the CFSSL server
 // and sends a request to validate server availability. If not called,
 // a connection will be made in the first Issue call.
-func (m *CFSSLIssuer) Connect(ctx context.Context) error {
+func (m *Issuer) Connect(ctx context.Context) error {
 	m.remote = client.NewServerTLS(m.URL.String(), m.TLSConfig)
 	// Add context to requests
 	m.remote.SetReqModifier(func(req *http.Request, _ []byte) {
@@ -63,7 +65,7 @@ func (m *CFSSLIssuer) Connect(ctx context.Context) error {
 }
 
 // Issue issues a certificate with the provided options
-func (m *CFSSLIssuer) Issue(ctx context.Context, commonName string, conf *CertConfig) (*tls.Certificate, error) {
+func (m *Issuer) Issue(ctx context.Context, commonName string, conf *certify.CertConfig) (*tls.Certificate, error) {
 	if m.remote == nil {
 		err := m.Connect(ctx)
 		if err != nil {

vault.go → issuers/vault/vault.go

@@ -1,4 +1,4 @@
-package certify
+package vault
 
 import (
 	"context"
@@ -11,13 +11,15 @@ import (
 	"time"
 
 	"github.com/hashicorp/vault/api"
+
+	"github.com/johanbrandhorst/certify"
 )
 
-// VaultIssuer implements the Issuer interface with a
+// Issuer implements the Issuer interface with a
 // Hashicorp Vault PKI Secrets Engine backend.
 //
 // URL, Token and Role are required.
-type VaultIssuer struct {
+type Issuer struct {
 	// URL is the URL of the Vault instance.
 	URL *url.URL
 	// Token is the Vault secret token that should be used
@@ -77,15 +79,15 @@ func connect(
 
 // Connect connects to Vault. If not called,
 // a connection will be made in the first Issue call.
-func (v *VaultIssuer) Connect(ctx context.Context) error {
+func (v *Issuer) Connect(ctx context.Context) error {
 	var err error
 	v.cli, err = connect(ctx, v.URL, v.Role, v.Token, v.InsecureAllowHTTP, v.TLSConfig)
 	return err
 }
 
 // Issue issues a certificate from the configured Vault backend,
 // establishing a connection if one doesn't already exist.
-func (v *VaultIssuer) Issue(ctx context.Context, commonName string, conf *CertConfig) (*tls.Certificate, error) {
+func (v *Issuer) Issue(ctx context.Context, commonName string, conf *certify.CertConfig) (*tls.Certificate, error) {
 	if v.cli == nil {
 		err := v.Connect(ctx)
 		if err != nil {