2023-03-28 18:39:22 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
2023-08-11 13:12:13 +00:00
|
|
|
// SPDX-License-Identifier: BUSL-1.1
|
2023-03-28 18:39:22 +00:00
|
|
|
|
2018-03-17 04:39:26 +00:00
|
|
|
package agent
|
|
|
|
|
|
|
|
import (
|
2018-03-21 19:42:42 +00:00
|
|
|
"fmt"
|
2018-03-17 04:39:26 +00:00
|
|
|
"net/http"
|
2020-10-09 14:43:33 +00:00
|
|
|
"strconv"
|
2018-03-17 04:39:26 +00:00
|
|
|
|
2019-11-21 17:40:29 +00:00
|
|
|
"github.com/hashicorp/consul/agent/consul"
|
2018-03-17 04:39:26 +00:00
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
|
|
|
)
|
|
|
|
|
|
|
|
// GET /v1/connect/ca/roots
|
2020-09-04 18:42:15 +00:00
|
|
|
func (s *HTTPHandlers) ConnectCARoots(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
2018-03-17 04:39:26 +00:00
|
|
|
var args structs.DCSpecificRequest
|
|
|
|
if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
2020-10-09 14:43:33 +00:00
|
|
|
pemResponse := false
|
|
|
|
if pemParam := req.URL.Query().Get("pem"); pemParam != "" {
|
|
|
|
val, err := strconv.ParseBool(pemParam)
|
|
|
|
if err != nil {
|
2022-04-29 17:42:49 +00:00
|
|
|
return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "The 'pem' query parameter must be a boolean value"}
|
2020-10-09 14:43:33 +00:00
|
|
|
}
|
|
|
|
pemResponse = val
|
|
|
|
}
|
|
|
|
|
2018-03-17 04:39:26 +00:00
|
|
|
var reply structs.IndexedCARoots
|
|
|
|
defer setMeta(resp, &reply.QueryMeta)
|
2022-12-14 15:24:22 +00:00
|
|
|
if err := s.agent.RPC(req.Context(), "ConnectCA.Roots", &args, &reply); err != nil {
|
2018-03-17 04:39:26 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2020-10-09 14:43:33 +00:00
|
|
|
if !pemResponse {
|
|
|
|
return reply, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// defined in RFC 8555 and registered with the IANA
|
|
|
|
resp.Header().Set("Content-Type", "application/pem-certificate-chain")
|
2021-07-01 00:48:29 +00:00
|
|
|
|
2020-10-09 14:43:33 +00:00
|
|
|
for _, root := range reply.Roots {
|
|
|
|
if _, err := resp.Write([]byte(root.RootCert)); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
for _, intermediate := range root.IntermediateCerts {
|
|
|
|
if _, err := resp.Write([]byte(intermediate)); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil, nil
|
2018-03-17 04:39:26 +00:00
|
|
|
}
|
2018-03-21 19:42:42 +00:00
|
|
|
|
|
|
|
// /v1/connect/ca/configuration
|
2020-09-04 18:42:15 +00:00
|
|
|
func (s *HTTPHandlers) ConnectCAConfiguration(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
2018-03-21 19:42:42 +00:00
|
|
|
switch req.Method {
|
2018-04-09 04:59:08 +00:00
|
|
|
case "GET":
|
|
|
|
return s.ConnectCAConfigurationGet(resp, req)
|
|
|
|
|
2018-03-21 19:42:42 +00:00
|
|
|
case "PUT":
|
2021-07-01 00:48:29 +00:00
|
|
|
return s.ConnectCAConfigurationSet(req)
|
2018-03-21 19:42:42 +00:00
|
|
|
|
|
|
|
default:
|
|
|
|
return nil, MethodNotAllowedError{req.Method, []string{"GET", "POST"}}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-11-02 18:02:10 +00:00
|
|
|
// GET /v1/connect/ca/configuration
|
2020-09-04 18:42:15 +00:00
|
|
|
func (s *HTTPHandlers) ConnectCAConfigurationGet(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
2018-04-09 04:59:08 +00:00
|
|
|
// Method is tested in ConnectCAConfiguration
|
|
|
|
var args structs.DCSpecificRequest
|
|
|
|
if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
var reply structs.CAConfiguration
|
2022-12-14 15:24:22 +00:00
|
|
|
err := s.agent.RPC(req.Context(), "ConnectCA.ConfigurationGet", &args, &reply)
|
2018-05-25 17:28:18 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return reply, nil
|
2018-04-09 04:59:08 +00:00
|
|
|
}
|
|
|
|
|
2018-03-21 19:42:42 +00:00
|
|
|
// PUT /v1/connect/ca/configuration
|
2021-07-01 00:48:29 +00:00
|
|
|
func (s *HTTPHandlers) ConnectCAConfigurationSet(req *http.Request) (interface{}, error) {
|
2018-03-21 19:42:42 +00:00
|
|
|
// Method is tested in ConnectCAConfiguration
|
|
|
|
|
2018-04-09 04:59:08 +00:00
|
|
|
var args structs.CARequest
|
|
|
|
s.parseDC(req, &args.Datacenter)
|
|
|
|
s.parseToken(req, &args.Token)
|
2019-10-29 18:13:36 +00:00
|
|
|
if err := decodeBody(req.Body, &args.Config); err != nil {
|
2022-04-29 17:42:49 +00:00
|
|
|
return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: fmt.Sprintf("Request decode failed: %v", err)}
|
2018-03-21 19:42:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
var reply interface{}
|
2022-12-14 15:24:22 +00:00
|
|
|
err := s.agent.RPC(req.Context(), "ConnectCA.ConfigurationSet", &args, &reply)
|
2019-11-21 17:40:29 +00:00
|
|
|
if err != nil && err.Error() == consul.ErrStateReadOnly.Error() {
|
2022-04-29 17:42:49 +00:00
|
|
|
return nil, HTTPError{
|
|
|
|
StatusCode: http.StatusBadRequest,
|
2019-11-21 17:40:29 +00:00
|
|
|
Reason: "Provider State is read-only. It must be omitted" +
|
|
|
|
" or identical to the current value",
|
|
|
|
}
|
|
|
|
}
|
2018-03-21 19:42:42 +00:00
|
|
|
return nil, err
|
|
|
|
}
|