Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / a5b00bd43cceaf807e56ae609c6acdb9f94fa983 / . / metropolis / cli / metroctl / cmd_certs.go
blob: 9aa0953a9d591f49a9a7443827b3a7762e80e837 [file] [log] [blame]
Tim Windelschmidtf0ec0f62023-07-17 13:43:38 +0200[diff] [blame]1package main
2
3import (
4 "crypto/x509"
5 "encoding/pem"
Tim Windelschmidtd5f851b2024-04-23 14:59:37 +0200[diff] [blame]6 "errors"
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]7 "fmt"
Tim Windelschmidtf0ec0f62023-07-17 13:43:38 +0200[diff] [blame]8 "log"
9 "os"
10
11 "github.com/spf13/cobra"
12
13 "source.monogon.dev/metropolis/cli/metroctl/core"
14)
15
16func init() {
17 certCmd.AddCommand(certExportCmd)
18
19 rootCmd.AddCommand(certCmd)
20}
21
22var certCmd = &cobra.Command{
23 Short: "Certificate utilities",
24 Use: "cert",
25}
26
27var certExportCmd = &cobra.Command{
28 Short: "Exports certificates for use in other programs",
29 Use: "export",
30 Example: "metroctl cert export",
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]31 RunE: func(cmd *cobra.Command, args []string) error {
Tim Windelschmidtf0ec0f62023-07-17 13:43:38 +0200[diff] [blame]32 ocert, opkey, err := core.GetOwnerCredentials(flags.configPath)
Tim Windelschmidt513df182024-04-18 23:44:50 +0200[diff] [blame]33 if errors.Is(err, core.ErrNoCredentials) {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]34 return fmt.Errorf("you have to take ownership of the cluster first: %w", err)
Tim Windelschmidtf0ec0f62023-07-17 13:43:38 +0200[diff] [blame]35 }
36
37 pkcs8Key, err := x509.MarshalPKCS8PrivateKey(opkey)
38 if err != nil {
39 // We explicitly pass an Ed25519 private key in, so this can't happen
40 panic(err)
41 }
42
43 if err := os.WriteFile("owner.crt", pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: ocert.Raw}), 0755); err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]44 return err
Tim Windelschmidtf0ec0f62023-07-17 13:43:38 +0200[diff] [blame]45 }
46
47 if err := os.WriteFile("owner.key", pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: pkcs8Key}), 0755); err != nil {
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]48 return err
Tim Windelschmidtf0ec0f62023-07-17 13:43:38 +0200[diff] [blame]49 }
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]50
Tim Windelschmidtf0ec0f62023-07-17 13:43:38 +0200[diff] [blame]51 log.Println("Wrote files to current dir: cert.pem, key.pem")
Tim Windelschmidt0b4fb8c2024-09-18 17:34:23 +0200[diff] [blame]52 return nil
Tim Windelschmidtf0ec0f62023-07-17 13:43:38 +0200[diff] [blame]53 },
Tim Windelschmidtfc6e1cf2024-09-18 17:34:07 +0200[diff] [blame]54 Args: PrintUsageOnWrongArgs(cobra.NoArgs),
Tim Windelschmidtf0ec0f62023-07-17 13:43:38 +0200[diff] [blame]55}