Add root CA bundle metadata URL
Thic change adds a metadata endpoint that returns a list of root CA certificates a runner must install in order to be able to validate all relevant API endpoints it may require. This includes any GHES API that runs on a self signed certificate. Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
This commit is contained in:
Gabriel Adrian Samfira
parent
f463a41ce2
commit
a26907fb91
8 changed files with 159 additions and 17 deletions
34
runner/metadata.go
Normal file
34
runner/metadata.go
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
package runner
|
||||
|
||||
import (
|
||||
"context"
|
||||
"log"
|
||||
|
||||
runnerErrors "github.com/cloudbase/garm-provider-common/errors"
|
||||
"github.com/cloudbase/garm/auth"
|
||||
"github.com/cloudbase/garm/params"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
func (r *Runner) GetRootCertificateBundle(ctx context.Context) (params.CertificateBundle, error) {
|
||||
instance, err := auth.InstanceParams(ctx)
|
||||
if err != nil {
|
||||
log.Printf("failed to get instance params: %s", err)
|
||||
return params.CertificateBundle{}, runnerErrors.ErrUnauthorized
|
||||
}
|
||||
|
||||
poolMgr, err := r.getPoolManagerFromInstance(ctx, instance)
|
||||
if err != nil {
|
||||
return params.CertificateBundle{}, errors.Wrap(err, "fetching pool manager for instance")
|
||||
}
|
||||
|
||||
bundle, err := poolMgr.RootCABundle()
|
||||
if err != nil {
|
||||
log.Printf("failed to get root CA bundle: %s", err)
|
||||
// The root CA bundle is invalid. Return an empty bundle to the runner and log the event.
|
||||
return params.CertificateBundle{
|
||||
RootCertificates: make(map[string][]byte),
|
||||
}, nil
|
||||
}
|
||||
return bundle, nil
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue