smallstep-certificates/ca/adminClient.go

package ca

import (
	"bytes"
	"encoding/json"
	"io"
	"net/http"
	"net/url"
	"path"
	"strconv"

	"github.com/pkg/errors"
	"github.com/smallstep/certificates/authority/admin"
	"github.com/smallstep/certificates/authority/mgmt"
	mgmtAPI "github.com/smallstep/certificates/authority/mgmt/api"
	"github.com/smallstep/certificates/errs"
)

// AdminClient implements an HTTP client for the CA server.
type AdminClient struct {
	client    *uaClient
	endpoint  *url.URL
	retryFunc RetryFunc
	opts      []ClientOption
}

// NewAdminClient creates a new AdminClient with the given endpoint and options.
func NewAdminClient(endpoint string, opts ...ClientOption) (*AdminClient, error) {
	u, err := parseEndpoint(endpoint)
	if err != nil {
		return nil, err
	}
	// Retrieve transport from options.
	o := new(clientOptions)
	if err := o.apply(opts); err != nil {
		return nil, err
	}
	tr, err := o.getTransport(endpoint)
	if err != nil {
		return nil, err
	}

	return &AdminClient{
		client:    newClient(tr),
		endpoint:  u,
		retryFunc: o.retryFunc,
		opts:      opts,
	}, nil
}

func (c *AdminClient) retryOnError(r *http.Response) bool {
	if c.retryFunc != nil {
		if c.retryFunc(r.StatusCode) {
			o := new(clientOptions)
			if err := o.apply(c.opts); err != nil {
				return false
			}
			tr, err := o.getTransport(c.endpoint.String())
			if err != nil {
				return false
			}
			r.Body.Close()
			c.client.SetTransport(tr)
			return true
		}
	}
	return false
}

// GetAdmin performs the GET /admin/admin/{id} request to the CA.
func (c *AdminClient) GetAdmin(id string) (*mgmt.Admin, error) {
	var retried bool
	u := c.endpoint.ResolveReference(&url.URL{Path: path.Join("/admin/admin", id)})
retry:
	resp, err := c.client.Get(u.String())
	if err != nil {
		return nil, errors.Wrapf(err, "client GET %s failed", u)
	}
	if resp.StatusCode >= 400 {
		if !retried && c.retryOnError(resp) {
			retried = true
			goto retry
		}
		return nil, readAdminError(resp.Body)
	}
	var adm = new(mgmt.Admin)
	if err := readJSON(resp.Body, adm); err != nil {
		return nil, errors.Wrapf(err, "error reading %s", u)
	}
	return adm, nil
}

// AdminOption is the type of options passed to the Provisioner method.
type AdminOption func(o *adminOptions) error

type adminOptions struct {
	cursor string
	limit  int
}

func (o *adminOptions) apply(opts []AdminOption) (err error) {
	for _, fn := range opts {
		if err = fn(o); err != nil {
			return
		}
	}
	return
}

func (o *adminOptions) rawQuery() string {
	v := url.Values{}
	if len(o.cursor) > 0 {
		v.Set("cursor", o.cursor)
	}
	if o.limit > 0 {
		v.Set("limit", strconv.Itoa(o.limit))
	}
	return v.Encode()
}

// WithAdminCursor will request the admins starting with the given cursor.
func WithAdminCursor(cursor string) AdminOption {
	return func(o *adminOptions) error {
		o.cursor = cursor
		return nil
	}
}

// WithAdminLimit will request the given number of admins.
func WithAdminLimit(limit int) AdminOption {
	return func(o *adminOptions) error {
		o.limit = limit
		return nil
	}
}

// GetAdmins performs the GET /admin/admins request to the CA.
func (c *AdminClient) GetAdmins(opts ...AdminOption) (*mgmtAPI.GetAdminsResponse, error) {
	var retried bool
	o := new(adminOptions)
	if err := o.apply(opts); err != nil {
		return nil, err
	}
	u := c.endpoint.ResolveReference(&url.URL{
		Path:     "/admin/admins",
		RawQuery: o.rawQuery(),
	})
retry:
	resp, err := c.client.Get(u.String())
	if err != nil {
		return nil, errors.Wrapf(err, "client GET %s failed", u)
	}
	if resp.StatusCode >= 400 {
		if !retried && c.retryOnError(resp) {
			retried = true
			goto retry
		}
		return nil, readAdminError(resp.Body)
	}
	var body = new(mgmtAPI.GetAdminsResponse)
	if err := readJSON(resp.Body, body); err != nil {
		return nil, errors.Wrapf(err, "error reading %s", u)
	}
	return body, nil
}

// CreateAdmin performs the POST /admin/admins request to the CA.
func (c *AdminClient) CreateAdmin(req *mgmtAPI.CreateAdminRequest) (*mgmt.Admin, error) {
	var retried bool
	body, err := json.Marshal(req)
	if err != nil {
		return nil, errs.Wrap(http.StatusInternalServerError, err, "error marshaling request")
	}
	u := c.endpoint.ResolveReference(&url.URL{Path: "/admin/admins"})
retry:
	resp, err := c.client.Post(u.String(), "application/json", bytes.NewReader(body))
	if err != nil {
		return nil, errors.Wrapf(err, "client POST %s failed", u)
	}
	if resp.StatusCode >= 400 {
		if !retried && c.retryOnError(resp) {
			retried = true
			goto retry
		}
		return nil, readAdminError(resp.Body)
	}
	var adm = new(mgmt.Admin)
	if err := readJSON(resp.Body, adm); err != nil {
		return nil, errors.Wrapf(err, "error reading %s", u)
	}
	return adm, nil
}

// RemoveAdmin performs the DELETE /admin/admins/{id} request to the CA.
func (c *AdminClient) RemoveAdmin(id string) error {
	var retried bool
	u := c.endpoint.ResolveReference(&url.URL{Path: path.Join("/admin/admins", id)})
	req, err := http.NewRequest("DELETE", u.String(), nil)
	if err != nil {
		return errors.Wrapf(err, "create DELETE %s request failed", u)
	}
retry:
	resp, err := c.client.Do(req)
	if err != nil {
		return errors.Wrapf(err, "client DELETE %s failed", u)
	}
	if resp.StatusCode >= 400 {
		if !retried && c.retryOnError(resp) {
			retried = true
			goto retry
		}
		return readAdminError(resp.Body)
	}
	return nil
}

// UpdateAdmin performs the PUT /admin/admins/{id} request to the CA.
func (c *AdminClient) UpdateAdmin(id string, uar *mgmtAPI.UpdateAdminRequest) (*admin.Admin, error) {
	var retried bool
	body, err := json.Marshal(uar)
	if err != nil {
		return nil, errs.Wrap(http.StatusInternalServerError, err, "error marshaling request")
	}
	u := c.endpoint.ResolveReference(&url.URL{Path: path.Join("/admin/admins", id)})
	req, err := http.NewRequest("PATCH", u.String(), bytes.NewReader(body))
	if err != nil {
		return nil, errors.Wrapf(err, "create PUT %s request failed", u)
	}
retry:
	resp, err := c.client.Do(req)
	if err != nil {
		return nil, errors.Wrapf(err, "client PUT %s failed", u)
	}
	if resp.StatusCode >= 400 {
		if !retried && c.retryOnError(resp) {
			retried = true
			goto retry
		}
		return nil, readAdminError(resp.Body)
	}
	var adm = new(admin.Admin)
	if err := readJSON(resp.Body, adm); err != nil {
		return nil, errors.Wrapf(err, "error reading %s", u)
	}
	return adm, nil
}

// GetProvisioner performs the GET /admin/provisioners/{name} request to the CA.
func (c *AdminClient) GetProvisioner(name string) (*mgmt.Provisioner, error) {
	var retried bool
	u := c.endpoint.ResolveReference(&url.URL{Path: path.Join("/admin/provisioners", name)})
retry:
	resp, err := c.client.Get(u.String())
	if err != nil {
		return nil, errors.Wrapf(err, "client GET %s failed", u)
	}
	if resp.StatusCode >= 400 {
		if !retried && c.retryOnError(resp) {
			retried = true
			goto retry
		}
		return nil, readAdminError(resp.Body)
	}
	var prov = new(mgmt.Provisioner)
	if err := readJSON(resp.Body, prov); err != nil {
		return nil, errors.Wrapf(err, "error reading %s", u)
	}
	return prov, nil
}

// GetProvisioners performs the GET /admin/provisioners request to the CA.
func (c *AdminClient) GetProvisioners() ([]*mgmt.Provisioner, error) {
	var retried bool
	u := c.endpoint.ResolveReference(&url.URL{Path: "/admin/provisioners"})
retry:
	resp, err := c.client.Get(u.String())
	if err != nil {
		return nil, errors.Wrapf(err, "client GET %s failed", u)
	}
	if resp.StatusCode >= 400 {
		if !retried && c.retryOnError(resp) {
			retried = true
			goto retry
		}
		return nil, readAdminError(resp.Body)
	}
	var provs = new([]*mgmt.Provisioner)
	if err := readJSON(resp.Body, provs); err != nil {
		return nil, errors.Wrapf(err, "error reading %s", u)
	}
	return *provs, nil
}

// RemoveProvisioner performs the DELETE /admin/provisioners/{name} request to the CA.
func (c *AdminClient) RemoveProvisioner(name string) error {
	var retried bool
	u := c.endpoint.ResolveReference(&url.URL{Path: path.Join("/admin/provisioners", name)})
	req, err := http.NewRequest("DELETE", u.String(), nil)
	if err != nil {
		return errors.Wrapf(err, "create DELETE %s request failed", u)
	}
retry:
	resp, err := c.client.Do(req)
	if err != nil {
		return errors.Wrapf(err, "client DELETE %s failed", u)
	}
	if resp.StatusCode >= 400 {
		if !retried && c.retryOnError(resp) {
			retried = true
			goto retry
		}
		return readAdminError(resp.Body)
	}
	return nil
}

// CreateProvisioner performs the POST /admin/provisioners request to the CA.
func (c *AdminClient) CreateProvisioner(req *mgmtAPI.CreateProvisionerRequest) (*mgmt.Provisioner, error) {
	var retried bool
	body, err := json.Marshal(req)
	if err != nil {
		return nil, errs.Wrap(http.StatusInternalServerError, err, "error marshaling request")
	}
	u := c.endpoint.ResolveReference(&url.URL{Path: "/admin/provisioners"})
retry:
	resp, err := c.client.Post(u.String(), "application/json", bytes.NewReader(body))
	if err != nil {
		return nil, errors.Wrapf(err, "client POST %s failed", u)
	}
	if resp.StatusCode >= 400 {
		if !retried && c.retryOnError(resp) {
			retried = true
			goto retry
		}
		return nil, readAdminError(resp.Body)
	}
	var prov = new(mgmt.Provisioner)
	if err := readJSON(resp.Body, prov); err != nil {
		return nil, errors.Wrapf(err, "error reading %s", u)
	}
	return prov, nil
}

// UpdateProvisioner performs the PUT /admin/provisioners/{id} request to the CA.
func (c *AdminClient) UpdateProvisioner(id string, upr *mgmtAPI.UpdateProvisionerRequest) (*mgmt.Provisioner, error) {
	var retried bool
	body, err := json.Marshal(upr)
	if err != nil {
		return nil, errs.Wrap(http.StatusInternalServerError, err, "error marshaling request")
	}
	u := c.endpoint.ResolveReference(&url.URL{Path: path.Join("/admin/provisioners", id)})
	req, err := http.NewRequest("PUT", u.String(), bytes.NewReader(body))
	if err != nil {
		return nil, errors.Wrapf(err, "create PUT %s request failed", u)
	}
retry:
	resp, err := c.client.Do(req)
	if err != nil {
		return nil, errors.Wrapf(err, "client PUT %s failed", u)
	}
	if resp.StatusCode >= 400 {
		if !retried && c.retryOnError(resp) {
			retried = true
			goto retry
		}
		return nil, readAdminError(resp.Body)
	}
	var prov = new(mgmt.Provisioner)
	if err := readJSON(resp.Body, prov); err != nil {
		return nil, errors.Wrapf(err, "error reading %s", u)
	}
	return prov, nil
}

// GetAuthConfig performs the GET /admin/authconfig/{id} request to the CA.
func (c *AdminClient) GetAuthConfig(id string) (*mgmt.AuthConfig, error) {
	var retried bool
	u := c.endpoint.ResolveReference(&url.URL{Path: path.Join("/admin/authconfig", id)})
retry:
	resp, err := c.client.Get(u.String())
	if err != nil {
		return nil, errors.Wrapf(err, "client GET %s failed", u)
	}
	if resp.StatusCode >= 400 {
		if !retried && c.retryOnError(resp) {
			retried = true
			goto retry
		}
		return nil, readAdminError(resp.Body)
	}
	var ac = new(mgmt.AuthConfig)
	if err := readJSON(resp.Body, ac); err != nil {
		return nil, errors.Wrapf(err, "error reading %s", u)
	}
	return ac, nil
}

func readAdminError(r io.ReadCloser) error {
	defer r.Close()
	mgmtErr := new(mgmt.Error)
	if err := json.NewDecoder(r).Decode(mgmtErr); err != nil {
		return err
	}
	return errors.New(mgmtErr.Message)
}
first commit 3 years ago			`package ca`

			`import (`
wip admin CRUD 3 years ago			`"bytes"`
			`"encoding/json"`
wip 3 years ago			`"io"`
first commit 3 years ago			`"net/http"`
			`"net/url"`
			`"path"`
wip 3 years ago			`"strconv"`
first commit 3 years ago
			`"github.com/pkg/errors"`
wip 3 years ago			`"github.com/smallstep/certificates/authority/admin"`
first commit 3 years ago			`"github.com/smallstep/certificates/authority/mgmt"`
wip admin CRUD 3 years ago			`mgmtAPI "github.com/smallstep/certificates/authority/mgmt/api"`
			`"github.com/smallstep/certificates/errs"`
first commit 3 years ago			`)`

wip 3 years ago			`// AdminClient implements an HTTP client for the CA server.`
			`type AdminClient struct {`
first commit 3 years ago			`client *uaClient`
			`endpoint *url.URL`
			`retryFunc RetryFunc`
			`opts []ClientOption`
			`}`

wip 3 years ago			`// NewAdminClient creates a new AdminClient with the given endpoint and options.`
			`func NewAdminClient(endpoint string, opts ...ClientOption) (*AdminClient, error) {`
first commit 3 years ago			`u, err := parseEndpoint(endpoint)`
			`if err != nil {`
			`return nil, err`
			`}`
			`// Retrieve transport from options.`
			`o := new(clientOptions)`
			`if err := o.apply(opts); err != nil {`
			`return nil, err`
			`}`
			`tr, err := o.getTransport(endpoint)`
			`if err != nil {`
			`return nil, err`
			`}`

wip 3 years ago			`return &AdminClient{`
first commit 3 years ago			`client: newClient(tr),`
			`endpoint: u,`
			`retryFunc: o.retryFunc,`
			`opts: opts,`
			`}, nil`
			`}`

wip 3 years ago			`func (c AdminClient) retryOnError(r http.Response) bool {`
first commit 3 years ago			`if c.retryFunc != nil {`
			`if c.retryFunc(r.StatusCode) {`
			`o := new(clientOptions)`
			`if err := o.apply(c.opts); err != nil {`
			`return false`
			`}`
			`tr, err := o.getTransport(c.endpoint.String())`
			`if err != nil {`
			`return false`
			`}`
			`r.Body.Close()`
			`c.client.SetTransport(tr)`
			`return true`
			`}`
			`}`
			`return false`
			`}`

wip 3 years ago			`// GetAdmin performs the GET /admin/admin/{id} request to the CA.`
			`func (c AdminClient) GetAdmin(id string) (mgmt.Admin, error) {`
first commit 3 years ago			`var retried bool`
wip 3 years ago			`u := c.endpoint.ResolveReference(&url.URL{Path: path.Join("/admin/admin", id)})`
first commit 3 years ago			`retry:`
			`resp, err := c.client.Get(u.String())`
			`if err != nil {`
			`return nil, errors.Wrapf(err, "client GET %s failed", u)`
			`}`
			`if resp.StatusCode >= 400 {`
			`if !retried && c.retryOnError(resp) {`
			`retried = true`
			`goto retry`
			`}`
wip 3 years ago			`return nil, readAdminError(resp.Body)`
first commit 3 years ago			`}`
			`var adm = new(mgmt.Admin)`
			`if err := readJSON(resp.Body, adm); err != nil {`
			`return nil, errors.Wrapf(err, "error reading %s", u)`
			`}`
			`return adm, nil`
			`}`

wip 3 years ago			`// AdminOption is the type of options passed to the Provisioner method.`
			`type AdminOption func(o *adminOptions) error`

			`type adminOptions struct {`
			`cursor string`
			`limit int`
			`}`

			`func (o *adminOptions) apply(opts []AdminOption) (err error) {`
			`for _, fn := range opts {`
			`if err = fn(o); err != nil {`
			`return`
			`}`
			`}`
			`return`
			`}`

			`func (o *adminOptions) rawQuery() string {`
			`v := url.Values{}`
			`if len(o.cursor) > 0 {`
			`v.Set("cursor", o.cursor)`
			`}`
			`if o.limit > 0 {`
			`v.Set("limit", strconv.Itoa(o.limit))`
			`}`
			`return v.Encode()`
			`}`

			`// WithAdminCursor will request the admins starting with the given cursor.`
			`func WithAdminCursor(cursor string) AdminOption {`
			`return func(o *adminOptions) error {`
			`o.cursor = cursor`
			`return nil`
			`}`
			`}`

			`// WithAdminLimit will request the given number of admins.`
			`func WithAdminLimit(limit int) AdminOption {`
			`return func(o *adminOptions) error {`
			`o.limit = limit`
			`return nil`
			`}`
			`}`

wip 3 years ago			`// GetAdmins performs the GET /admin/admins request to the CA.`
wip 3 years ago			`func (c AdminClient) GetAdmins(opts ...AdminOption) (mgmtAPI.GetAdminsResponse, error) {`
wip 3 years ago			`var retried bool`
			`o := new(adminOptions)`
			`if err := o.apply(opts); err != nil {`
			`return nil, err`
			`}`
			`u := c.endpoint.ResolveReference(&url.URL{`
wip 3 years ago			`Path: "/admin/admins",`
wip 3 years ago			`RawQuery: o.rawQuery(),`
			`})`
			`retry:`
			`resp, err := c.client.Get(u.String())`
			`if err != nil {`
			`return nil, errors.Wrapf(err, "client GET %s failed", u)`
			`}`
			`if resp.StatusCode >= 400 {`
			`if !retried && c.retryOnError(resp) {`
			`retried = true`
			`goto retry`
			`}`
wip 3 years ago			`return nil, readAdminError(resp.Body)`
wip 3 years ago			`}`
			`var body = new(mgmtAPI.GetAdminsResponse)`
			`if err := readJSON(resp.Body, body); err != nil {`
			`return nil, errors.Wrapf(err, "error reading %s", u)`
			`}`
			`return body, nil`
			`}`

wip 3 years ago			`// CreateAdmin performs the POST /admin/admins request to the CA.`
			`func (c AdminClient) CreateAdmin(req mgmtAPI.CreateAdminRequest) (*mgmt.Admin, error) {`
wip admin CRUD 3 years ago			`var retried bool`
			`body, err := json.Marshal(req)`
			`if err != nil {`
			`return nil, errs.Wrap(http.StatusInternalServerError, err, "error marshaling request")`
			`}`
wip 3 years ago			`u := c.endpoint.ResolveReference(&url.URL{Path: "/admin/admins"})`
wip admin CRUD 3 years ago			`retry:`
			`resp, err := c.client.Post(u.String(), "application/json", bytes.NewReader(body))`
			`if err != nil {`
			`return nil, errors.Wrapf(err, "client POST %s failed", u)`
			`}`
			`if resp.StatusCode >= 400 {`
			`if !retried && c.retryOnError(resp) {`
			`retried = true`
			`goto retry`
			`}`
wip 3 years ago			`return nil, readAdminError(resp.Body)`
wip admin CRUD 3 years ago			`}`
			`var adm = new(mgmt.Admin)`
			`if err := readJSON(resp.Body, adm); err != nil {`
			`return nil, errors.Wrapf(err, "error reading %s", u)`
			`}`
			`return adm, nil`
			`}`

wip 3 years ago			`// RemoveAdmin performs the DELETE /admin/admins/{id} request to the CA.`
			`func (c *AdminClient) RemoveAdmin(id string) error {`
wip admin CRUD 3 years ago			`var retried bool`
wip 3 years ago			`u := c.endpoint.ResolveReference(&url.URL{Path: path.Join("/admin/admins", id)})`
wip admin CRUD 3 years ago			`req, err := http.NewRequest("DELETE", u.String(), nil)`
			`if err != nil {`
			`return errors.Wrapf(err, "create DELETE %s request failed", u)`
			`}`
			`retry:`
			`resp, err := c.client.Do(req)`
			`if err != nil {`
			`return errors.Wrapf(err, "client DELETE %s failed", u)`
			`}`
			`if resp.StatusCode >= 400 {`
			`if !retried && c.retryOnError(resp) {`
			`retried = true`
			`goto retry`
			`}`
wip 3 years ago			`return readAdminError(resp.Body)`
wip admin CRUD 3 years ago			`}`
			`return nil`
			`}`

wip 3 years ago			`// UpdateAdmin performs the PUT /admin/admins/{id} request to the CA.`
			`func (c AdminClient) UpdateAdmin(id string, uar mgmtAPI.UpdateAdminRequest) (*admin.Admin, error) {`
wip admin CRUD 3 years ago			`var retried bool`
			`body, err := json.Marshal(uar)`
			`if err != nil {`
			`return nil, errs.Wrap(http.StatusInternalServerError, err, "error marshaling request")`
			`}`
wip 3 years ago			`u := c.endpoint.ResolveReference(&url.URL{Path: path.Join("/admin/admins", id)})`
wip 3 years ago			`req, err := http.NewRequest("PATCH", u.String(), bytes.NewReader(body))`
wip admin CRUD 3 years ago			`if err != nil {`
			`return nil, errors.Wrapf(err, "create PUT %s request failed", u)`
			`}`
			`retry:`
			`resp, err := c.client.Do(req)`
			`if err != nil {`
			`return nil, errors.Wrapf(err, "client PUT %s failed", u)`
			`}`
			`if resp.StatusCode >= 400 {`
			`if !retried && c.retryOnError(resp) {`
			`retried = true`
			`goto retry`
			`}`
wip 3 years ago			`return nil, readAdminError(resp.Body)`
wip admin CRUD 3 years ago			`}`
wip 3 years ago			`var adm = new(admin.Admin)`
wip admin CRUD 3 years ago			`if err := readJSON(resp.Body, adm); err != nil {`
			`return nil, errors.Wrapf(err, "error reading %s", u)`
			`}`
			`return adm, nil`
			`}`

wip 3 years ago			`// GetProvisioner performs the GET /admin/provisioners/{name} request to the CA.`
			`func (c AdminClient) GetProvisioner(name string) (mgmt.Provisioner, error) {`
wip 3 years ago			`var retried bool`
wip 3 years ago			`u := c.endpoint.ResolveReference(&url.URL{Path: path.Join("/admin/provisioners", name)})`
wip 3 years ago			`retry:`
			`resp, err := c.client.Get(u.String())`
			`if err != nil {`
			`return nil, errors.Wrapf(err, "client GET %s failed", u)`
			`}`
			`if resp.StatusCode >= 400 {`
			`if !retried && c.retryOnError(resp) {`
			`retried = true`
			`goto retry`
			`}`
wip 3 years ago			`return nil, readAdminError(resp.Body)`
wip 3 years ago			`}`
			`var prov = new(mgmt.Provisioner)`
			`if err := readJSON(resp.Body, prov); err != nil {`
			`return nil, errors.Wrapf(err, "error reading %s", u)`
			`}`
			`return prov, nil`
			`}`

wip 3 years ago			`// GetProvisioners performs the GET /admin/provisioners request to the CA.`
wip 3 years ago			`func (c AdminClient) GetProvisioners() ([]mgmt.Provisioner, error) {`
wip 3 years ago			`var retried bool`
wip 3 years ago			`u := c.endpoint.ResolveReference(&url.URL{Path: "/admin/provisioners"})`
wip 3 years ago			`retry:`
			`resp, err := c.client.Get(u.String())`
			`if err != nil {`
			`return nil, errors.Wrapf(err, "client GET %s failed", u)`
			`}`
			`if resp.StatusCode >= 400 {`
			`if !retried && c.retryOnError(resp) {`
			`retried = true`
			`goto retry`
			`}`
wip 3 years ago			`return nil, readAdminError(resp.Body)`
wip 3 years ago			`}`
			`var provs = new([]*mgmt.Provisioner)`
			`if err := readJSON(resp.Body, provs); err != nil {`
			`return nil, errors.Wrapf(err, "error reading %s", u)`
			`}`
			`return *provs, nil`
			`}`
wip 3 years ago
wip 3 years ago			`// RemoveProvisioner performs the DELETE /admin/provisioners/{name} request to the CA.`
			`func (c *AdminClient) RemoveProvisioner(name string) error {`
wip 3 years ago			`var retried bool`
wip 3 years ago			`u := c.endpoint.ResolveReference(&url.URL{Path: path.Join("/admin/provisioners", name)})`
wip 3 years ago			`req, err := http.NewRequest("DELETE", u.String(), nil)`
			`if err != nil {`
			`return errors.Wrapf(err, "create DELETE %s request failed", u)`
			`}`
			`retry:`
			`resp, err := c.client.Do(req)`
			`if err != nil {`
			`return errors.Wrapf(err, "client DELETE %s failed", u)`
			`}`
			`if resp.StatusCode >= 400 {`
			`if !retried && c.retryOnError(resp) {`
			`retried = true`
			`goto retry`
			`}`
wip 3 years ago			`return readAdminError(resp.Body)`
wip 3 years ago			`}`
			`return nil`
			`}`

wip 3 years ago			`// CreateProvisioner performs the POST /admin/provisioners request to the CA.`
			`func (c AdminClient) CreateProvisioner(req mgmtAPI.CreateProvisionerRequest) (*mgmt.Provisioner, error) {`
wip 3 years ago			`var retried bool`
			`body, err := json.Marshal(req)`
			`if err != nil {`
			`return nil, errs.Wrap(http.StatusInternalServerError, err, "error marshaling request")`
			`}`
wip 3 years ago			`u := c.endpoint.ResolveReference(&url.URL{Path: "/admin/provisioners"})`
wip 3 years ago			`retry:`
			`resp, err := c.client.Post(u.String(), "application/json", bytes.NewReader(body))`
			`if err != nil {`
			`return nil, errors.Wrapf(err, "client POST %s failed", u)`
			`}`
			`if resp.StatusCode >= 400 {`
			`if !retried && c.retryOnError(resp) {`
			`retried = true`
			`goto retry`
			`}`
wip 3 years ago			`return nil, readAdminError(resp.Body)`
wip 3 years ago			`}`
			`var prov = new(mgmt.Provisioner)`
			`if err := readJSON(resp.Body, prov); err != nil {`
			`return nil, errors.Wrapf(err, "error reading %s", u)`
			`}`
			`return prov, nil`
			`}`

wip 3 years ago			`// UpdateProvisioner performs the PUT /admin/provisioners/{id} request to the CA.`
			`func (c AdminClient) UpdateProvisioner(id string, upr mgmtAPI.UpdateProvisionerRequest) (*mgmt.Provisioner, error) {`
wip 3 years ago			`var retried bool`
			`body, err := json.Marshal(upr)`
			`if err != nil {`
			`return nil, errs.Wrap(http.StatusInternalServerError, err, "error marshaling request")`
			`}`
wip 3 years ago			`u := c.endpoint.ResolveReference(&url.URL{Path: path.Join("/admin/provisioners", id)})`
wip 3 years ago			`req, err := http.NewRequest("PUT", u.String(), bytes.NewReader(body))`
			`if err != nil {`
			`return nil, errors.Wrapf(err, "create PUT %s request failed", u)`
			`}`
			`retry:`
			`resp, err := c.client.Do(req)`
			`if err != nil {`
			`return nil, errors.Wrapf(err, "client PUT %s failed", u)`
			`}`
			`if resp.StatusCode >= 400 {`
			`if !retried && c.retryOnError(resp) {`
			`retried = true`
			`goto retry`
			`}`
wip 3 years ago			`return nil, readAdminError(resp.Body)`
wip 3 years ago			`}`
			`var prov = new(mgmt.Provisioner)`
			`if err := readJSON(resp.Body, prov); err != nil {`
			`return nil, errors.Wrapf(err, "error reading %s", u)`
			`}`
			`return prov, nil`
			`}`

wip 3 years ago			`// GetAuthConfig performs the GET /admin/authconfig/{id} request to the CA.`
wip 3 years ago			`func (c AdminClient) GetAuthConfig(id string) (mgmt.AuthConfig, error) {`
wip 3 years ago			`var retried bool`
wip 3 years ago			`u := c.endpoint.ResolveReference(&url.URL{Path: path.Join("/admin/authconfig", id)})`
wip 3 years ago			`retry:`
			`resp, err := c.client.Get(u.String())`
			`if err != nil {`
			`return nil, errors.Wrapf(err, "client GET %s failed", u)`
			`}`
			`if resp.StatusCode >= 400 {`
			`if !retried && c.retryOnError(resp) {`
			`retried = true`
			`goto retry`
			`}`
wip 3 years ago			`return nil, readAdminError(resp.Body)`
wip 3 years ago			`}`
			`var ac = new(mgmt.AuthConfig)`
			`if err := readJSON(resp.Body, ac); err != nil {`
			`return nil, errors.Wrapf(err, "error reading %s", u)`
			`}`
			`return ac, nil`
			`}`

wip 3 years ago			`func readAdminError(r io.ReadCloser) error {`
wip 3 years ago			`defer r.Close()`
			`mgmtErr := new(mgmt.Error)`
			`if err := json.NewDecoder(r).Decode(mgmtErr); err != nil {`
			`return err`
			`}`
			`return errors.New(mgmtErr.Message)`
			`}`