|
|
|
@ -148,7 +148,7 @@ func (a *Authority) generateProvisionerConfig(ctx context.Context) (provisioner.
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// StoreProvisioner stores an provisioner.Interface to the authority.
|
|
|
|
|
// StoreProvisioner stores a provisioner to the authority.
|
|
|
|
|
func (a *Authority) StoreProvisioner(ctx context.Context, prov *linkedca.Provisioner) error {
|
|
|
|
|
a.adminMutex.Lock()
|
|
|
|
|
defer a.adminMutex.Unlock()
|
|
|
|
@ -198,7 +198,7 @@ func (a *Authority) StoreProvisioner(ctx context.Context, prov *linkedca.Provisi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := a.provisioners.Store(certProv); err != nil {
|
|
|
|
|
if err := a.reloadAdminResources(ctx); err != nil {
|
|
|
|
|
if err := a.ReloadAdminResources(ctx); err != nil {
|
|
|
|
|
return admin.WrapErrorISE(err, "error reloading admin resources on failed provisioner store")
|
|
|
|
|
}
|
|
|
|
|
return admin.WrapErrorISE(err, "error storing provisioner in authority cache")
|
|
|
|
@ -234,7 +234,7 @@ func (a *Authority) UpdateProvisioner(ctx context.Context, nu *linkedca.Provisio
|
|
|
|
|
return admin.WrapErrorISE(err, "error updating provisioner '%s' in authority cache", nu.Name)
|
|
|
|
|
}
|
|
|
|
|
if err := a.adminDB.UpdateProvisioner(ctx, nu); err != nil {
|
|
|
|
|
if err := a.reloadAdminResources(ctx); err != nil {
|
|
|
|
|
if err := a.ReloadAdminResources(ctx); err != nil {
|
|
|
|
|
return admin.WrapErrorISE(err, "error reloading admin resources on failed provisioner update")
|
|
|
|
|
}
|
|
|
|
|
return admin.WrapErrorISE(err, "error updating provisioner '%s'", nu.Name)
|
|
|
|
@ -254,31 +254,33 @@ func (a *Authority) RemoveProvisioner(ctx context.Context, id string) error {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
provName, provID := p.GetName(), p.GetID()
|
|
|
|
|
// Validate
|
|
|
|
|
// - Check that there will be SUPER_ADMINs that remain after we
|
|
|
|
|
// remove this provisioner.
|
|
|
|
|
if a.admins.SuperCount() == a.admins.SuperCountByProvisioner(provName) {
|
|
|
|
|
return admin.NewError(admin.ErrorBadRequestType,
|
|
|
|
|
"cannot remove provisioner %s because no super admins will remain", provName)
|
|
|
|
|
}
|
|
|
|
|
if a.IsAdminAPIEnabled() {
|
|
|
|
|
// Validate
|
|
|
|
|
// - Check that there will be SUPER_ADMINs that remain after we
|
|
|
|
|
// remove this provisioner.
|
|
|
|
|
if a.IsAdminAPIEnabled() && a.admins.SuperCount() == a.admins.SuperCountByProvisioner(provName) {
|
|
|
|
|
return admin.NewError(admin.ErrorBadRequestType,
|
|
|
|
|
"cannot remove provisioner %s because no super admins will remain", provName)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Delete all admins associated with the provisioner.
|
|
|
|
|
admins, ok := a.admins.LoadByProvisioner(provName)
|
|
|
|
|
if ok {
|
|
|
|
|
for _, adm := range admins {
|
|
|
|
|
if err := a.removeAdmin(ctx, adm.Id); err != nil {
|
|
|
|
|
return admin.WrapErrorISE(err, "error deleting admin %s, as part of provisioner %s deletion", adm.Subject, provName)
|
|
|
|
|
// Delete all admins associated with the provisioner.
|
|
|
|
|
admins, ok := a.admins.LoadByProvisioner(provName)
|
|
|
|
|
if ok {
|
|
|
|
|
for _, adm := range admins {
|
|
|
|
|
if err := a.removeAdmin(ctx, adm.Id); err != nil {
|
|
|
|
|
return admin.WrapErrorISE(err, "error deleting admin %s, as part of provisioner %s deletion", adm.Subject, provName)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Remove provisioner from authority caches.
|
|
|
|
|
if err := a.provisioners.Remove(provID); err != nil {
|
|
|
|
|
return admin.WrapErrorISE(err, "error removing admin from authority cache")
|
|
|
|
|
return admin.WrapErrorISE(err, "error removing provisioner from authority cache")
|
|
|
|
|
}
|
|
|
|
|
// Remove provisioner from database.
|
|
|
|
|
if err := a.adminDB.DeleteProvisioner(ctx, provID); err != nil {
|
|
|
|
|
if err := a.reloadAdminResources(ctx); err != nil {
|
|
|
|
|
if err := a.ReloadAdminResources(ctx); err != nil {
|
|
|
|
|
return admin.WrapErrorISE(err, "error reloading admin resources on failed provisioner remove")
|
|
|
|
|
}
|
|
|
|
|
return admin.WrapErrorISE(err, "error deleting provisioner %s", provName)
|
|
|
|
|