diff --git a/backend/methods.go b/backend/methods.go index 673f8e3..9434465 100644 --- a/backend/methods.go +++ b/backend/methods.go @@ -6,9 +6,6 @@ import ( "encoding/base32" "errors" "fmt" - "github.com/google/uuid" - ou "github.com/pashcovich/openvpn-user/src" - log "github.com/sirupsen/logrus" "io/fs" "net" "regexp" @@ -16,9 +13,11 @@ import ( "strings" "text/template" "time" -) -var app OpenVPNPKI + "github.com/google/uuid" + ou "github.com/pashcovich/openvpn-user/src" + log "github.com/sirupsen/logrus" +) func (oAdmin *OvpnAdmin) RegisterMetrics() { oAdmin.PromRegistry.MustRegister(OvpnServerCertExpire) @@ -147,7 +146,7 @@ func (oAdmin *OvpnAdmin) renderClientConfig(username string) string { conf.TLS = fRead(*EasyrsaDirPath + "/pki/ta.key") if *StorageBackend == "kubernetes.secrets" { - conf.Cert, conf.Key = app.EasyrsaGetClientCert(username) + conf.Cert, conf.Key = oAdmin.KubeClient.EasyrsaGetClientCert(username) } else { conf.Cert = fRead(*EasyrsaDirPath + "/pki/issued/" + username + ".crt") conf.Key = fRead(*EasyrsaDirPath + "/pki/private/" + username + ".key") @@ -208,7 +207,7 @@ func (oAdmin *OvpnAdmin) parseCcd(username string) CCD { var txtLinesArray []string if *StorageBackend == "kubernetes.secrets" { - txtLinesArray = strings.Split(app.SecretGetCcd(ccd.User), "\n") + txtLinesArray = strings.Split(oAdmin.KubeClient.SecretGetCcd(ccd.User), "\n") } else { if fExist(*CcdDir + "/" + username) { txtLinesArray = strings.Split(fRead(*CcdDir+"/"+username), "\n") @@ -244,7 +243,7 @@ func (oAdmin *OvpnAdmin) modifyCcd(ccd CCD) (bool, string) { log.Error(err) } if *StorageBackend == "kubernetes.secrets" { - app.SecretUpdateCcd(ccd.User, tmp.Bytes()) + oAdmin.KubeClient.SecretUpdateCcd(ccd.User, tmp.Bytes()) } else { err = fWrite(*CcdDir+"/"+ccd.User, tmp.String()) if err != nil { @@ -363,13 +362,13 @@ func (oAdmin *OvpnAdmin) userCreate(username, password string) (string, error) { } if *StorageBackend == "kubernetes.secrets" { - err := app.EasyrsaBuildClient(username) + err := oAdmin.KubeClient.EasyrsaBuildClient(username) if err != nil { log.Error(err) return err.Error(), err } if *AuthByPassword { - err = app.updatePasswordSecret(username, []byte(password)) + err = oAdmin.KubeClient.updatePasswordSecret(username, []byte(password)) if err != nil { return err.Error(), err } @@ -408,7 +407,7 @@ func (oAdmin *OvpnAdmin) userChangePassword(username, password string) (error, s } if *StorageBackend == "kubernetes.secrets" { - err := app.updatePasswordSecret(username, []byte(password)) + err := oAdmin.KubeClient.updatePasswordSecret(username, []byte(password)) if err != nil { return err, err.Error() } @@ -430,7 +429,7 @@ func (oAdmin *OvpnAdmin) isSecondFactorConfigured(username string) bool { switch *StorageBackend { case "kubernetes.secrets": - sfe, err := app.SecondFactorEnabled(username) + sfe, err := oAdmin.KubeClient.SecondFactorEnabled(username) if err != nil { return false } @@ -453,7 +452,7 @@ func (oAdmin *OvpnAdmin) getUserSecret(username string) (string, error) { var err error if *StorageBackend == "kubernetes.secrets" { - userSecret, err = app.secondFactorSecret(username) + userSecret, err = oAdmin.KubeClient.secondFactorSecret(username) if err != nil { return err.Error(), err } @@ -482,7 +481,7 @@ func (oAdmin *OvpnAdmin) getUserSecret(username string) (string, error) { newSecret := make([]byte, base32.StdEncoding.EncodedLen(len(rndStr))) base32.StdEncoding.Encode(newSecret, []byte(rndStr)) - updUserSecretErr := app.updateSecondFactorSecret(username, newSecret) + updUserSecretErr := oAdmin.KubeClient.updateSecondFactorSecret(username, newSecret) if updUserSecretErr != nil { return "", updUserSecretErr } @@ -512,13 +511,13 @@ func (oAdmin *OvpnAdmin) getUserSecret(username string) (string, error) { func (oAdmin *OvpnAdmin) registerUserAuthApp(username, totp string) error { if checkUserExist(username) { if *StorageBackend == "kubernetes.secrets" { - authOK, authErr := app.authByTOTP(username, totp) + authOK, authErr := oAdmin.KubeClient.authByTOTP(username, totp) if authErr != nil { return authErr } if authOK { - err := app.addSecondFactorEnabledLabel(username) + err := oAdmin.KubeClient.addSecondFactorEnabledLabel(username) if err != nil { return err } @@ -554,7 +553,7 @@ func (oAdmin *OvpnAdmin) resetUserAuthApp(username string) error { if checkUserExist(username) { if *StorageBackend == "kubernetes.secrets" { - err := app.deleteSecondFactorEnabledLabel(username) + err := oAdmin.KubeClient.deleteSecondFactorEnabledLabel(username) if err != nil { return err } @@ -583,7 +582,7 @@ func (oAdmin *OvpnAdmin) checkAuth(username, token string) error { var auth bool var authErr error if *StorageBackend == "kubernetes.secrets" { - auth, authErr = app.authByTOTP(username, token) + auth, authErr = oAdmin.KubeClient.authByTOTP(username, token) if authErr != nil { return authErr } @@ -617,7 +616,7 @@ func (oAdmin *OvpnAdmin) userRevoke(username string) (error, string) { if checkUserExist(username) { // check certificate valid flag 'V' if *StorageBackend == "kubernetes.secrets" { - err := app.EasyrsaRevoke(username) + err := oAdmin.KubeClient.EasyrsaRevoke(username) if err != nil { log.Error(err) } @@ -657,7 +656,7 @@ func (oAdmin *OvpnAdmin) userRevoke(username string) (error, string) { func (oAdmin *OvpnAdmin) userUnrevoke(username string) (error, string) { if checkUserExist(username) { if *StorageBackend == "kubernetes.secrets" { - err := app.EasyrsaUnrevoke(username) + err := oAdmin.KubeClient.EasyrsaUnrevoke(username) if err != nil { log.Error(err) } @@ -726,7 +725,7 @@ func (oAdmin *OvpnAdmin) userUnrevoke(username string) (error, string) { func (oAdmin *OvpnAdmin) userRotate(username, newPassword string) (error, string) { if checkUserExist(username) { if *StorageBackend == "kubernetes.secrets" { - err := app.EasyrsaRotate(username) + err := oAdmin.KubeClient.EasyrsaRotate(username) if err != nil { log.Error(err) } @@ -807,7 +806,7 @@ func (oAdmin *OvpnAdmin) userRotate(username, newPassword string) (error, string func (oAdmin *OvpnAdmin) userDelete(username string) (error, string) { if checkUserExist(username) { if *StorageBackend == "kubernetes.secrets" { - err := app.EasyrsaDelete(username) + err := oAdmin.KubeClient.EasyrsaDelete(username) if err != nil { log.Error(err) } diff --git a/backend/models.go b/backend/models.go index 192c6a3..049b850 100644 --- a/backend/models.go +++ b/backend/models.go @@ -1,10 +1,11 @@ package backend import ( - "github.com/pashcovich/openvpn-user/src" - "github.com/prometheus/client_golang/prometheus" "io/fs" "sync" + + "github.com/pashcovich/openvpn-user/src" + "github.com/prometheus/client_golang/prometheus" ) type OvpnAdmin struct { @@ -17,6 +18,7 @@ type OvpnAdmin struct { activeClients []ClientStatus PromRegistry *prometheus.Registry OUser *src.OpenvpnUser + KubeClient *OpenVPNPKI MgmtInterfaces map[string]string Templates fs.FS Modules []string diff --git a/main.go b/main.go index 864c9a5..c73ddf4 100644 --- a/main.go +++ b/main.go @@ -4,6 +4,11 @@ import ( "database/sql" "embed" "fmt" + "io/fs" + "net/http" + "strings" + "sync" + "github.com/flant/ovpn-admin/backend" _ "github.com/mattn/go-sqlite3" ou "github.com/pashcovich/openvpn-user/src" @@ -11,10 +16,6 @@ import ( "github.com/prometheus/client_golang/prometheus/promhttp" log "github.com/sirupsen/logrus" "gopkg.in/alecthomas/kingpin.v2" - "io/fs" - "net/http" - "strings" - "sync" ) var ( @@ -40,8 +41,6 @@ var staticFS embed.FS //go:embed templates var templatesFS embed.FS -var app backend.OpenVPNPKI - func main() { kingpin.Version(version) kingpin.Parse() @@ -53,7 +52,8 @@ func main() { ovpnAdmin.OUser = new(ou.OpenvpnUser) if *backend.StorageBackend == "kubernetes.secrets" { - err := app.Run() + ovpnAdmin.KubeClient = new(backend.OpenVPNPKI) + err := ovpnAdmin.KubeClient.Run() if err != nil { log.Error(err) }