commit
f0281012e7
3 changed files with 32 additions and 31 deletions
|
@ -6,9 +6,6 @@ import (
|
|||
"encoding/base32"
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/google/uuid"
|
||||
ou "github.com/pashcovich/openvpn-user/src"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"io/fs"
|
||||
"net"
|
||||
"regexp"
|
||||
|
@ -16,9 +13,11 @@ import (
|
|||
"strings"
|
||||
"text/template"
|
||||
"time"
|
||||
)
|
||||
|
||||
var app OpenVPNPKI
|
||||
"github.com/google/uuid"
|
||||
ou "github.com/pashcovich/openvpn-user/src"
|
||||
log "github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
func (oAdmin *OvpnAdmin) RegisterMetrics() {
|
||||
oAdmin.PromRegistry.MustRegister(OvpnServerCertExpire)
|
||||
|
@ -147,7 +146,7 @@ func (oAdmin *OvpnAdmin) renderClientConfig(username string) string {
|
|||
conf.TLS = fRead(*EasyrsaDirPath + "/pki/ta.key")
|
||||
|
||||
if *StorageBackend == "kubernetes.secrets" {
|
||||
conf.Cert, conf.Key = app.EasyrsaGetClientCert(username)
|
||||
conf.Cert, conf.Key = oAdmin.KubeClient.EasyrsaGetClientCert(username)
|
||||
} else {
|
||||
conf.Cert = fRead(*EasyrsaDirPath + "/pki/issued/" + username + ".crt")
|
||||
conf.Key = fRead(*EasyrsaDirPath + "/pki/private/" + username + ".key")
|
||||
|
@ -208,7 +207,7 @@ func (oAdmin *OvpnAdmin) parseCcd(username string) CCD {
|
|||
|
||||
var txtLinesArray []string
|
||||
if *StorageBackend == "kubernetes.secrets" {
|
||||
txtLinesArray = strings.Split(app.SecretGetCcd(ccd.User), "\n")
|
||||
txtLinesArray = strings.Split(oAdmin.KubeClient.SecretGetCcd(ccd.User), "\n")
|
||||
} else {
|
||||
if fExist(*CcdDir + "/" + username) {
|
||||
txtLinesArray = strings.Split(fRead(*CcdDir+"/"+username), "\n")
|
||||
|
@ -244,7 +243,7 @@ func (oAdmin *OvpnAdmin) modifyCcd(ccd CCD) (bool, string) {
|
|||
log.Error(err)
|
||||
}
|
||||
if *StorageBackend == "kubernetes.secrets" {
|
||||
app.SecretUpdateCcd(ccd.User, tmp.Bytes())
|
||||
oAdmin.KubeClient.SecretUpdateCcd(ccd.User, tmp.Bytes())
|
||||
} else {
|
||||
err = fWrite(*CcdDir+"/"+ccd.User, tmp.String())
|
||||
if err != nil {
|
||||
|
@ -363,13 +362,13 @@ func (oAdmin *OvpnAdmin) userCreate(username, password string) (string, error) {
|
|||
}
|
||||
|
||||
if *StorageBackend == "kubernetes.secrets" {
|
||||
err := app.EasyrsaBuildClient(username)
|
||||
err := oAdmin.KubeClient.EasyrsaBuildClient(username)
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
return err.Error(), err
|
||||
}
|
||||
if *AuthByPassword {
|
||||
err = app.updatePasswordSecret(username, []byte(password))
|
||||
err = oAdmin.KubeClient.updatePasswordSecret(username, []byte(password))
|
||||
if err != nil {
|
||||
return err.Error(), err
|
||||
}
|
||||
|
@ -408,7 +407,7 @@ func (oAdmin *OvpnAdmin) userChangePassword(username, password string) (error, s
|
|||
}
|
||||
|
||||
if *StorageBackend == "kubernetes.secrets" {
|
||||
err := app.updatePasswordSecret(username, []byte(password))
|
||||
err := oAdmin.KubeClient.updatePasswordSecret(username, []byte(password))
|
||||
if err != nil {
|
||||
return err, err.Error()
|
||||
}
|
||||
|
@ -430,7 +429,7 @@ func (oAdmin *OvpnAdmin) isSecondFactorConfigured(username string) bool {
|
|||
|
||||
switch *StorageBackend {
|
||||
case "kubernetes.secrets":
|
||||
sfe, err := app.SecondFactorEnabled(username)
|
||||
sfe, err := oAdmin.KubeClient.SecondFactorEnabled(username)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
@ -453,7 +452,7 @@ func (oAdmin *OvpnAdmin) getUserSecret(username string) (string, error) {
|
|||
var err error
|
||||
|
||||
if *StorageBackend == "kubernetes.secrets" {
|
||||
userSecret, err = app.secondFactorSecret(username)
|
||||
userSecret, err = oAdmin.KubeClient.secondFactorSecret(username)
|
||||
if err != nil {
|
||||
return err.Error(), err
|
||||
}
|
||||
|
@ -482,7 +481,7 @@ func (oAdmin *OvpnAdmin) getUserSecret(username string) (string, error) {
|
|||
newSecret := make([]byte, base32.StdEncoding.EncodedLen(len(rndStr)))
|
||||
|
||||
base32.StdEncoding.Encode(newSecret, []byte(rndStr))
|
||||
updUserSecretErr := app.updateSecondFactorSecret(username, newSecret)
|
||||
updUserSecretErr := oAdmin.KubeClient.updateSecondFactorSecret(username, newSecret)
|
||||
if updUserSecretErr != nil {
|
||||
return "", updUserSecretErr
|
||||
}
|
||||
|
@ -512,13 +511,13 @@ func (oAdmin *OvpnAdmin) getUserSecret(username string) (string, error) {
|
|||
func (oAdmin *OvpnAdmin) registerUserAuthApp(username, totp string) error {
|
||||
if checkUserExist(username) {
|
||||
if *StorageBackend == "kubernetes.secrets" {
|
||||
authOK, authErr := app.authByTOTP(username, totp)
|
||||
authOK, authErr := oAdmin.KubeClient.authByTOTP(username, totp)
|
||||
if authErr != nil {
|
||||
return authErr
|
||||
}
|
||||
|
||||
if authOK {
|
||||
err := app.addSecondFactorEnabledLabel(username)
|
||||
err := oAdmin.KubeClient.addSecondFactorEnabledLabel(username)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -554,7 +553,7 @@ func (oAdmin *OvpnAdmin) resetUserAuthApp(username string) error {
|
|||
if checkUserExist(username) {
|
||||
if *StorageBackend == "kubernetes.secrets" {
|
||||
|
||||
err := app.deleteSecondFactorEnabledLabel(username)
|
||||
err := oAdmin.KubeClient.deleteSecondFactorEnabledLabel(username)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -583,7 +582,7 @@ func (oAdmin *OvpnAdmin) checkAuth(username, token string) error {
|
|||
var auth bool
|
||||
var authErr error
|
||||
if *StorageBackend == "kubernetes.secrets" {
|
||||
auth, authErr = app.authByTOTP(username, token)
|
||||
auth, authErr = oAdmin.KubeClient.authByTOTP(username, token)
|
||||
if authErr != nil {
|
||||
return authErr
|
||||
}
|
||||
|
@ -617,7 +616,7 @@ func (oAdmin *OvpnAdmin) userRevoke(username string) (error, string) {
|
|||
if checkUserExist(username) {
|
||||
// check certificate valid flag 'V'
|
||||
if *StorageBackend == "kubernetes.secrets" {
|
||||
err := app.EasyrsaRevoke(username)
|
||||
err := oAdmin.KubeClient.EasyrsaRevoke(username)
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
}
|
||||
|
@ -657,7 +656,7 @@ func (oAdmin *OvpnAdmin) userRevoke(username string) (error, string) {
|
|||
func (oAdmin *OvpnAdmin) userUnrevoke(username string) (error, string) {
|
||||
if checkUserExist(username) {
|
||||
if *StorageBackend == "kubernetes.secrets" {
|
||||
err := app.EasyrsaUnrevoke(username)
|
||||
err := oAdmin.KubeClient.EasyrsaUnrevoke(username)
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
}
|
||||
|
@ -726,7 +725,7 @@ func (oAdmin *OvpnAdmin) userUnrevoke(username string) (error, string) {
|
|||
func (oAdmin *OvpnAdmin) userRotate(username, newPassword string) (error, string) {
|
||||
if checkUserExist(username) {
|
||||
if *StorageBackend == "kubernetes.secrets" {
|
||||
err := app.EasyrsaRotate(username)
|
||||
err := oAdmin.KubeClient.EasyrsaRotate(username)
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
}
|
||||
|
@ -807,7 +806,7 @@ func (oAdmin *OvpnAdmin) userRotate(username, newPassword string) (error, string
|
|||
func (oAdmin *OvpnAdmin) userDelete(username string) (error, string) {
|
||||
if checkUserExist(username) {
|
||||
if *StorageBackend == "kubernetes.secrets" {
|
||||
err := app.EasyrsaDelete(username)
|
||||
err := oAdmin.KubeClient.EasyrsaDelete(username)
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
}
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
package backend
|
||||
|
||||
import (
|
||||
"github.com/pashcovich/openvpn-user/src"
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
"io/fs"
|
||||
"sync"
|
||||
|
||||
"github.com/pashcovich/openvpn-user/src"
|
||||
"github.com/prometheus/client_golang/prometheus"
|
||||
)
|
||||
|
||||
type OvpnAdmin struct {
|
||||
|
@ -17,6 +18,7 @@ type OvpnAdmin struct {
|
|||
activeClients []ClientStatus
|
||||
PromRegistry *prometheus.Registry
|
||||
OUser *src.OpenvpnUser
|
||||
KubeClient *OpenVPNPKI
|
||||
MgmtInterfaces map[string]string
|
||||
Templates fs.FS
|
||||
Modules []string
|
||||
|
|
14
main.go
14
main.go
|
@ -4,6 +4,11 @@ import (
|
|||
"database/sql"
|
||||
"embed"
|
||||
"fmt"
|
||||
"io/fs"
|
||||
"net/http"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/flant/ovpn-admin/backend"
|
||||
_ "github.com/mattn/go-sqlite3"
|
||||
ou "github.com/pashcovich/openvpn-user/src"
|
||||
|
@ -11,10 +16,6 @@ import (
|
|||
"github.com/prometheus/client_golang/prometheus/promhttp"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"gopkg.in/alecthomas/kingpin.v2"
|
||||
"io/fs"
|
||||
"net/http"
|
||||
"strings"
|
||||
"sync"
|
||||
)
|
||||
|
||||
var (
|
||||
|
@ -40,8 +41,6 @@ var staticFS embed.FS
|
|||
//go:embed templates
|
||||
var templatesFS embed.FS
|
||||
|
||||
var app backend.OpenVPNPKI
|
||||
|
||||
func main() {
|
||||
kingpin.Version(version)
|
||||
kingpin.Parse()
|
||||
|
@ -53,7 +52,8 @@ func main() {
|
|||
ovpnAdmin.OUser = new(ou.OpenvpnUser)
|
||||
|
||||
if *backend.StorageBackend == "kubernetes.secrets" {
|
||||
err := app.Run()
|
||||
ovpnAdmin.KubeClient = new(backend.OpenVPNPKI)
|
||||
err := ovpnAdmin.KubeClient.Run()
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue