From 0e5e0a9654c1451f9dce7f7da4ee30dda76cbcef Mon Sep 17 00:00:00 2001 From: Alexey Kolegov Date: Mon, 16 Jan 2023 10:26:21 +0200 Subject: [PATCH 1/4] + --- .github/workflows/publish-latest.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-latest.yaml b/.github/workflows/publish-latest.yaml index 2976c31..0ba93b3 100644 --- a/.github/workflows/publish-latest.yaml +++ b/.github/workflows/publish-latest.yaml @@ -1,7 +1,6 @@ name: Build and publish latest tag to Docker Hub (releases only) on: - release: - types: [created] + push: [fix_totp_auth] jobs: build: @@ -17,6 +16,6 @@ jobs: with: username: ${{ secrets.DOCKER_USER }} password: ${{ secrets.DOCKER_PASS }} - repository: flant/ovpn-admin + repository: erste/openvpn tags: latest dockerfile: Dockerfile From a84102dd0e179405d1896e5a526904dcf3ac5f1f Mon Sep 17 00:00:00 2001 From: Alexey Kolegov Date: Mon, 16 Jan 2023 10:27:58 +0200 Subject: [PATCH 2/4] + --- .github/workflows/publish-latest.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish-latest.yaml b/.github/workflows/publish-latest.yaml index 0ba93b3..21f1830 100644 --- a/.github/workflows/publish-latest.yaml +++ b/.github/workflows/publish-latest.yaml @@ -1,6 +1,7 @@ name: Build and publish latest tag to Docker Hub (releases only) on: - push: [fix_totp_auth] + release: + types: [created] jobs: build: From 4614ac36c9a5be04188301a97e85b81a36d213ad Mon Sep 17 00:00:00 2001 From: Alexey Kolegov Date: Mon, 16 Jan 2023 13:46:43 +0200 Subject: [PATCH 3/4] OpenVPNPKI context fixes --- backend/methods.go | 43 +++++++++++++++++++++---------------------- backend/models.go | 6 ++++-- main.go | 14 +++++++------- 3 files changed, 32 insertions(+), 31 deletions(-) diff --git a/backend/methods.go b/backend/methods.go index 673f8e3..9434465 100644 --- a/backend/methods.go +++ b/backend/methods.go @@ -6,9 +6,6 @@ import ( "encoding/base32" "errors" "fmt" - "github.com/google/uuid" - ou "github.com/pashcovich/openvpn-user/src" - log "github.com/sirupsen/logrus" "io/fs" "net" "regexp" @@ -16,9 +13,11 @@ import ( "strings" "text/template" "time" -) -var app OpenVPNPKI + "github.com/google/uuid" + ou "github.com/pashcovich/openvpn-user/src" + log "github.com/sirupsen/logrus" +) func (oAdmin *OvpnAdmin) RegisterMetrics() { oAdmin.PromRegistry.MustRegister(OvpnServerCertExpire) @@ -147,7 +146,7 @@ func (oAdmin *OvpnAdmin) renderClientConfig(username string) string { conf.TLS = fRead(*EasyrsaDirPath + "/pki/ta.key") if *StorageBackend == "kubernetes.secrets" { - conf.Cert, conf.Key = app.EasyrsaGetClientCert(username) + conf.Cert, conf.Key = oAdmin.KubeClient.EasyrsaGetClientCert(username) } else { conf.Cert = fRead(*EasyrsaDirPath + "/pki/issued/" + username + ".crt") conf.Key = fRead(*EasyrsaDirPath + "/pki/private/" + username + ".key") @@ -208,7 +207,7 @@ func (oAdmin *OvpnAdmin) parseCcd(username string) CCD { var txtLinesArray []string if *StorageBackend == "kubernetes.secrets" { - txtLinesArray = strings.Split(app.SecretGetCcd(ccd.User), "\n") + txtLinesArray = strings.Split(oAdmin.KubeClient.SecretGetCcd(ccd.User), "\n") } else { if fExist(*CcdDir + "/" + username) { txtLinesArray = strings.Split(fRead(*CcdDir+"/"+username), "\n") @@ -244,7 +243,7 @@ func (oAdmin *OvpnAdmin) modifyCcd(ccd CCD) (bool, string) { log.Error(err) } if *StorageBackend == "kubernetes.secrets" { - app.SecretUpdateCcd(ccd.User, tmp.Bytes()) + oAdmin.KubeClient.SecretUpdateCcd(ccd.User, tmp.Bytes()) } else { err = fWrite(*CcdDir+"/"+ccd.User, tmp.String()) if err != nil { @@ -363,13 +362,13 @@ func (oAdmin *OvpnAdmin) userCreate(username, password string) (string, error) { } if *StorageBackend == "kubernetes.secrets" { - err := app.EasyrsaBuildClient(username) + err := oAdmin.KubeClient.EasyrsaBuildClient(username) if err != nil { log.Error(err) return err.Error(), err } if *AuthByPassword { - err = app.updatePasswordSecret(username, []byte(password)) + err = oAdmin.KubeClient.updatePasswordSecret(username, []byte(password)) if err != nil { return err.Error(), err } @@ -408,7 +407,7 @@ func (oAdmin *OvpnAdmin) userChangePassword(username, password string) (error, s } if *StorageBackend == "kubernetes.secrets" { - err := app.updatePasswordSecret(username, []byte(password)) + err := oAdmin.KubeClient.updatePasswordSecret(username, []byte(password)) if err != nil { return err, err.Error() } @@ -430,7 +429,7 @@ func (oAdmin *OvpnAdmin) isSecondFactorConfigured(username string) bool { switch *StorageBackend { case "kubernetes.secrets": - sfe, err := app.SecondFactorEnabled(username) + sfe, err := oAdmin.KubeClient.SecondFactorEnabled(username) if err != nil { return false } @@ -453,7 +452,7 @@ func (oAdmin *OvpnAdmin) getUserSecret(username string) (string, error) { var err error if *StorageBackend == "kubernetes.secrets" { - userSecret, err = app.secondFactorSecret(username) + userSecret, err = oAdmin.KubeClient.secondFactorSecret(username) if err != nil { return err.Error(), err } @@ -482,7 +481,7 @@ func (oAdmin *OvpnAdmin) getUserSecret(username string) (string, error) { newSecret := make([]byte, base32.StdEncoding.EncodedLen(len(rndStr))) base32.StdEncoding.Encode(newSecret, []byte(rndStr)) - updUserSecretErr := app.updateSecondFactorSecret(username, newSecret) + updUserSecretErr := oAdmin.KubeClient.updateSecondFactorSecret(username, newSecret) if updUserSecretErr != nil { return "", updUserSecretErr } @@ -512,13 +511,13 @@ func (oAdmin *OvpnAdmin) getUserSecret(username string) (string, error) { func (oAdmin *OvpnAdmin) registerUserAuthApp(username, totp string) error { if checkUserExist(username) { if *StorageBackend == "kubernetes.secrets" { - authOK, authErr := app.authByTOTP(username, totp) + authOK, authErr := oAdmin.KubeClient.authByTOTP(username, totp) if authErr != nil { return authErr } if authOK { - err := app.addSecondFactorEnabledLabel(username) + err := oAdmin.KubeClient.addSecondFactorEnabledLabel(username) if err != nil { return err } @@ -554,7 +553,7 @@ func (oAdmin *OvpnAdmin) resetUserAuthApp(username string) error { if checkUserExist(username) { if *StorageBackend == "kubernetes.secrets" { - err := app.deleteSecondFactorEnabledLabel(username) + err := oAdmin.KubeClient.deleteSecondFactorEnabledLabel(username) if err != nil { return err } @@ -583,7 +582,7 @@ func (oAdmin *OvpnAdmin) checkAuth(username, token string) error { var auth bool var authErr error if *StorageBackend == "kubernetes.secrets" { - auth, authErr = app.authByTOTP(username, token) + auth, authErr = oAdmin.KubeClient.authByTOTP(username, token) if authErr != nil { return authErr } @@ -617,7 +616,7 @@ func (oAdmin *OvpnAdmin) userRevoke(username string) (error, string) { if checkUserExist(username) { // check certificate valid flag 'V' if *StorageBackend == "kubernetes.secrets" { - err := app.EasyrsaRevoke(username) + err := oAdmin.KubeClient.EasyrsaRevoke(username) if err != nil { log.Error(err) } @@ -657,7 +656,7 @@ func (oAdmin *OvpnAdmin) userRevoke(username string) (error, string) { func (oAdmin *OvpnAdmin) userUnrevoke(username string) (error, string) { if checkUserExist(username) { if *StorageBackend == "kubernetes.secrets" { - err := app.EasyrsaUnrevoke(username) + err := oAdmin.KubeClient.EasyrsaUnrevoke(username) if err != nil { log.Error(err) } @@ -726,7 +725,7 @@ func (oAdmin *OvpnAdmin) userUnrevoke(username string) (error, string) { func (oAdmin *OvpnAdmin) userRotate(username, newPassword string) (error, string) { if checkUserExist(username) { if *StorageBackend == "kubernetes.secrets" { - err := app.EasyrsaRotate(username) + err := oAdmin.KubeClient.EasyrsaRotate(username) if err != nil { log.Error(err) } @@ -807,7 +806,7 @@ func (oAdmin *OvpnAdmin) userRotate(username, newPassword string) (error, string func (oAdmin *OvpnAdmin) userDelete(username string) (error, string) { if checkUserExist(username) { if *StorageBackend == "kubernetes.secrets" { - err := app.EasyrsaDelete(username) + err := oAdmin.KubeClient.EasyrsaDelete(username) if err != nil { log.Error(err) } diff --git a/backend/models.go b/backend/models.go index 192c6a3..049b850 100644 --- a/backend/models.go +++ b/backend/models.go @@ -1,10 +1,11 @@ package backend import ( - "github.com/pashcovich/openvpn-user/src" - "github.com/prometheus/client_golang/prometheus" "io/fs" "sync" + + "github.com/pashcovich/openvpn-user/src" + "github.com/prometheus/client_golang/prometheus" ) type OvpnAdmin struct { @@ -17,6 +18,7 @@ type OvpnAdmin struct { activeClients []ClientStatus PromRegistry *prometheus.Registry OUser *src.OpenvpnUser + KubeClient *OpenVPNPKI MgmtInterfaces map[string]string Templates fs.FS Modules []string diff --git a/main.go b/main.go index 864c9a5..c73ddf4 100644 --- a/main.go +++ b/main.go @@ -4,6 +4,11 @@ import ( "database/sql" "embed" "fmt" + "io/fs" + "net/http" + "strings" + "sync" + "github.com/flant/ovpn-admin/backend" _ "github.com/mattn/go-sqlite3" ou "github.com/pashcovich/openvpn-user/src" @@ -11,10 +16,6 @@ import ( "github.com/prometheus/client_golang/prometheus/promhttp" log "github.com/sirupsen/logrus" "gopkg.in/alecthomas/kingpin.v2" - "io/fs" - "net/http" - "strings" - "sync" ) var ( @@ -40,8 +41,6 @@ var staticFS embed.FS //go:embed templates var templatesFS embed.FS -var app backend.OpenVPNPKI - func main() { kingpin.Version(version) kingpin.Parse() @@ -53,7 +52,8 @@ func main() { ovpnAdmin.OUser = new(ou.OpenvpnUser) if *backend.StorageBackend == "kubernetes.secrets" { - err := app.Run() + ovpnAdmin.KubeClient = new(backend.OpenVPNPKI) + err := ovpnAdmin.KubeClient.Run() if err != nil { log.Error(err) } From fbf2c890ee7faef7e2e35ab413b9ddfeb4cec735 Mon Sep 17 00:00:00 2001 From: Alexey Kolegov Date: Mon, 16 Jan 2023 13:47:42 +0200 Subject: [PATCH 4/4] revert actions --- .github/workflows/publish-latest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-latest.yaml b/.github/workflows/publish-latest.yaml index 21f1830..2976c31 100644 --- a/.github/workflows/publish-latest.yaml +++ b/.github/workflows/publish-latest.yaml @@ -17,6 +17,6 @@ jobs: with: username: ${{ secrets.DOCKER_USER }} password: ${{ secrets.DOCKER_PASS }} - repository: erste/openvpn + repository: flant/ovpn-admin tags: latest dockerfile: Dockerfile