From fd277c9154c16f9fcc0ac814cc72488236353e79 Mon Sep 17 00:00:00 2001 From: zLukas Date: Mon, 2 Oct 2023 11:37:58 +0200 Subject: [PATCH 01/11] lambda onboard tests --- src/cert-generator/cmd/lambda.go | 33 +++++++++++++++++++ .../cmd/{tls-gen.go => local.go} | 7 ++-- src/cert-generator/go.mod | 12 ++++++- src/cert-generator/go.sum | 22 +++++++++++++ src/cert-generator/main.go | 19 +++++++++++ src/cert-generator/pkg/aws/dynamodb.go | 1 + src/cert-generator/pkg/aws/types.go | 1 + 7 files changed, 90 insertions(+), 5 deletions(-) create mode 100644 src/cert-generator/cmd/lambda.go rename src/cert-generator/cmd/{tls-gen.go => local.go} (88%) create mode 100644 src/cert-generator/main.go create mode 100644 src/cert-generator/pkg/aws/dynamodb.go create mode 100644 src/cert-generator/pkg/aws/types.go diff --git a/src/cert-generator/cmd/lambda.go b/src/cert-generator/cmd/lambda.go new file mode 100644 index 0000000..0e220d1 --- /dev/null +++ b/src/cert-generator/cmd/lambda.go @@ -0,0 +1,33 @@ +package cmd + +import ( + "context" + "fmt" + + "github.com/aws/aws-lambda-go/lambda" + "github.com/zLukas/CloudTools/src/cert-generator/pkg/tls" +) + +type RequestEvent struct { + CACert tls.CACert `json:"caCert"` + Cert tls.Cert `json:"cert"` +} + +func handleRequest(ctx context.Context, event RequestEvent) (string, error) { + + caKey, ca, err := tls.CreateCACertBytes(&event.CACert) + if err != nil { + return "fail", fmt.Errorf("Failed to create CaCert: %s", err.Error()) + } + ceKey, ce, err := tls.CreateCertBytes(&event.Cert, caKey, ca) + if err != nil { + return "fail", fmt.Errorf("Failed to create Cert: %s", err.Error()) + } + fmt.Printf("%v,%v", ceKey, ce) + return "sucess", nil + +} + +func RunLambda() { + lambda.Start(handleRequest) +} diff --git a/src/cert-generator/cmd/tls-gen.go b/src/cert-generator/cmd/local.go similarity index 88% rename from src/cert-generator/cmd/tls-gen.go rename to src/cert-generator/cmd/local.go index c478d05..32153aa 100644 --- a/src/cert-generator/cmd/tls-gen.go +++ b/src/cert-generator/cmd/local.go @@ -1,4 +1,4 @@ -package main +package cmd import ( "fmt" @@ -8,8 +8,7 @@ import ( "github.com/zLukas/CloudTools/src/cert-generator/pkg/tls" ) -func main() { - +func RunLocal() { var file string = "" if len(os.Args) > 1 { file = os.Args[1] @@ -18,7 +17,7 @@ func main() { config := input.Config{CfgFilePath: file} if err := config.ParseInput(); err != nil { - fmt.Printf("cannot parse input file: %s", err) + fmt.Printf("cannot parse input file: %s", err.Error()) return } diff --git a/src/cert-generator/go.mod b/src/cert-generator/go.mod index 262788f..44b9e11 100644 --- a/src/cert-generator/go.mod +++ b/src/cert-generator/go.mod @@ -2,4 +2,14 @@ module github.com/zLukas/CloudTools/src/cert-generator go 1.21.1 -require gopkg.in/yaml.v2 v2.4.0 // indirect +require ( + github.com/aws/aws-lambda-go v1.41.0 // indirect + github.com/aws/aws-sdk-go-v2 v1.21.0 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 // indirect + github.com/aws/aws-sdk-go-v2/service/lambda v1.39.5 // indirect + github.com/aws/smithy-go v1.14.2 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect +) diff --git a/src/cert-generator/go.sum b/src/cert-generator/go.sum index 7534661..5433102 100644 --- a/src/cert-generator/go.sum +++ b/src/cert-generator/go.sum @@ -1,3 +1,25 @@ +github.com/aws/aws-lambda-go v1.41.0 h1:l/5fyVb6Ud9uYd411xdHZzSf2n86TakxzpvIoz7l+3Y= +github.com/aws/aws-lambda-go v1.41.0/go.mod h1:jwFe2KmMsHmffA1X2R09hH6lFzJQxzI8qK17ewzbQMM= +github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc= +github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13 h1:OPLEkmhXf6xFPiz0bLeDArZIDx1NNS4oJyG4nv3Gct0= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13/go.mod h1:gpAbvyDGQFozTEmlTFO8XcQKHzubdq0LzRyJpG6MiXM= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 h1:22dGT7PneFMx4+b3pz7lMTRyN8ZKH7M2cW4GP9yUS2g= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41/go.mod h1:CrObHAuPneJBlfEJ5T3szXOUkLEThaGfvnhTf33buas= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 h1:SijA0mgjV8E+8G45ltVHs0fvKpTj8xmZJ3VwhGKtUSI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35/go.mod h1:SJC1nEVVva1g3pHAIdCp7QsRIkMmLAgoDquQ9Rr8kYw= +github.com/aws/aws-sdk-go-v2/service/lambda v1.39.5 h1:uMvxJFS92hNW6BRX0Ou+5zb9DskgrJQHZ+5yT8FXK5Y= +github.com/aws/aws-sdk-go-v2/service/lambda v1.39.5/go.mod h1:ByLHcf0zbHpyLTOy1iPVRPJWmAUPCiJv5k81dt52ID8= +github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ= +github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= +github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= diff --git a/src/cert-generator/main.go b/src/cert-generator/main.go new file mode 100644 index 0000000..81979f9 --- /dev/null +++ b/src/cert-generator/main.go @@ -0,0 +1,19 @@ +package main + +import ( + "fmt" + "os" + + "github.com/zLukas/CloudTools/src/cert-generator/cmd" +) + +func main() { + enviroment := os.Getenv("ENVIROMENT") + if enviroment == "LAMBDA" { + + cmd.RunLambda() + } else { + fmt.Print("running locally") + cmd.RunLocal() + } +} diff --git a/src/cert-generator/pkg/aws/dynamodb.go b/src/cert-generator/pkg/aws/dynamodb.go new file mode 100644 index 0000000..a1f9c0e --- /dev/null +++ b/src/cert-generator/pkg/aws/dynamodb.go @@ -0,0 +1 @@ +package aws diff --git a/src/cert-generator/pkg/aws/types.go b/src/cert-generator/pkg/aws/types.go new file mode 100644 index 0000000..a1f9c0e --- /dev/null +++ b/src/cert-generator/pkg/aws/types.go @@ -0,0 +1 @@ +package aws From 5d53bc440cd72ee666817a87973661546990e1b5 Mon Sep 17 00:00:00 2001 From: zLukas Date: Mon, 2 Oct 2023 19:40:00 +0200 Subject: [PATCH 02/11] progress save --- src/cert-generator/go.mod | 14 ++--- src/cert-generator/go.sum | 52 ++++++++++++++----- src/cert-generator/pkg/aws/dynamodb.go | 9 ++++ src/cert-generator/pkg/aws/types.go | 21 ++++++++ .../tests/pkg/aws/dynamoDB_test.go | 1 + 5 files changed, 75 insertions(+), 22 deletions(-) create mode 100644 src/cert-generator/tests/pkg/aws/dynamoDB_test.go diff --git a/src/cert-generator/go.mod b/src/cert-generator/go.mod index 44b9e11..89a4bb5 100644 --- a/src/cert-generator/go.mod +++ b/src/cert-generator/go.mod @@ -3,13 +3,9 @@ module github.com/zLukas/CloudTools/src/cert-generator go 1.21.1 require ( - github.com/aws/aws-lambda-go v1.41.0 // indirect - github.com/aws/aws-sdk-go-v2 v1.21.0 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 // indirect - github.com/aws/aws-sdk-go-v2/service/lambda v1.39.5 // indirect - github.com/aws/smithy-go v1.14.2 // indirect - github.com/jmespath/go-jmespath v0.4.0 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect + github.com/aws/aws-lambda-go v1.41.0 + github.com/aws/aws-sdk-go v1.45.19 + gopkg.in/yaml.v2 v2.4.0 ) + +require github.com/jmespath/go-jmespath v0.4.0 // indirect diff --git a/src/cert-generator/go.sum b/src/cert-generator/go.sum index 5433102..1cb026a 100644 --- a/src/cert-generator/go.sum +++ b/src/cert-generator/go.sum @@ -1,25 +1,51 @@ github.com/aws/aws-lambda-go v1.41.0 h1:l/5fyVb6Ud9uYd411xdHZzSf2n86TakxzpvIoz7l+3Y= github.com/aws/aws-lambda-go v1.41.0/go.mod h1:jwFe2KmMsHmffA1X2R09hH6lFzJQxzI8qK17ewzbQMM= -github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc= -github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13 h1:OPLEkmhXf6xFPiz0bLeDArZIDx1NNS4oJyG4nv3Gct0= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13/go.mod h1:gpAbvyDGQFozTEmlTFO8XcQKHzubdq0LzRyJpG6MiXM= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 h1:22dGT7PneFMx4+b3pz7lMTRyN8ZKH7M2cW4GP9yUS2g= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41/go.mod h1:CrObHAuPneJBlfEJ5T3szXOUkLEThaGfvnhTf33buas= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 h1:SijA0mgjV8E+8G45ltVHs0fvKpTj8xmZJ3VwhGKtUSI= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35/go.mod h1:SJC1nEVVva1g3pHAIdCp7QsRIkMmLAgoDquQ9Rr8kYw= -github.com/aws/aws-sdk-go-v2/service/lambda v1.39.5 h1:uMvxJFS92hNW6BRX0Ou+5zb9DskgrJQHZ+5yT8FXK5Y= -github.com/aws/aws-sdk-go-v2/service/lambda v1.39.5/go.mod h1:ByLHcf0zbHpyLTOy1iPVRPJWmAUPCiJv5k81dt52ID8= -github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ= -github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= +github.com/aws/aws-sdk-go v1.45.19 h1:+4yXWhldhCVXWFOQRF99ZTJ92t4DtoHROZIbN7Ujk/U= +github.com/aws/aws-sdk-go v1.45.19/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s= +github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/src/cert-generator/pkg/aws/dynamodb.go b/src/cert-generator/pkg/aws/dynamodb.go index a1f9c0e..2c9f1fc 100644 --- a/src/cert-generator/pkg/aws/dynamodb.go +++ b/src/cert-generator/pkg/aws/dynamodb.go @@ -1 +1,10 @@ package aws + +import "github.com/aws/aws-sdk-go/aws/session" + +func LogIntoDb(client dBClient) *session.Session { + sess := client.Must(client.NewSessionWithOptions(session.Options{ + SharedConfigState: session.SharedConfigEnable, + })) + return sess +} diff --git a/src/cert-generator/pkg/aws/types.go b/src/cert-generator/pkg/aws/types.go index a1f9c0e..74989a8 100644 --- a/src/cert-generator/pkg/aws/types.go +++ b/src/cert-generator/pkg/aws/types.go @@ -1 +1,22 @@ package aws + +import ( + "github.com/aws/aws-sdk-go/aws/session" +) + +type CertItem struct { + PrivateKey string + Cert string +} + +type TableRecord struct { + CaCert CertItem + CeCert CertItem + issuer string + creationDate string +} + +type dBClient interface { + Must(sess *session.Session, err error) *session.Session + NewSessionWithOptions(opts session.Options) (*session.Session, error) +} diff --git a/src/cert-generator/tests/pkg/aws/dynamoDB_test.go b/src/cert-generator/tests/pkg/aws/dynamoDB_test.go new file mode 100644 index 0000000..ca8701d --- /dev/null +++ b/src/cert-generator/tests/pkg/aws/dynamoDB_test.go @@ -0,0 +1 @@ +package tests From 4dbfdb8c8c013b77da12215161100042133b0b54 Mon Sep 17 00:00:00 2001 From: zLukas Date: Mon, 2 Oct 2023 20:19:21 +0200 Subject: [PATCH 03/11] dynamoDB table created --- .gitignore | 3 ++- terraform/dynamo_db.tf | 9 +++++++++ terraform/outputs.tf | 0 terraform/provider.tf | 7 +++++++ terraform/variables.tf | 7 +++++++ 5 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 terraform/dynamo_db.tf create mode 100644 terraform/outputs.tf create mode 100644 terraform/provider.tf create mode 100644 terraform/variables.tf diff --git a/.gitignore b/.gitignore index 861c091..93a0d52 100644 --- a/.gitignore +++ b/.gitignore @@ -169,4 +169,5 @@ cython_debug/ #terrafrom *.tfvars -.terraform* \ No newline at end of file +.terraform* +*.tfstate* \ No newline at end of file diff --git a/terraform/dynamo_db.tf b/terraform/dynamo_db.tf new file mode 100644 index 0000000..356968f --- /dev/null +++ b/terraform/dynamo_db.tf @@ -0,0 +1,9 @@ +resource "aws_dynamodb_table" "basic-dynamodb-table" { + name = "Certificates" + billing_mode = "PAY_PER_REQUEST" + hash_key = "Name" + attribute { + name = "Name" + type = "S" + } +} diff --git a/terraform/outputs.tf b/terraform/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/terraform/provider.tf b/terraform/provider.tf new file mode 100644 index 0000000..e8d2f97 --- /dev/null +++ b/terraform/provider.tf @@ -0,0 +1,7 @@ +provider "aws" { + region = "eu-central-1" + access_key = var.access_key + secret_key = var.secret_key +} + + diff --git a/terraform/variables.tf b/terraform/variables.tf new file mode 100644 index 0000000..18a9648 --- /dev/null +++ b/terraform/variables.tf @@ -0,0 +1,7 @@ +variable access_key { + type = string +} + +variable secret_key { + type = string +} From 0aa63ecc8d2c603091120d6952bb02e22809be5a Mon Sep 17 00:00:00 2001 From: zLukas Date: Tue, 3 Oct 2023 10:51:01 +0200 Subject: [PATCH 04/11] progress save --- src/cert-generator/pkg/aws/dynamodb.go | 22 ++++++++---- src/cert-generator/pkg/aws/types.go | 1 - .../tests/pkg/aws/dynamoDB_test.go | 34 +++++++++++++++++++ .../tests/pkg/mocks/aws_mock.go | 18 ++++++++++ .../pkg/{tls/mock.go => mocks/tls_mock.go} | 2 +- 5 files changed, 69 insertions(+), 8 deletions(-) create mode 100644 src/cert-generator/tests/pkg/mocks/aws_mock.go rename src/cert-generator/tests/pkg/{tls/mock.go => mocks/tls_mock.go} (98%) diff --git a/src/cert-generator/pkg/aws/dynamodb.go b/src/cert-generator/pkg/aws/dynamodb.go index 2c9f1fc..2162d63 100644 --- a/src/cert-generator/pkg/aws/dynamodb.go +++ b/src/cert-generator/pkg/aws/dynamodb.go @@ -1,10 +1,20 @@ package aws -import "github.com/aws/aws-sdk-go/aws/session" - -func LogIntoDb(client dBClient) *session.Session { - sess := client.Must(client.NewSessionWithOptions(session.Options{ +import( + "fmt" + "github.com/aws/aws-sdk-go/aws/session" +) +func LogIntoDb(client dBClient) (*session.Session, error) { + sess , err:= client.NewSessionWithOptions(session.Options{ SharedConfigState: session.SharedConfigEnable, - })) - return sess + }) + if err != nil { + return nil, fmt.Errorf("Cannot log into DB: %s", err.Error()) + } + return sess, nil } + + +func UploadItem(item TableRecord) (error){ + return nil +} \ No newline at end of file diff --git a/src/cert-generator/pkg/aws/types.go b/src/cert-generator/pkg/aws/types.go index 74989a8..88a5555 100644 --- a/src/cert-generator/pkg/aws/types.go +++ b/src/cert-generator/pkg/aws/types.go @@ -17,6 +17,5 @@ type TableRecord struct { } type dBClient interface { - Must(sess *session.Session, err error) *session.Session NewSessionWithOptions(opts session.Options) (*session.Session, error) } diff --git a/src/cert-generator/tests/pkg/aws/dynamoDB_test.go b/src/cert-generator/tests/pkg/aws/dynamoDB_test.go index ca8701d..f9e0f25 100644 --- a/src/cert-generator/tests/pkg/aws/dynamoDB_test.go +++ b/src/cert-generator/tests/pkg/aws/dynamoDB_test.go @@ -1 +1,35 @@ package tests + +import ( + "testing" + "github.com/zLukas/CloudTools/src/cert-generator/pkg/aws" + "github.com/zLukas/CloudTools/src/cert-generator/tests/pkg/mocks" +) + + +func TestLogIntoDbSuccesful(t *testing.T){ + client := mocks.DbClientMock{LogInOk: true} + + sess, err := aws.LogIntoDb(&client) + + if sess == nil { + t.Errorf("session should be nil, got %v", sess) + } + if err != nil { + t.Errorf("error should be nil, got %s", err.Error()) + } +} + + +func TestLogIntoDbFail(t *testing.T){ + client := mocks.DbClientMock{LogInOk: false} + + sess, err := aws.LogIntoDb(&client) + + if sess != nil { + t.Errorf("session should be nil, got %v", sess) + } + if err == nil { + t.Errorf("error should be error type got nil") + } +} \ No newline at end of file diff --git a/src/cert-generator/tests/pkg/mocks/aws_mock.go b/src/cert-generator/tests/pkg/mocks/aws_mock.go new file mode 100644 index 0000000..c3005ba --- /dev/null +++ b/src/cert-generator/tests/pkg/mocks/aws_mock.go @@ -0,0 +1,18 @@ +package mocks + +import ( + "fmt" + "github.com/aws/aws-sdk-go/aws/session" +) + + +type DbClientMock struct { + LogInOk bool +} + +func (d *DbClientMock)NewSessionWithOptions(opts session.Options) (*session.Session, error){ + if d.LogInOk { + return &session.Session{}, nil + } + return nil, fmt.Errorf("Cannot log into DB:") +} \ No newline at end of file diff --git a/src/cert-generator/tests/pkg/tls/mock.go b/src/cert-generator/tests/pkg/mocks/tls_mock.go similarity index 98% rename from src/cert-generator/tests/pkg/tls/mock.go rename to src/cert-generator/tests/pkg/mocks/tls_mock.go index 55a5305..2091b28 100644 --- a/src/cert-generator/tests/pkg/tls/mock.go +++ b/src/cert-generator/tests/pkg/mocks/tls_mock.go @@ -1,4 +1,4 @@ -package tests +package mocks import ( "crypto/rsa" From 68f25c7892c2a3c792c4fc10348583884a4ec07c Mon Sep 17 00:00:00 2001 From: zLukas Date: Tue, 3 Oct 2023 12:02:42 +0200 Subject: [PATCH 05/11] dynamoDB test cases created --- src/cert-generator/go.mod | 2 +- src/cert-generator/go.sum | 2 + src/cert-generator/pkg/aws/dynamodb.go | 81 ++++++++++++++++--- src/cert-generator/pkg/aws/types.go | 21 ----- .../tests/pkg/aws/dynamoDB_test.go | 40 +++++---- 5 files changed, 92 insertions(+), 54 deletions(-) delete mode 100644 src/cert-generator/pkg/aws/types.go diff --git a/src/cert-generator/go.mod b/src/cert-generator/go.mod index 89a4bb5..c93f812 100644 --- a/src/cert-generator/go.mod +++ b/src/cert-generator/go.mod @@ -4,7 +4,7 @@ go 1.21.1 require ( github.com/aws/aws-lambda-go v1.41.0 - github.com/aws/aws-sdk-go v1.45.19 + github.com/aws/aws-sdk-go v1.45.20 gopkg.in/yaml.v2 v2.4.0 ) diff --git a/src/cert-generator/go.sum b/src/cert-generator/go.sum index 1cb026a..2372678 100644 --- a/src/cert-generator/go.sum +++ b/src/cert-generator/go.sum @@ -2,6 +2,8 @@ github.com/aws/aws-lambda-go v1.41.0 h1:l/5fyVb6Ud9uYd411xdHZzSf2n86TakxzpvIoz7l github.com/aws/aws-lambda-go v1.41.0/go.mod h1:jwFe2KmMsHmffA1X2R09hH6lFzJQxzI8qK17ewzbQMM= github.com/aws/aws-sdk-go v1.45.19 h1:+4yXWhldhCVXWFOQRF99ZTJ92t4DtoHROZIbN7Ujk/U= github.com/aws/aws-sdk-go v1.45.19/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.45.20 h1:U/wLZEwqVB6o2XlcJ7um8kczx+A1X2MgO2y4wdKDQTs= +github.com/aws/aws-sdk-go v1.45.20/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= diff --git a/src/cert-generator/pkg/aws/dynamodb.go b/src/cert-generator/pkg/aws/dynamodb.go index 2162d63..30b093b 100644 --- a/src/cert-generator/pkg/aws/dynamodb.go +++ b/src/cert-generator/pkg/aws/dynamodb.go @@ -1,20 +1,79 @@ package aws -import( +import ( "fmt" + originAws "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/dynamodb" ) -func LogIntoDb(client dBClient) (*session.Session, error) { - sess , err:= client.NewSessionWithOptions(session.Options{ - SharedConfigState: session.SharedConfigEnable, - }) - if err != nil { - return nil, fmt.Errorf("Cannot log into DB: %s", err.Error()) + +type CertItem struct { + PrivateKey string + Cert string +} + +type TableRecord struct { + CaCert CertItem + CeCert CertItem + Name string + CreationDate string +} +type Table struct { + Name string + client interface +} + +type TableOption func(*Table) + +func WithLogin() TableOption { + return func(t *Table) { + sess, err := session.NewSessionWithOptions(session.Options{ + SharedConfigState: session.SharedConfigEnable, + }) + if err != nil { + fmt.Printf("Cannot log into DB: %s", err.Error()) + t.client = nil + } + + t.client = dynamodb.New(sess) } - return sess, nil } +func WithName(n string) TableOption { + return func(t *Table) { + t.Name = n + } +} + + +func (t *Table) PutItem(item map[string]TableRecord, opts ...TableOption) error { + for _, opt := range opts { + opt(t) + } -func UploadItem(item TableRecord) (error){ - return nil -} \ No newline at end of file + if t.client != nil { + if _, ok = t.client.(*DynamoDB); ok != false { + return fmt.Errorf("client is not '*DynamoDB' type") + } + } else { + return fmt.Errorf("client is not '*DynamoDB' type") + } + + var err error + var tableItem map[string]*dynamodb.AttributeValue + tableItem, err = dynamodbattribute.MarshalMap(item) + if err != nil { + return fmt.Errorf("failed to Marshal item %s", err.Error()) + } + + input := &dynamodb.PutItemInput{ + Item: tableItem, + TableName: originAws.String(t.Name), + } + + _, err = t.client.PutItem(input) + if err != nil { + return fmt.Errorf("failed to put %d item %s", idx, err.Error()) + } + return nil +} diff --git a/src/cert-generator/pkg/aws/types.go b/src/cert-generator/pkg/aws/types.go deleted file mode 100644 index 88a5555..0000000 --- a/src/cert-generator/pkg/aws/types.go +++ /dev/null @@ -1,21 +0,0 @@ -package aws - -import ( - "github.com/aws/aws-sdk-go/aws/session" -) - -type CertItem struct { - PrivateKey string - Cert string -} - -type TableRecord struct { - CaCert CertItem - CeCert CertItem - issuer string - creationDate string -} - -type dBClient interface { - NewSessionWithOptions(opts session.Options) (*session.Session, error) -} diff --git a/src/cert-generator/tests/pkg/aws/dynamoDB_test.go b/src/cert-generator/tests/pkg/aws/dynamoDB_test.go index f9e0f25..5dda5fc 100644 --- a/src/cert-generator/tests/pkg/aws/dynamoDB_test.go +++ b/src/cert-generator/tests/pkg/aws/dynamoDB_test.go @@ -2,34 +2,32 @@ package tests import ( "testing" - "github.com/zLukas/CloudTools/src/cert-generator/pkg/aws" - "github.com/zLukas/CloudTools/src/cert-generator/tests/pkg/mocks" ) +func TestPutItemNilClient(t *testing.T) { -func TestLogIntoDbSuccesful(t *testing.T){ - client := mocks.DbClientMock{LogInOk: true} +} + +func TestPutItemNodynamoDBClient(t *testing.T) { + +} + +func TestPutItemNoTableName(t *testing.T) { + +} + +func TestPutItemWithOptions(t *testing.T) { + +} - sess, err := aws.LogIntoDb(&client) +func TestPutItemWithConfiguredTable(t *testing.T) { - if sess == nil { - t.Errorf("session should be nil, got %v", sess) - } - if err != nil { - t.Errorf("error should be nil, got %s", err.Error()) - } } +func TestPutItemFailed(t *testing.T) { -func TestLogIntoDbFail(t *testing.T){ - client := mocks.DbClientMock{LogInOk: false} +} - sess, err := aws.LogIntoDb(&client) +func TestPutItemOk(t *testing.T) { - if sess != nil { - t.Errorf("session should be nil, got %v", sess) - } - if err == nil { - t.Errorf("error should be error type got nil") - } -} \ No newline at end of file +} From c30a6ffc82a3cb3a6be074d43199ac657aae9ae8 Mon Sep 17 00:00:00 2001 From: zLukas Date: Wed, 4 Oct 2023 11:46:10 +0200 Subject: [PATCH 06/11] database tests added --- .../tests/pkg/aws/dynamoDB_test.go | 55 +++++++++++++------ .../tests/pkg/mocks/tls_mock.go | 8 +-- 2 files changed, 41 insertions(+), 22 deletions(-) diff --git a/src/cert-generator/tests/pkg/aws/dynamoDB_test.go b/src/cert-generator/tests/pkg/aws/dynamoDB_test.go index 5dda5fc..b5eaa30 100644 --- a/src/cert-generator/tests/pkg/aws/dynamoDB_test.go +++ b/src/cert-generator/tests/pkg/aws/dynamoDB_test.go @@ -2,32 +2,51 @@ package tests import ( "testing" -) - -func TestPutItemNilClient(t *testing.T) { - -} - -func TestPutItemNodynamoDBClient(t *testing.T) { - -} -func TestPutItemNoTableName(t *testing.T) { - -} - -func TestPutItemWithOptions(t *testing.T) { + "github.com/aws/aws-sdk-go/service/dynamodb" + "github.com/zLukas/CloudTools/src/cert-generator/pkg/aws" +) +var test_table_record = aws.TableRecord{ + CaCert: aws.CertItem{PrivateKey: "CAPRIVKEY", + Cert: "CACERT", + }, + CeCert: aws.CertItem{PrivateKey: "CEPRIVKEY", + Cert: "CECERT", + }, + Name: "sample-table", + CreationDate: "today", } -func TestPutItemWithConfiguredTable(t *testing.T) { +type WrongDbClient struct{} +func TestPutItemNilClient(t *testing.T) { + test_db := aws.Database{TableName: "test-name"} + err := test_db.PutItem(test_table_record) + if err == nil { + t.Error("err should be error type, got nil") + } else if err.Error() != "database client is nil" { + t.Errorf("err should be \"database client is nil\", got %s", err.Error()) + } } -func TestPutItemFailed(t *testing.T) { +func TestPutItemNodynamoDBClient(t *testing.T) { + test_db := aws.Database{Client: &WrongDbClient{}} + err := test_db.PutItem(test_table_record) + if err == nil { + t.Error("err should be error type, got nil") + } else if err.Error() != "client is not '*DynamoDB' type" { + t.Errorf("err should be \"client is not '*DynamoDB' type\", got %s", err.Error()) + } } -func TestPutItemOk(t *testing.T) { - +func TestPutItemNoTableName(t *testing.T) { + test_db := aws.Database{Client: &dynamodb.DynamoDB{}} + err := test_db.PutItem(test_table_record) + if err == nil { + t.Error("err should be error type, got nil") + } else if err.Error() != "no table name provided" { + t.Errorf("err should be \"no table name provided\", got %s", err.Error()) + } } diff --git a/src/cert-generator/tests/pkg/mocks/tls_mock.go b/src/cert-generator/tests/pkg/mocks/tls_mock.go index 2091b28..207950b 100644 --- a/src/cert-generator/tests/pkg/mocks/tls_mock.go +++ b/src/cert-generator/tests/pkg/mocks/tls_mock.go @@ -10,12 +10,12 @@ import ( var testError error = fmt.Errorf("FAIL") -type x509Mock struct { +type X509Mock struct { createcertificatesPass bool parseCertificatePass bool } -func (x *x509Mock) CreateCertificate(rand io.Reader, template *x509.Certificate, parent *x509.Certificate, pub any, priv any) ([]byte, error) { +func (x *X509Mock) CreateCertificate(rand io.Reader, template *x509.Certificate, parent *x509.Certificate, pub any, priv any) ([]byte, error) { if x.createcertificatesPass { return []byte{0xDE, 0xAD, 0xBE, 0xEF}, nil } else { @@ -23,7 +23,7 @@ func (x *x509Mock) CreateCertificate(rand io.Reader, template *x509.Certificate, } } -func (x *x509Mock) ParseCertificate(der []byte) (*x509.Certificate, error) { +func (x *X509Mock) ParseCertificate(der []byte) (*x509.Certificate, error) { if x.parseCertificatePass { return &x509.Certificate{}, nil } else { @@ -31,7 +31,7 @@ func (x *x509Mock) ParseCertificate(der []byte) (*x509.Certificate, error) { } } -type pemMock struct { +type PemMock struct { encodePass bool decodePass bool } From e20ec4d4eed21b23826646f4e0483f0841206c5e Mon Sep 17 00:00:00 2001 From: zLukas Date: Wed, 4 Oct 2023 12:10:04 +0200 Subject: [PATCH 07/11] onboard tests --- src/cert-generator/cmd/lambda.go | 19 ++++++++++++++++++- src/cert-generator/cmd/local.go | 19 +++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/src/cert-generator/cmd/lambda.go b/src/cert-generator/cmd/lambda.go index 0e220d1..9e07ed5 100644 --- a/src/cert-generator/cmd/lambda.go +++ b/src/cert-generator/cmd/lambda.go @@ -5,6 +5,7 @@ import ( "fmt" "github.com/aws/aws-lambda-go/lambda" + "github.com/zLukas/CloudTools/src/cert-generator/pkg/aws" "github.com/zLukas/CloudTools/src/cert-generator/pkg/tls" ) @@ -23,7 +24,23 @@ func handleRequest(ctx context.Context, event RequestEvent) (string, error) { if err != nil { return "fail", fmt.Errorf("Failed to create Cert: %s", err.Error()) } - fmt.Printf("%v,%v", ceKey, ce) + //dbTable := os.Getenv("TABLE_NAME") + dbTable := "CertTable" + db := aws.Database{} + err = db.PutItem(aws.TableRecord{ + CaCert: aws.CertItem{PrivateKey: string(caKey), + Cert: string(ca), + }, + CeCert: aws.CertItem{PrivateKey: string(ceKey), + Cert: string(ce), + }, + Name: "sample-record", + CreationDate: "today", + }, + aws.WithDynamoDBLogin(), + aws.WithTableName(dbTable), + ) + return "sucess", nil } diff --git a/src/cert-generator/cmd/local.go b/src/cert-generator/cmd/local.go index 32153aa..d78ad28 100644 --- a/src/cert-generator/cmd/local.go +++ b/src/cert-generator/cmd/local.go @@ -4,6 +4,7 @@ import ( "fmt" "os" + "github.com/zLukas/CloudTools/src/cert-generator/pkg/aws" "github.com/zLukas/CloudTools/src/cert-generator/pkg/input" "github.com/zLukas/CloudTools/src/cert-generator/pkg/tls" ) @@ -36,4 +37,22 @@ func RunLocal() { } tls.WriteKeyCertFile(caKey, ca, "CA-Certificate.pem") + + fmt.Print("uploading to database...") + dbTable := "Certificates" + db := aws.Database{} + err = db.PutItem(aws.TableRecord{ + CaCert: aws.CertItem{PrivateKey: string(caKey), + Cert: string(ca), + }, + CeCert: aws.CertItem{}, + Name: "sample-record", + CreationDate: "today", + }, + aws.WithDynamoDBLogin(), + aws.WithTableName(dbTable), + ) + if err != nil { + fmt.Printf("database upload error: %s", err.Error()) + } } From 6c90a68d0d52edf4433805065037da36d5f8df04 Mon Sep 17 00:00:00 2001 From: zLukas Date: Thu, 5 Oct 2023 18:17:00 +0200 Subject: [PATCH 08/11] upgrade dynamo db sdk to v2 --- src/cert-generator/cmd/lambda.go | 8 +-- src/cert-generator/cmd/local.go | 7 +- src/cert-generator/go.mod | 23 +++++- src/cert-generator/go.sum | 37 ++++++++++ src/cert-generator/main.go | 3 +- src/cert-generator/pkg/aws/database.go | 98 ++++++++++++++++++++++++++ src/cert-generator/pkg/aws/dynamodb.go | 79 --------------------- 7 files changed, 165 insertions(+), 90 deletions(-) create mode 100644 src/cert-generator/pkg/aws/database.go delete mode 100644 src/cert-generator/pkg/aws/dynamodb.go diff --git a/src/cert-generator/cmd/lambda.go b/src/cert-generator/cmd/lambda.go index 9e07ed5..8fbccfb 100644 --- a/src/cert-generator/cmd/lambda.go +++ b/src/cert-generator/cmd/lambda.go @@ -28,11 +28,11 @@ func handleRequest(ctx context.Context, event RequestEvent) (string, error) { dbTable := "CertTable" db := aws.Database{} err = db.PutItem(aws.TableRecord{ - CaCert: aws.CertItem{PrivateKey: string(caKey), - Cert: string(ca), + CaCert: aws.CertItem{PrivateKey: caKey, + Cert: ca, }, - CeCert: aws.CertItem{PrivateKey: string(ceKey), - Cert: string(ce), + CeCert: aws.CertItem{PrivateKey: ceKey, + Cert: ce, }, Name: "sample-record", CreationDate: "today", diff --git a/src/cert-generator/cmd/local.go b/src/cert-generator/cmd/local.go index d78ad28..ab0d762 100644 --- a/src/cert-generator/cmd/local.go +++ b/src/cert-generator/cmd/local.go @@ -38,12 +38,13 @@ func RunLocal() { tls.WriteKeyCertFile(caKey, ca, "CA-Certificate.pem") - fmt.Print("uploading to database...") + fmt.Print("uploading to database...\n") dbTable := "Certificates" db := aws.Database{} err = db.PutItem(aws.TableRecord{ - CaCert: aws.CertItem{PrivateKey: string(caKey), - Cert: string(ca), + CaCert: aws.CertItem{ + PrivateKey: caKey, + Cert: ca, }, CeCert: aws.CertItem{}, Name: "sample-record", diff --git a/src/cert-generator/go.mod b/src/cert-generator/go.mod index c93f812..7cad620 100644 --- a/src/cert-generator/go.mod +++ b/src/cert-generator/go.mod @@ -4,8 +4,27 @@ go 1.21.1 require ( github.com/aws/aws-lambda-go v1.41.0 - github.com/aws/aws-sdk-go v1.45.20 + github.com/aws/aws-sdk-go v1.45.22 gopkg.in/yaml.v2 v2.4.0 ) -require github.com/jmespath/go-jmespath v0.4.0 // indirect +require ( + github.com/aws/aws-sdk-go-v2 v1.21.0 // indirect + github.com/aws/aws-sdk-go-v2/config v1.18.43 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.13.41 // indirect + github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.10.40 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43 // indirect + github.com/aws/aws-sdk-go-v2/service/dynamodb v1.22.0 // indirect + github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.15.5 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.14 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.35 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.15.0 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.23.0 // indirect + github.com/aws/smithy-go v1.14.2 // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect +) diff --git a/src/cert-generator/go.sum b/src/cert-generator/go.sum index 2372678..81469af 100644 --- a/src/cert-generator/go.sum +++ b/src/cert-generator/go.sum @@ -4,9 +4,46 @@ github.com/aws/aws-sdk-go v1.45.19 h1:+4yXWhldhCVXWFOQRF99ZTJ92t4DtoHROZIbN7Ujk/ github.com/aws/aws-sdk-go v1.45.19/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/aws/aws-sdk-go v1.45.20 h1:U/wLZEwqVB6o2XlcJ7um8kczx+A1X2MgO2y4wdKDQTs= github.com/aws/aws-sdk-go v1.45.20/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.45.22 h1:yq86HCbyWIn2A6Ayoa61WCf7jkMmsESXUB9+QrbxK50= +github.com/aws/aws-sdk-go v1.45.22/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go-v2 v1.21.0 h1:gMT0IW+03wtYJhRqTVYn0wLzwdnK9sRMcxmtfGzRdJc= +github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M= +github.com/aws/aws-sdk-go-v2/config v1.18.43 h1:IgdUtTRvUDC6eiJBqU6vh7bHFNAEBjQ8S+qJ7zVhDOs= +github.com/aws/aws-sdk-go-v2/config v1.18.43/go.mod h1:NiFev8qlgg8MPzw3fO/EwzMZeZwlJEKGwfpjRPA9Nvw= +github.com/aws/aws-sdk-go-v2/credentials v1.13.41 h1:dgbKq1tamtboYAKSXWbqL0lKO9rmEzEhbZFh9JQW/Bg= +github.com/aws/aws-sdk-go-v2/credentials v1.13.41/go.mod h1:cc3Fn7DkKbJalPtQnudHGZZ8ml9+hwtbc1CJONsYYqk= +github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.10.40 h1:YS/4hWmEIgAgUcFWPWmeBvyjH1Bttvfn1gHYC3T0Jd0= +github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.10.40/go.mod h1:W4jFsOeGAVrQZWgoRY52fjYObqfjletWUlq4cssiBdw= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11 h1:uDZJF1hu0EVT/4bogChk8DyjSF6fof6uL/0Y26Ma7Fg= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11/go.mod h1:TEPP4tENqBGO99KwVpV9MlOX4NSrSLP8u3KRy2CDwA8= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41 h1:22dGT7PneFMx4+b3pz7lMTRyN8ZKH7M2cW4GP9yUS2g= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41/go.mod h1:CrObHAuPneJBlfEJ5T3szXOUkLEThaGfvnhTf33buas= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35 h1:SijA0mgjV8E+8G45ltVHs0fvKpTj8xmZJ3VwhGKtUSI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35/go.mod h1:SJC1nEVVva1g3pHAIdCp7QsRIkMmLAgoDquQ9Rr8kYw= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43 h1:g+qlObJH4Kn4n21g69DjspU0hKTjWtq7naZ9OLCv0ew= +github.com/aws/aws-sdk-go-v2/internal/ini v1.3.43/go.mod h1:rzfdUlfA+jdgLDmPKjd3Chq9V7LVLYo1Nz++Wb91aRo= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.22.0 h1:kjsywH3KdJnqo6XgHGE8eCoeZ9GsnVIUBILY93YjzKg= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.22.0/go.mod h1:X3ThW5RPV19hi7bnQ0RMAiBjZbzxj4rZlj+qdctbMWY= +github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.15.5 h1:xoalM/e1YsT6jkLKl6KA9HUiJANwn2ypJsM9lhW2WP0= +github.com/aws/aws-sdk-go-v2/service/dynamodbstreams v1.15.5/go.mod h1:7QtKdGj66zM4g5hPgxHRQgFGLGal4EgwggTw5OZH56c= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.14 h1:m0QTSI6pZYJTk5WSKx3fm5cNW/DCicVzULBgU/6IyD0= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.14/go.mod h1:dDilntgHy9WnHXsh7dDtUPgHKEfTJIBUTHM8OWm0f/0= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.35 h1:UKjpIDLVF90RfV88XurdduMoTxPqtGHZMIDYZQM7RO4= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.7.35/go.mod h1:B3dUg0V6eJesUTi+m27NUkj7n8hdDKYUpxj8f4+TqaQ= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35 h1:CdzPW9kKitgIiLV1+MHobfR5Xg25iYnyzWZhyQuSlDI= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.35/go.mod h1:QGF2Rs33W5MaN9gYdEQOBBFPLwTZkEhRwI33f7KIG0o= +github.com/aws/aws-sdk-go-v2/service/sso v1.15.0 h1:vuGK1vHNP9zx0PfOrtPumbwR2af0ATQ1Z2H6p75AgRQ= +github.com/aws/aws-sdk-go-v2/service/sso v1.15.0/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1 h1:8lKOidPkmSmfUtiTgtdXWgaKItCZ/g75/jEk6Ql6GsA= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.1/go.mod h1:yygr8ACQRY2PrEcy3xsUI357stq2AxnFM6DIsR9lij4= +github.com/aws/aws-sdk-go-v2/service/sts v1.23.0 h1:pyvfUqkNLMipdKNAtu7OVbRxUrR2BMaKccIPpk/Hkak= +github.com/aws/aws-sdk-go-v2/service/sts v1.23.0/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU= +github.com/aws/smithy-go v1.14.2 h1:MJU9hqBGbvWZdApzpvoF2WAIJDbtjK2NDJSiJP7HblQ= +github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= diff --git a/src/cert-generator/main.go b/src/cert-generator/main.go index 81979f9..f0e1d4d 100644 --- a/src/cert-generator/main.go +++ b/src/cert-generator/main.go @@ -10,10 +10,9 @@ import ( func main() { enviroment := os.Getenv("ENVIROMENT") if enviroment == "LAMBDA" { - cmd.RunLambda() } else { - fmt.Print("running locally") + fmt.Print("running locally\n") cmd.RunLocal() } } diff --git a/src/cert-generator/pkg/aws/database.go b/src/cert-generator/pkg/aws/database.go new file mode 100644 index 0000000..6c3e81d --- /dev/null +++ b/src/cert-generator/pkg/aws/database.go @@ -0,0 +1,98 @@ +package aws + +import ( + "fmt" + "log" + + "context" + + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue" + "github.com/aws/aws-sdk-go-v2/service/dynamodb" + "github.com/aws/aws-sdk-go/aws" +) + +type CertItem struct { + PrivateKey []byte `dynamodbav:"privateKey"` + Cert []byte `dynamodbav:"cert"` +} + +type TableRecord struct { + CaCert CertItem `dynamodbav:"ca"` + CeCert CertItem `dynamodbav:"ce"` + Name string `dynamodbav:"name"` + CreationDate string `dynamodbav:"creationDate"` +} +type Database struct { + TableName string + Client interface{} +} + +type DatabaseOption func(*Database) + +func WithDynamoDBLogin() DatabaseOption { + return func(t *Database) { + cfg, err := config.LoadDefaultConfig(context.TODO()) + cfg.Region = "eu-central-1" + if err != nil { + fmt.Printf("Cannot log into DB: %s", err.Error()) + t.Client = nil + return + } + client := dynamodb.NewFromConfig(cfg) + if client == nil { + fmt.Printf("Cannot log into DB: %s", err.Error()) + t.Client = nil + return + } + t.Client = client + } +} + +func WithTableName(n string) DatabaseOption { + return func(t *Database) { + t.TableName = n + } +} + +func (t *Database) PutItem(item TableRecord, opts ...DatabaseOption) error { + for _, opt := range opts { + opt(t) + } + + if t.Client == nil { + return fmt.Errorf("database client is nil") + } + + if dynamoDbClient, ok := t.Client.(*dynamodb.Client); ok { + if err := dynamoDBPutItem(dynamoDbClient, item, t.TableName); err != nil { + return fmt.Errorf("failed to put dynamoDB item: %s", err.Error()) + } + } else { + return fmt.Errorf("client not supported") + } + return nil +} + +func dynamoDBPutItem(client *dynamodb.Client, item TableRecord, table string) error { + _, err := client.DescribeTable( + context.TODO(), &dynamodb.DescribeTableInput{TableName: aws.String(table)}) + if err != nil { + return fmt.Errorf("table error: %s", err.Error()) + } + + dbItem, err := attributevalue.MarshalMap(&item) + if err != nil { + panic(err) + } + fmt.Println("in ", dbItem["name"], dbItem["ca"]) + fmt.Printf("table %s\n", table) + put_out, err := client.PutItem(context.TODO(), &dynamodb.PutItemInput{ + TableName: aws.String(table), Item: dbItem, + }) + fmt.Printf("out %v\n", put_out) + if err != nil { + log.Printf("Couldn't add item to table. Here's why: %v\n", err) + } + return nil +} diff --git a/src/cert-generator/pkg/aws/dynamodb.go b/src/cert-generator/pkg/aws/dynamodb.go deleted file mode 100644 index 30b093b..0000000 --- a/src/cert-generator/pkg/aws/dynamodb.go +++ /dev/null @@ -1,79 +0,0 @@ -package aws - -import ( - "fmt" - originAws "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/dynamodb" -) - -type CertItem struct { - PrivateKey string - Cert string -} - -type TableRecord struct { - CaCert CertItem - CeCert CertItem - Name string - CreationDate string -} -type Table struct { - Name string - client interface -} - -type TableOption func(*Table) - -func WithLogin() TableOption { - return func(t *Table) { - sess, err := session.NewSessionWithOptions(session.Options{ - SharedConfigState: session.SharedConfigEnable, - }) - if err != nil { - fmt.Printf("Cannot log into DB: %s", err.Error()) - t.client = nil - } - - t.client = dynamodb.New(sess) - } -} - -func WithName(n string) TableOption { - return func(t *Table) { - t.Name = n - } -} - - -func (t *Table) PutItem(item map[string]TableRecord, opts ...TableOption) error { - for _, opt := range opts { - opt(t) - } - - if t.client != nil { - if _, ok = t.client.(*DynamoDB); ok != false { - return fmt.Errorf("client is not '*DynamoDB' type") - } - } else { - return fmt.Errorf("client is not '*DynamoDB' type") - } - - var err error - var tableItem map[string]*dynamodb.AttributeValue - tableItem, err = dynamodbattribute.MarshalMap(item) - if err != nil { - return fmt.Errorf("failed to Marshal item %s", err.Error()) - } - - input := &dynamodb.PutItemInput{ - Item: tableItem, - TableName: originAws.String(t.Name), - } - - _, err = t.client.PutItem(input) - if err != nil { - return fmt.Errorf("failed to put %d item %s", idx, err.Error()) - } - return nil -} From 607b607d02fff307b5326056d39f96c21adf81b5 Mon Sep 17 00:00:00 2001 From: zLukas Date: Thu, 5 Oct 2023 22:20:17 +0200 Subject: [PATCH 09/11] target tests passed --- src/cert-generator/cmd/lambda.go | 35 ++++++++++----- src/cert-generator/cmd/local.go | 28 ------------ src/cert-generator/pkg/aws/database.go | 59 -------------------------- src/cert-generator/pkg/aws/dynamoDb.go | 54 +++++++++++++++++++++++ src/cert-generator/pkg/aws/types.go | 13 ++++++ terraform/dynamo_db.tf | 2 +- 6 files changed, 92 insertions(+), 99 deletions(-) create mode 100644 src/cert-generator/pkg/aws/dynamoDb.go create mode 100644 src/cert-generator/pkg/aws/types.go diff --git a/src/cert-generator/cmd/lambda.go b/src/cert-generator/cmd/lambda.go index 8fbccfb..26f2d46 100644 --- a/src/cert-generator/cmd/lambda.go +++ b/src/cert-generator/cmd/lambda.go @@ -3,6 +3,8 @@ package cmd import ( "context" "fmt" + "os" + "time" "github.com/aws/aws-lambda-go/lambda" "github.com/zLukas/CloudTools/src/cert-generator/pkg/aws" @@ -10,8 +12,9 @@ import ( ) type RequestEvent struct { - CACert tls.CACert `json:"caCert"` - Cert tls.Cert `json:"cert"` + CACert tls.CACert `json:"caCert"` + Cert tls.Cert `json:"cert"` + Requester string `json:"requester"` } func handleRequest(ctx context.Context, event RequestEvent) (string, error) { @@ -24,22 +27,32 @@ func handleRequest(ctx context.Context, event RequestEvent) (string, error) { if err != nil { return "fail", fmt.Errorf("Failed to create Cert: %s", err.Error()) } - //dbTable := os.Getenv("TABLE_NAME") - dbTable := "CertTable" + dbTable := os.Getenv("TABLE_NAME") + dbRegion := os.Getenv("DB_REGION") db := aws.Database{} + if err != nil { + fmt.Printf("Error: %s", err) + } + currentTime := time.Now() + err = db.PutItem(aws.TableRecord{ - CaCert: aws.CertItem{PrivateKey: caKey, - Cert: ca, + CaCert: aws.CertItem{ + PrivateKey: caKey, + Cert: ca, }, - CeCert: aws.CertItem{PrivateKey: ceKey, - Cert: ce, + CeCert: aws.CertItem{ + PrivateKey: ceKey, + Cert: ce, }, - Name: "sample-record", - CreationDate: "today", + Name: event.Requester, + CreationDate: currentTime.Format("2006.01.02 15:04:05"), }, - aws.WithDynamoDBLogin(), + aws.WithDynamoDBLogin(dbRegion), aws.WithTableName(dbTable), ) + if err != nil { + fmt.Printf("database upload error: %s", err.Error()) + } return "sucess", nil diff --git a/src/cert-generator/cmd/local.go b/src/cert-generator/cmd/local.go index ab0d762..ef22ed3 100644 --- a/src/cert-generator/cmd/local.go +++ b/src/cert-generator/cmd/local.go @@ -4,7 +4,6 @@ import ( "fmt" "os" - "github.com/zLukas/CloudTools/src/cert-generator/pkg/aws" "github.com/zLukas/CloudTools/src/cert-generator/pkg/input" "github.com/zLukas/CloudTools/src/cert-generator/pkg/tls" ) @@ -27,33 +26,6 @@ func RunLocal() { fmt.Printf("Error: %s", err) } - for k, el := range config.Cfg.Cert { - - ceKey, ce, err := tls.CreateCertBytes(el, caKey, ca) - if err != nil { - fmt.Printf("Error: %s", err) - } - tls.WriteKeyCertFile(ceKey, ce, k+".pem") - } - tls.WriteKeyCertFile(caKey, ca, "CA-Certificate.pem") - fmt.Print("uploading to database...\n") - dbTable := "Certificates" - db := aws.Database{} - err = db.PutItem(aws.TableRecord{ - CaCert: aws.CertItem{ - PrivateKey: caKey, - Cert: ca, - }, - CeCert: aws.CertItem{}, - Name: "sample-record", - CreationDate: "today", - }, - aws.WithDynamoDBLogin(), - aws.WithTableName(dbTable), - ) - if err != nil { - fmt.Printf("database upload error: %s", err.Error()) - } } diff --git a/src/cert-generator/pkg/aws/database.go b/src/cert-generator/pkg/aws/database.go index 6c3e81d..7a2727a 100644 --- a/src/cert-generator/pkg/aws/database.go +++ b/src/cert-generator/pkg/aws/database.go @@ -2,27 +2,10 @@ package aws import ( "fmt" - "log" - "context" - - "github.com/aws/aws-sdk-go-v2/config" - "github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue" "github.com/aws/aws-sdk-go-v2/service/dynamodb" - "github.com/aws/aws-sdk-go/aws" ) -type CertItem struct { - PrivateKey []byte `dynamodbav:"privateKey"` - Cert []byte `dynamodbav:"cert"` -} - -type TableRecord struct { - CaCert CertItem `dynamodbav:"ca"` - CeCert CertItem `dynamodbav:"ce"` - Name string `dynamodbav:"name"` - CreationDate string `dynamodbav:"creationDate"` -} type Database struct { TableName string Client interface{} @@ -30,25 +13,6 @@ type Database struct { type DatabaseOption func(*Database) -func WithDynamoDBLogin() DatabaseOption { - return func(t *Database) { - cfg, err := config.LoadDefaultConfig(context.TODO()) - cfg.Region = "eu-central-1" - if err != nil { - fmt.Printf("Cannot log into DB: %s", err.Error()) - t.Client = nil - return - } - client := dynamodb.NewFromConfig(cfg) - if client == nil { - fmt.Printf("Cannot log into DB: %s", err.Error()) - t.Client = nil - return - } - t.Client = client - } -} - func WithTableName(n string) DatabaseOption { return func(t *Database) { t.TableName = n @@ -73,26 +37,3 @@ func (t *Database) PutItem(item TableRecord, opts ...DatabaseOption) error { } return nil } - -func dynamoDBPutItem(client *dynamodb.Client, item TableRecord, table string) error { - _, err := client.DescribeTable( - context.TODO(), &dynamodb.DescribeTableInput{TableName: aws.String(table)}) - if err != nil { - return fmt.Errorf("table error: %s", err.Error()) - } - - dbItem, err := attributevalue.MarshalMap(&item) - if err != nil { - panic(err) - } - fmt.Println("in ", dbItem["name"], dbItem["ca"]) - fmt.Printf("table %s\n", table) - put_out, err := client.PutItem(context.TODO(), &dynamodb.PutItemInput{ - TableName: aws.String(table), Item: dbItem, - }) - fmt.Printf("out %v\n", put_out) - if err != nil { - log.Printf("Couldn't add item to table. Here's why: %v\n", err) - } - return nil -} diff --git a/src/cert-generator/pkg/aws/dynamoDb.go b/src/cert-generator/pkg/aws/dynamoDb.go new file mode 100644 index 0000000..8c32aa8 --- /dev/null +++ b/src/cert-generator/pkg/aws/dynamoDb.go @@ -0,0 +1,54 @@ +package aws + +import ( + "context" + "fmt" + "log" + + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue" + "github.com/aws/aws-sdk-go-v2/service/dynamodb" + "github.com/aws/aws-sdk-go/aws" +) + +func WithDynamoDBLogin(region string) DatabaseOption { + return func(t *Database) { + cfg, err := config.LoadDefaultConfig(context.TODO()) + cfg.Region = region + if err != nil { + fmt.Printf("Cannot log into DB: %s", err.Error()) + t.Client = nil + return + } + client := dynamodb.NewFromConfig(cfg) + if client == nil { + fmt.Printf("Cannot log into DB: %s", err.Error()) + t.Client = nil + return + } + t.Client = client + } +} + +func dynamoDBPutItem(client *dynamodb.Client, item TableRecord, table string) error { + _, err := client.DescribeTable( + context.TODO(), &dynamodb.DescribeTableInput{TableName: aws.String(table)}) + if err != nil { + return fmt.Errorf("table error: %s", err.Error()) + } + + if err != nil { + panic(err) + } + dbItem, err := attributevalue.MarshalMap(item) + + if err != nil { + return fmt.Errorf("cannot marshal item into dynamoDBFormat") + } + _, err = client.PutItem(context.TODO(), &dynamodb.PutItemInput{ + TableName: aws.String(table), Item: dbItem}) + if err != nil { + log.Printf("Couldn't add item to table. Here's why: %v\n", err) + } + return nil +} diff --git a/src/cert-generator/pkg/aws/types.go b/src/cert-generator/pkg/aws/types.go new file mode 100644 index 0000000..caa23f3 --- /dev/null +++ b/src/cert-generator/pkg/aws/types.go @@ -0,0 +1,13 @@ +package aws + +type CertItem struct { + PrivateKey []byte `dynamodbav:"PrivateKey"` + Cert []byte `dynamodbav:"Cert"` +} + +type TableRecord struct { + CaCert CertItem `dynamodbav:"Ca"` + CeCert CertItem `dynamodbav:"Ce"` + Name string `dynamodbav:"Name"` + CreationDate string `dynamodbav:"CreationDate"` +} diff --git a/terraform/dynamo_db.tf b/terraform/dynamo_db.tf index 356968f..4c8a7fa 100644 --- a/terraform/dynamo_db.tf +++ b/terraform/dynamo_db.tf @@ -1,4 +1,4 @@ -resource "aws_dynamodb_table" "basic-dynamodb-table" { +resource "aws_dynamodb_table" "CertTable" { name = "Certificates" billing_mode = "PAY_PER_REQUEST" hash_key = "Name" From a24001376475260aa30ab838732533929f9259a9 Mon Sep 17 00:00:00 2001 From: zLukas Date: Thu, 5 Oct 2023 22:26:26 +0200 Subject: [PATCH 10/11] minor cleanup --- src/cert-generator/pkg/aws/dynamoDb.go | 3 --- src/cert-generator/tls.json | 27 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 3 deletions(-) create mode 100644 src/cert-generator/tls.json diff --git a/src/cert-generator/pkg/aws/dynamoDb.go b/src/cert-generator/pkg/aws/dynamoDb.go index 8c32aa8..5fd0271 100644 --- a/src/cert-generator/pkg/aws/dynamoDb.go +++ b/src/cert-generator/pkg/aws/dynamoDb.go @@ -37,9 +37,6 @@ func dynamoDBPutItem(client *dynamodb.Client, item TableRecord, table string) er return fmt.Errorf("table error: %s", err.Error()) } - if err != nil { - panic(err) - } dbItem, err := attributevalue.MarshalMap(item) if err != nil { diff --git a/src/cert-generator/tls.json b/src/cert-generator/tls.json new file mode 100644 index 0000000..cce5a15 --- /dev/null +++ b/src/cert-generator/tls.json @@ -0,0 +1,27 @@ +{ + "caCert": { + "serial": 1, + "validForYears": 10, + "subject": { + "country": "PL", + "organization": "ChmurPol", + "organizationalUnit": "dzial certow", + "locality": "WD", + "commonName": "certhost jp2" + } + }, + "cert": { + "serial": 1, + "validForYears": 1, + "dnsNames": [ + "yellowhost.jp2" + ], + "subject": { + "country": "PL", + "organization": "ChmurPol", + "organizationalUnit": "dzial certow", + "locality": "WD", + "commonName": "creampie.jp2" + } + } +} From 283ba3f1d351c53aa6f048184b1b8232732e2b5c Mon Sep 17 00:00:00 2001 From: zLukas Date: Fri, 6 Oct 2023 17:25:33 +0200 Subject: [PATCH 11/11] lambda terraform initialized --- terraform/modules/lambda/iam.tf | 33 +++++++++++++++++++++++++++ terraform/modules/lambda/main.tf | 18 +++++++++++++++ terraform/modules/lambda/outputs.tf | 0 terraform/modules/lambda/provider.tf | 5 ++++ terraform/modules/lambda/variables.tf | 30 ++++++++++++++++++++++++ 5 files changed, 86 insertions(+) create mode 100644 terraform/modules/lambda/iam.tf create mode 100644 terraform/modules/lambda/main.tf create mode 100644 terraform/modules/lambda/outputs.tf create mode 100644 terraform/modules/lambda/provider.tf create mode 100644 terraform/modules/lambda/variables.tf diff --git a/terraform/modules/lambda/iam.tf b/terraform/modules/lambda/iam.tf new file mode 100644 index 0000000..ca1e5cd --- /dev/null +++ b/terraform/modules/lambda/iam.tf @@ -0,0 +1,33 @@ +data "aws_iam_policy_document" "lambda_assume_role" { + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["lambda.amazonaws.com"] + } + + actions = ["sts:AssumeRole"] + } +} + +resource "aws_iam_role" "iam_for_lambda" { + name = "LambdaIam" + assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json +} + +data "aws_iam_policy_document" "lambda_policy_doc" { + statement { + effect = "Allow" + actions = var.lambda_iam_actions + + resources = var.lambda_iam_resources + } +} + +resource "aws_iam_policy" "lambda_permissions" { + name = "lambda_permissions" + path = "/" + description = "IAM policy for Lambda" + policy = data.aws_iam_policy_document.lambda_policy_doc.json +} \ No newline at end of file diff --git a/terraform/modules/lambda/main.tf b/terraform/modules/lambda/main.tf new file mode 100644 index 0000000..39e669d --- /dev/null +++ b/terraform/modules/lambda/main.tf @@ -0,0 +1,18 @@ +resource "aws_lambda_function" "test_lambda" { + # If the file is not in the current working directory you will need to include a + # path.module in the filename. + filename = "lambda_function_payload.zip" + function_name = "lambda_function_name" + role = aws_iam_role.iam_for_lambda.arn + handler = "index.test" + + source_code_hash = data.archive_file.lambda.output_base64sha256 + + runtime = "nodejs18.x" + + environment { + variables = { + foo = "bar" + } + } +} \ No newline at end of file diff --git a/terraform/modules/lambda/outputs.tf b/terraform/modules/lambda/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/terraform/modules/lambda/provider.tf b/terraform/modules/lambda/provider.tf new file mode 100644 index 0000000..00a3d3b --- /dev/null +++ b/terraform/modules/lambda/provider.tf @@ -0,0 +1,5 @@ +provider "aws" { + region = var.region + access_key = var.access_key + secret_key = var.secret_key +} \ No newline at end of file diff --git a/terraform/modules/lambda/variables.tf b/terraform/modules/lambda/variables.tf new file mode 100644 index 0000000..b9a4a08 --- /dev/null +++ b/terraform/modules/lambda/variables.tf @@ -0,0 +1,30 @@ +variable access_key { + type = string +} + +variable secret_key { + type = string +} + +variable region { + type = string +} + +variable lambda_name { + type = string +} + +variable env_vars { + type = list(object({ + name = string + value = string + })) +} + +variable lambda_iam_actions { + type = list(string) +} + +variable lambda_iam_resources { + type = list(string) +} \ No newline at end of file