summaryrefslogtreecommitdiffstats
path: root/client/go/cmd/root.go
diff options
context:
space:
mode:
Diffstat (limited to 'client/go/cmd/root.go')
-rw-r--r--client/go/cmd/root.go43
1 files changed, 3 insertions, 40 deletions
diff --git a/client/go/cmd/root.go b/client/go/cmd/root.go
index e2f03cbc7ce..c8c49efbe07 100644
--- a/client/go/cmd/root.go
+++ b/client/go/cmd/root.go
@@ -2,15 +2,12 @@
package cmd
import (
- "crypto/tls"
- "crypto/x509"
"encoding/json"
"fmt"
"io"
"log"
"os"
"os/exec"
- "path/filepath"
"strings"
"time"
@@ -332,7 +329,7 @@ func (c *CLI) createCloudTarget(targetType string, opts targetOptions) (vespa.Ta
authConfigPath = c.config.authConfigPath()
deploymentTLSOptions = vespa.TLSOptions{}
if !opts.noCertificate {
- kp, err := c.config.x509KeyPair(deployment.Application)
+ kp, err := c.config.x509KeyPair(deployment.Application, targetType)
if err != nil {
return nil, errHint(err, "Deployment to cloud requires a certificate. Try 'vespa auth cert'")
}
@@ -343,9 +340,9 @@ func (c *CLI) createCloudTarget(targetType string, opts targetOptions) (vespa.Ta
}
}
case vespa.TargetHosted:
- kp, err := athenzKeyPair()
+ kp, err := c.config.x509KeyPair(deployment.Application, targetType)
if err != nil {
- return nil, err
+ return nil, errHint(err, "Deployment to hosted requires an Athenz certificate", "Try renewing certificate with 'athenz-user-cert'")
}
apiTLSOptions = vespa.TLSOptions{
KeyPair: kp.KeyPair,
@@ -487,40 +484,6 @@ func isTerminal(w io.Writer) bool {
return false
}
-func athenzPath(filename string) (string, error) {
- userHome, err := os.UserHomeDir()
- if err != nil {
- return "", err
- }
- return filepath.Join(userHome, ".athenz", filename), nil
-}
-
-func athenzKeyPair() (KeyPair, error) {
- certFile, err := athenzPath("cert")
- if err != nil {
- return KeyPair{}, err
- }
- keyFile, err := athenzPath("key")
- if err != nil {
- return KeyPair{}, err
- }
- kp, err := tls.LoadX509KeyPair(certFile, keyFile)
- if err != nil {
- return KeyPair{}, err
- }
- cert, err := x509.ParseCertificate(kp.Certificate[0])
- if err != nil {
- return KeyPair{}, err
- }
- now := time.Now()
- expiredAt := cert.NotAfter
- if expiredAt.Before(now) {
- delta := now.Sub(expiredAt).Truncate(time.Second)
- return KeyPair{}, errHint(fmt.Errorf("certificate %s expired at %s (%s ago)", certFile, cert.NotAfter, delta), "Try renewing certificate with 'athenz-user-cert'")
- }
- return KeyPair{KeyPair: kp, CertificateFile: certFile, PrivateKeyFile: keyFile}, nil
-}
-
// applicationPackageFrom returns an application loaded from args. If args is empty, the application package is loaded
// from the working directory. If requirePackaging is true, the application package is required to be packaged with mvn
// package.