From 8f5e9e83726f37061e867414678029e77a59e6af Mon Sep 17 00:00:00 2001 From: "henry.chen" Date: Tue, 29 Oct 2019 15:36:59 +0800 Subject: [PATCH 1/6] feat(key): create key csr --- sys.go | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/sys.go b/sys.go index 907332e..0bce84e 100644 --- a/sys.go +++ b/sys.go @@ -15,6 +15,10 @@ const ( uriSslCert = "ssl-cert" uriSslKey = "ssl-key" //uriPlatform = "?$select=platform" + + uriCrypto = "crypto" + uriKey = "key" + uriCsr = "csr" ) type Volumes struct { @@ -357,3 +361,53 @@ func (b *BigIP) GetKey(name string) (*Key, error) { func (b *BigIP) DeleteKey(name string) error { return b.delete(uriSys, uriFile, uriSslKey, name) } + +// Key2 create private key +type Key2 struct { + AdminEmailAddress string `json:"adminEmailAddress,omitempty"` + AppService string `json:"appService,omitempty"` + ChallengePassword string `json:"challengePassword"` + City string `json:"city"` + CommonName string `json:"commonName"` + Consumer string `json:"consumer"` + Country string `json:"country"` + CurveName string `json:"curveName"` + EmailAddress string `json:"emailAddress"` + FromLocalFile string `json:"fromLocalFile"` + FromUrl string `json:"fromUrl"` + KeySize string `json:"keySize"` + KeyType string `json:"keyType"` + Lifetime string `json:"lifetime"` + Organization string `json:"organization"` + OU string `json:"ou"` + Passphrase string `json:"passphrase"` + SecurityType string `json:"securityType"` + State string `json:"state"` + SubjectAlternativeName string `json:"subjectAlternativeName"` +} + +// CreateKey create key +func (b *BigIP) CreateKey(config *Key2) error { + return b.post(config, uriSys, uriCrypto, uriKey) +} + +// Csr create csr +type Csr struct { + AdminEmailAddress string `json:"adminEmailAddress"` + AppService string `json:"appService"` + ChallengePassword string `json:"challengePassword"` + CommonName string `json:"commonName"` + Consumer string `json:"consumer"` + Country string `json:"country"` + EmailAddress string `json:"emailAddress"` + Key string `json:"key"` + Organization string `json:"organization"` + OU string `json:"ou"` + State string `json:"state"` + SubjectAlternativeName string `json:"subjectAlternativeName"` +} + +// CreateCsr create csr +func (b *BigIP) CreateCsr(config *Csr) error { + return b.post(config, uriSys, uriCrypto, uriCsr) +} From ad825a5645919183aec07b8d2ea8ac994a0a004f Mon Sep 17 00:00:00 2001 From: "henry.chen" Date: Wed, 30 Oct 2019 15:40:46 +0800 Subject: [PATCH 2/6] fix(profile): profile ssl --- ltm.go | 82 ++++++++++++++++++++++++++--------------------------- ltm_test.go | 28 +++++------------- sys.go | 50 -------------------------------- 3 files changed, 48 insertions(+), 112 deletions(-) diff --git a/ltm.go b/ltm.go index 822630e..c5b4e3b 100644 --- a/ltm.go +++ b/ltm.go @@ -17,46 +17,46 @@ type ServerSSLProfiles struct { // ServerSSLProfile contains information about each server-ssl profile. You can use all // of these fields when modifying a server-ssl profile. type ServerSSLProfile struct { - Name string `json:"name,omitempty"` - Partition string `json:"partition,omitempty"` - FullPath string `json:"fullPath,omitempty"` - Generation int `json:"generation,omitempty"` - AlertTimeout string `json:"alertTimeout,omitempty"` - Authenticate string `json:"authenticate,omitempty"` - AuthenticateDepth int `json:"authenticateDepth,omitempty"` - CaFile string `json:"caFile,omitempty"` - CacheSize int `json:"cacheSize,omitempty"` - CacheTimeout int `json:"cacheTimeout,omitempty"` - Cert string `json:"cert,omitempty"` - Chain string `json:"chain,omitempty"` - Ciphers string `json:"ciphers,omitempty"` - DefaultsFrom string `json:"defaultsFrom,omitempty"` - ExpireCertResponseControl string `json:"expireCertResponseControl,omitempty"` - GenericAlert string `json:"genericAlert,omitempty"` - HandshakeTimeout string `json:"handshakeTimeout,omitempty"` - Key string `json:"key,omitempty"` - ModSslMethods string `json:"modSslMethods,omitempty"` - Mode string `json:"mode,omitempty"` - TmOptions []string `json:"tmOptions,omitempty"` - Passphrase string `json:"passphrase,omitempty"` - PeerCertMode string `json:"peerCertMode,omitempty"` - ProxySsl string `json:"proxySsl,omitempty"` - RenegotiatePeriod string `json:"renegotiatePeriod,omitempty"` - RenegotiateSize string `json:"renegotiateSize,omitempty"` - Renegotiation string `json:"renegotiation,omitempty"` - RetainCertificate string `json:"retainCertificate,omitempty"` - SecureRenegotiation string `json:"secureRenegotiation,omitempty"` - ServerName string `json:"serverName,omitempty"` - SessionMirroring string `json:"sessionMirroring,omitempty"` - SessionTicket string `json:"sessionTicket,omitempty"` - SniDefault string `json:"sniDefault,omitempty"` - SniRequire string `json:"sniRequire,omitempty"` - SslForwardProxy string `json:"sslForwardProxy,omitempty"` - SslForwardProxyBypass string `json:"sslForwardProxyBypass,omitempty"` - SslSignHash string `json:"sslSignHash,omitempty"` - StrictResume string `json:"strictResume,omitempty"` - UncleanShutdown string `json:"uncleanShutdown,omitempty"` - UntrustedCertResponseControl string `json:"untrustedCertResponseControl,omitempty"` + Name string `json:"name,omitempty"` + Partition string `json:"partition,omitempty"` + FullPath string `json:"fullPath,omitempty"` + Generation int `json:"generation,omitempty"` + AlertTimeout string `json:"alertTimeout,omitempty"` + Authenticate string `json:"authenticate,omitempty"` + AuthenticateDepth int `json:"authenticateDepth,omitempty"` + CaFile string `json:"caFile,omitempty"` + CacheSize int `json:"cacheSize,omitempty"` + CacheTimeout int `json:"cacheTimeout,omitempty"` + Cert string `json:"cert,omitempty"` + Chain string `json:"chain,omitempty"` + Ciphers string `json:"ciphers,omitempty"` + DefaultsFrom string `json:"defaultsFrom,omitempty"` + ExpireCertResponseControl string `json:"expireCertResponseControl,omitempty"` + GenericAlert string `json:"genericAlert,omitempty"` + HandshakeTimeout string `json:"handshakeTimeout,omitempty"` + Key string `json:"key,omitempty"` + ModSslMethods string `json:"modSslMethods,omitempty"` + Mode string `json:"mode,omitempty"` + TmOptions string `json:"tmOptions,omitempty"` + Passphrase string `json:"passphrase,omitempty"` + PeerCertMode string `json:"peerCertMode,omitempty"` + ProxySsl string `json:"proxySsl,omitempty"` + RenegotiatePeriod string `json:"renegotiatePeriod,omitempty"` + RenegotiateSize string `json:"renegotiateSize,omitempty"` + Renegotiation string `json:"renegotiation,omitempty"` + RetainCertificate string `json:"retainCertificate,omitempty"` + SecureRenegotiation string `json:"secureRenegotiation,omitempty"` + ServerName string `json:"serverName,omitempty"` + SessionMirroring string `json:"sessionMirroring,omitempty"` + SessionTicket string `json:"sessionTicket,omitempty"` + SniDefault string `json:"sniDefault,omitempty"` + SniRequire string `json:"sniRequire,omitempty"` + SslForwardProxy string `json:"sslForwardProxy,omitempty"` + SslForwardProxyBypass string `json:"sslForwardProxyBypass,omitempty"` + SslSignHash string `json:"sslSignHash,omitempty"` + StrictResume string `json:"strictResume,omitempty"` + UncleanShutdown string `json:"uncleanShutdown,omitempty"` + UntrustedCertResponseControl string `json:"untrustedCertResponseControl,omitempty"` } // ClientSSLProfiles @@ -104,7 +104,7 @@ type ClientSSLProfile struct { Key string `json:"key,omitempty"` ModSslMethods string `json:"modSslMethods,omitempty"` Mode string `json:"mode,omitempty"` - TmOptions []string `json:"tmOptions,omitempty"` + TmOptions string `json:"tmOptions,omitempty"` Passphrase string `json:"passphrase,omitempty"` PeerCertMode string `json:"peerCertMode,omitempty"` ProxyCaCert string `json:"proxyCaCert,omitempty"` diff --git a/ltm_test.go b/ltm_test.go index 42ea867..0dcaf2c 100644 --- a/ltm_test.go +++ b/ltm_test.go @@ -1502,9 +1502,7 @@ func (s *LTMTestSuite) TestServerSSLProfiles() { "key": "/Common/default.key", "modSslMethods": "disabled", "mode": "enabled", - "tmOptions": [ - "dont-insert-empty-fragments" - ], + "tmOptions": "{ dont-insert-empty-fragments }", "peerCertMode": "ignore", "proxySsl": "disabled", "renegotiatePeriod": "indefinite", @@ -1540,9 +1538,7 @@ func (s *LTMTestSuite) TestServerSSLProfiles() { "handshakeTimeout": "10", "modSslMethods": "disabled", "mode": "enabled", - "tmOptions": [ - "dont-insert-empty-fragments" - ], + "tmOptions": "{ dont-insert-empty-fragments }", "peerCertMode": "ignore", "proxySsl": "disabled", "renegotiatePeriod": "indefinite", @@ -1578,9 +1574,7 @@ func (s *LTMTestSuite) TestServerSSLProfiles() { "handshakeTimeout": "10", "modSslMethods": "disabled", "mode": "enabled", - "tmOptions": [ - "dont-insert-empty-fragments" - ], + "tmOptions": "{ dont-insert-empty-fragments }", "peerCertMode": "ignore", "proxySsl": "disabled", "renegotiatePeriod": "indefinite", @@ -1671,9 +1665,7 @@ func (s *LTMTestSuite) TestClientSSLProfiles() { "key": "/Common/default.key", "modSslMethods": "disabled", "mode": "enabled", - "tmOptions": [ - "dont-insert-empty-fragments" - ], + "tmOptions": "{ dont-insert-empty-fragments }", "peerCertMode": "ignore", "proxySsl": "disabled", "renegotiateMaxRecordDelay": "indefinite", @@ -1724,9 +1716,7 @@ func (s *LTMTestSuite) TestClientSSLProfiles() { "key": "/Common/default.key", "modSslMethods": "disabled", "mode": "enabled", - "tmOptions": [ - "dont-insert-empty-fragments" - ], + "tmOptions": "{ dont-insert-empty-fragments }", "peerCertMode": "ignore", "proxySsl": "disabled", "renegotiateMaxRecordDelay": "indefinite", @@ -1775,9 +1765,7 @@ func (s *LTMTestSuite) TestClientSSLProfiles() { "inheritCertkeychain": "false", "modSslMethods": "disabled", "mode": "enabled", - "tmOptions": [ - "dont-insert-empty-fragments" - ], + "tmOptions": "{ dont-insert-empty-fragments }", "peerCertMode": "ignore", "proxySsl": "disabled", "renegotiateMaxRecordDelay": "indefinite", @@ -1826,9 +1814,7 @@ func (s *LTMTestSuite) TestClientSSLProfiles() { "key": "/Common/default.key", "modSslMethods": "disabled", "mode": "enabled", - "tmOptions": [ - "dont-insert-empty-fragments" - ], + "tmOptions": "{ dont-insert-empty-fragments }", "peerCertMode": "ignore", "proxySsl": "disabled", "renegotiateMaxRecordDelay": "indefinite", diff --git a/sys.go b/sys.go index 0bce84e..e208ab3 100644 --- a/sys.go +++ b/sys.go @@ -361,53 +361,3 @@ func (b *BigIP) GetKey(name string) (*Key, error) { func (b *BigIP) DeleteKey(name string) error { return b.delete(uriSys, uriFile, uriSslKey, name) } - -// Key2 create private key -type Key2 struct { - AdminEmailAddress string `json:"adminEmailAddress,omitempty"` - AppService string `json:"appService,omitempty"` - ChallengePassword string `json:"challengePassword"` - City string `json:"city"` - CommonName string `json:"commonName"` - Consumer string `json:"consumer"` - Country string `json:"country"` - CurveName string `json:"curveName"` - EmailAddress string `json:"emailAddress"` - FromLocalFile string `json:"fromLocalFile"` - FromUrl string `json:"fromUrl"` - KeySize string `json:"keySize"` - KeyType string `json:"keyType"` - Lifetime string `json:"lifetime"` - Organization string `json:"organization"` - OU string `json:"ou"` - Passphrase string `json:"passphrase"` - SecurityType string `json:"securityType"` - State string `json:"state"` - SubjectAlternativeName string `json:"subjectAlternativeName"` -} - -// CreateKey create key -func (b *BigIP) CreateKey(config *Key2) error { - return b.post(config, uriSys, uriCrypto, uriKey) -} - -// Csr create csr -type Csr struct { - AdminEmailAddress string `json:"adminEmailAddress"` - AppService string `json:"appService"` - ChallengePassword string `json:"challengePassword"` - CommonName string `json:"commonName"` - Consumer string `json:"consumer"` - Country string `json:"country"` - EmailAddress string `json:"emailAddress"` - Key string `json:"key"` - Organization string `json:"organization"` - OU string `json:"ou"` - State string `json:"state"` - SubjectAlternativeName string `json:"subjectAlternativeName"` -} - -// CreateCsr create csr -func (b *BigIP) CreateCsr(config *Csr) error { - return b.post(config, uriSys, uriCrypto, uriCsr) -} From bd11bf953b2d3eb6ce628e5bda560dcd4a0fee88 Mon Sep 17 00:00:00 2001 From: "henry.chen" Date: Fri, 1 Nov 2019 10:24:39 +0800 Subject: [PATCH 3/6] chore: clean code --- sys.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/sys.go b/sys.go index e208ab3..907332e 100644 --- a/sys.go +++ b/sys.go @@ -15,10 +15,6 @@ const ( uriSslCert = "ssl-cert" uriSslKey = "ssl-key" //uriPlatform = "?$select=platform" - - uriCrypto = "crypto" - uriKey = "key" - uriCsr = "csr" ) type Volumes struct { From e006c27d1d830a730d380ea2422280e0e4cf5b42 Mon Sep 17 00:00:00 2001 From: "henry.chen" Date: Tue, 19 Nov 2019 15:07:01 +0800 Subject: [PATCH 4/6] chore: call tmsh generate csr --- bigip.go | 39 ++++++++++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 7 deletions(-) diff --git a/bigip.go b/bigip.go index f98e5be..d258ded 100644 --- a/bigip.go +++ b/bigip.go @@ -15,6 +15,11 @@ import ( "time" ) +type BashArgs struct { + Command string `json:"command,omitempty"` + UtilCmdArgs string `json:"UtilCmdArgs,omitempty"` +} + var defaultConfigOptions = &ConfigOptions{ APICallTimeout: 60 * time.Second, } @@ -232,21 +237,32 @@ func (b *BigIP) delete(path ...string) error { } func (b *BigIP) post(body interface{}, path ...string) error { - return b.reqWithBody("post", body, path...) + _, err := b.reqWithBody("post", body, path...) + return err +} + +func (b *BigIP) postReturn(body, e interface{}, path ...string) error { + data, err := b.reqWithBody("post", body, path...) + if err != nil { + return err + } + return json.Unmarshal(data, e) } func (b *BigIP) put(body interface{}, path ...string) error { - return b.reqWithBody("put", body, path...) + _, err := b.reqWithBody("put", body, path...) + return err } func (b *BigIP) patch(body interface{}, path ...string) error { - return b.reqWithBody("patch", body, path...) + _, err := b.reqWithBody("patch", body, path...) + return err } -func (b *BigIP) reqWithBody(method string, body interface{}, path ...string) error { +func (b *BigIP) reqWithBody(method string, body interface{}, path ...string) ([]byte, error) { marshalJSON, err := jsonMarshal(body) if err != nil { - return err + return nil, err } req := &APIRequest{ @@ -256,8 +272,7 @@ func (b *BigIP) reqWithBody(method string, body interface{}, path ...string) err ContentType: "application/json", } - _, callErr := b.APICall(req) - return callErr + return b.APICall(req) } //Get a url and populate an entity. If the entity does not exist (404) then the @@ -471,3 +486,13 @@ func (b *BigIP) Upload(r io.Reader, size int64, path ...string) (*Upload, error) } } } + +// Exec call tmsh exec command +func (b *BigIP) Exec(args *BashArgs) (*BashArgs, error) { + e := &BashArgs{} + err := b.postReturn(args, e, "util", "bash") + if err != nil { + return nil, err + } + return e, nil +} From 5ab45cd93aad2b8780622b16cea33b1a1d43bfd2 Mon Sep 17 00:00:00 2001 From: "henry.chen" Date: Tue, 19 Nov 2019 16:43:37 +0800 Subject: [PATCH 5/6] fix(name): params name --- bigip.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bigip.go b/bigip.go index d258ded..1ddc56b 100644 --- a/bigip.go +++ b/bigip.go @@ -17,7 +17,7 @@ import ( type BashArgs struct { Command string `json:"command,omitempty"` - UtilCmdArgs string `json:"UtilCmdArgs,omitempty"` + UtilCmdArgs string `json:"utilCmdArgs,omitempty"` } var defaultConfigOptions = &ConfigOptions{ From 32b588d3a1e0af75e641e6e6f24ff1f169d4cac9 Mon Sep 17 00:00:00 2001 From: "henry.chen" Date: Tue, 19 Nov 2019 16:48:25 +0800 Subject: [PATCH 6/6] chore: exec result --- bigip.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/bigip.go b/bigip.go index 1ddc56b..4c46236 100644 --- a/bigip.go +++ b/bigip.go @@ -16,8 +16,9 @@ import ( ) type BashArgs struct { - Command string `json:"command,omitempty"` - UtilCmdArgs string `json:"utilCmdArgs,omitempty"` + Command string `json:"command,omitempty"` + UtilCmdArgs string `json:"utilCmdArgs,omitempty"` + CommandResult string `json:"commandResult,omitempty"` } var defaultConfigOptions = &ConfigOptions{