Refactor the venafi-cloud configuration

These changes solidify the way users configure the agent to communicate
to venafi-cloud. It allows the agent to set the `--venafi-cloud` without
having to define it in the `config.yaml`.

Author: tfadeyi

pkg/agent/config.go

@@ -6,6 +6,7 @@ import (
 	"time"
 
 	"github.com/hashicorp/go-multierror"
+	"github.com/jetstack/preflight/pkg/client"
 	"github.com/jetstack/preflight/pkg/datagatherer"
 	"github.com/jetstack/preflight/pkg/datagatherer/k8s"
 	"github.com/jetstack/preflight/pkg/datagatherer/local"
@@ -131,9 +132,6 @@ func (c *Config) validate() error {
 
 	// configured for Venafi Cloud
 	if c.VenafiCloud != nil {
-		if c.VenafiCloud.UploaderID == "" {
-			result = multierror.Append(result, fmt.Errorf("upload_id is required in Venafi Cloud mode"))
-		}
 		if c.VenafiCloud.UploadPath == "" {
 			result = multierror.Append(result, fmt.Errorf("upload_path is required in Venafi Cloud mode"))
 		}
@@ -178,10 +176,9 @@ func ParseConfig(data []byte) (Config, error) {
 	}
 
 	if config.Server == "" && config.Endpoint.Host == "" && config.Endpoint.Path == "" {
+		config.Server = "https://preflight.jetstack.io"
 		if config.VenafiCloud != nil {
-			config.Server = "https://api.venafi.cloud"
-		} else {
-			config.Server = "https://preflight.jetstack.io"
+			config.Server = client.VenafiCloudProdURL
 		}
 	}
 

pkg/agent/run.go

@@ -199,10 +199,18 @@ func getConfiguration() (Config, client.Client) {
 	}
 
 	config, err := ParseConfig(b)
-	if err != nil {
+	switch {
+	case err != nil && VenafiCloudMode && (config.OrganizationID == "" || config.ClusterID == ""):
+	// venafi-cloud does not require the OrganizationID or ClusterID, do not error in case they are missing
+	case err != nil:
 		log.Fatalf("Failed to parse config file: %s", err)
 	}
 
+	if VenafiCloudMode {
+		// if the venafi-cloud mode is enabled override config.Server
+		config.Server = client.VenafiCloudProdURL
+	}
+
 	baseURL := config.Server
 	if baseURL == "" {
 		log.Printf("Using deprecated Endpoint configuration. User Server instead.")
@@ -274,11 +282,15 @@ func createCredentialClient(credentials client.Credentials, config Config, agent
 	switch creds := credentials.(type) {
 	case *client.VenafiSvcAccountCredentials:
 		log.Println("Venafi Cloud mode was specified, using Venafi Service Account authentication.")
-		// check if config has Venafi Cloud data
-		if config.VenafiCloud == nil {
-			log.Fatalf("Failed to find config for venafi-cloud: required for Venafi Cloud mode")
+		// check if config has Venafi Cloud data, use config data if it's present
+		uploaderID := creds.ClientID
+		uploadPath := ""
+		if config.VenafiCloud != nil {
+			log.Println("Loading uploader_id and upload_path from \"venafi-cloud\" configuration.")
+			uploaderID = config.VenafiCloud.UploaderID
+			uploadPath = config.VenafiCloud.UploadPath
 		}
-		return client.NewVenafiCloudClient(agentMetadata, creds, baseURL, config.VenafiCloud.UploaderID, config.VenafiCloud.UploadPath)
+		return client.NewVenafiCloudClient(agentMetadata, creds, baseURL, uploaderID, uploadPath)
 
 	case *client.OAuthCredentials:
 		log.Println("A credentials file was specified, using oauth authentication.")

pkg/client/client_venafi_cloud.go

@@ -70,9 +70,11 @@ type (
 )
 
 const (
-	vaasProdURL         = "https://api.venafi.cloud"
-	accessTokenEndpoint = "/v1/oauth/token/serviceaccount"
-	requiredGrantType   = "urn:ietf:params:oauth:grant-type:jwt-bearer"
+	// URL for the venafi-cloud backend services
+	VenafiCloudProdURL               = "https://api.venafi.cloud"
+	defaultVenafiCloudUploadEndpoint = "v1/tlspk/uploads"
+	accessTokenEndpoint              = "/v1/oauth/token/serviceaccount"
+	requiredGrantType                = "urn:ietf:params:oauth:grant-type:jwt-bearer"
 )
 
 // NewVenafiCloudClient returns a new instance of the VenafiCloudClient type that will perform HTTP requests using a bearer token
@@ -93,6 +95,11 @@ func NewVenafiCloudClient(agentMetadata *api.AgentMetadata, credentials *VenafiS
 		return nil, fmt.Errorf("cannot create VenafiCloudClient: invalid Venafi Cloud client configuration")
 	}
 
+	if uploadPath == "" {
+		// if the uploadPath is not given, use default upload path
+		uploadPath = defaultVenafiCloudUploadEndpoint
+	}
+
 	return &VenafiCloudClient{
 		agentMetadata: agentMetadata,
 		credentials:   credentials,
@@ -283,7 +290,7 @@ func (c *VenafiCloudClient) sendHTTPRequest(request *http.Request, responseObjec
 }
 
 func (c *VenafiCloudClient) generateAndSignJwtToken() (string, error) {
-	prodURL, err := url.Parse(vaasProdURL)
+	prodURL, err := url.Parse(VenafiCloudProdURL)
 	if err != nil {
 		return "", err
 	}