coil-tls 0.1.0

TLS management primitives for the Coil framework.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

use std::sync::Arc;

use super::backend::{PostgresTlsControlPlaneStore, TlsControlPlaneStore};
use super::planning::TlsRuntime;
use super::state::{CertificateInventory, TlsControlPlaneState};
use crate::{
    CertificateId, CertificateRecord, ChallengeTicket, HotReloadEvent, RenewalPlan, TlsInstant,
    TlsModelError,
};
use coil_data::DataRuntime;

#[derive(Debug, Clone)]
pub struct TlsControlPlaneRuntime {
    runtime: TlsRuntime,
    store: Arc<dyn TlsControlPlaneStore>,
}

impl TlsControlPlaneRuntime {
    #[cfg(test)]
    pub fn new(runtime: TlsRuntime) -> Self {
        Self::in_memory_control_plane_for_tests(runtime)
    }

    pub fn in_memory_control_plane_for_tests(runtime: TlsRuntime) -> Self {
        Self::with_store(
            runtime,
            Arc::new(super::backend::MemoryTlsControlPlaneStore::new()),
        )
    }

    #[cfg(test)]
    pub fn with_test_persistence_control_plane_for_tests(
        runtime: TlsRuntime,
        scope: impl Into<String>,
    ) -> Self {
        Self::with_store(
            runtime,
            Arc::new(super::backend::TestPersistenceTlsControlPlaneStore::new(
                super::backend::test_persistence_state_path(scope),
            )),
        )
    }

    pub fn with_distributed_postgres_control_plane(
        runtime: TlsRuntime,
        data_runtime: &DataRuntime,
        namespace: impl Into<String>,
    ) -> Result<Self, TlsModelError> {
        Ok(Self::with_store(
            runtime,
            Arc::new(PostgresTlsControlPlaneStore::new(data_runtime, namespace)?),
        ))
    }

    fn with_store(runtime: TlsRuntime, store: Arc<dyn TlsControlPlaneStore>) -> Self {
        Self { runtime, store }
    }

    pub fn snapshot(&self) -> TlsControlPlaneState {
        self.store.snapshot()
    }

    pub fn inventory(&self) -> CertificateInventory {
        self.snapshot().inventory
    }

    pub fn renewal_queue(&self) -> Vec<RenewalPlan> {
        self.snapshot().renewal_queue
    }

    pub fn pending_challenges(&self) -> Vec<ChallengeTicket> {
        self.snapshot().pending_challenges
    }

    pub fn hot_reload_events(&self) -> Vec<HotReloadEvent> {
        self.snapshot().hot_reload_events
    }

    pub fn import_certificate(&self, record: CertificateRecord) -> Result<(), TlsModelError> {
        self.store.import_certificate(record)
    }

    pub fn queue_renewal(
        &self,
        certificate_id: &CertificateId,
        now: TlsInstant,
    ) -> Result<RenewalPlan, TlsModelError> {
        self.store.queue_renewal(&self.runtime, certificate_id, now)
    }

    pub fn begin_renewal(
        &self,
        certificate_id: &CertificateId,
        replacement_certificate_id: CertificateId,
    ) -> Result<ChallengeTicket, TlsModelError> {
        self.store
            .begin_renewal(&self.runtime, certificate_id, replacement_certificate_id)
    }

    pub fn fail_renewal(
        &self,
        certificate_id: &CertificateId,
    ) -> Result<CertificateRecord, TlsModelError> {
        self.store.fail_renewal(certificate_id)
    }

    pub fn activate_replacement(
        &self,
        certificate_id: &CertificateId,
        replacement: CertificateRecord,
    ) -> Result<HotReloadEvent, TlsModelError> {
        self.store
            .activate_replacement(&self.runtime, certificate_id, replacement)
    }

    pub fn control_plane_store(&self) -> &dyn TlsControlPlaneStore {
        self.store.as_ref()
    }
}