new helper that uses supplied app credential to provision app credent…

…ial - deprecate existing API (#65)

* edit: allow template to set app cred annotations - related to: https://github.com/aporeto-inc/aporeto/issues/1603

* edit: deprecate NewWithAppCredential in favor of NewFromTemplate instead

* edit: change name from 'NewFromTemplate' to 'Create'

.gitignore

@@ -3,5 +3,6 @@ testresults.xml
 *.lock
 vendor
 *.cov
+.idea
 artifacts
 profile.out

appcreds/appcreds.go

@@ -15,6 +15,7 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/pem"
+	"fmt"
 
 	"go.aporeto.io/gaia"
 	"go.aporeto.io/manipulate"
@@ -33,8 +34,32 @@ func New(ctx context.Context, m manipulate.Manipulator, namespace string, name s
 	return NewWithAppCredential(ctx, m, creds)
 }
 
+// Create generates a new CSR for the provided app credential and calls the upstream service using the supplied
+// manipulator to provision the app credential. The returned credential will have the private key used to generate the CSR
+// added back as an attribute. An error and a nil app cred reference is returned if CSR generation or the API call to the
+// upstream service failed.
+func Create(ctx context.Context, m manipulate.Manipulator, ac *gaia.AppCredential) (*gaia.AppCredential, error) {
+
+	csr, pk, err := makeCSR()
+	if err != nil {
+		return nil, err
+	}
+
+	ac.CSR = string(csr)
+
+	if err := m.Create(manipulate.NewContext(ctx, manipulate.ContextOptionNamespace(ac.Namespace)), ac); err != nil {
+		return nil, err
+	}
+
+	ac.Credentials.CertificateKey = base64.StdEncoding.EncodeToString(pk)
+
+	return ac, nil
+}
+
 // NewWithAppCredential creates a new *gaia.AppCredential from an *AppCredential
+// Deprecated: use Create instead
 func NewWithAppCredential(ctx context.Context, m manipulate.Manipulator, template *gaia.AppCredential) (*gaia.AppCredential, error) {
+	fmt.Println("DEPRECATED: NewWithAppCredential is deprecated in favor of Create instead")
 
 	csr, pk, err := makeCSR()
 	if err != nil {

appcreds/appcreds_test.go

@@ -104,6 +104,117 @@ func TestAppCred_New(t *testing.T) {
 	})
 }
 
+func TestCreate(t *testing.T) {
+
+	Convey("Given I have a manipulator", t, func() {
+
+		m := maniptest.NewTestManipulator()
+
+		var expectedCSR string
+		m.MockCreate(t, func(ctx manipulate.Context, object elemental.Identifiable) error {
+
+			if ctx.Namespace() != "/ns" {
+				panic("expected ns to be /ns")
+			}
+
+			ac := object.(*gaia.AppCredential)
+			ac.ID = "ID"
+			ac.Namespace = "/ns"
+			ac.Credentials = gaia.NewCredential()
+			ac.Credentials.APIURL = "https://labas"
+			ac.Credentials.Name = ac.Name
+			ac.Credentials.Namespace = ac.Namespace
+
+			expectedCSR = ac.CSR
+
+			return nil
+		})
+
+		Convey("When I call Create", func() {
+
+			template := gaia.NewAppCredential()
+			template.Name = "name"
+			template.Description = "description"
+			template.Protected = true
+			template.Metadata = []string{"random=tag"}
+			template.Roles = []string{"role=test"}
+			template.Namespace = "/ns"
+			template.Annotations = map[string][]string{
+				"SomeKey1": {"SomeValue1"},
+				"SomeKey2": {"SomeValue2"},
+			}
+
+			c, err := Create(context.Background(), m, template)
+
+			Convey("Then credential should have template information", func() {
+				So(c.Name, ShouldEqual, template.Name)
+				So(c.Description, ShouldEqual, template.Description)
+				So(c.Protected, ShouldEqual, template.Protected)
+				So(c.Metadata, ShouldResemble, template.Metadata)
+				So(c.Roles, ShouldResemble, template.Roles)
+				So(c.Namespace, ShouldEqual, template.Namespace)
+				So(c.Annotations, ShouldResemble, template.Annotations)
+			})
+
+			Convey("Then err should be nil", func() {
+				So(err, ShouldBeNil)
+			})
+
+			Convey("Then the cred should be correct", func() {
+				So(c.Name, ShouldEqual, "name")
+				So(c.ID, ShouldEqual, "ID")
+				So(c.Namespace, ShouldEqual, "/ns")
+				So(c.Credentials.CertificateKey, ShouldNotBeEmpty)
+			})
+
+			Convey("When I verify the csr", func() {
+
+				csrs, err := tglib.LoadCSRs([]byte(expectedCSR))
+
+				Convey("Then err should be nil", func() {
+					So(err, ShouldBeNil)
+				})
+
+				Convey("Then csr should be correct", func() {
+					So(len(csrs), ShouldEqual, 1)
+				})
+			})
+		})
+
+	})
+
+	Convey("Given I have a manipulator that fails at creation", t, func() {
+
+		m := maniptest.NewTestManipulator()
+
+		m.MockCreate(t, func(ctx manipulate.Context, object elemental.Identifiable) error {
+			return fmt.Errorf("boom")
+		})
+
+		Convey("When I call New", func() {
+
+			template := gaia.NewAppCredential()
+			template.Name = "name"
+			template.Description = "description"
+			template.Protected = true
+			template.Metadata = []string{"random=tag"}
+			template.Roles = []string{"role=test"}
+			template.Namespace = "/ns"
+
+			c, err := Create(context.Background(), m, template)
+
+			Convey("Then err should not be nil", func() {
+				So(err, ShouldNotBeNil)
+				So(err.Error(), ShouldEqual, "boom")
+			})
+
+			Convey("Then the cred should be nilt", func() {
+				So(c, ShouldBeNil)
+			})
+		})
+	})
+}
+
 func TestAppCred_NewWithAppCredential(t *testing.T) {
 
 	Convey("Given I have a manipulator", t, func() {