* Initializes credentials and PKI in the management database. * * In case the management database is new and empty, the instance * is registered as new against the Orbit API with newly-generated * RSA key pair. * * @param {string} managementEndpoint API endpoint * @param {string} instanceId
(
managementEndpoint, instanceId, log, callback)
| 96 | * @returns {undefined} |
| 97 | */ |
| 98 | function initManagementCredentials( |
| 99 | managementEndpoint, instanceId, log, callback) { |
| 100 | getStoredCredentials(log, (error, value) => { |
| 101 | if (error) { |
| 102 | if (error.is.NoSuchKey) { |
| 103 | return issueCredentials(managementEndpoint, instanceId, log, |
| 104 | (error, value) => { |
| 105 | if (error) { |
| 106 | log.error('could not issue token', |
| 107 | { error: reshapeExceptionError(error), |
| 108 | method: 'initManagementCredentials' }); |
| 109 | return callback(error); |
| 110 | } |
| 111 | log.debug('saving token'); |
| 112 | return metadata.putObjectMD(managementDatabaseName, |
| 113 | tokenConfigurationKey, value, {}, log, error => { |
| 114 | if (error) { |
| 115 | log.error('could not save token', |
| 116 | { error: reshapeExceptionError(error), |
| 117 | method: 'initManagementCredentials', |
| 118 | }); |
| 119 | return callback(error); |
| 120 | } |
| 121 | log.info('saved token locally, ' + |
| 122 | 'confirming instance'); |
| 123 | return confirmInstanceCredentials( |
| 124 | managementEndpoint, instanceId, value, log, |
| 125 | callback); |
| 126 | }); |
| 127 | }); |
| 128 | } |
| 129 | log.debug('could not get token', { error }); |
| 130 | return callback(error); |
| 131 | } |
| 132 | |
| 133 | log.info('returning existing token'); |
| 134 | if (Date.now() - value.issueDate > tokenRotationDelay) { |
| 135 | log.warn('management API token is too old, should re-issue'); |
| 136 | } |
| 137 | |
| 138 | return callback(null, instanceId, value.token); |
| 139 | }); |
| 140 | } |
| 141 | |
| 142 | module.exports = { |
| 143 | getStoredCredentials, |
no test coverage detected