cluster/prodvider: emit crdb certs
This emits short-lived user credentials for a `dev-user` in crdb-waw1
any time someone prodaccesses.
Change-Id: I0266a05c1f02225d762cfd2ca61976af0658639d
diff --git a/cluster/prodvider/service.go b/cluster/prodvider/service.go
index 160f260..19f70ed 100644
--- a/cluster/prodvider/service.go
+++ b/cluster/prodvider/service.go
@@ -81,10 +81,19 @@
return nil, status.Error(codes.Unavailable, "could not generate hspki keys")
}
+ crdbWaw1Keys, err := p.crdbCreds(ctx, username, "waw1")
+ if err != nil {
+ glog.Errorf("crdbCreds(%q): %v", username, err)
+ return nil, status.Error(codes.Unavailable, "could not generate crdb keys")
+ }
+
return &pb.AuthenticateResponse{
Result: pb.AuthenticateResponse_RESULT_AUTHENTICATED,
KubernetesKeys: kubernetesKeys,
HspkiKeys: hspkiKeys,
+ CrdbKeys: &pb.CockroachDBKeys{
+ Clusters: []*pb.CockroachDBKeys_Cluster{crdbWaw1Keys},
+ },
}, nil
}