diff options
author | Kiran Kamineni <kiran.k.kamineni@intel.com> | 2018-03-05 16:50:16 -0800 |
---|---|---|
committer | Kiran Kamineni <kiran.k.kamineni@intel.com> | 2018-03-05 21:06:42 -0800 |
commit | a301dc2855b5923c9a7210f896b6c3e75ab6f45c (patch) | |
tree | c5a5f045b1a62c6fbd87c6f4281de5b0e0c6ef55 | |
parent | ef8434768db4b99b69ae8bd0c0ec515041f618c0 (diff) |
Adding unseal backend support
Unseal backend support is now added.
The quorum client will use this api to unseal/initialize the backend
storage service
Issue-ID: AAF-156
Change-Id: Ic2726e9a5ca351912a16c3ec911d03e400233277
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
-rw-r--r-- | sms-service/src/sms/backend/backend.go | 11 | ||||
-rw-r--r-- | sms-service/src/sms/backend/vault.go | 13 | ||||
-rw-r--r-- | sms-service/src/sms/handler/handler.go | 27 | ||||
-rw-r--r-- | sms-service/src/sms/handler/handler_test.go | 4 |
4 files changed, 40 insertions, 15 deletions
diff --git a/sms-service/src/sms/backend/backend.go b/sms-service/src/sms/backend/backend.go index 61af995..756f609 100644 --- a/sms-service/src/sms/backend/backend.go +++ b/sms-service/src/sms/backend/backend.go @@ -28,14 +28,8 @@ type SecretDomain struct { Name string `json:"name"` } -// SecretKeyValue is building block for a Secret -type SecretKeyValue struct { - Key string `json:"name"` - Value string `json:"value"` -} - // Secret is the struct that defines the structure of a secret -// A single Secret can have any number of SecretKeyValue pairs +// It consists of a name and map containing key value pairs type Secret struct { Name string `json:"name"` Values map[string]interface{} `json:"values"` @@ -44,8 +38,9 @@ type Secret struct { // SecretBackend interface that will be implemented for various secret backends type SecretBackend interface { Init() error - GetStatus() (bool, error) + Unseal(shard string) error + GetSecret(dom string, sec string) (Secret, error) ListSecret(dom string) ([]string, error) diff --git a/sms-service/src/sms/backend/vault.go b/sms-service/src/sms/backend/vault.go index d92ac43..0b62bb5 100644 --- a/sms-service/src/sms/backend/vault.go +++ b/sms-service/src/sms/backend/vault.go @@ -78,6 +78,18 @@ func (v *Vault) GetStatus() (bool, error) { return sealStatus.Sealed, nil } +// Unseal is a passthrough API that allows any +// unseal or initialization processes for the backend +func (v *Vault) Unseal(shard string) error { + sys := v.vaultClient.Sys() + _, err := sys.Unseal(shard) + if err != nil { + return err + } + + return nil +} + // GetSecret returns a secret mounted on a particular domain name // The secret itself is referenced via its name which translates to // a mount path in vault @@ -284,6 +296,7 @@ func (v *Vault) checkToken() error { defer v.tokenLock.Unlock() // Init Role if it is not yet done + // Role needs to be created before token can be created if v.initRoleDone == false { err := v.initRole() if err != nil { diff --git a/sms-service/src/sms/handler/handler.go b/sms-service/src/sms/handler/handler.go index fde6718..2288092 100644 --- a/sms-service/src/sms/handler/handler.go +++ b/sms-service/src/sms/handler/handler.go @@ -169,14 +169,28 @@ func (h handler) loginHandler(w http.ResponseWriter, r *http.Request) { } -// initSMSHandler -func (h handler) initSMSHandler(w http.ResponseWriter, r *http.Request) { - -} - -// unsealHandler +// unsealHandler is a pass through that sends requests from quorum client +// to the backend. func (h handler) unsealHandler(w http.ResponseWriter, r *http.Request) { + // Get shards to be used for unseal + type unsealStruct struct { + UnsealShard string `json:"unsealshard"` + } + + var inp unsealStruct + decoder := json.NewDecoder(r.Body) + decoder.DisallowUnknownFields() + err := decoder.Decode(&inp) + if err != nil { + http.Error(w, "Bad input JSON", http.StatusBadRequest) + return + } + err = h.secretBackend.Unseal(inp.UnsealShard) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } } // CreateRouter returns an http.Handler for the registered URLs @@ -193,7 +207,6 @@ func CreateRouter(b smsbackend.SecretBackend) http.Handler { // to unseal and to provide root token to sms service router.HandleFunc("/v1/sms/status", h.statusHandler).Methods("GET") router.HandleFunc("/v1/sms/unseal", h.unsealHandler).Methods("POST") - router.HandleFunc("/v1/sms/init", h.initSMSHandler).Methods("POST") router.HandleFunc("/v1/sms/domain", h.createSecretDomainHandler).Methods("POST") router.HandleFunc("/v1/sms/domain/{domName}", h.deleteSecretDomainHandler).Methods("DELETE") diff --git a/sms-service/src/sms/handler/handler_test.go b/sms-service/src/sms/handler/handler_test.go index 56aa5ac..82bd78e 100644 --- a/sms-service/src/sms/handler/handler_test.go +++ b/sms-service/src/sms/handler/handler_test.go @@ -42,6 +42,10 @@ func (b *TestBackend) GetStatus() (bool, error) { return true, nil } +func (b *TestBackend) Unseal(shard string) error { + return nil +} + func (b *TestBackend) GetSecret(dom string, sec string) (smsbackend.Secret, error) { return smsbackend.Secret{}, nil } |