summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKiran Kamineni <kiran.k.kamineni@intel.com>2018-03-05 16:50:16 -0800
committerKiran Kamineni <kiran.k.kamineni@intel.com>2018-03-05 21:06:42 -0800
commita301dc2855b5923c9a7210f896b6c3e75ab6f45c (patch)
treec5a5f045b1a62c6fbd87c6f4281de5b0e0c6ef55
parentef8434768db4b99b69ae8bd0c0ec515041f618c0 (diff)
Adding unseal backend support
Unseal backend support is now added. The quorum client will use this api to unseal/initialize the backend storage service Issue-ID: AAF-156 Change-Id: Ic2726e9a5ca351912a16c3ec911d03e400233277 Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
-rw-r--r--sms-service/src/sms/backend/backend.go11
-rw-r--r--sms-service/src/sms/backend/vault.go13
-rw-r--r--sms-service/src/sms/handler/handler.go27
-rw-r--r--sms-service/src/sms/handler/handler_test.go4
4 files changed, 40 insertions, 15 deletions
diff --git a/sms-service/src/sms/backend/backend.go b/sms-service/src/sms/backend/backend.go
index 61af995..756f609 100644
--- a/sms-service/src/sms/backend/backend.go
+++ b/sms-service/src/sms/backend/backend.go
@@ -28,14 +28,8 @@ type SecretDomain struct {
Name string `json:"name"`
}
-// SecretKeyValue is building block for a Secret
-type SecretKeyValue struct {
- Key string `json:"name"`
- Value string `json:"value"`
-}
-
// Secret is the struct that defines the structure of a secret
-// A single Secret can have any number of SecretKeyValue pairs
+// It consists of a name and map containing key value pairs
type Secret struct {
Name string `json:"name"`
Values map[string]interface{} `json:"values"`
@@ -44,8 +38,9 @@ type Secret struct {
// SecretBackend interface that will be implemented for various secret backends
type SecretBackend interface {
Init() error
-
GetStatus() (bool, error)
+ Unseal(shard string) error
+
GetSecret(dom string, sec string) (Secret, error)
ListSecret(dom string) ([]string, error)
diff --git a/sms-service/src/sms/backend/vault.go b/sms-service/src/sms/backend/vault.go
index d92ac43..0b62bb5 100644
--- a/sms-service/src/sms/backend/vault.go
+++ b/sms-service/src/sms/backend/vault.go
@@ -78,6 +78,18 @@ func (v *Vault) GetStatus() (bool, error) {
return sealStatus.Sealed, nil
}
+// Unseal is a passthrough API that allows any
+// unseal or initialization processes for the backend
+func (v *Vault) Unseal(shard string) error {
+ sys := v.vaultClient.Sys()
+ _, err := sys.Unseal(shard)
+ if err != nil {
+ return err
+ }
+
+ return nil
+}
+
// GetSecret returns a secret mounted on a particular domain name
// The secret itself is referenced via its name which translates to
// a mount path in vault
@@ -284,6 +296,7 @@ func (v *Vault) checkToken() error {
defer v.tokenLock.Unlock()
// Init Role if it is not yet done
+ // Role needs to be created before token can be created
if v.initRoleDone == false {
err := v.initRole()
if err != nil {
diff --git a/sms-service/src/sms/handler/handler.go b/sms-service/src/sms/handler/handler.go
index fde6718..2288092 100644
--- a/sms-service/src/sms/handler/handler.go
+++ b/sms-service/src/sms/handler/handler.go
@@ -169,14 +169,28 @@ func (h handler) loginHandler(w http.ResponseWriter, r *http.Request) {
}
-// initSMSHandler
-func (h handler) initSMSHandler(w http.ResponseWriter, r *http.Request) {
-
-}
-
-// unsealHandler
+// unsealHandler is a pass through that sends requests from quorum client
+// to the backend.
func (h handler) unsealHandler(w http.ResponseWriter, r *http.Request) {
+ // Get shards to be used for unseal
+ type unsealStruct struct {
+ UnsealShard string `json:"unsealshard"`
+ }
+
+ var inp unsealStruct
+ decoder := json.NewDecoder(r.Body)
+ decoder.DisallowUnknownFields()
+ err := decoder.Decode(&inp)
+ if err != nil {
+ http.Error(w, "Bad input JSON", http.StatusBadRequest)
+ return
+ }
+ err = h.secretBackend.Unseal(inp.UnsealShard)
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
}
// CreateRouter returns an http.Handler for the registered URLs
@@ -193,7 +207,6 @@ func CreateRouter(b smsbackend.SecretBackend) http.Handler {
// to unseal and to provide root token to sms service
router.HandleFunc("/v1/sms/status", h.statusHandler).Methods("GET")
router.HandleFunc("/v1/sms/unseal", h.unsealHandler).Methods("POST")
- router.HandleFunc("/v1/sms/init", h.initSMSHandler).Methods("POST")
router.HandleFunc("/v1/sms/domain", h.createSecretDomainHandler).Methods("POST")
router.HandleFunc("/v1/sms/domain/{domName}", h.deleteSecretDomainHandler).Methods("DELETE")
diff --git a/sms-service/src/sms/handler/handler_test.go b/sms-service/src/sms/handler/handler_test.go
index 56aa5ac..82bd78e 100644
--- a/sms-service/src/sms/handler/handler_test.go
+++ b/sms-service/src/sms/handler/handler_test.go
@@ -42,6 +42,10 @@ func (b *TestBackend) GetStatus() (bool, error) {
return true, nil
}
+func (b *TestBackend) Unseal(shard string) error {
+ return nil
+}
+
func (b *TestBackend) GetSecret(dom string, sec string) (smsbackend.Secret, error) {
return smsbackend.Secret{}, nil
}