summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKiran Kamineni <kiran.k.kamineni@intel.com>2018-09-17 12:44:40 -0700
committerKiran Kamineni <kiran.k.kamineni@intel.com>2018-09-17 12:44:47 -0700
commita33fe5704dddd5018c131677f114c0952ff47d86 (patch)
tree52cc6eefa8ea6025ebc9c76579312b42e29b7069
parent7f82c1d604c9941ebd028a5bf2c47e56492aa3eb (diff)
Revert change to UUID and go back to domain names
UUID based urls are pain points for clients as per feedback Reverting to using known domain names Issue-ID: AAF-502 Change-Id: If3d5861ad8cc40adf84d41cd90c90fcde60446ab Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
-rw-r--r--sms-service/src/sms/backend/vault.go102
-rw-r--r--sms-service/src/sms/backend/vault_test.go28
-rw-r--r--sms-service/src/sms/handler/handler.go30
3 files changed, 41 insertions, 119 deletions
diff --git a/sms-service/src/sms/backend/vault.go b/sms-service/src/sms/backend/vault.go
index 50e1b61..ba3e502 100644
--- a/sms-service/src/sms/backend/vault.go
+++ b/sms-service/src/sms/backend/vault.go
@@ -40,8 +40,6 @@ type Vault struct {
vaultClient *vaultapi.Client
vaultMountPrefix string
internalDomain string
- internalDomainUUID string
- internalDomainCache map[string]string
internalDomainMounted bool
vaultTempTokenTTL time.Time
vaultToken string
@@ -67,8 +65,6 @@ func (v *Vault) initVaultClient() error {
v.vaultClient = client
v.vaultMountPrefix = "sms"
v.internalDomain = "smsinternaldomain"
- v.internalDomainUUID, _ = uuid.GenerateUUID()
- v.internalDomainCache = make(map[string]string)
v.internalDomainMounted = false
v.prkey = ""
return nil
@@ -147,19 +143,14 @@ func (v *Vault) Unseal(shard string) error {
// GetSecret returns a secret mounted on a particular domain name
// The secret itself is referenced via its name which translates to
// a mount path in vault
-func (v *Vault) GetSecret(uuid string, name string) (Secret, error) {
+func (v *Vault) GetSecret(dom string, name string) (Secret, error) {
err := v.checkToken()
if smslogger.CheckError(err, "Tocken Check") != nil {
return Secret{}, errors.New("Token check failed")
}
- uuid = strings.TrimSpace(uuid)
- dom, err := v.getDomainNameFromUUID(uuid)
- if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil {
- return Secret{}, errors.New("Unable to Get secret")
- }
-
+ dom = strings.TrimSpace(dom)
dom = v.vaultMountPrefix + "/" + dom
sec, err := v.vaultClient.Logical().Read(dom + "/" + name)
@@ -178,19 +169,14 @@ func (v *Vault) GetSecret(uuid string, name string) (Secret, error) {
// ListSecret returns a list of secret names on a particular domain
// The values of the secret are not returned
-func (v *Vault) ListSecret(uuid string) ([]string, error) {
+func (v *Vault) ListSecret(dom string) ([]string, error) {
err := v.checkToken()
if smslogger.CheckError(err, "Token Check") != nil {
return nil, errors.New("Token check failed")
}
- uuid = strings.TrimSpace(uuid)
- dom, err := v.getDomainNameFromUUID(uuid)
- if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil {
- return nil, errors.New("Unable to list secrets in domain")
- }
-
+ dom = strings.TrimSpace(dom)
dom = v.vaultMountPrefix + "/" + dom
sec, err := v.vaultClient.Logical().List(dom)
@@ -240,7 +226,6 @@ func (v *Vault) mountInternalDomain(name string) error {
if strings.Contains(err.Error(), "existing mount") {
// It is already mounted
v.internalDomainMounted = true
- v.internalDomainCache[v.internalDomainUUID] = v.internalDomain
return nil
}
// Ran into some other error mounting it.
@@ -248,7 +233,6 @@ func (v *Vault) mountInternalDomain(name string) error {
}
v.internalDomainMounted = true
- v.internalDomainCache[v.internalDomainUUID] = v.internalDomain
return nil
}
@@ -274,61 +258,14 @@ func (v *Vault) storeUUID(uuid string, name string) error {
},
}
- err = v.CreateSecret(v.internalDomainUUID, secret)
+ err = v.CreateSecret(v.internalDomain, secret)
if smslogger.CheckError(err, "Write UUID to domain") != nil {
return err
}
- // Cache the value for reverse lookups
- // Note: Cache is lost when service restarts
- v.internalDomainCache[uuid] = name
-
return nil
}
-// Retrieves UUID for domain name stored in smsinternal domain
-// under v.vaultMountPrefix / smsinternal domain
-func (v *Vault) getDomainNameFromUUID(uuid string) (string, error) {
-
- // Check Cache
- if val, ok := v.internalDomainCache[uuid]; ok {
- return val, nil
- }
-
- // If not found in Cache, check in vault
- // Check if token is still valid
- err := v.checkToken()
- if smslogger.CheckError(err, "Token Check") != nil {
- return "", errors.New("Token Check failed")
- }
-
- // Should already be mounted by the initial store command
- err = v.mountInternalDomain(v.internalDomain)
- if smslogger.CheckError(err, "Mount Internal Domain") != nil {
- return "", err
- }
-
- secList, err := v.ListSecret(v.internalDomainUUID)
- if smslogger.CheckError(err, "List Domain Names") != nil {
- return "", err
- }
-
- // Search for domain name in internal domain
- // Also, refresh the cache with latest content
- for _, secName := range secList {
- sec, err := v.GetSecret(v.internalDomainUUID, secName)
- if smslogger.CheckError(err, "Read Secret Internal Domain") != nil {
- return "", err
- }
- if sec.Values["uuid"] == uuid {
- v.internalDomainCache[uuid] = sec.Name
- return sec.Name, nil
- }
- }
-
- return "", errors.New("Unable to find entry in InternalDomain")
-}
-
// CreateSecretDomain mounts the kv backend on a path with the given name
func (v *Vault) CreateSecretDomain(name string) (SecretDomain, error) {
@@ -368,19 +305,14 @@ func (v *Vault) CreateSecretDomain(name string) (SecretDomain, error) {
// CreateSecret creates a secret mounted on a particular domain name
// The secret itself is mounted on a path specified by name
-func (v *Vault) CreateSecret(uuid string, sec Secret) error {
+func (v *Vault) CreateSecret(dom string, sec Secret) error {
err := v.checkToken()
if smslogger.CheckError(err, "Token Check") != nil {
return errors.New("Token check failed")
}
- uuid = strings.TrimSpace(uuid)
- dom, err := v.getDomainNameFromUUID(uuid)
- if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil {
- return errors.New("Unable to create secret")
- }
-
+ dom = strings.TrimSpace(dom)
dom = v.vaultMountPrefix + "/" + dom
// Vault return is empty on successful write
@@ -395,20 +327,15 @@ func (v *Vault) CreateSecret(uuid string, sec Secret) error {
// DeleteSecretDomain deletes a secret domain which translates to
// an unmount operation on the given path in Vault
-func (v *Vault) DeleteSecretDomain(uuid string) error {
+func (v *Vault) DeleteSecretDomain(dom string) error {
err := v.checkToken()
if smslogger.CheckError(err, "Token Check") != nil {
return errors.New("Token Check Failed")
}
- uuid = strings.TrimSpace(uuid)
- name, err := v.getDomainNameFromUUID(uuid)
- if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil {
- return errors.New("Unable to delete secret domain")
- }
-
- mountPath := v.vaultMountPrefix + "/" + name
+ dom = strings.TrimSpace(dom)
+ mountPath := v.vaultMountPrefix + "/" + dom
err = v.vaultClient.Sys().Unmount(mountPath)
if smslogger.CheckError(err, "Delete Domain") != nil {
@@ -419,19 +346,14 @@ func (v *Vault) DeleteSecretDomain(uuid string) error {
}
// DeleteSecret deletes a secret mounted on the path provided
-func (v *Vault) DeleteSecret(uuid string, name string) error {
+func (v *Vault) DeleteSecret(dom string, name string) error {
err := v.checkToken()
if smslogger.CheckError(err, "Token Check") != nil {
return errors.New("Token check failed")
}
- uuid = strings.TrimSpace(uuid)
- dom, err := v.getDomainNameFromUUID(uuid)
- if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil {
- return errors.New("Unable to delete secret")
- }
-
+ dom = strings.TrimSpace(dom)
dom = v.vaultMountPrefix + "/" + dom
// Vault return is empty on successful delete
diff --git a/sms-service/src/sms/backend/vault_test.go b/sms-service/src/sms/backend/vault_test.go
index c26cfa7..bc72337 100644
--- a/sms-service/src/sms/backend/vault_test.go
+++ b/sms-service/src/sms/backend/vault_test.go
@@ -133,12 +133,12 @@ func TestDeleteSecretDomain(t *testing.T) {
tc, v := createLocalVaultServer(t)
defer tc.Cleanup()
- sd, err := v.CreateSecretDomain("testdomain")
+ _, err := v.CreateSecretDomain("testdomain")
if err != nil {
t.Fatal(err)
}
- err = v.DeleteSecretDomain(sd.UUID)
+ err = v.DeleteSecretDomain("testdomain")
if err != nil {
t.Fatal("DeleteSecretDomain: Unable to delete domain")
}
@@ -149,12 +149,12 @@ func TestCreateSecret(t *testing.T) {
tc, v := createLocalVaultServer(t)
defer tc.Cleanup()
- sd, err := v.CreateSecretDomain("testdomain")
+ _, err := v.CreateSecretDomain("testdomain")
if err != nil {
t.Fatal(err)
}
- err = v.CreateSecret(sd.UUID, secret)
+ err = v.CreateSecret("testdomain", secret)
if err != nil {
t.Fatal("CreateSecret: Error Creating secret")
@@ -166,19 +166,19 @@ func TestGetSecret(t *testing.T) {
tc, v := createLocalVaultServer(t)
defer tc.Cleanup()
- sd, err := v.CreateSecretDomain("testdomain")
+ _, err := v.CreateSecretDomain("testdomain")
if err != nil {
t.Fatal(err)
}
- err = v.CreateSecret(sd.UUID, secret)
+ err = v.CreateSecret("testdomain", secret)
if err != nil {
t.Fatal(err)
}
- sec, err := v.GetSecret(sd.UUID, secret.Name)
+ sec, err := v.GetSecret("testdomain", secret.Name)
if err != nil {
- t.Fatal("GetSecret: Error Creating secret")
+ t.Fatal("GetSecret: Error Getting secret")
}
if sec.Name != secret.Name {
@@ -195,17 +195,17 @@ func TestListSecret(t *testing.T) {
tc, v := createLocalVaultServer(t)
defer tc.Cleanup()
- sd, err := v.CreateSecretDomain("testdomain")
+ _, err := v.CreateSecretDomain("testdomain")
if err != nil {
t.Fatal(err)
}
- err = v.CreateSecret(sd.UUID, secret)
+ err = v.CreateSecret("testdomain", secret)
if err != nil {
t.Fatal(err)
}
- _, err = v.ListSecret(sd.UUID)
+ _, err = v.ListSecret("testdomain")
if err != nil {
t.Fatal("ListSecret: Returned error")
}
@@ -216,17 +216,17 @@ func TestDeleteSecret(t *testing.T) {
tc, v := createLocalVaultServer(t)
defer tc.Cleanup()
- sd, err := v.CreateSecretDomain("testdomain")
+ _, err := v.CreateSecretDomain("testdomain")
if err != nil {
t.Fatal(err)
}
- err = v.CreateSecret(sd.UUID, secret)
+ err = v.CreateSecret("testdomain", secret)
if err != nil {
t.Fatal(err)
}
- err = v.DeleteSecret(sd.UUID, secret.Name)
+ err = v.DeleteSecret("testdomain", secret.Name)
if err != nil {
t.Fatal("DeleteSecret: Error Creating secret")
}
diff --git a/sms-service/src/sms/handler/handler.go b/sms-service/src/sms/handler/handler.go
index 2d9e7c7..902d170 100644
--- a/sms-service/src/sms/handler/handler.go
+++ b/sms-service/src/sms/handler/handler.go
@@ -61,9 +61,9 @@ func (h handler) createSecretDomainHandler(w http.ResponseWriter, r *http.Reques
// deleteSecretDomainHandler deletes a secret domain with the name provided
func (h handler) deleteSecretDomainHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
- domUUID := vars["domUUID"]
+ domName := vars["domName"]
- err := h.secretBackend.DeleteSecretDomain(domUUID)
+ err := h.secretBackend.DeleteSecretDomain(domName)
if smslogger.CheckError(err, "DeleteSecretDomainHandler") != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
@@ -76,7 +76,7 @@ func (h handler) deleteSecretDomainHandler(w http.ResponseWriter, r *http.Reques
func (h handler) createSecretHandler(w http.ResponseWriter, r *http.Request) {
// Get domain name from URL
vars := mux.Vars(r)
- domUUID := vars["domUUID"]
+ domName := vars["domName"]
// Get secrets to be stored from body
var b smsbackend.Secret
@@ -86,7 +86,7 @@ func (h handler) createSecretHandler(w http.ResponseWriter, r *http.Request) {
return
}
- err = h.secretBackend.CreateSecret(domUUID, b)
+ err = h.secretBackend.CreateSecret(domName, b)
if smslogger.CheckError(err, "CreateSecretHandler") != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
@@ -98,10 +98,10 @@ func (h handler) createSecretHandler(w http.ResponseWriter, r *http.Request) {
// getSecretHandler handles reading a secret by given domain name and secret name
func (h handler) getSecretHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
- domUUID := vars["domUUID"]
+ domName := vars["domName"]
secName := vars["secretName"]
- sec, err := h.secretBackend.GetSecret(domUUID, secName)
+ sec, err := h.secretBackend.GetSecret(domName, secName)
if smslogger.CheckError(err, "GetSecretHandler") != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
@@ -118,9 +118,9 @@ func (h handler) getSecretHandler(w http.ResponseWriter, r *http.Request) {
// listSecretHandler handles listing all secrets under a particular domain name
func (h handler) listSecretHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
- domUUID := vars["domUUID"]
+ domName := vars["domName"]
- secList, err := h.secretBackend.ListSecret(domUUID)
+ secList, err := h.secretBackend.ListSecret(domName)
if smslogger.CheckError(err, "ListSecretHandler") != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
@@ -144,10 +144,10 @@ func (h handler) listSecretHandler(w http.ResponseWriter, r *http.Request) {
// deleteSecretHandler handles deleting a secret by given domain name and secret name
func (h handler) deleteSecretHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
- domUUID := vars["domUUID"]
+ domName := vars["domName"]
secName := vars["secretName"]
- err := h.secretBackend.DeleteSecret(domUUID, secName)
+ err := h.secretBackend.DeleteSecret(domName, secName)
if smslogger.CheckError(err, "DeleteSecretHandler") != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
@@ -299,12 +299,12 @@ func CreateRouter(b smsbackend.SecretBackend) http.Handler {
router.HandleFunc("/v1/sms/healthcheck", h.healthCheckHandler).Methods("GET")
router.HandleFunc("/v1/sms/domain", h.createSecretDomainHandler).Methods("POST")
- router.HandleFunc("/v1/sms/domain/{domUUID}", h.deleteSecretDomainHandler).Methods("DELETE")
+ router.HandleFunc("/v1/sms/domain/{domName}", h.deleteSecretDomainHandler).Methods("DELETE")
- router.HandleFunc("/v1/sms/domain/{domUUID}/secret", h.createSecretHandler).Methods("POST")
- router.HandleFunc("/v1/sms/domain/{domUUID}/secret", h.listSecretHandler).Methods("GET")
- router.HandleFunc("/v1/sms/domain/{domUUID}/secret/{secretName}", h.getSecretHandler).Methods("GET")
- router.HandleFunc("/v1/sms/domain/{domUUID}/secret/{secretName}", h.deleteSecretHandler).Methods("DELETE")
+ router.HandleFunc("/v1/sms/domain/{domName}/secret", h.createSecretHandler).Methods("POST")
+ router.HandleFunc("/v1/sms/domain/{domName}/secret", h.listSecretHandler).Methods("GET")
+ router.HandleFunc("/v1/sms/domain/{domName}/secret/{secretName}", h.getSecretHandler).Methods("GET")
+ router.HandleFunc("/v1/sms/domain/{domName}/secret/{secretName}", h.deleteSecretHandler).Methods("DELETE")
return router
}