summaryrefslogtreecommitdiffstats
path: root/sms-service/src
diff options
context:
space:
mode:
authorKiran Kamineni <kiran.k.kamineni@intel.com>2018-03-02 12:49:06 -0800
committerGirish Havaldar <hg0071052@techmahindra.com>2018-03-06 05:06:24 +0000
commitef8434768db4b99b69ae8bd0c0ec515041f618c0 (patch)
treeb6ecb32ebd4695a8fcd601907c7e539cf804c168 /sms-service/src
parent5a4dfbf75e292a03d73c5a7690d78547b45ffc88 (diff)
Init role does not depend on vault state
Role initialization should not depend on vault state SMS start is independent of vault state Any calls to SMS will fail since backend is not active yet Issue-ID: AAF-155 Change-Id: I810eb145b4eab4717dede12e79880aced08caaa2 Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
Diffstat (limited to 'sms-service/src')
-rw-r--r--sms-service/src/sms/backend/backend.go2
-rw-r--r--sms-service/src/sms/backend/backend_test.go8
-rw-r--r--sms-service/src/sms/backend/vault.go58
-rw-r--r--sms-service/src/sms/handler/handler_test.go4
-rw-r--r--sms-service/src/sms/smsconfig.json2
5 files changed, 26 insertions, 48 deletions
diff --git a/sms-service/src/sms/backend/backend.go b/sms-service/src/sms/backend/backend.go
index a1055e6..61af995 100644
--- a/sms-service/src/sms/backend/backend.go
+++ b/sms-service/src/sms/backend/backend.go
@@ -46,9 +46,7 @@ type SecretBackend interface {
Init() error
GetStatus() (bool, error)
- GetSecretDomain(name string) (SecretDomain, error)
GetSecret(dom string, sec string) (Secret, error)
-
ListSecret(dom string) ([]string, error)
CreateSecretDomain(name string) (SecretDomain, error)
diff --git a/sms-service/src/sms/backend/backend_test.go b/sms-service/src/sms/backend/backend_test.go
index 92ca971..674c03f 100644
--- a/sms-service/src/sms/backend/backend_test.go
+++ b/sms-service/src/sms/backend/backend_test.go
@@ -28,10 +28,10 @@ func TestInitSecretBackend(t *testing.T) {
sec, err := InitSecretBackend()
// We expect an error to be returned as Init expects
// backend to be running
- if err == nil {
- t.Fatal("InitSecretBackend : error creating")
+ if err != nil {
+ t.Fatal("InitSecretBackend : Expected nil as Init is independent of Vault")
}
- if sec != nil {
- t.Fatal("InitSecretBackend: returned SecretBackend was *NOT* nil, expected nil")
+ if sec == nil {
+ t.Fatal("InitSecretBackend: returned SecretBackend was nil")
}
}
diff --git a/sms-service/src/sms/backend/vault.go b/sms-service/src/sms/backend/vault.go
index c3bbbc5..d92ac43 100644
--- a/sms-service/src/sms/backend/vault.go
+++ b/sms-service/src/sms/backend/vault.go
@@ -22,7 +22,6 @@ import (
"errors"
"fmt"
- "log"
"strings"
"sync"
"time"
@@ -30,19 +29,17 @@ import (
// Vault is the main Struct used in Backend to initialize the struct
type Vault struct {
- vaultAddress string
- vaultToken string
- vaultMount string
- vaultTempToken string
-
- vaultClient *vaultapi.Client
engineType string
+ initRoleDone bool
policyName string
roleID string
secretID string
+ tokenLock sync.Mutex
+ vaultAddress string
+ vaultClient *vaultapi.Client
+ vaultMount string
vaultTempTokenTTL time.Time
-
- tokenLock sync.Mutex
+ vaultToken string
}
// Init will initialize the vault connection
@@ -57,25 +54,16 @@ func (v *Vault) Init() error {
}
v.engineType = "kv"
+ v.initRoleDone = false
v.policyName = "smsvaultpolicy"
- v.vaultMount = "sms"
v.vaultClient = client
-
- // Check if vault is ready and unsealed
- seal, err := v.GetStatus()
- if err != nil {
- return err
- }
- if seal == true {
- return fmt.Errorf("Vault is still sealed. Unseal before use")
- }
+ v.vaultMount = "sms"
err = v.initRole()
if err != nil {
- log.Fatalln("Unable to initRole in Vault. Exiting...")
+ //print error message and try to initrole later
}
- v.checkToken()
return nil
}
@@ -90,12 +78,6 @@ func (v *Vault) GetStatus() (bool, error) {
return sealStatus.Sealed, nil
}
-// GetSecretDomain returns any information related to the secretDomain
-// More information can be added in the future with updates to the struct
-func (v *Vault) GetSecretDomain(name string) (SecretDomain, error) {
- return SecretDomain{}, nil
-}
-
// GetSecret returns a secret mounted on a particular domain name
// The secret itself is referenced via its name which translates to
// a mount path in vault
@@ -191,6 +173,7 @@ func (v *Vault) CreateSecret(dom string, sec Secret) error {
dom = v.vaultMount + "/" + dom
// Vault return is empty on successful write
+ // TODO: Check if values is not empty
_, err = v.vaultClient.Logical().Write(dom+"/"+sec.Name, sec.Values)
if err != nil {
return errors.New("Unable to create Secret at provided path")
@@ -255,13 +238,7 @@ func (v *Vault) initRole() error {
"policies": [2]string{"default", v.policyName},
}
- // Delete role if it already exists
- _, err = v.vaultClient.Logical().Delete("auth/approle/role/" + rName)
- if err != nil {
- return errors.New("Unable to delete existing role")
- }
-
- //Check if approle is mounted
+ //Check if applrole is mounted
authMounts, err := v.vaultClient.Sys().ListAuth()
if err != nil {
return errors.New("Unable to get mounted auth backends")
@@ -296,7 +273,7 @@ func (v *Vault) initRole() error {
}
v.secretID = sec.Data["secret_id"].(string)
-
+ v.initRoleDone = true
return nil
}
@@ -306,6 +283,14 @@ func (v *Vault) checkToken() error {
v.tokenLock.Lock()
defer v.tokenLock.Unlock()
+ // Init Role if it is not yet done
+ if v.initRoleDone == false {
+ err := v.initRole()
+ if err != nil {
+ return err
+ }
+ }
+
// Return immediately if token still has life
if v.vaultClient.Token() != "" &&
time.Since(v.vaultTempTokenTTL) < time.Minute*50 {
@@ -321,8 +306,7 @@ func (v *Vault) checkToken() error {
tok, err := out.TokenID()
- v.vaultTempToken = tok
v.vaultTempTokenTTL = time.Now()
- v.vaultClient.SetToken(v.vaultTempToken)
+ v.vaultClient.SetToken(tok)
return nil
}
diff --git a/sms-service/src/sms/handler/handler_test.go b/sms-service/src/sms/handler/handler_test.go
index d8f9f9f..56aa5ac 100644
--- a/sms-service/src/sms/handler/handler_test.go
+++ b/sms-service/src/sms/handler/handler_test.go
@@ -42,10 +42,6 @@ func (b *TestBackend) GetStatus() (bool, error) {
return true, nil
}
-func (b *TestBackend) GetSecretDomain(name string) (smsbackend.SecretDomain, error) {
- return smsbackend.SecretDomain{}, nil
-}
-
func (b *TestBackend) GetSecret(dom string, sec string) (smsbackend.Secret, error) {
return smsbackend.Secret{}, nil
}
diff --git a/sms-service/src/sms/smsconfig.json b/sms-service/src/sms/smsconfig.json
index e8e8245..9afa299 100644
--- a/sms-service/src/sms/smsconfig.json
+++ b/sms-service/src/sms/smsconfig.json
@@ -4,5 +4,5 @@
"serverkey": "auth/server.key",
"vaultaddress": "http://localhost:8200",
- "vaulttoken": "1ee03564-80d8-2080-2c77-0bb097cba512"
+ "vaulttoken": "f56d2c0e-d58d-2be2-aed4-bb9931bedad2"
}