diff options
-rw-r--r-- | sms-service/src/sms/backend/vault.go | 52 | ||||
-rw-r--r-- | sms-service/src/sms/handler/handler.go | 16 |
2 files changed, 55 insertions, 13 deletions
diff --git a/sms-service/src/sms/backend/vault.go b/sms-service/src/sms/backend/vault.go index 0b62bb5..a4ebaaa 100644 --- a/sms-service/src/sms/backend/vault.go +++ b/sms-service/src/sms/backend/vault.go @@ -19,6 +19,7 @@ package backend import ( uuid "github.com/hashicorp/go-uuid" vaultapi "github.com/hashicorp/vault/api" + smslogger "sms/log" "errors" "fmt" @@ -50,7 +51,8 @@ func (v *Vault) Init() error { vaultCFG.Address = v.vaultAddress client, err := vaultapi.NewClient(vaultCFG) if err != nil { - return err + smslogger.WriteError(err.Error()) + return errors.New("Unable to create new vault client") } v.engineType = "kv" @@ -61,7 +63,8 @@ func (v *Vault) Init() error { err = v.initRole() if err != nil { - //print error message and try to initrole later + smslogger.WriteError(err.Error()) + smslogger.WriteInfo("InitRole will try again later") } return nil @@ -72,7 +75,8 @@ func (v *Vault) GetStatus() (bool, error) { sys := v.vaultClient.Sys() sealStatus, err := sys.SealStatus() if err != nil { - return false, err + smslogger.WriteError(err.Error()) + return false, errors.New("Error getting status") } return sealStatus.Sealed, nil @@ -84,7 +88,8 @@ func (v *Vault) Unseal(shard string) error { sys := v.vaultClient.Sys() _, err := sys.Unseal(shard) if err != nil { - return err + smslogger.WriteError(err.Error()) + return errors.New("Unable to execute unseal operation with specified shard") } return nil @@ -96,18 +101,21 @@ func (v *Vault) Unseal(shard string) error { func (v *Vault) GetSecret(dom string, name string) (Secret, error) { err := v.checkToken() if err != nil { - return Secret{}, errors.New("Token check returned error: " + err.Error()) + smslogger.WriteError(err.Error()) + return Secret{}, errors.New("Token check failed") } dom = v.vaultMount + "/" + dom sec, err := v.vaultClient.Logical().Read(dom + "/" + name) if err != nil { + smslogger.WriteError(err.Error()) return Secret{}, errors.New("Unable to read Secret at provided path") } // sec and err are nil in the case where a path does not exist if sec == nil { + smslogger.WriteWarn("Vault read was empty. Invalid Path") return Secret{}, errors.New("Secret not found at the provided path") } @@ -119,23 +127,27 @@ func (v *Vault) GetSecret(dom string, name string) (Secret, error) { func (v *Vault) ListSecret(dom string) ([]string, error) { err := v.checkToken() if err != nil { - return nil, errors.New("Token check returned error: " + err.Error()) + smslogger.WriteError(err.Error()) + return nil, errors.New("Token check failed") } dom = v.vaultMount + "/" + dom sec, err := v.vaultClient.Logical().List(dom) if err != nil { + smslogger.WriteError(err.Error()) return nil, errors.New("Unable to read Secret at provided path") } // sec and err are nil in the case where a path does not exist if sec == nil { + smslogger.WriteWarn("Vaultclient returned empty data") return nil, errors.New("Secret not found at the provided path") } val, ok := sec.Data["keys"].([]interface{}) if !ok { + smslogger.WriteError("Secret not found at the provided path") return nil, errors.New("Secret not found at the provided path") } @@ -152,7 +164,8 @@ func (v *Vault) CreateSecretDomain(name string) (SecretDomain, error) { // Check if token is still valid err := v.checkToken() if err != nil { - return SecretDomain{}, err + smslogger.WriteError(err.Error()) + return SecretDomain{}, errors.New("Token Check failed") } name = strings.TrimSpace(name) @@ -167,7 +180,8 @@ func (v *Vault) CreateSecretDomain(name string) (SecretDomain, error) { err = v.vaultClient.Sys().Mount(mountPath, mountInput) if err != nil { - return SecretDomain{}, err + smslogger.WriteError(err.Error()) + return SecretDomain{}, errors.New("Unable to create Secret Domain") } uuid, _ := uuid.GenerateUUID() @@ -179,7 +193,8 @@ func (v *Vault) CreateSecretDomain(name string) (SecretDomain, error) { func (v *Vault) CreateSecret(dom string, sec Secret) error { err := v.checkToken() if err != nil { - return errors.New("Token checking returned an error" + err.Error()) + smslogger.WriteError(err.Error()) + return errors.New("Token check failed") } dom = v.vaultMount + "/" + dom @@ -188,6 +203,7 @@ func (v *Vault) CreateSecret(dom string, sec Secret) error { // TODO: Check if values is not empty _, err = v.vaultClient.Logical().Write(dom+"/"+sec.Name, sec.Values) if err != nil { + smslogger.WriteError(err.Error()) return errors.New("Unable to create Secret at provided path") } @@ -199,7 +215,8 @@ func (v *Vault) CreateSecret(dom string, sec Secret) error { func (v *Vault) DeleteSecretDomain(name string) error { err := v.checkToken() if err != nil { - return err + smslogger.WriteError(err.Error()) + return errors.New("Token Check Failed") } name = strings.TrimSpace(name) @@ -207,6 +224,7 @@ func (v *Vault) DeleteSecretDomain(name string) error { err = v.vaultClient.Sys().Unmount(mountPath) if err != nil { + smslogger.WriteError(err.Error()) return errors.New("Unable to delete domain specified") } @@ -217,7 +235,8 @@ func (v *Vault) DeleteSecretDomain(name string) error { func (v *Vault) DeleteSecret(dom string, name string) error { err := v.checkToken() if err != nil { - return errors.New("Token checking returned an error" + err.Error()) + smslogger.WriteError(err.Error()) + return errors.New("Token check failed") } dom = v.vaultMount + "/" + dom @@ -225,6 +244,7 @@ func (v *Vault) DeleteSecret(dom string, name string) error { // Vault return is empty on successful delete _, err = v.vaultClient.Logical().Delete(dom + "/" + name) if err != nil { + smslogger.WriteError(err.Error()) return errors.New("Unable to delete Secret at provided path") } @@ -241,6 +261,7 @@ func (v *Vault) initRole() error { path "sys/mounts/sms*" { capabilities = ["update","delete","create"] }` err := v.vaultClient.Sys().PutPolicy(v.policyName, rules) if err != nil { + smslogger.WriteError(err.Error()) return errors.New("Unable to create policy for approle creation") } @@ -253,6 +274,7 @@ func (v *Vault) initRole() error { //Check if applrole is mounted authMounts, err := v.vaultClient.Sys().ListAuth() if err != nil { + smslogger.WriteError(err.Error()) return errors.New("Unable to get mounted auth backends") } @@ -273,6 +295,7 @@ func (v *Vault) initRole() error { v.vaultClient.Logical().Write("auth/approle/role/"+rName, data) sec, err := v.vaultClient.Logical().Read("auth/approle/role/" + rName + "/role-id") if err != nil { + smslogger.WriteError(err.Error()) return errors.New("Unable to create role ID for approle") } v.roleID = sec.Data["role_id"].(string) @@ -281,6 +304,7 @@ func (v *Vault) initRole() error { sec, err = v.vaultClient.Logical().Write("auth/approle/role/"+rName+"/secret-id", map[string]interface{}{}) if err != nil { + smslogger.WriteError(err.Error()) return errors.New("Unable to create secret ID for role") } @@ -300,7 +324,8 @@ func (v *Vault) checkToken() error { if v.initRoleDone == false { err := v.initRole() if err != nil { - return err + smslogger.WriteError(err.Error()) + return errors.New("Unable to initRole in checkToken") } } @@ -314,7 +339,8 @@ func (v *Vault) checkToken() error { out, err := v.vaultClient.Logical().Write("auth/approle/login", map[string]interface{}{"role_id": v.roleID, "secret_id": v.secretID}) if err != nil { - return err + smslogger.WriteError(err.Error()) + return errors.New("Unable to create Temporary Token for Role") } tok, err := out.TokenID() diff --git a/sms-service/src/sms/handler/handler.go b/sms-service/src/sms/handler/handler.go index 2288092..496b782 100644 --- a/sms-service/src/sms/handler/handler.go +++ b/sms-service/src/sms/handler/handler.go @@ -22,6 +22,7 @@ import ( "net/http" smsbackend "sms/backend" + smslogger "sms/log" ) // handler stores two interface implementations that implement @@ -37,18 +38,21 @@ func (h handler) createSecretDomainHandler(w http.ResponseWriter, r *http.Reques err := json.NewDecoder(r.Body).Decode(&d) if err != nil { + smslogger.WriteError(err.Error()) http.Error(w, err.Error(), http.StatusBadRequest) return } dom, err := h.secretBackend.CreateSecretDomain(d.Name) if err != nil { + smslogger.WriteError(err.Error()) http.Error(w, err.Error(), http.StatusInternalServerError) return } err = json.NewEncoder(w).Encode(dom) if err != nil { + smslogger.WriteError(err.Error()) http.Error(w, err.Error(), http.StatusInternalServerError) return } @@ -63,6 +67,7 @@ func (h handler) deleteSecretDomainHandler(w http.ResponseWriter, r *http.Reques err := h.secretBackend.DeleteSecretDomain(domName) if err != nil { + smslogger.WriteError(err.Error()) http.Error(w, err.Error(), http.StatusInternalServerError) return } @@ -80,12 +85,14 @@ func (h handler) createSecretHandler(w http.ResponseWriter, r *http.Request) { var b smsbackend.Secret err := json.NewDecoder(r.Body).Decode(&b) if err != nil { + smslogger.WriteError(err.Error()) http.Error(w, err.Error(), http.StatusBadRequest) return } err = h.secretBackend.CreateSecret(domName, b) if err != nil { + smslogger.WriteError(err.Error()) http.Error(w, err.Error(), http.StatusInternalServerError) return } @@ -101,12 +108,14 @@ func (h handler) getSecretHandler(w http.ResponseWriter, r *http.Request) { sec, err := h.secretBackend.GetSecret(domName, secName) if err != nil { + smslogger.WriteError(err.Error()) http.Error(w, err.Error(), http.StatusInternalServerError) return } err = json.NewEncoder(w).Encode(sec) if err != nil { + smslogger.WriteError(err.Error()) http.Error(w, err.Error(), http.StatusInternalServerError) return } @@ -119,12 +128,14 @@ func (h handler) listSecretHandler(w http.ResponseWriter, r *http.Request) { sec, err := h.secretBackend.ListSecret(domName) if err != nil { + smslogger.WriteError(err.Error()) http.Error(w, err.Error(), http.StatusInternalServerError) return } err = json.NewEncoder(w).Encode(sec) if err != nil { + smslogger.WriteError(err.Error()) http.Error(w, err.Error(), http.StatusInternalServerError) return } @@ -138,6 +149,7 @@ func (h handler) deleteSecretHandler(w http.ResponseWriter, r *http.Request) { err := h.secretBackend.DeleteSecret(domName, secName) if err != nil { + smslogger.WriteError(err.Error()) http.Error(w, err.Error(), http.StatusInternalServerError) return } @@ -152,6 +164,7 @@ type backendStatus struct { func (h handler) statusHandler(w http.ResponseWriter, r *http.Request) { s, err := h.secretBackend.GetStatus() if err != nil { + smslogger.WriteError(err.Error()) http.Error(w, err.Error(), http.StatusInternalServerError) return } @@ -159,6 +172,7 @@ func (h handler) statusHandler(w http.ResponseWriter, r *http.Request) { status := backendStatus{Seal: s} err = json.NewEncoder(w).Encode(status) if err != nil { + smslogger.WriteError(err.Error()) http.Error(w, err.Error(), http.StatusInternalServerError) return } @@ -182,12 +196,14 @@ func (h handler) unsealHandler(w http.ResponseWriter, r *http.Request) { decoder.DisallowUnknownFields() err := decoder.Decode(&inp) if err != nil { + smslogger.WriteError(err.Error()) http.Error(w, "Bad input JSON", http.StatusBadRequest) return } err = h.secretBackend.Unseal(inp.UnsealShard) if err != nil { + smslogger.WriteError(err.Error()) http.Error(w, err.Error(), http.StatusInternalServerError) return } |