diff options
-rw-r--r-- | sms-service/src/sms/Gopkg.lock | 143 | ||||
-rw-r--r-- | sms-service/src/sms/backend/vault.go | 96 | ||||
-rw-r--r-- | sms-service/src/sms/backend/vault_test.go | 26 | ||||
-rw-r--r-- | sms-service/src/sms/handler/handler.go | 34 |
4 files changed, 246 insertions, 53 deletions
diff --git a/sms-service/src/sms/Gopkg.lock b/sms-service/src/sms/Gopkg.lock index d02e074..89cecd4 100644 --- a/sms-service/src/sms/Gopkg.lock +++ b/sms-service/src/sms/Gopkg.lock @@ -2,12 +2,15 @@ [[projects]] + digest = "1:7202718ddfaa07d3c88e6d7bee854aa2ddceea5c75fa74c6c9f33de4db677ece" name = "github.com/Jeffail/gabs" packages = ["."] + pruneopts = "" revision = "2a3aa15961d5fee6047b8151b67ac2f08ba2c48c" version = "1.0" [[projects]] + digest = "1:9226e1f08ec042456f59a403f534962176c6e2acc4153feb4416698e92ee5a80" name = "github.com/SAP/go-hdb" packages = [ "driver", @@ -15,185 +18,237 @@ "internal/bufio", "internal/protocol", "internal/unicode", - "internal/unicode/cesu8" + "internal/unicode/cesu8", ] + pruneopts = "" revision = "18b52f9f36b84988ed1fa70daa79e4a7d9618f33" version = "v0.11.0" [[projects]] + digest = "1:8855efc2aff3afd6319da41b22a8ca1cfd1698af05a24852c01636ba65b133f0" name = "github.com/SermoDigital/jose" packages = [ ".", "crypto", "jws", - "jwt" + "jwt", ] + pruneopts = "" revision = "f6df55f235c24f236d11dbcf665249a59ac2021f" version = "1.1" [[projects]] branch = "master" + digest = "1:436959adf1a11c1ee93ee7cd3b25dfa63f235f9cc283d86f1606626d0b7efbb3" name = "github.com/armon/go-metrics" packages = ["."] + pruneopts = "" revision = "783273d703149aaeb9897cf58613d5af48861c25" [[projects]] branch = "master" + digest = "1:2a1e6af234d7de1ccf4504f397cf7cfa82922ee59b29252e3c34cb38d0b91989" name = "github.com/armon/go-radix" packages = ["."] + pruneopts = "" revision = "1fca145dffbcaa8fe914309b1ec0cfc67500fe61" [[projects]] branch = "master" + digest = "1:a87de848db7e19b41b06e5d672f8ed47b6f8ceb8b696d53fc9b5b7fba2b42f77" name = "github.com/denisenkom/go-mssqldb" packages = [ ".", - "internal/cp" + "internal/cp", ] + pruneopts = "" revision = "e32faac87a2220f9342289f2c3b567d1424b8ec5" [[projects]] + digest = "1:044b2f1eea2f5cfb0d3678baf60892734f59d5c2ea3932cb6ed894a97ccba15c" name = "github.com/elazarl/go-bindata-assetfs" packages = ["."] + pruneopts = "" revision = "30f82fa23fd844bd5bb1e5f216db87fd77b5eb43" version = "v1.0.0" [[projects]] + digest = "1:55848e643a99a9dfceb19e090ce67111328fbb1780f34c62a0430994ff85fb90" name = "github.com/fatih/structs" packages = ["."] + pruneopts = "" revision = "a720dfa8df582c51dee1b36feabb906bde1588bd" version = "v1.0" [[projects]] + digest = "1:24f8932912fd9331367d38715bb74be889dc2f94d401109c3aa3db8b3aa246c5" name = "github.com/go-sql-driver/mysql" packages = ["."] + pruneopts = "" revision = "a0583e0143b1624142adab07e0e97fe106d99561" version = "v1.3" [[projects]] branch = "master" + digest = "1:27ee7c7530501d991022ab7b289a3e023314cdd9f7072f135e1c86f6a8f645ee" name = "github.com/gocql/gocql" packages = [ ".", "internal/lru", "internal/murmur", - "internal/streams" + "internal/streams", ] + pruneopts = "" revision = "3540fc649cd7fc57cef5612b7bacac7a4fc443d6" [[projects]] + digest = "1:0a3f6a0c68ab8f3d455f8892295503b179e571b7fefe47cc6c556405d1f83411" name = "github.com/gogo/protobuf" packages = ["proto"] + pruneopts = "" revision = "1adfc126b41513cc696b209667c8656ea7aac67c" version = "v1.0.0" [[projects]] + digest = "1:bcb38c8fc9b21bb8682ce2d605a7d4aeb618abc7f827e3ac0b27c0371fdb23fb" name = "github.com/golang/protobuf" packages = [ "proto", "ptypes", "ptypes/any", "ptypes/duration", - "ptypes/timestamp" + "ptypes/timestamp", ] + pruneopts = "" revision = "925541529c1fa6821df4e44ce2723319eb2be768" version = "v1.0.0" [[projects]] branch = "master" + digest = "1:09307dfb1aa3f49a2bf869dcfa4c6c06ecd3c207221bd1c1a1141f0e51f209eb" name = "github.com/golang/snappy" packages = ["."] + pruneopts = "" revision = "553a641470496b2327abcac10b36396bd98e45c9" [[projects]] + digest = "1:20ed7daa9b3b38b6d1d39b48ab3fd31122be5419461470d0c28de3e121c93ecf" name = "github.com/gorilla/context" packages = ["."] + pruneopts = "" revision = "1ea25387ff6f684839d82767c1733ff4d4d15d0a" version = "v1.1" [[projects]] + digest = "1:aa016bbb412f496a7baed9e02787a60cd15c9a3edfa72da9c4a95d6cea610334" name = "github.com/gorilla/mux" packages = ["."] + pruneopts = "" revision = "53c1911da2b537f792e7cafcb446b05ffe33b996" version = "v1.6.1" [[projects]] branch = "master" + digest = "1:60b7bc5e043a11213472ae05252527287d20e0a6ccc18f6ae67fad88e41004de" name = "github.com/hailocab/go-hostpool" packages = ["."] + pruneopts = "" revision = "e80d13ce29ede4452c43dea11e79b9bc8a15b478" [[projects]] branch = "master" + digest = "1:304c322b62533a48ac052ffee80f67087fce1bc07186cd4e610a1b0e77765836" name = "github.com/hashicorp/errwrap" packages = ["."] + pruneopts = "" revision = "7554cd9344cec97297fa6649b055a8c98c2a1e55" [[projects]] branch = "master" + digest = "1:f5d25fd7bdda08e39e01193ef94a1ebf7547b1b931bcdec785d08050598f306c" name = "github.com/hashicorp/go-cleanhttp" packages = ["."] + pruneopts = "" revision = "d5fe4b57a186c716b0e00b8c301cbd9b4182694d" [[projects]] branch = "master" + digest = "1:fc9a2736d92cf885c9b3c7f202d3aaf783bb2cc4124078f0ef7667b72173b66c" name = "github.com/hashicorp/go-hclog" packages = ["."] + pruneopts = "" revision = "69ff559dc25f3b435631604f573a5fa1efdb6433" [[projects]] branch = "master" + digest = "1:4423ee95d6ee30bb22f680445c58889bb5b91e1b955405bf34374a053784a8a2" name = "github.com/hashicorp/go-immutable-radix" packages = ["."] + pruneopts = "" revision = "7f3cd4390caab3250a57f30efdb2a65dd7649ecf" [[projects]] branch = "master" + digest = "1:7a6871e9a44517c0010ac9310c6629370839a22ab5ef3d9aedbe6cd96d130c33" name = "github.com/hashicorp/go-memdb" packages = ["."] + pruneopts = "" revision = "1289e7fffe71d8fd4d4d491ba9a412c50f244c44" [[projects]] branch = "master" + digest = "1:b46ef59de1f724e8a2b508ea2b329eaf6cac4d71cbd44ad5e3dbd4e8fd49de9b" name = "github.com/hashicorp/go-multierror" packages = ["."] + pruneopts = "" revision = "b7773ae218740a7be65057fc60b366a49b538a44" [[projects]] branch = "master" + digest = "1:de20979176f5f326a028fd0d3698f4ec18f6921b46c9d68a35200355c6e8e6b9" name = "github.com/hashicorp/go-plugin" packages = ["."] + pruneopts = "" revision = "e8d22c780116115ae5624720c9af0c97afe4f551" [[projects]] branch = "master" + digest = "1:ff65bf6fc4d1116f94ac305342725c21b55c16819c2606adc8f527755716937f" name = "github.com/hashicorp/go-rootcerts" packages = ["."] + pruneopts = "" revision = "6bb64b370b90e7ef1fa532be9e591a81c3493e00" [[projects]] branch = "master" + digest = "1:a531cc8f8d78655eaec90f714bf81015badc2bc6682ff1eda3fa03b6568b602b" name = "github.com/hashicorp/go-uuid" packages = ["."] + pruneopts = "" revision = "27454136f0364f2d44b1276c552d69105cf8c498" [[projects]] branch = "master" + digest = "1:94158926759c3333201f81eee5a21112f7ae9d000b4d6926455008c7ab3fb7fc" name = "github.com/hashicorp/go-version" packages = ["."] + pruneopts = "" revision = "23480c0665776210b5fbbac6eaaee40e3e6a96b7" [[projects]] branch = "master" + digest = "1:9c776d7d9c54b7ed89f119e449983c3f24c0023e75001d6092442412ebca6b94" name = "github.com/hashicorp/golang-lru" packages = [ ".", - "simplelru" + "simplelru", ] + pruneopts = "" revision = "0fb14efe8c47ae851c0034ed7a448854d3d34cf3" [[projects]] branch = "master" + digest = "1:9b7c5846d70f425d7fe279595e32a20994c6075e87be03b5c367ed07280877c5" name = "github.com/hashicorp/hcl" packages = [ ".", @@ -204,11 +259,13 @@ "hcl/token", "json/parser", "json/scanner", - "json/token" + "json/token", ] + pruneopts = "" revision = "ef8a98b0bbce4a65b5aa4c368430a80ddc533168" [[projects]] + digest = "1:820c02b39c079c8919901ea9cc75b93ae8bc0864271494f40f7eb78fd69a8cbb" name = "github.com/hashicorp/vault" packages = [ "api", @@ -255,25 +312,31 @@ "plugins/helper/database/dbutil", "shamir", "vault", - "version" + "version", ] + pruneopts = "" revision = "5dd7f25f5c4b541f2da62d70075b6f82771a650d" version = "v0.10.0" [[projects]] branch = "master" + digest = "1:502c6c45a693da0396113cf025f65da5c9ad15c542328cfbc8c4663a10cc707d" name = "github.com/hashicorp/yamux" packages = ["."] + pruneopts = "" revision = "3520598351bb3500a49ae9563f5539666ae0a27c" [[projects]] branch = "master" + digest = "1:5d8602d6ebb444e0c18792d61fd4bb302a0d4d0b02cebf50c475f9dbeaabb884" name = "github.com/jefferai/jsonx" packages = ["."] + pruneopts = "" revision = "9cc31c3135eef39b8e72585f37efa92b6ca314d0" [[projects]] branch = "master" + digest = "1:4497f215ab79ea03a5f8f29e971718e1de8ca1d063a7b727c408b807545236b0" name = "github.com/keybase/go-crypto" packages = [ "brainpool", @@ -288,75 +351,97 @@ "openpgp/errors", "openpgp/packet", "openpgp/s2k", - "rsa" + "rsa", ] + pruneopts = "" revision = "d11a37f123888ff060339f516e392032dfcb98ff" [[projects]] branch = "master" + digest = "1:8f0ecac344e2c0a4a55df0306994ed2ce3b9e9598da959ce4e5831aaa05f1e1e" name = "github.com/lib/pq" packages = [ ".", - "oid" + "oid", ] + pruneopts = "" revision = "d34b9ff171c21ad295489235aec8b6626023cd04" [[projects]] branch = "master" + digest = "1:ae14aee05347b333fd7ab0c801c789438ef559cfb1307b53d5c42ea3cf6d61b6" name = "github.com/mitchellh/copystructure" packages = ["."] + pruneopts = "" revision = "d23ffcb85de31694d6ccaa23ccb4a03e55c1303f" [[projects]] branch = "master" + digest = "1:59d11e81d6fdd12a771321696bb22abdd9a94d26ac864787e98c9b419e428734" name = "github.com/mitchellh/go-homedir" packages = ["."] + pruneopts = "" revision = "b8bc1bf767474819792c23f32d8286a45736f1c6" [[projects]] branch = "master" + digest = "1:51c98e2c9a8d0a724a69f46421876af14e12132cb02f1d0e144785d752247162" name = "github.com/mitchellh/go-testing-interface" packages = ["."] + pruneopts = "" revision = "a61a99592b77c9ba629d254a693acffaeb4b7e28" [[projects]] branch = "master" + digest = "1:59fa50d593e5673a0dfffa1852b66fd700c05b35e368680b4b89a68fdb2c1379" name = "github.com/mitchellh/mapstructure" packages = ["."] + pruneopts = "" revision = "00c29f56e2386353d58c599509e8dc3801b0d716" [[projects]] branch = "master" + digest = "1:a5aebbd13aa160140a1fd1286b94cd8c6ba3d1522014fd04508d7f36d5bb8d19" name = "github.com/mitchellh/reflectwalk" packages = ["."] + pruneopts = "" revision = "63d60e9d0dbc60cf9164e6510889b0db6683d98c" [[projects]] + digest = "1:94e9081cc450d2cdf4e6886fc2c06c07272f86477df2d74ee5931951fa3d2577" name = "github.com/oklog/run" packages = ["."] + pruneopts = "" revision = "4dadeb3030eda0273a12382bb2348ffc7c9d1a39" version = "v1.0.0" [[projects]] + digest = "1:4c0404dc03d974acd5fcd8b8d3ce687b13bd169db032b89275e8b9d77b98ce8c" name = "github.com/patrickmn/go-cache" packages = ["."] + pruneopts = "" revision = "a3647f8e31d79543b2d0f0ae2fe5c379d72cedc0" version = "v2.1.0" [[projects]] + digest = "1:29df111893b87bd947307aab294c042e900c2f29c53ad3896127955b4283728a" name = "github.com/ryanuber/go-glob" packages = ["."] + pruneopts = "" revision = "572520ed46dbddaed19ea3d9541bdd0494163693" version = "v0.1" [[projects]] branch = "master" + digest = "1:4592f9136f6d4289dbdea1b5aed5f23234bf75bbabc094203aea0363a760ddec" name = "github.com/sethgrid/pester" packages = ["."] + pruneopts = "" revision = "ed9870dad3170c0b25ab9b11830cc57c3a7798fb" [[projects]] branch = "master" + digest = "1:47ff8b3229cff95d3cf3738c7a8461fdeacd3f46801e54d301a62500605ce202" name = "golang.org/x/crypto" packages = [ "cast5", @@ -372,12 +457,14 @@ "openpgp/packet", "openpgp/s2k", "poly1305", - "ssh" + "ssh", ] + pruneopts = "" revision = "d6449816ce06963d9d136eee5a56fca5b0616e7e" [[projects]] branch = "master" + digest = "1:e578690e68b81d979995373286a9625f00c0381a67ed86e10334ace86d780d91" name = "golang.org/x/net" packages = [ "context", @@ -387,17 +474,21 @@ "idna", "internal/timeseries", "lex/httplex", - "trace" + "trace", ] + pruneopts = "" revision = "d41e8174641f662c5a2d1c7a5f9e828788eb8706" [[projects]] branch = "master" + digest = "1:d4eda90cc85514f76c499c16e3ef2a6c65a58edac31c57a69c2a1e6105413667" name = "golang.org/x/sys" packages = ["unix"] + pruneopts = "" revision = "3ccc7e5779793fd54564baf60c51bf017955e0ba" [[projects]] + digest = "1:5acd3512b047305d49e8763eef7ba423901e85d5dd2fd1e71778a0ea8de10bd4" name = "golang.org/x/text" packages = [ "collate", @@ -413,18 +504,22 @@ "unicode/bidi", "unicode/cldr", "unicode/norm", - "unicode/rangetable" + "unicode/rangetable", ] + pruneopts = "" revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0" version = "v0.3.0" [[projects]] branch = "master" + digest = "1:8cfa91d1b7f6b66fa9b1a738a4bc1325837b861e63fb9a2919931d68871bb770" name = "google.golang.org/genproto" packages = ["googleapis/rpc/status"] + pruneopts = "" revision = "7fd901a49ba6a7f87732eb344f6e3c5b19d1b200" [[projects]] + digest = "1:e5e4d08a5e43727ae54ea371823ce14b2d5b454536cfa7e6b08cc309a51d9fe5" name = "google.golang.org/grpc" packages = [ ".", @@ -451,32 +546,48 @@ "stats", "status", "tap", - "transport" + "transport", ] + pruneopts = "" revision = "d11072e7ca9811b1100b80ca0269ac831f06d024" version = "v1.11.3" [[projects]] + digest = "1:75fb3fcfc73a8c723efde7777b40e8e8ff9babf30d8c56160d01beffea8a95a6" name = "gopkg.in/inf.v0" packages = ["."] + pruneopts = "" revision = "d2d2541c53f18d2a059457998ce2876cc8e67cbf" version = "v0.9.1" [[projects]] branch = "v2" + digest = "1:c80894778314c7fb90d94a5ab925214900e1341afeddc953cda7398b8cdcd006" name = "gopkg.in/mgo.v2" packages = [ ".", "bson", "internal/json", "internal/sasl", - "internal/scram" + "internal/scram", ] + pruneopts = "" revision = "3f83fa5005286a7fe593b055f0d7771a7dce4655" [solve-meta] analyzer-name = "dep" analyzer-version = 1 - inputs-digest = "8280cde72a3ab78ad00d13c192de5920d188f3052f45884563896cab659469f9" + input-imports = [ + "github.com/gorilla/mux", + "github.com/hashicorp/go-uuid", + "github.com/hashicorp/vault/api", + "github.com/hashicorp/vault/builtin/credential/approle", + "github.com/hashicorp/vault/http", + "github.com/hashicorp/vault/logical", + "github.com/hashicorp/vault/physical/inmem", + "github.com/hashicorp/vault/vault", + "golang.org/x/crypto/openpgp", + "golang.org/x/crypto/openpgp/packet", + ] solver-name = "gps-cdcl" solver-version = 1 diff --git a/sms-service/src/sms/backend/vault.go b/sms-service/src/sms/backend/vault.go index 7fee097..50e1b61 100644 --- a/sms-service/src/sms/backend/vault.go +++ b/sms-service/src/sms/backend/vault.go @@ -40,6 +40,8 @@ type Vault struct { vaultClient *vaultapi.Client vaultMountPrefix string internalDomain string + internalDomainUUID string + internalDomainCache map[string]string internalDomainMounted bool vaultTempTokenTTL time.Time vaultToken string @@ -65,6 +67,8 @@ func (v *Vault) initVaultClient() error { v.vaultClient = client v.vaultMountPrefix = "sms" v.internalDomain = "smsinternaldomain" + v.internalDomainUUID, _ = uuid.GenerateUUID() + v.internalDomainCache = make(map[string]string) v.internalDomainMounted = false v.prkey = "" return nil @@ -143,13 +147,19 @@ func (v *Vault) Unseal(shard string) error { // GetSecret returns a secret mounted on a particular domain name // The secret itself is referenced via its name which translates to // a mount path in vault -func (v *Vault) GetSecret(dom string, name string) (Secret, error) { +func (v *Vault) GetSecret(uuid string, name string) (Secret, error) { err := v.checkToken() if smslogger.CheckError(err, "Tocken Check") != nil { return Secret{}, errors.New("Token check failed") } + uuid = strings.TrimSpace(uuid) + dom, err := v.getDomainNameFromUUID(uuid) + if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil { + return Secret{}, errors.New("Unable to Get secret") + } + dom = v.vaultMountPrefix + "/" + dom sec, err := v.vaultClient.Logical().Read(dom + "/" + name) @@ -168,13 +178,19 @@ func (v *Vault) GetSecret(dom string, name string) (Secret, error) { // ListSecret returns a list of secret names on a particular domain // The values of the secret are not returned -func (v *Vault) ListSecret(dom string) ([]string, error) { +func (v *Vault) ListSecret(uuid string) ([]string, error) { err := v.checkToken() if smslogger.CheckError(err, "Token Check") != nil { return nil, errors.New("Token check failed") } + uuid = strings.TrimSpace(uuid) + dom, err := v.getDomainNameFromUUID(uuid) + if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil { + return nil, errors.New("Unable to list secrets in domain") + } + dom = v.vaultMountPrefix + "/" + dom sec, err := v.vaultClient.Logical().List(dom) @@ -224,6 +240,7 @@ func (v *Vault) mountInternalDomain(name string) error { if strings.Contains(err.Error(), "existing mount") { // It is already mounted v.internalDomainMounted = true + v.internalDomainCache[v.internalDomainUUID] = v.internalDomain return nil } // Ran into some other error mounting it. @@ -231,6 +248,7 @@ func (v *Vault) mountInternalDomain(name string) error { } v.internalDomainMounted = true + v.internalDomainCache[v.internalDomainUUID] = v.internalDomain return nil } @@ -256,14 +274,61 @@ func (v *Vault) storeUUID(uuid string, name string) error { }, } - err = v.CreateSecret(v.internalDomain, secret) + err = v.CreateSecret(v.internalDomainUUID, secret) if smslogger.CheckError(err, "Write UUID to domain") != nil { return err } + // Cache the value for reverse lookups + // Note: Cache is lost when service restarts + v.internalDomainCache[uuid] = name + return nil } +// Retrieves UUID for domain name stored in smsinternal domain +// under v.vaultMountPrefix / smsinternal domain +func (v *Vault) getDomainNameFromUUID(uuid string) (string, error) { + + // Check Cache + if val, ok := v.internalDomainCache[uuid]; ok { + return val, nil + } + + // If not found in Cache, check in vault + // Check if token is still valid + err := v.checkToken() + if smslogger.CheckError(err, "Token Check") != nil { + return "", errors.New("Token Check failed") + } + + // Should already be mounted by the initial store command + err = v.mountInternalDomain(v.internalDomain) + if smslogger.CheckError(err, "Mount Internal Domain") != nil { + return "", err + } + + secList, err := v.ListSecret(v.internalDomainUUID) + if smslogger.CheckError(err, "List Domain Names") != nil { + return "", err + } + + // Search for domain name in internal domain + // Also, refresh the cache with latest content + for _, secName := range secList { + sec, err := v.GetSecret(v.internalDomainUUID, secName) + if smslogger.CheckError(err, "Read Secret Internal Domain") != nil { + return "", err + } + if sec.Values["uuid"] == uuid { + v.internalDomainCache[uuid] = sec.Name + return sec.Name, nil + } + } + + return "", errors.New("Unable to find entry in InternalDomain") +} + // CreateSecretDomain mounts the kv backend on a path with the given name func (v *Vault) CreateSecretDomain(name string) (SecretDomain, error) { @@ -303,13 +368,19 @@ func (v *Vault) CreateSecretDomain(name string) (SecretDomain, error) { // CreateSecret creates a secret mounted on a particular domain name // The secret itself is mounted on a path specified by name -func (v *Vault) CreateSecret(dom string, sec Secret) error { +func (v *Vault) CreateSecret(uuid string, sec Secret) error { err := v.checkToken() if smslogger.CheckError(err, "Token Check") != nil { return errors.New("Token check failed") } + uuid = strings.TrimSpace(uuid) + dom, err := v.getDomainNameFromUUID(uuid) + if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil { + return errors.New("Unable to create secret") + } + dom = v.vaultMountPrefix + "/" + dom // Vault return is empty on successful write @@ -324,14 +395,19 @@ func (v *Vault) CreateSecret(dom string, sec Secret) error { // DeleteSecretDomain deletes a secret domain which translates to // an unmount operation on the given path in Vault -func (v *Vault) DeleteSecretDomain(name string) error { +func (v *Vault) DeleteSecretDomain(uuid string) error { err := v.checkToken() if smslogger.CheckError(err, "Token Check") != nil { return errors.New("Token Check Failed") } - name = strings.TrimSpace(name) + uuid = strings.TrimSpace(uuid) + name, err := v.getDomainNameFromUUID(uuid) + if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil { + return errors.New("Unable to delete secret domain") + } + mountPath := v.vaultMountPrefix + "/" + name err = v.vaultClient.Sys().Unmount(mountPath) @@ -343,13 +419,19 @@ func (v *Vault) DeleteSecretDomain(name string) error { } // DeleteSecret deletes a secret mounted on the path provided -func (v *Vault) DeleteSecret(dom string, name string) error { +func (v *Vault) DeleteSecret(uuid string, name string) error { err := v.checkToken() if smslogger.CheckError(err, "Token Check") != nil { return errors.New("Token check failed") } + uuid = strings.TrimSpace(uuid) + dom, err := v.getDomainNameFromUUID(uuid) + if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil { + return errors.New("Unable to delete secret") + } + dom = v.vaultMountPrefix + "/" + dom // Vault return is empty on successful delete diff --git a/sms-service/src/sms/backend/vault_test.go b/sms-service/src/sms/backend/vault_test.go index 4862665..c26cfa7 100644 --- a/sms-service/src/sms/backend/vault_test.go +++ b/sms-service/src/sms/backend/vault_test.go @@ -133,12 +133,12 @@ func TestDeleteSecretDomain(t *testing.T) { tc, v := createLocalVaultServer(t) defer tc.Cleanup() - _, err := v.CreateSecretDomain("testdomain") + sd, err := v.CreateSecretDomain("testdomain") if err != nil { t.Fatal(err) } - err = v.DeleteSecretDomain("testdomain") + err = v.DeleteSecretDomain(sd.UUID) if err != nil { t.Fatal("DeleteSecretDomain: Unable to delete domain") } @@ -149,12 +149,12 @@ func TestCreateSecret(t *testing.T) { tc, v := createLocalVaultServer(t) defer tc.Cleanup() - _, err := v.CreateSecretDomain("testdomain") + sd, err := v.CreateSecretDomain("testdomain") if err != nil { t.Fatal(err) } - err = v.CreateSecret("testdomain", secret) + err = v.CreateSecret(sd.UUID, secret) if err != nil { t.Fatal("CreateSecret: Error Creating secret") @@ -166,17 +166,17 @@ func TestGetSecret(t *testing.T) { tc, v := createLocalVaultServer(t) defer tc.Cleanup() - _, err := v.CreateSecretDomain("testdomain") + sd, err := v.CreateSecretDomain("testdomain") if err != nil { t.Fatal(err) } - err = v.CreateSecret("testdomain", secret) + err = v.CreateSecret(sd.UUID, secret) if err != nil { t.Fatal(err) } - sec, err := v.GetSecret("testdomain", secret.Name) + sec, err := v.GetSecret(sd.UUID, secret.Name) if err != nil { t.Fatal("GetSecret: Error Creating secret") } @@ -195,17 +195,17 @@ func TestListSecret(t *testing.T) { tc, v := createLocalVaultServer(t) defer tc.Cleanup() - _, err := v.CreateSecretDomain("testdomain") + sd, err := v.CreateSecretDomain("testdomain") if err != nil { t.Fatal(err) } - err = v.CreateSecret("testdomain", secret) + err = v.CreateSecret(sd.UUID, secret) if err != nil { t.Fatal(err) } - _, err = v.ListSecret("testdomain") + _, err = v.ListSecret(sd.UUID) if err != nil { t.Fatal("ListSecret: Returned error") } @@ -216,17 +216,17 @@ func TestDeleteSecret(t *testing.T) { tc, v := createLocalVaultServer(t) defer tc.Cleanup() - _, err := v.CreateSecretDomain("testdomain") + sd, err := v.CreateSecretDomain("testdomain") if err != nil { t.Fatal(err) } - err = v.CreateSecret("testdomain", secret) + err = v.CreateSecret(sd.UUID, secret) if err != nil { t.Fatal(err) } - err = v.DeleteSecret("testdomain", secret.Name) + err = v.DeleteSecret(sd.UUID, secret.Name) if err != nil { t.Fatal("DeleteSecret: Error Creating secret") } diff --git a/sms-service/src/sms/handler/handler.go b/sms-service/src/sms/handler/handler.go index 805f7a8..2d9e7c7 100644 --- a/sms-service/src/sms/handler/handler.go +++ b/sms-service/src/sms/handler/handler.go @@ -61,9 +61,9 @@ func (h handler) createSecretDomainHandler(w http.ResponseWriter, r *http.Reques // deleteSecretDomainHandler deletes a secret domain with the name provided func (h handler) deleteSecretDomainHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) - domName := vars["domName"] + domUUID := vars["domUUID"] - err := h.secretBackend.DeleteSecretDomain(domName) + err := h.secretBackend.DeleteSecretDomain(domUUID) if smslogger.CheckError(err, "DeleteSecretDomainHandler") != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -76,7 +76,7 @@ func (h handler) deleteSecretDomainHandler(w http.ResponseWriter, r *http.Reques func (h handler) createSecretHandler(w http.ResponseWriter, r *http.Request) { // Get domain name from URL vars := mux.Vars(r) - domName := vars["domName"] + domUUID := vars["domUUID"] // Get secrets to be stored from body var b smsbackend.Secret @@ -86,7 +86,7 @@ func (h handler) createSecretHandler(w http.ResponseWriter, r *http.Request) { return } - err = h.secretBackend.CreateSecret(domName, b) + err = h.secretBackend.CreateSecret(domUUID, b) if smslogger.CheckError(err, "CreateSecretHandler") != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -98,10 +98,10 @@ func (h handler) createSecretHandler(w http.ResponseWriter, r *http.Request) { // getSecretHandler handles reading a secret by given domain name and secret name func (h handler) getSecretHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) - domName := vars["domName"] + domUUID := vars["domUUID"] secName := vars["secretName"] - sec, err := h.secretBackend.GetSecret(domName, secName) + sec, err := h.secretBackend.GetSecret(domUUID, secName) if smslogger.CheckError(err, "GetSecretHandler") != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -118,9 +118,9 @@ func (h handler) getSecretHandler(w http.ResponseWriter, r *http.Request) { // listSecretHandler handles listing all secrets under a particular domain name func (h handler) listSecretHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) - domName := vars["domName"] + domUUID := vars["domUUID"] - secList, err := h.secretBackend.ListSecret(domName) + secList, err := h.secretBackend.ListSecret(domUUID) if smslogger.CheckError(err, "ListSecretHandler") != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -144,10 +144,10 @@ func (h handler) listSecretHandler(w http.ResponseWriter, r *http.Request) { // deleteSecretHandler handles deleting a secret by given domain name and secret name func (h handler) deleteSecretHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) - domName := vars["domName"] + domUUID := vars["domUUID"] secName := vars["secretName"] - err := h.secretBackend.DeleteSecret(domName, secName) + err := h.secretBackend.DeleteSecret(domUUID, secName) if smslogger.CheckError(err, "DeleteSecretHandler") != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -266,13 +266,13 @@ func (h handler) healthCheckHandler(w http.ResponseWriter, r *http.Request) { // backend is not sealed dname, _ := uuid.GenerateUUID() - _, err = h.secretBackend.CreateSecretDomain(dname) + dom, err := h.secretBackend.CreateSecretDomain(dname) if smslogger.CheckError(err, "HealthCheck Create Domain") != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } - err = h.secretBackend.DeleteSecretDomain(dname) + err = h.secretBackend.DeleteSecretDomain(dom.UUID) if smslogger.CheckError(err, "HealthCheck Delete Domain") != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -299,12 +299,12 @@ func CreateRouter(b smsbackend.SecretBackend) http.Handler { router.HandleFunc("/v1/sms/healthcheck", h.healthCheckHandler).Methods("GET") router.HandleFunc("/v1/sms/domain", h.createSecretDomainHandler).Methods("POST") - router.HandleFunc("/v1/sms/domain/{domName}", h.deleteSecretDomainHandler).Methods("DELETE") + router.HandleFunc("/v1/sms/domain/{domUUID}", h.deleteSecretDomainHandler).Methods("DELETE") - router.HandleFunc("/v1/sms/domain/{domName}/secret", h.createSecretHandler).Methods("POST") - router.HandleFunc("/v1/sms/domain/{domName}/secret", h.listSecretHandler).Methods("GET") - router.HandleFunc("/v1/sms/domain/{domName}/secret/{secretName}", h.getSecretHandler).Methods("GET") - router.HandleFunc("/v1/sms/domain/{domName}/secret/{secretName}", h.deleteSecretHandler).Methods("DELETE") + router.HandleFunc("/v1/sms/domain/{domUUID}/secret", h.createSecretHandler).Methods("POST") + router.HandleFunc("/v1/sms/domain/{domUUID}/secret", h.listSecretHandler).Methods("GET") + router.HandleFunc("/v1/sms/domain/{domUUID}/secret/{secretName}", h.getSecretHandler).Methods("GET") + router.HandleFunc("/v1/sms/domain/{domUUID}/secret/{secretName}", h.deleteSecretHandler).Methods("DELETE") return router } |