summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--sms-service/src/sms/backend/vault.go102
-rw-r--r--sms-service/src/sms/backend/vault_test.go28
-rw-r--r--sms-service/src/sms/handler/handler.go30
3 files changed, 41 insertions, 119 deletions
diff --git a/sms-service/src/sms/backend/vault.go b/sms-service/src/sms/backend/vault.go
index 50e1b61..ba3e502 100644
--- a/sms-service/src/sms/backend/vault.go
+++ b/sms-service/src/sms/backend/vault.go
@@ -40,8 +40,6 @@ type Vault struct {
vaultClient *vaultapi.Client
vaultMountPrefix string
internalDomain string
- internalDomainUUID string
- internalDomainCache map[string]string
internalDomainMounted bool
vaultTempTokenTTL time.Time
vaultToken string
@@ -67,8 +65,6 @@ func (v *Vault) initVaultClient() error {
v.vaultClient = client
v.vaultMountPrefix = "sms"
v.internalDomain = "smsinternaldomain"
- v.internalDomainUUID, _ = uuid.GenerateUUID()
- v.internalDomainCache = make(map[string]string)
v.internalDomainMounted = false
v.prkey = ""
return nil
@@ -147,19 +143,14 @@ func (v *Vault) Unseal(shard string) error {
// GetSecret returns a secret mounted on a particular domain name
// The secret itself is referenced via its name which translates to
// a mount path in vault
-func (v *Vault) GetSecret(uuid string, name string) (Secret, error) {
+func (v *Vault) GetSecret(dom string, name string) (Secret, error) {
err := v.checkToken()
if smslogger.CheckError(err, "Tocken Check") != nil {
return Secret{}, errors.New("Token check failed")
}
- uuid = strings.TrimSpace(uuid)
- dom, err := v.getDomainNameFromUUID(uuid)
- if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil {
- return Secret{}, errors.New("Unable to Get secret")
- }
-
+ dom = strings.TrimSpace(dom)
dom = v.vaultMountPrefix + "/" + dom
sec, err := v.vaultClient.Logical().Read(dom + "/" + name)
@@ -178,19 +169,14 @@ func (v *Vault) GetSecret(uuid string, name string) (Secret, error) {
// ListSecret returns a list of secret names on a particular domain
// The values of the secret are not returned
-func (v *Vault) ListSecret(uuid string) ([]string, error) {
+func (v *Vault) ListSecret(dom string) ([]string, error) {
err := v.checkToken()
if smslogger.CheckError(err, "Token Check") != nil {
return nil, errors.New("Token check failed")
}
- uuid = strings.TrimSpace(uuid)
- dom, err := v.getDomainNameFromUUID(uuid)
- if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil {
- return nil, errors.New("Unable to list secrets in domain")
- }
-
+ dom = strings.TrimSpace(dom)
dom = v.vaultMountPrefix + "/" + dom
sec, err := v.vaultClient.Logical().List(dom)
@@ -240,7 +226,6 @@ func (v *Vault) mountInternalDomain(name string) error {
if strings.Contains(err.Error(), "existing mount") {
// It is already mounted
v.internalDomainMounted = true
- v.internalDomainCache[v.internalDomainUUID] = v.internalDomain
return nil
}
// Ran into some other error mounting it.
@@ -248,7 +233,6 @@ func (v *Vault) mountInternalDomain(name string) error {
}
v.internalDomainMounted = true
- v.internalDomainCache[v.internalDomainUUID] = v.internalDomain
return nil
}
@@ -274,61 +258,14 @@ func (v *Vault) storeUUID(uuid string, name string) error {
},
}
- err = v.CreateSecret(v.internalDomainUUID, secret)
+ err = v.CreateSecret(v.internalDomain, secret)
if smslogger.CheckError(err, "Write UUID to domain") != nil {
return err
}
- // Cache the value for reverse lookups
- // Note: Cache is lost when service restarts
- v.internalDomainCache[uuid] = name
-
return nil
}
-// Retrieves UUID for domain name stored in smsinternal domain
-// under v.vaultMountPrefix / smsinternal domain
-func (v *Vault) getDomainNameFromUUID(uuid string) (string, error) {
-
- // Check Cache
- if val, ok := v.internalDomainCache[uuid]; ok {
- return val, nil
- }
-
- // If not found in Cache, check in vault
- // Check if token is still valid
- err := v.checkToken()
- if smslogger.CheckError(err, "Token Check") != nil {
- return "", errors.New("Token Check failed")
- }
-
- // Should already be mounted by the initial store command
- err = v.mountInternalDomain(v.internalDomain)
- if smslogger.CheckError(err, "Mount Internal Domain") != nil {
- return "", err
- }
-
- secList, err := v.ListSecret(v.internalDomainUUID)
- if smslogger.CheckError(err, "List Domain Names") != nil {
- return "", err
- }
-
- // Search for domain name in internal domain
- // Also, refresh the cache with latest content
- for _, secName := range secList {
- sec, err := v.GetSecret(v.internalDomainUUID, secName)
- if smslogger.CheckError(err, "Read Secret Internal Domain") != nil {
- return "", err
- }
- if sec.Values["uuid"] == uuid {
- v.internalDomainCache[uuid] = sec.Name
- return sec.Name, nil
- }
- }
-
- return "", errors.New("Unable to find entry in InternalDomain")
-}
-
// CreateSecretDomain mounts the kv backend on a path with the given name
func (v *Vault) CreateSecretDomain(name string) (SecretDomain, error) {
@@ -368,19 +305,14 @@ func (v *Vault) CreateSecretDomain(name string) (SecretDomain, error) {
// CreateSecret creates a secret mounted on a particular domain name
// The secret itself is mounted on a path specified by name
-func (v *Vault) CreateSecret(uuid string, sec Secret) error {
+func (v *Vault) CreateSecret(dom string, sec Secret) error {
err := v.checkToken()
if smslogger.CheckError(err, "Token Check") != nil {
return errors.New("Token check failed")
}
- uuid = strings.TrimSpace(uuid)
- dom, err := v.getDomainNameFromUUID(uuid)
- if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil {
- return errors.New("Unable to create secret")
- }
-
+ dom = strings.TrimSpace(dom)
dom = v.vaultMountPrefix + "/" + dom
// Vault return is empty on successful write
@@ -395,20 +327,15 @@ func (v *Vault) CreateSecret(uuid string, sec Secret) error {
// DeleteSecretDomain deletes a secret domain which translates to
// an unmount operation on the given path in Vault
-func (v *Vault) DeleteSecretDomain(uuid string) error {
+func (v *Vault) DeleteSecretDomain(dom string) error {
err := v.checkToken()
if smslogger.CheckError(err, "Token Check") != nil {
return errors.New("Token Check Failed")
}
- uuid = strings.TrimSpace(uuid)
- name, err := v.getDomainNameFromUUID(uuid)
- if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil {
- return errors.New("Unable to delete secret domain")
- }
-
- mountPath := v.vaultMountPrefix + "/" + name
+ dom = strings.TrimSpace(dom)
+ mountPath := v.vaultMountPrefix + "/" + dom
err = v.vaultClient.Sys().Unmount(mountPath)
if smslogger.CheckError(err, "Delete Domain") != nil {
@@ -419,19 +346,14 @@ func (v *Vault) DeleteSecretDomain(uuid string) error {
}
// DeleteSecret deletes a secret mounted on the path provided
-func (v *Vault) DeleteSecret(uuid string, name string) error {
+func (v *Vault) DeleteSecret(dom string, name string) error {
err := v.checkToken()
if smslogger.CheckError(err, "Token Check") != nil {
return errors.New("Token check failed")
}
- uuid = strings.TrimSpace(uuid)
- dom, err := v.getDomainNameFromUUID(uuid)
- if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil {
- return errors.New("Unable to delete secret")
- }
-
+ dom = strings.TrimSpace(dom)
dom = v.vaultMountPrefix + "/" + dom
// Vault return is empty on successful delete
diff --git a/sms-service/src/sms/backend/vault_test.go b/sms-service/src/sms/backend/vault_test.go
index c26cfa7..bc72337 100644
--- a/sms-service/src/sms/backend/vault_test.go
+++ b/sms-service/src/sms/backend/vault_test.go
@@ -133,12 +133,12 @@ func TestDeleteSecretDomain(t *testing.T) {
tc, v := createLocalVaultServer(t)
defer tc.Cleanup()
- sd, err := v.CreateSecretDomain("testdomain")
+ _, err := v.CreateSecretDomain("testdomain")
if err != nil {
t.Fatal(err)
}
- err = v.DeleteSecretDomain(sd.UUID)
+ err = v.DeleteSecretDomain("testdomain")
if err != nil {
t.Fatal("DeleteSecretDomain: Unable to delete domain")
}
@@ -149,12 +149,12 @@ func TestCreateSecret(t *testing.T) {
tc, v := createLocalVaultServer(t)
defer tc.Cleanup()
- sd, err := v.CreateSecretDomain("testdomain")
+ _, err := v.CreateSecretDomain("testdomain")
if err != nil {
t.Fatal(err)
}
- err = v.CreateSecret(sd.UUID, secret)
+ err = v.CreateSecret("testdomain", secret)
if err != nil {
t.Fatal("CreateSecret: Error Creating secret")
@@ -166,19 +166,19 @@ func TestGetSecret(t *testing.T) {
tc, v := createLocalVaultServer(t)
defer tc.Cleanup()
- sd, err := v.CreateSecretDomain("testdomain")
+ _, err := v.CreateSecretDomain("testdomain")
if err != nil {
t.Fatal(err)
}
- err = v.CreateSecret(sd.UUID, secret)
+ err = v.CreateSecret("testdomain", secret)
if err != nil {
t.Fatal(err)
}
- sec, err := v.GetSecret(sd.UUID, secret.Name)
+ sec, err := v.GetSecret("testdomain", secret.Name)
if err != nil {
- t.Fatal("GetSecret: Error Creating secret")
+ t.Fatal("GetSecret: Error Getting secret")
}
if sec.Name != secret.Name {
@@ -195,17 +195,17 @@ func TestListSecret(t *testing.T) {
tc, v := createLocalVaultServer(t)
defer tc.Cleanup()
- sd, err := v.CreateSecretDomain("testdomain")
+ _, err := v.CreateSecretDomain("testdomain")
if err != nil {
t.Fatal(err)
}
- err = v.CreateSecret(sd.UUID, secret)
+ err = v.CreateSecret("testdomain", secret)
if err != nil {
t.Fatal(err)
}
- _, err = v.ListSecret(sd.UUID)
+ _, err = v.ListSecret("testdomain")
if err != nil {
t.Fatal("ListSecret: Returned error")
}
@@ -216,17 +216,17 @@ func TestDeleteSecret(t *testing.T) {
tc, v := createLocalVaultServer(t)
defer tc.Cleanup()
- sd, err := v.CreateSecretDomain("testdomain")
+ _, err := v.CreateSecretDomain("testdomain")
if err != nil {
t.Fatal(err)
}
- err = v.CreateSecret(sd.UUID, secret)
+ err = v.CreateSecret("testdomain", secret)
if err != nil {
t.Fatal(err)
}
- err = v.DeleteSecret(sd.UUID, secret.Name)
+ err = v.DeleteSecret("testdomain", secret.Name)
if err != nil {
t.Fatal("DeleteSecret: Error Creating secret")
}
diff --git a/sms-service/src/sms/handler/handler.go b/sms-service/src/sms/handler/handler.go
index 2d9e7c7..902d170 100644
--- a/sms-service/src/sms/handler/handler.go
+++ b/sms-service/src/sms/handler/handler.go
@@ -61,9 +61,9 @@ func (h handler) createSecretDomainHandler(w http.ResponseWriter, r *http.Reques
// deleteSecretDomainHandler deletes a secret domain with the name provided
func (h handler) deleteSecretDomainHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
- domUUID := vars["domUUID"]
+ domName := vars["domName"]
- err := h.secretBackend.DeleteSecretDomain(domUUID)
+ err := h.secretBackend.DeleteSecretDomain(domName)
if smslogger.CheckError(err, "DeleteSecretDomainHandler") != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
@@ -76,7 +76,7 @@ func (h handler) deleteSecretDomainHandler(w http.ResponseWriter, r *http.Reques
func (h handler) createSecretHandler(w http.ResponseWriter, r *http.Request) {
// Get domain name from URL
vars := mux.Vars(r)
- domUUID := vars["domUUID"]
+ domName := vars["domName"]
// Get secrets to be stored from body
var b smsbackend.Secret
@@ -86,7 +86,7 @@ func (h handler) createSecretHandler(w http.ResponseWriter, r *http.Request) {
return
}
- err = h.secretBackend.CreateSecret(domUUID, b)
+ err = h.secretBackend.CreateSecret(domName, b)
if smslogger.CheckError(err, "CreateSecretHandler") != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
@@ -98,10 +98,10 @@ func (h handler) createSecretHandler(w http.ResponseWriter, r *http.Request) {
// getSecretHandler handles reading a secret by given domain name and secret name
func (h handler) getSecretHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
- domUUID := vars["domUUID"]
+ domName := vars["domName"]
secName := vars["secretName"]
- sec, err := h.secretBackend.GetSecret(domUUID, secName)
+ sec, err := h.secretBackend.GetSecret(domName, secName)
if smslogger.CheckError(err, "GetSecretHandler") != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
@@ -118,9 +118,9 @@ func (h handler) getSecretHandler(w http.ResponseWriter, r *http.Request) {
// listSecretHandler handles listing all secrets under a particular domain name
func (h handler) listSecretHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
- domUUID := vars["domUUID"]
+ domName := vars["domName"]
- secList, err := h.secretBackend.ListSecret(domUUID)
+ secList, err := h.secretBackend.ListSecret(domName)
if smslogger.CheckError(err, "ListSecretHandler") != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
@@ -144,10 +144,10 @@ func (h handler) listSecretHandler(w http.ResponseWriter, r *http.Request) {
// deleteSecretHandler handles deleting a secret by given domain name and secret name
func (h handler) deleteSecretHandler(w http.ResponseWriter, r *http.Request) {
vars := mux.Vars(r)
- domUUID := vars["domUUID"]
+ domName := vars["domName"]
secName := vars["secretName"]
- err := h.secretBackend.DeleteSecret(domUUID, secName)
+ err := h.secretBackend.DeleteSecret(domName, secName)
if smslogger.CheckError(err, "DeleteSecretHandler") != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
@@ -299,12 +299,12 @@ func CreateRouter(b smsbackend.SecretBackend) http.Handler {
router.HandleFunc("/v1/sms/healthcheck", h.healthCheckHandler).Methods("GET")
router.HandleFunc("/v1/sms/domain", h.createSecretDomainHandler).Methods("POST")
- router.HandleFunc("/v1/sms/domain/{domUUID}", h.deleteSecretDomainHandler).Methods("DELETE")
+ router.HandleFunc("/v1/sms/domain/{domName}", h.deleteSecretDomainHandler).Methods("DELETE")
- router.HandleFunc("/v1/sms/domain/{domUUID}/secret", h.createSecretHandler).Methods("POST")
- router.HandleFunc("/v1/sms/domain/{domUUID}/secret", h.listSecretHandler).Methods("GET")
- router.HandleFunc("/v1/sms/domain/{domUUID}/secret/{secretName}", h.getSecretHandler).Methods("GET")
- router.HandleFunc("/v1/sms/domain/{domUUID}/secret/{secretName}", h.deleteSecretHandler).Methods("DELETE")
+ router.HandleFunc("/v1/sms/domain/{domName}/secret", h.createSecretHandler).Methods("POST")
+ router.HandleFunc("/v1/sms/domain/{domName}/secret", h.listSecretHandler).Methods("GET")
+ router.HandleFunc("/v1/sms/domain/{domName}/secret/{secretName}", h.getSecretHandler).Methods("GET")
+ router.HandleFunc("/v1/sms/domain/{domName}/secret/{secretName}", h.deleteSecretHandler).Methods("DELETE")
return router
}