summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sms-service/src/sms/backend/backend.go2
-rw-r--r--sms-service/src/sms/backend/backend_test.go8
-rw-r--r--sms-service/src/sms/backend/vault.go58
-rw-r--r--sms-service/src/sms/handler/handler_test.go4
-rw-r--r--sms-service/src/sms/smsconfig.json2
5 files changed, 26 insertions, 48 deletions
diff --git a/sms-service/src/sms/backend/backend.go b/sms-service/src/sms/backend/backend.go
index a1055e6..61af995 100644
--- a/sms-service/src/sms/backend/backend.go
+++ b/sms-service/src/sms/backend/backend.go
@@ -46,9 +46,7 @@ type SecretBackend interface {
Init() error
GetStatus() (bool, error)
- GetSecretDomain(name string) (SecretDomain, error)
GetSecret(dom string, sec string) (Secret, error)
-
ListSecret(dom string) ([]string, error)
CreateSecretDomain(name string) (SecretDomain, error)
diff --git a/sms-service/src/sms/backend/backend_test.go b/sms-service/src/sms/backend/backend_test.go
index 92ca971..674c03f 100644
--- a/sms-service/src/sms/backend/backend_test.go
+++ b/sms-service/src/sms/backend/backend_test.go
@@ -28,10 +28,10 @@ func TestInitSecretBackend(t *testing.T) {
sec, err := InitSecretBackend()
// We expect an error to be returned as Init expects
// backend to be running
- if err == nil {
- t.Fatal("InitSecretBackend : error creating")
+ if err != nil {
+ t.Fatal("InitSecretBackend : Expected nil as Init is independent of Vault")
}
- if sec != nil {
- t.Fatal("InitSecretBackend: returned SecretBackend was *NOT* nil, expected nil")
+ if sec == nil {
+ t.Fatal("InitSecretBackend: returned SecretBackend was nil")
}
}
diff --git a/sms-service/src/sms/backend/vault.go b/sms-service/src/sms/backend/vault.go
index c3bbbc5..d92ac43 100644
--- a/sms-service/src/sms/backend/vault.go
+++ b/sms-service/src/sms/backend/vault.go
@@ -22,7 +22,6 @@ import (
"errors"
"fmt"
- "log"
"strings"
"sync"
"time"
@@ -30,19 +29,17 @@ import (
// Vault is the main Struct used in Backend to initialize the struct
type Vault struct {
- vaultAddress string
- vaultToken string
- vaultMount string
- vaultTempToken string
-
- vaultClient *vaultapi.Client
engineType string
+ initRoleDone bool
policyName string
roleID string
secretID string
+ tokenLock sync.Mutex
+ vaultAddress string
+ vaultClient *vaultapi.Client
+ vaultMount string
vaultTempTokenTTL time.Time
-
- tokenLock sync.Mutex
+ vaultToken string
}
// Init will initialize the vault connection
@@ -57,25 +54,16 @@ func (v *Vault) Init() error {
}
v.engineType = "kv"
+ v.initRoleDone = false
v.policyName = "smsvaultpolicy"
- v.vaultMount = "sms"
v.vaultClient = client
-
- // Check if vault is ready and unsealed
- seal, err := v.GetStatus()
- if err != nil {
- return err
- }
- if seal == true {
- return fmt.Errorf("Vault is still sealed. Unseal before use")
- }
+ v.vaultMount = "sms"
err = v.initRole()
if err != nil {
- log.Fatalln("Unable to initRole in Vault. Exiting...")
+ //print error message and try to initrole later
}
- v.checkToken()
return nil
}
@@ -90,12 +78,6 @@ func (v *Vault) GetStatus() (bool, error) {
return sealStatus.Sealed, nil
}
-// GetSecretDomain returns any information related to the secretDomain
-// More information can be added in the future with updates to the struct
-func (v *Vault) GetSecretDomain(name string) (SecretDomain, error) {
- return SecretDomain{}, nil
-}
-
// GetSecret returns a secret mounted on a particular domain name
// The secret itself is referenced via its name which translates to
// a mount path in vault
@@ -191,6 +173,7 @@ func (v *Vault) CreateSecret(dom string, sec Secret) error {
dom = v.vaultMount + "/" + dom
// Vault return is empty on successful write
+ // TODO: Check if values is not empty
_, err = v.vaultClient.Logical().Write(dom+"/"+sec.Name, sec.Values)
if err != nil {
return errors.New("Unable to create Secret at provided path")
@@ -255,13 +238,7 @@ func (v *Vault) initRole() error {
"policies": [2]string{"default", v.policyName},
}
- // Delete role if it already exists
- _, err = v.vaultClient.Logical().Delete("auth/approle/role/" + rName)
- if err != nil {
- return errors.New("Unable to delete existing role")
- }
-
- //Check if approle is mounted
+ //Check if applrole is mounted
authMounts, err := v.vaultClient.Sys().ListAuth()
if err != nil {
return errors.New("Unable to get mounted auth backends")
@@ -296,7 +273,7 @@ func (v *Vault) initRole() error {
}
v.secretID = sec.Data["secret_id"].(string)
-
+ v.initRoleDone = true
return nil
}
@@ -306,6 +283,14 @@ func (v *Vault) checkToken() error {
v.tokenLock.Lock()
defer v.tokenLock.Unlock()
+ // Init Role if it is not yet done
+ if v.initRoleDone == false {
+ err := v.initRole()
+ if err != nil {
+ return err
+ }
+ }
+
// Return immediately if token still has life
if v.vaultClient.Token() != "" &&
time.Since(v.vaultTempTokenTTL) < time.Minute*50 {
@@ -321,8 +306,7 @@ func (v *Vault) checkToken() error {
tok, err := out.TokenID()
- v.vaultTempToken = tok
v.vaultTempTokenTTL = time.Now()
- v.vaultClient.SetToken(v.vaultTempToken)
+ v.vaultClient.SetToken(tok)
return nil
}
diff --git a/sms-service/src/sms/handler/handler_test.go b/sms-service/src/sms/handler/handler_test.go
index d8f9f9f..56aa5ac 100644
--- a/sms-service/src/sms/handler/handler_test.go
+++ b/sms-service/src/sms/handler/handler_test.go
@@ -42,10 +42,6 @@ func (b *TestBackend) GetStatus() (bool, error) {
return true, nil
}
-func (b *TestBackend) GetSecretDomain(name string) (smsbackend.SecretDomain, error) {
- return smsbackend.SecretDomain{}, nil
-}
-
func (b *TestBackend) GetSecret(dom string, sec string) (smsbackend.Secret, error) {
return smsbackend.Secret{}, nil
}
diff --git a/sms-service/src/sms/smsconfig.json b/sms-service/src/sms/smsconfig.json
index e8e8245..9afa299 100644
--- a/sms-service/src/sms/smsconfig.json
+++ b/sms-service/src/sms/smsconfig.json
@@ -4,5 +4,5 @@
"serverkey": "auth/server.key",
"vaultaddress": "http://localhost:8200",
- "vaulttoken": "1ee03564-80d8-2080-2c77-0bb097cba512"
+ "vaulttoken": "f56d2c0e-d58d-2be2-aed4-bb9931bedad2"
}