From a33fe5704dddd5018c131677f114c0952ff47d86 Mon Sep 17 00:00:00 2001 From: Kiran Kamineni Date: Mon, 17 Sep 2018 12:44:40 -0700 Subject: Revert change to UUID and go back to domain names UUID based urls are pain points for clients as per feedback Reverting to using known domain names Issue-ID: AAF-502 Change-Id: If3d5861ad8cc40adf84d41cd90c90fcde60446ab Signed-off-by: Kiran Kamineni --- sms-service/src/sms/backend/vault.go | 102 ++++-------------------------- sms-service/src/sms/backend/vault_test.go | 28 ++++---- sms-service/src/sms/handler/handler.go | 30 ++++----- 3 files changed, 41 insertions(+), 119 deletions(-) diff --git a/sms-service/src/sms/backend/vault.go b/sms-service/src/sms/backend/vault.go index 50e1b61..ba3e502 100644 --- a/sms-service/src/sms/backend/vault.go +++ b/sms-service/src/sms/backend/vault.go @@ -40,8 +40,6 @@ type Vault struct { vaultClient *vaultapi.Client vaultMountPrefix string internalDomain string - internalDomainUUID string - internalDomainCache map[string]string internalDomainMounted bool vaultTempTokenTTL time.Time vaultToken string @@ -67,8 +65,6 @@ func (v *Vault) initVaultClient() error { v.vaultClient = client v.vaultMountPrefix = "sms" v.internalDomain = "smsinternaldomain" - v.internalDomainUUID, _ = uuid.GenerateUUID() - v.internalDomainCache = make(map[string]string) v.internalDomainMounted = false v.prkey = "" return nil @@ -147,19 +143,14 @@ func (v *Vault) Unseal(shard string) error { // GetSecret returns a secret mounted on a particular domain name // The secret itself is referenced via its name which translates to // a mount path in vault -func (v *Vault) GetSecret(uuid string, name string) (Secret, error) { +func (v *Vault) GetSecret(dom string, name string) (Secret, error) { err := v.checkToken() if smslogger.CheckError(err, "Tocken Check") != nil { return Secret{}, errors.New("Token check failed") } - uuid = strings.TrimSpace(uuid) - dom, err := v.getDomainNameFromUUID(uuid) - if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil { - return Secret{}, errors.New("Unable to Get secret") - } - + dom = strings.TrimSpace(dom) dom = v.vaultMountPrefix + "/" + dom sec, err := v.vaultClient.Logical().Read(dom + "/" + name) @@ -178,19 +169,14 @@ func (v *Vault) GetSecret(uuid string, name string) (Secret, error) { // ListSecret returns a list of secret names on a particular domain // The values of the secret are not returned -func (v *Vault) ListSecret(uuid string) ([]string, error) { +func (v *Vault) ListSecret(dom string) ([]string, error) { err := v.checkToken() if smslogger.CheckError(err, "Token Check") != nil { return nil, errors.New("Token check failed") } - uuid = strings.TrimSpace(uuid) - dom, err := v.getDomainNameFromUUID(uuid) - if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil { - return nil, errors.New("Unable to list secrets in domain") - } - + dom = strings.TrimSpace(dom) dom = v.vaultMountPrefix + "/" + dom sec, err := v.vaultClient.Logical().List(dom) @@ -240,7 +226,6 @@ func (v *Vault) mountInternalDomain(name string) error { if strings.Contains(err.Error(), "existing mount") { // It is already mounted v.internalDomainMounted = true - v.internalDomainCache[v.internalDomainUUID] = v.internalDomain return nil } // Ran into some other error mounting it. @@ -248,7 +233,6 @@ func (v *Vault) mountInternalDomain(name string) error { } v.internalDomainMounted = true - v.internalDomainCache[v.internalDomainUUID] = v.internalDomain return nil } @@ -274,61 +258,14 @@ func (v *Vault) storeUUID(uuid string, name string) error { }, } - err = v.CreateSecret(v.internalDomainUUID, secret) + err = v.CreateSecret(v.internalDomain, secret) if smslogger.CheckError(err, "Write UUID to domain") != nil { return err } - // Cache the value for reverse lookups - // Note: Cache is lost when service restarts - v.internalDomainCache[uuid] = name - return nil } -// Retrieves UUID for domain name stored in smsinternal domain -// under v.vaultMountPrefix / smsinternal domain -func (v *Vault) getDomainNameFromUUID(uuid string) (string, error) { - - // Check Cache - if val, ok := v.internalDomainCache[uuid]; ok { - return val, nil - } - - // If not found in Cache, check in vault - // Check if token is still valid - err := v.checkToken() - if smslogger.CheckError(err, "Token Check") != nil { - return "", errors.New("Token Check failed") - } - - // Should already be mounted by the initial store command - err = v.mountInternalDomain(v.internalDomain) - if smslogger.CheckError(err, "Mount Internal Domain") != nil { - return "", err - } - - secList, err := v.ListSecret(v.internalDomainUUID) - if smslogger.CheckError(err, "List Domain Names") != nil { - return "", err - } - - // Search for domain name in internal domain - // Also, refresh the cache with latest content - for _, secName := range secList { - sec, err := v.GetSecret(v.internalDomainUUID, secName) - if smslogger.CheckError(err, "Read Secret Internal Domain") != nil { - return "", err - } - if sec.Values["uuid"] == uuid { - v.internalDomainCache[uuid] = sec.Name - return sec.Name, nil - } - } - - return "", errors.New("Unable to find entry in InternalDomain") -} - // CreateSecretDomain mounts the kv backend on a path with the given name func (v *Vault) CreateSecretDomain(name string) (SecretDomain, error) { @@ -368,19 +305,14 @@ func (v *Vault) CreateSecretDomain(name string) (SecretDomain, error) { // CreateSecret creates a secret mounted on a particular domain name // The secret itself is mounted on a path specified by name -func (v *Vault) CreateSecret(uuid string, sec Secret) error { +func (v *Vault) CreateSecret(dom string, sec Secret) error { err := v.checkToken() if smslogger.CheckError(err, "Token Check") != nil { return errors.New("Token check failed") } - uuid = strings.TrimSpace(uuid) - dom, err := v.getDomainNameFromUUID(uuid) - if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil { - return errors.New("Unable to create secret") - } - + dom = strings.TrimSpace(dom) dom = v.vaultMountPrefix + "/" + dom // Vault return is empty on successful write @@ -395,20 +327,15 @@ func (v *Vault) CreateSecret(uuid string, sec Secret) error { // DeleteSecretDomain deletes a secret domain which translates to // an unmount operation on the given path in Vault -func (v *Vault) DeleteSecretDomain(uuid string) error { +func (v *Vault) DeleteSecretDomain(dom string) error { err := v.checkToken() if smslogger.CheckError(err, "Token Check") != nil { return errors.New("Token Check Failed") } - uuid = strings.TrimSpace(uuid) - name, err := v.getDomainNameFromUUID(uuid) - if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil { - return errors.New("Unable to delete secret domain") - } - - mountPath := v.vaultMountPrefix + "/" + name + dom = strings.TrimSpace(dom) + mountPath := v.vaultMountPrefix + "/" + dom err = v.vaultClient.Sys().Unmount(mountPath) if smslogger.CheckError(err, "Delete Domain") != nil { @@ -419,19 +346,14 @@ func (v *Vault) DeleteSecretDomain(uuid string) error { } // DeleteSecret deletes a secret mounted on the path provided -func (v *Vault) DeleteSecret(uuid string, name string) error { +func (v *Vault) DeleteSecret(dom string, name string) error { err := v.checkToken() if smslogger.CheckError(err, "Token Check") != nil { return errors.New("Token check failed") } - uuid = strings.TrimSpace(uuid) - dom, err := v.getDomainNameFromUUID(uuid) - if smslogger.CheckError(err, "Lookup Domain Name from UUID") != nil { - return errors.New("Unable to delete secret") - } - + dom = strings.TrimSpace(dom) dom = v.vaultMountPrefix + "/" + dom // Vault return is empty on successful delete diff --git a/sms-service/src/sms/backend/vault_test.go b/sms-service/src/sms/backend/vault_test.go index c26cfa7..bc72337 100644 --- a/sms-service/src/sms/backend/vault_test.go +++ b/sms-service/src/sms/backend/vault_test.go @@ -133,12 +133,12 @@ func TestDeleteSecretDomain(t *testing.T) { tc, v := createLocalVaultServer(t) defer tc.Cleanup() - sd, err := v.CreateSecretDomain("testdomain") + _, err := v.CreateSecretDomain("testdomain") if err != nil { t.Fatal(err) } - err = v.DeleteSecretDomain(sd.UUID) + err = v.DeleteSecretDomain("testdomain") if err != nil { t.Fatal("DeleteSecretDomain: Unable to delete domain") } @@ -149,12 +149,12 @@ func TestCreateSecret(t *testing.T) { tc, v := createLocalVaultServer(t) defer tc.Cleanup() - sd, err := v.CreateSecretDomain("testdomain") + _, err := v.CreateSecretDomain("testdomain") if err != nil { t.Fatal(err) } - err = v.CreateSecret(sd.UUID, secret) + err = v.CreateSecret("testdomain", secret) if err != nil { t.Fatal("CreateSecret: Error Creating secret") @@ -166,19 +166,19 @@ func TestGetSecret(t *testing.T) { tc, v := createLocalVaultServer(t) defer tc.Cleanup() - sd, err := v.CreateSecretDomain("testdomain") + _, err := v.CreateSecretDomain("testdomain") if err != nil { t.Fatal(err) } - err = v.CreateSecret(sd.UUID, secret) + err = v.CreateSecret("testdomain", secret) if err != nil { t.Fatal(err) } - sec, err := v.GetSecret(sd.UUID, secret.Name) + sec, err := v.GetSecret("testdomain", secret.Name) if err != nil { - t.Fatal("GetSecret: Error Creating secret") + t.Fatal("GetSecret: Error Getting secret") } if sec.Name != secret.Name { @@ -195,17 +195,17 @@ func TestListSecret(t *testing.T) { tc, v := createLocalVaultServer(t) defer tc.Cleanup() - sd, err := v.CreateSecretDomain("testdomain") + _, err := v.CreateSecretDomain("testdomain") if err != nil { t.Fatal(err) } - err = v.CreateSecret(sd.UUID, secret) + err = v.CreateSecret("testdomain", secret) if err != nil { t.Fatal(err) } - _, err = v.ListSecret(sd.UUID) + _, err = v.ListSecret("testdomain") if err != nil { t.Fatal("ListSecret: Returned error") } @@ -216,17 +216,17 @@ func TestDeleteSecret(t *testing.T) { tc, v := createLocalVaultServer(t) defer tc.Cleanup() - sd, err := v.CreateSecretDomain("testdomain") + _, err := v.CreateSecretDomain("testdomain") if err != nil { t.Fatal(err) } - err = v.CreateSecret(sd.UUID, secret) + err = v.CreateSecret("testdomain", secret) if err != nil { t.Fatal(err) } - err = v.DeleteSecret(sd.UUID, secret.Name) + err = v.DeleteSecret("testdomain", secret.Name) if err != nil { t.Fatal("DeleteSecret: Error Creating secret") } diff --git a/sms-service/src/sms/handler/handler.go b/sms-service/src/sms/handler/handler.go index 2d9e7c7..902d170 100644 --- a/sms-service/src/sms/handler/handler.go +++ b/sms-service/src/sms/handler/handler.go @@ -61,9 +61,9 @@ func (h handler) createSecretDomainHandler(w http.ResponseWriter, r *http.Reques // deleteSecretDomainHandler deletes a secret domain with the name provided func (h handler) deleteSecretDomainHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) - domUUID := vars["domUUID"] + domName := vars["domName"] - err := h.secretBackend.DeleteSecretDomain(domUUID) + err := h.secretBackend.DeleteSecretDomain(domName) if smslogger.CheckError(err, "DeleteSecretDomainHandler") != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -76,7 +76,7 @@ func (h handler) deleteSecretDomainHandler(w http.ResponseWriter, r *http.Reques func (h handler) createSecretHandler(w http.ResponseWriter, r *http.Request) { // Get domain name from URL vars := mux.Vars(r) - domUUID := vars["domUUID"] + domName := vars["domName"] // Get secrets to be stored from body var b smsbackend.Secret @@ -86,7 +86,7 @@ func (h handler) createSecretHandler(w http.ResponseWriter, r *http.Request) { return } - err = h.secretBackend.CreateSecret(domUUID, b) + err = h.secretBackend.CreateSecret(domName, b) if smslogger.CheckError(err, "CreateSecretHandler") != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -98,10 +98,10 @@ func (h handler) createSecretHandler(w http.ResponseWriter, r *http.Request) { // getSecretHandler handles reading a secret by given domain name and secret name func (h handler) getSecretHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) - domUUID := vars["domUUID"] + domName := vars["domName"] secName := vars["secretName"] - sec, err := h.secretBackend.GetSecret(domUUID, secName) + sec, err := h.secretBackend.GetSecret(domName, secName) if smslogger.CheckError(err, "GetSecretHandler") != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -118,9 +118,9 @@ func (h handler) getSecretHandler(w http.ResponseWriter, r *http.Request) { // listSecretHandler handles listing all secrets under a particular domain name func (h handler) listSecretHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) - domUUID := vars["domUUID"] + domName := vars["domName"] - secList, err := h.secretBackend.ListSecret(domUUID) + secList, err := h.secretBackend.ListSecret(domName) if smslogger.CheckError(err, "ListSecretHandler") != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -144,10 +144,10 @@ func (h handler) listSecretHandler(w http.ResponseWriter, r *http.Request) { // deleteSecretHandler handles deleting a secret by given domain name and secret name func (h handler) deleteSecretHandler(w http.ResponseWriter, r *http.Request) { vars := mux.Vars(r) - domUUID := vars["domUUID"] + domName := vars["domName"] secName := vars["secretName"] - err := h.secretBackend.DeleteSecret(domUUID, secName) + err := h.secretBackend.DeleteSecret(domName, secName) if smslogger.CheckError(err, "DeleteSecretHandler") != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return @@ -299,12 +299,12 @@ func CreateRouter(b smsbackend.SecretBackend) http.Handler { router.HandleFunc("/v1/sms/healthcheck", h.healthCheckHandler).Methods("GET") router.HandleFunc("/v1/sms/domain", h.createSecretDomainHandler).Methods("POST") - router.HandleFunc("/v1/sms/domain/{domUUID}", h.deleteSecretDomainHandler).Methods("DELETE") + router.HandleFunc("/v1/sms/domain/{domName}", h.deleteSecretDomainHandler).Methods("DELETE") - router.HandleFunc("/v1/sms/domain/{domUUID}/secret", h.createSecretHandler).Methods("POST") - router.HandleFunc("/v1/sms/domain/{domUUID}/secret", h.listSecretHandler).Methods("GET") - router.HandleFunc("/v1/sms/domain/{domUUID}/secret/{secretName}", h.getSecretHandler).Methods("GET") - router.HandleFunc("/v1/sms/domain/{domUUID}/secret/{secretName}", h.deleteSecretHandler).Methods("DELETE") + router.HandleFunc("/v1/sms/domain/{domName}/secret", h.createSecretHandler).Methods("POST") + router.HandleFunc("/v1/sms/domain/{domName}/secret", h.listSecretHandler).Methods("GET") + router.HandleFunc("/v1/sms/domain/{domName}/secret/{secretName}", h.getSecretHandler).Methods("GET") + router.HandleFunc("/v1/sms/domain/{domName}/secret/{secretName}", h.deleteSecretHandler).Methods("DELETE") return router } -- cgit 1.2.3-korg