From ac134cb099afa6be09fbc5cdad5db0bcf7aee08a Mon Sep 17 00:00:00 2001 From: Kiran Kamineni Date: Fri, 4 May 2018 16:50:39 -0700 Subject: Adding a docs folder under sms repo WORK IN PROGRESS Adding a docs folder under sms Issue-ID: AAF-185 Change-Id: I5ee3560cfda2100ad5207bb7e98d5cb9472e1325 Signed-off-by: Girish Havaldar --- docs/api_swagger.html | 732 +++++++++++++++++++++++ docs/api_swagger.yaml | 288 ++++++++++ docs/apiswagger.rst | 745 ++++++++++++++++++++++++ docs/coverage.html | 1471 +++++++++++++++++++++++++++++++++++++++++++++++ docs/coverage.md | 41 ++ docs/index.rst | 37 ++ docs/installation.rst | 33 ++ docs/sms_high_level.png | Bin 0 -> 141997 bytes docs/usage.rst | 54 ++ 9 files changed, 3401 insertions(+) create mode 100644 docs/api_swagger.html create mode 100644 docs/api_swagger.yaml create mode 100644 docs/apiswagger.rst create mode 100644 docs/coverage.html create mode 100644 docs/coverage.md create mode 100644 docs/index.rst create mode 100644 docs/installation.rst create mode 100644 docs/sms_high_level.png create mode 100644 docs/usage.rst (limited to 'docs') diff --git a/docs/api_swagger.html b/docs/api_swagger.html new file mode 100644 index 0000000..7f987a3 --- /dev/null +++ b/docs/api_swagger.html @@ -0,0 +1,732 @@ + + + + Secret Management Service + + + +

Secret Management Service

+
This is a service that provides secret management facilities
+
More information: https://helloreverb.com
+
Contact Info: kiran.k.kamineni@intel.com
+
Version: 1.0.0
+
BasePath:/v1/sms/
+
Apache 2.0
+
http://www.apache.org/licenses/LICENSE-2.0.html
+

Access

+
    +
  1. APIKey KeyParamName:token KeyInQuery:false KeyInHeader:true
    2. +
+ +

Methods

+ [ Jump to Models ] + +

Table of Contents

+
+

Domain

+ +

Login

+ +

Secret

+ +

System

+ + +

Domain

+
+
+ Up + 
delete /domain/{domainName}
+
Deletes a domain by name (domainDomainNameDelete)
+
Deletes a domain with provided name
+ +

Path parameters

+
+
domainName (required)
+ +
Path Parameter — Name of the domain
+
+ + + + + + + + + + +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. +
    +
  • application/json
    • +
+ +

Responses

+

204

+ Successful Deletion + +

404

+ Invalid Path or Path not found + +
+
+
+
+ Up + 
post /domain
+
Add a new domain (domainPost)
+
+ + +

Consumes

+ This API call consumes the following media types via the Content-Type request header: +
    +
  • application/json
    • +
+ +

Request body

+
+
body Domain (required)
+ +
Body Parameter
+ +
+ + + + +

Return type

+
+ Domain + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "name" : "name",
+  "uuid" : "uuid"
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. +
    +
  • application/json
    • +
+ +

Responses

+

201

+ Successful Creation + Domain +

400

+ Invalid input + +

500

+ Internal Server Error + +
+
+

Login

+
+
+ Up + 
post /login
+
Login with username and password (loginPost)
+
Operations related to logging in via username and Password
+ + +

Consumes

+ This API call consumes the following media types via the Content-Type request header: +
    +
  • application/json
    • +
+ +

Request body

+
+
body Credential (required)
+ +
Body Parameter
+ +
+ + + + +

Return type

+
+ inline_response_200 + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "ttl" : 0,
+  "token" : "token"
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. +
    +
  • application/json
    • +
+ +

Responses

+

200

+ Successful Login returns a token + inline_response_200 +

404

+ Invalid Username or Password + +
+
+

Secret

+
+
+ Up + 
get /domain/{domainName}/secret
+
List secret Names in this domain (domainDomainNameSecretGet)
+
Gets all secret names in this domain
+ +

Path parameters

+
+
domainName (required)
+ +
Path Parameter — Name of the domain in which to look at
+
+ + + + + + +

Return type

+
+ inline_response_200_2 + +
+ + + +

Example data

+
Content-Type: application/json
+ 
"{\"secretnames\":[\"secretname1\",\"secretname2\",\"secretname3\"]}"
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. +
    +
  • application/json
    • +
+ +

Responses

+

200

+ Successful operation + inline_response_200_2 +

404

+ Invalid Path or Path not found + +
+
+
+
+ Up + 
post /domain/{domainName}/secret
+
Add a new secret (domainDomainNameSecretPost)
+
+ +

Path parameters

+
+
domainName (required)
+ +
Path Parameter — Name of the domain
+
+ +

Consumes

+ This API call consumes the following media types via the Content-Type request header: +
    +
  • application/json
    • +
+ +

Request body

+
+
body Secret (required)
+ +
Body Parameter
+ +
+ + + + + + + + +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. +
    +
  • application/json
    • +
+ +

Responses

+

201

+ Successful Creation + +

404

+ Invalid Path or Path not found + +
+
+
+
+ Up + 
delete /domain/{domainName}/secret/{secretName}
+
Deletes a Secret (domainDomainNameSecretSecretNameDelete)
+
+ +

Path parameters

+
+
secretName (required)
+ +
Path Parameter — Name of Secret to Delete
domainName (required)
+ +
Path Parameter — Path to the SecretDomain which contains the Secret
+
+ + + + + + + + + + +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. +
    +
  • application/json
    • +
+ +

Responses

+

204

+ Successful Deletion + +

404

+ Invalid Path or Path not found + +
+
+
+
+ Up + 
get /domain/{domainName}/secret/{secretName}
+
Find Secret by Name (domainDomainNameSecretSecretNameGet)
+
Returns a single secret
+ +

Path parameters

+
+
domainName (required)
+ +
Path Parameter — Name of the domain in which to look at
secretName (required)
+ +
Path Parameter — Name of the secret which is needed
+
+ + + + + + +

Return type

+
+ Secret + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "values" : {
+    "name" : "john",
+    "Age" : 40,
+    "admin" : true
+  },
+  "name" : "name"
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. +
    +
  • application/json
    • +
+ +

Responses

+

200

+ successful operation + Secret +

404

+ Invalid Path or Path not found + +
+
+

System

+
+
+ Up + 
get /status
+
Get backend status (statusGet)
+
Gets current backend status. This API is used only by quorum clients
+ + + + + + + +

Return type

+
+ inline_response_200_1 + +
+ + + +

Example data

+
Content-Type: application/json
+ 
{
+  "sealstatus" : "sealstatus"
+}
+ +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. +
    +
  • application/json
    • +
+ +

Responses

+

200

+ Successful operation + inline_response_200_1 +

404

+ Invalid Path or Path not found + +
+
+
+
+ Up + 
post /unseal
+
Unseal backend (unsealPost)
+
Sends unseal shard to unseal if backend is sealed
+ + +

Consumes

+ This API call consumes the following media types via the Content-Type request header: +
    +
  • application/json
    • +
+ +

Request body

+
+
body body (required)
+ +
Body Parameter
+ +
+ + + + + + + + +

Produces

+ This API call produces the following media types according to the Accept request header; + the media type will be conveyed by the Content-Type response header. +
    +
  • application/json
    • +
+ +

Responses

+

201

+ Submitted unseal key + +

404

+ Invalid Path or Path not found + +
+
+ +

Models

+ [ Jump to Methods ] + +

Table of Contents

+
    +
  1. Credential -
    2. +
  2. Domain -
    3. +
  3. Secret -
    4. +
  4. body -
    5. +
  5. inline_response_200 -
    6. +
  6. inline_response_200_1 -
    7. +
  7. inline_response_200_2 -
    8. +
+ +
+

Credential - Up

+
+
+
username (optional)
String
+
password (optional)
String
+
+
+
+

Domain - Up

+
+
+
uuid (optional)
String Optional value provided by user. If user does not provide, server will auto generate
+
name (optional)
String Name of the secret domain under which all secrets will be stored
+
+
+
+

Secret - Up

+
+
+
name (optional)
String Name of the secret
+
values (optional)
map[String, Object] Map of key value pairs that constitute the secret
+
+
+
+

body - Up

+ +
+
unsealshard (optional)
String Unseal shard that will be used along with other shards to unseal backend
+
+
+
+

inline_response_200 - Up

+ +
+
token (optional)
String
+
ttl (optional)
Integer ttl of returned token in seconds
+
+
+
+

inline_response_200_1 - Up

+ +
+
sealstatus (optional)
String seal status of backend
+
+
+
+

inline_response_200_2 - Up

+ +
+
secretnames (optional)
array[String] Array of strings referencing the secret names
+
+
+ + diff --git a/docs/api_swagger.yaml b/docs/api_swagger.yaml new file mode 100644 index 0000000..61cd091 --- /dev/null +++ b/docs/api_swagger.yaml @@ -0,0 +1,288 @@ +swagger: '2.0' +info: + description: This is a service that provides secret management facilities + version: 1.0.0 + title: Secret Management Service + contact: + email: kiran.k.kamineni@intel.com + license: + name: Apache 2.0 + url: 'http://www.apache.org/licenses/LICENSE-2.0.html' +host: 'aaf.onap.org:10443' +basePath: /v1/sms/ +tags: + - name: system + description: Operations related to quorum client which are not useful to clients + - name: login + description: Operations related to username password based authentication + - name: domain + description: Operations related to Secret Domains + - name: secret + description: Operations related to Secrets +schemes: + - https +paths: + /login: + post: + tags: + - login + summary: Login with username and password + description: Operations related to logging in via username and Password + consumes: + - application/json + produces: + - application/json + parameters: + - name: body + in: body + required: true + schema: + $ref: '#/definitions/Credential' + responses: + '200': + description: Successful Login returns a token + schema: + type: object + properties: + token: + type: string + ttl: + type: integer + description: ttl of returned token in seconds + '404': + description: Invalid Username or Password + /status: + get: + tags: + - system + description: Gets current backend status. This API is used only by quorum clients + summary: Get backend status + produces: + - application/json + responses: + '200': + description: Successful operation + schema: + type: object + properties: + sealstatus: + type: string + description: seal status of backend + '404': + description: Invalid Path or Path not found + /unseal: + post: + tags: + - system + description: Sends unseal shard to unseal if backend is sealed + summary: Unseal backend + consumes: + - application/json + produces: + - application/json + parameters: + - in: body + name: body + required: true + schema: + type: object + properties: + unsealshard: + type: string + description: >- + Unseal shard that will be used along with other shards to + unseal backend + responses: + '201': + description: Submitted unseal key + '404': + description: Invalid Path or Path not found + /domain: + post: + tags: + - domain + summary: Add a new domain + description: '' + consumes: + - application/json + produces: + - application/json + parameters: + - in: body + name: body + required: true + schema: + $ref: '#/definitions/Domain' + responses: + '201': + description: Successful Creation + schema: + $ref: '#/definitions/Domain' + '400': + description: Invalid input + '500': + description: Internal Server Error + '/domain/{domainName}': + delete: + tags: + - domain + description: Deletes a domain with provided name + summary: Deletes a domain by name + produces: + - application/json + parameters: + - name: domainName + in: path + description: Name of the domain + required: true + type: string + responses: + '204': + description: Successful Deletion + '404': + description: Invalid Path or Path not found + '/domain/{domainName}/secret': + post: + tags: + - secret + summary: Add a new secret + description: '' + consumes: + - application/json + produces: + - application/json + parameters: + - name: domainName + in: path + description: Name of the domain + required: true + type: string + - name: body + in: body + required: true + schema: + $ref: '#/definitions/Secret' + responses: + '201': + description: Successful Creation + '404': + description: Invalid Path or Path not found + get: + tags: + - secret + description: Gets all secret names in this domain + summary: List secret Names in this domain + produces: + - application/json + parameters: + - name: domainName + in: path + description: Name of the domain in which to look at + required: true + type: string + responses: + '200': + description: Successful operation + schema: + type: object + properties: + secretnames: + type: array + items: + type: string + description: Array of strings referencing the secret names + example: + secretnames: ["secretname1", "secretname2", "secretname3"] + '404': + description: Invalid Path or Path not found + '/domain/{domainName}/secret/{secretName}': + get: + tags: + - secret + summary: Find Secret by Name + description: Returns a single secret + produces: + - application/json + parameters: + - name: domainName + in: path + description: Name of the domain in which to look at + required: true + type: string + - name: secretName + in: path + description: Name of the secret which is needed + required: true + type: string + responses: + '200': + description: successful operation + schema: + $ref: '#/definitions/Secret' + '404': + description: Invalid Path or Path not found + delete: + tags: + - secret + summary: Deletes a Secret + description: '' + produces: + - application/json + parameters: + - name: secretName + in: path + description: Name of Secret to Delete + required: true + type: string + - name: domainName + in: path + required: true + description: Path to the SecretDomain which contains the Secret + type: string + responses: + '204': + description: Successful Deletion + '404': + description: Invalid Path or Path not found +securityDefinitions: + token: + type: apiKey + name: token + in: header +definitions: + Credential: + type: object + properties: + username: + type: string + password: + type: string + Domain: + type: object + properties: + uuid: + type: string + description: >- + Optional value provided by user. If user does not provide, server will + auto generate + name: + type: string + description: Name of the secret domain under which all secrets will be stored + Secret: + type: object + properties: + name: + type: string + description: Name of the secret + values: + description: Map of key value pairs that constitute the secret + type: object + additionalProperties: + type: object + example: + name: john + Age: 40 + admin: true +externalDocs: + description: Find out more about Swagger + url: 'http://swagger.io' diff --git a/docs/apiswagger.rst b/docs/apiswagger.rst new file mode 100644 index 0000000..e35c6e8 --- /dev/null +++ b/docs/apiswagger.rst @@ -0,0 +1,745 @@ +SMS 1.0.0 API +=============================== + +.. toctree:: + :maxdepth: 3 + + +Description +~~~~~~~~~~~ + +This is a service that provides secret management facilities + + + +Contact Information +~~~~~~~~~~~~~~~~~~~ + + + +kiran.k.kamineni@intel.com + + + + + +License +~~~~~~~ + + +`Apache 2.0 `_ + + + + +Base URL +~~~~~~~~ + +https://aaf.onap.org:10443/v1/sms/ + +Security +~~~~~~~~ + + +.. _securities_token: + +token (API Key) +--------------- + + + +**Name:** token + +**Located in:** header + + + + +DOMAIN +~~~~~~ + + +Operations related to Secret Domains + + + + + +DELETE ``/domain/{domainName}`` +------------------------------- + + +Summary ++++++++ + +Deletes a domain by name + +Description ++++++++++++ + +.. raw:: html + + Deletes a domain with provided name + +Parameters +++++++++++ + +.. csv-table:: + :delim: | + :header: "Name", "Located in", "Required", "Type", "Format", "Properties", "Description" + :widths: 20, 15, 10, 10, 10, 20, 30 + + domainName | path | Yes | string | | | Name of the domain + + +Request ++++++++ + + +Responses ++++++++++ + +**204** +^^^^^^^ + +Successful Deletion + + +**404** +^^^^^^^ + +Invalid Path or Path not found + + + + + + +POST ``/domain`` +---------------- + + +Summary ++++++++ + +Add a new domain + + + +Request ++++++++ + + + +.. _d_c7bdcff9aff0692da98e588abdbc895b: + +Body +^^^^ + +.. csv-table:: + :delim: | + :header: "Name", "Required", "Type", "Format", "Properties", "Description" + :widths: 20, 10, 15, 15, 30, 25 + + name | No | string | | | Name of the secret domain under which all secrets will be stored + uuid | No | string | | | Optional value provided by user. If user does not provide, server will auto generate + +.. code-block:: javascript + + { + "name": "somestring", + "uuid": "somestring" + } + +Responses ++++++++++ + +**201** +^^^^^^^ + +Successful Creation + + +Type: :ref:`Domain ` + +**Example:** + +.. code-block:: javascript + + { + "name": "somestring", + "uuid": "somestring" + } + +**400** +^^^^^^^ + +Invalid input + + +**500** +^^^^^^^ + +Internal Server Error + + + + + +LOGIN +~~~~~ + + +Operations related to username password based authentication + + + + + +POST ``/login`` +--------------- + + +Summary ++++++++ + +Login with username and password + +Description ++++++++++++ + +.. raw:: html + + Operations related to logging in via username and Password + + +Request ++++++++ + + + +.. _d_8e36d758bad367e4538a291a5dd5355f: + +Body +^^^^ + +.. csv-table:: + :delim: | + :header: "Name", "Required", "Type", "Format", "Properties", "Description" + :widths: 20, 10, 15, 15, 30, 25 + + password | No | string | | | + username | No | string | | | + +.. code-block:: javascript + + { + "password": "somestring", + "username": "somestring" + } + +Responses ++++++++++ + +**200** +^^^^^^^ + +Successful Login returns a token + + +.. _i_bbceffdf8441c1c476ca77c42ad12f85: + +**Response Schema:** + +.. csv-table:: + :delim: | + :header: "Name", "Required", "Type", "Format", "Properties", "Description" + :widths: 20, 10, 15, 15, 30, 25 + + token | No | string | | | + ttl | No | integer | | | ttl of returned token in seconds + + +**Example:** + +.. code-block:: javascript + + { + "token": "somestring", + "ttl": 1 + } + +**404** +^^^^^^^ + +Invalid Username or Password + + + + + +SECRET +~~~~~~ + + +Operations related to Secrets + + + + + +DELETE ``/domain/{domainName}/secret/{secretName}`` +--------------------------------------------------- + + +Summary ++++++++ + +Deletes a Secret + + +Parameters +++++++++++ + +.. csv-table:: + :delim: | + :header: "Name", "Located in", "Required", "Type", "Format", "Properties", "Description" + :widths: 20, 15, 10, 10, 10, 20, 30 + + secretName | path | Yes | string | | | Name of Secret to Delete + domainName | path | Yes | string | | | Path to the SecretDomain which contains the Secret + + +Request ++++++++ + + +Responses ++++++++++ + +**204** +^^^^^^^ + +Successful Deletion + + +**404** +^^^^^^^ + +Invalid Path or Path not found + + + + + + +GET ``/domain/{domainName}/secret`` +----------------------------------- + + +Summary ++++++++ + +List secret Names in this domain + +Description ++++++++++++ + +.. raw:: html + + Gets all secret names in this domain + +Parameters +++++++++++ + +.. csv-table:: + :delim: | + :header: "Name", "Located in", "Required", "Type", "Format", "Properties", "Description" + :widths: 20, 15, 10, 10, 10, 20, 30 + + domainName | path | Yes | string | | | Name of the domain in which to look at + + +Request ++++++++ + + +Responses ++++++++++ + +**200** +^^^^^^^ + +Successful operation + + +.. _i_1dcddfd6f11cba3fb2516d3a61cd1b77: + +**Response Schema:** + +.. csv-table:: + :delim: | + :header: "Name", "Required", "Type", "Format", "Properties", "Description" + :widths: 20, 10, 15, 15, 30, 25 + + secretnames | No | array of string | | | Array of strings referencing the secret names + + +**Example:** + +.. code-block:: javascript + + { + "secretnames": [ + "secretname1", + "secretname2", + "secretname3" + ] + } + +**404** +^^^^^^^ + +Invalid Path or Path not found + + + + + + +GET ``/domain/{domainName}/secret/{secretName}`` +------------------------------------------------ + + +Summary ++++++++ + +Find Secret by Name + +Description ++++++++++++ + +.. raw:: html + + Returns a single secret + +Parameters +++++++++++ + +.. csv-table:: + :delim: | + :header: "Name", "Located in", "Required", "Type", "Format", "Properties", "Description" + :widths: 20, 15, 10, 10, 10, 20, 30 + + domainName | path | Yes | string | | | Name of the domain in which to look at + secretName | path | Yes | string | | | Name of the secret which is needed + + +Request ++++++++ + + +Responses ++++++++++ + +**200** +^^^^^^^ + +successful operation + + +Type: :ref:`Secret ` + +**Example:** + +.. code-block:: javascript + + { + "name": "somestring", + "values": { + "Age": 40, + "admin": true, + "name": "john" + } + } + +**404** +^^^^^^^ + +Invalid Path or Path not found + + + + + + +POST ``/domain/{domainName}/secret`` +------------------------------------ + + +Summary ++++++++ + +Add a new secret + + +Parameters +++++++++++ + +.. csv-table:: + :delim: | + :header: "Name", "Located in", "Required", "Type", "Format", "Properties", "Description" + :widths: 20, 15, 10, 10, 10, 20, 30 + + domainName | path | Yes | string | | | Name of the domain + + +Request ++++++++ + + + +.. _d_5e5fddd9ede6eb091e8496a9c55b84c3: + +Body +^^^^ + +.. csv-table:: + :delim: | + :header: "Name", "Required", "Type", "Format", "Properties", "Description" + :widths: 20, 10, 15, 15, 30, 25 + + name | No | string | | | Name of the secret + values | No | :ref:`values ` | | | Map of key value pairs that constitute the secret + +.. _i_a9213c9639162b77082e257e19cca0d0: + +**Values schema:** + + +Map of key value pairs that constitute the secret + +Map of {"key":":ref:`values-mapped `"} + +.. csv-table:: + :delim: | + :header: "Name", "Required", "Type", "Format", "Properties", "Description" + :widths: 20, 10, 15, 15, 30, 25 + + + +.. code-block:: javascript + + { + "name": "somestring", + "values": { + "Age": 40, + "admin": true, + "name": "john" + } + } + +Responses ++++++++++ + +**201** +^^^^^^^ + +Successful Creation + + +**404** +^^^^^^^ + +Invalid Path or Path not found + + + + + +SYSTEM +~~~~~~ + + +Operations related to quorum client which are not useful to clients + + + + + +GET ``/status`` +--------------- + + +Summary ++++++++ + +Get backend status + +Description ++++++++++++ + +.. raw:: html + + Gets current backend status. This API is used only by quorum clients + + +Request ++++++++ + + +Responses ++++++++++ + +**200** +^^^^^^^ + +Successful operation + + +.. _i_ac1bc8e82eadbd8c03f852e15be4d03b: + +**Response Schema:** + +.. csv-table:: + :delim: | + :header: "Name", "Required", "Type", "Format", "Properties", "Description" + :widths: 20, 10, 15, 15, 30, 25 + + sealstatus | No | string | | | seal status of backend + + +**Example:** + +.. code-block:: javascript + + { + "sealstatus": "somestring" + } + +**404** +^^^^^^^ + +Invalid Path or Path not found + + + + + + +POST ``/unseal`` +---------------- + + +Summary ++++++++ + +Unseal backend + +Description ++++++++++++ + +.. raw:: html + + Sends unseal shard to unseal if backend is sealed + + +Request ++++++++ + + + +.. _i_9d32e021ba68855cbb6e633520b7cd2d: + +Body +^^^^ + +.. csv-table:: + :delim: | + :header: "Name", "Required", "Type", "Format", "Properties", "Description" + :widths: 20, 10, 15, 15, 30, 25 + + unsealshard | No | string | | | Unseal shard that will be used along with other shards to unseal backend + +.. code-block:: javascript + + { + "unsealshard": "somestring" + } + +Responses ++++++++++ + +**201** +^^^^^^^ + +Submitted unseal key + + +**404** +^^^^^^^ + +Invalid Path or Path not found + + + + + +Data Structures +~~~~~~~~~~~~~~~ + +.. _d_8e36d758bad367e4538a291a5dd5355f: + +Credential Model Structure +-------------------------- + +.. csv-table:: + :delim: | + :header: "Name", "Required", "Type", "Format", "Properties", "Description" + :widths: 20, 10, 15, 15, 30, 25 + + password | No | string | | | + username | No | string | | | + +.. _d_c7bdcff9aff0692da98e588abdbc895b: + +Domain Model Structure +---------------------- + +.. csv-table:: + :delim: | + :header: "Name", "Required", "Type", "Format", "Properties", "Description" + :widths: 20, 10, 15, 15, 30, 25 + + name | No | string | | | Name of the secret domain under which all secrets will be stored + uuid | No | string | | | Optional value provided by user. If user does not provide, server will auto generate + +.. _d_5e5fddd9ede6eb091e8496a9c55b84c3: + +Secret Model Structure +---------------------- + +.. csv-table:: + :delim: | + :header: "Name", "Required", "Type", "Format", "Properties", "Description" + :widths: 20, 10, 15, 15, 30, 25 + + name | No | string | | | Name of the secret + values | No | :ref:`values ` | | | Map of key value pairs that constitute the secret + +.. _i_a9213c9639162b77082e257e19cca0d0: + +**Values schema:** + + +Map of key value pairs that constitute the secret + +Map of {"key":":ref:`values-mapped `"} + +.. csv-table:: + :delim: | + :header: "Name", "Required", "Type", "Format", "Properties", "Description" + :widths: 20, 10, 15, 15, 30, 25 + + + diff --git a/docs/coverage.html b/docs/coverage.html new file mode 100644 index 0000000..39ee191 --- /dev/null +++ b/docs/coverage.html @@ -0,0 +1,1471 @@ + + + + + + + + +
+ +
+ not tracked + + no coverage + low coverage + * + * + * + * + * + * + * + * + high coverage + +
+
+
+ + + + + + + + + + + + + + + +
+ + + diff --git a/docs/coverage.md b/docs/coverage.md new file mode 100644 index 0000000..6168342 --- /dev/null +++ b/docs/coverage.md @@ -0,0 +1,41 @@ +## Code Coverage Reports for Golang Applications ## + +This document covers how to generate HTML Code Coverage Reports for +Golang Applications. + +#### Generate a test executable which calls your main() + +```sh +$ go test -c -covermode=count -coverpkg ./... +``` + +#### Run the generated application to produce a new coverage report + +```sh +$ ./sms.test -test.run "^TestMain$" -test.coverprofile=coverage.cov +``` + +#### Run your unit tests to produce their coverage report + +```sh +$ go test -test.covermode=count -test.coverprofile=unit.out ./... +``` + +#### Merge the two coverage Reports + +```sh +$ go get github.com/wadey/gocovmerge +$ gocovmerge unit.out coverage.cov > all.out +``` + +#### Generate HTML Report + +```sh +$ go tool cover -html all.out -o coverage.html +``` + +#### Generate Function Report + +```sh +$ go tool cover -func all.out +``` \ No newline at end of file diff --git a/docs/index.rst b/docs/index.rst new file mode 100644 index 0000000..5f17a04 --- /dev/null +++ b/docs/index.rst @@ -0,0 +1,37 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. Copyright 2018 Intel Corporation, Inc + +SMS-Secret Management Service +================================== + +.. toctree:: + :maxdepth: 1 + + installation + usage + apiswagger + + +Introduction +------------ + +This project aims at the Storage of sensitive information such as passwords. + +**Current state and gaps** + +Many services in ONAP use password based authentication. Eg: Database servers, publish/subscribe brokers etc. +Passwords are stored in plain text files in many services. +With multiple instances of these services, the attach surface area becomes very big. +Hence there is a need to ensure that attack surface related to password exposure is reduced. + +**Requirement:** + +Need for secure secret management. Services are expected to get the secret only on needed basis using secret reference and remove the secrets once they are used up. + +**Secret Service High Level Flow Diagram** + +.. image:: sms_high_level.png + :width: 4555550px + :height: 300px + :alt: SMS Flow Diagram diff --git a/docs/installation.rst b/docs/installation.rst new file mode 100644 index 0000000..b22d133 --- /dev/null +++ b/docs/installation.rst @@ -0,0 +1,33 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. Copyright 2018 Intel Corporation, Inc + +Installation +============ + +The Secret Managment Project is a subproject of AAF and will deployed via Helm on Kubernetes +under the OOM Project + +.. code-block:: console + + # Set Datastore as Consul + DATASTORE="consul" + # Set IP address of where Consul is running + DATASTORE_IP="localhost" + # Set mountpath inside the container where persistent data is stored. + MOUNTPATH="/dkv_mount_path/configs/" + # Place all Config data which needs to be loaded in default directory. + DEFAULT_CONFIGS=$(pwd)/mountpath/default + # Create the directories. + mkdir -p mountpath/default + # Login to Nexus. + docker login -u docker -p docker nexus3.onap.org:10001 + # Pull distributed-kv-store image. + docker pull nexus3.onap.org:10001/onap/music/distributed-kv-store + # Run the distributed-kv-store image. + docker run -e DATASTORE=$DATASTORE -e DATASTORE_IP=$DATASTORE_IP -e MOUNTPATH=$MOUNTPATH -d \ + --name dkv \ + -v $DEFAULT_CONFIGS:/dkv_mount_path/configs/default \ + -p 8200:8200 -p 8080:8080 nexus3.onap.org:10001/onap/music/distributed-kv-store + +.. end diff --git a/docs/sms_high_level.png b/docs/sms_high_level.png new file mode 100644 index 0000000..3cd14ba Binary files /dev/null and b/docs/sms_high_level.png differ diff --git a/docs/usage.rst b/docs/usage.rst new file mode 100644 index 0000000..b35e9b5 --- /dev/null +++ b/docs/usage.rst @@ -0,0 +1,54 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. Copyright 2018 Intel Corporation, Inc + +Typical Usage Scenario +====================== + +.. code-block:: guess + + ## Create a Domain + ## This is where all your secrets will be stored + curl -H "Accept: application/json" --cacert ca.pem --cert client.cert --key client.key + -X POST \ + -d '{ + "name": "mysecretdomain" + }' + https://sms:10443/v1/sms/domain + + ## Add a new Secret + curl -H "Accept: application/json" --cacert ca.pem --cert client.cert --key client.key + -X POST \ + -d '{ + "name": "mysecret", + "values": { + "name": "rah", + "age": 35, + "password": "mypassword" + } + }' + https://sms:10443/v1/sms/domain/