From a301dc2855b5923c9a7210f896b6c3e75ab6f45c Mon Sep 17 00:00:00 2001 From: Kiran Kamineni Date: Mon, 5 Mar 2018 16:50:16 -0800 Subject: Adding unseal backend support Unseal backend support is now added. The quorum client will use this api to unseal/initialize the backend storage service Issue-ID: AAF-156 Change-Id: Ic2726e9a5ca351912a16c3ec911d03e400233277 Signed-off-by: Kiran Kamineni --- sms-service/src/sms/backend/backend.go | 11 +++-------- sms-service/src/sms/backend/vault.go | 13 +++++++++++++ sms-service/src/sms/handler/handler.go | 27 ++++++++++++++++++++------- sms-service/src/sms/handler/handler_test.go | 4 ++++ 4 files changed, 40 insertions(+), 15 deletions(-) (limited to 'sms-service/src') diff --git a/sms-service/src/sms/backend/backend.go b/sms-service/src/sms/backend/backend.go index 61af995..756f609 100644 --- a/sms-service/src/sms/backend/backend.go +++ b/sms-service/src/sms/backend/backend.go @@ -28,14 +28,8 @@ type SecretDomain struct { Name string `json:"name"` } -// SecretKeyValue is building block for a Secret -type SecretKeyValue struct { - Key string `json:"name"` - Value string `json:"value"` -} - // Secret is the struct that defines the structure of a secret -// A single Secret can have any number of SecretKeyValue pairs +// It consists of a name and map containing key value pairs type Secret struct { Name string `json:"name"` Values map[string]interface{} `json:"values"` @@ -44,8 +38,9 @@ type Secret struct { // SecretBackend interface that will be implemented for various secret backends type SecretBackend interface { Init() error - GetStatus() (bool, error) + Unseal(shard string) error + GetSecret(dom string, sec string) (Secret, error) ListSecret(dom string) ([]string, error) diff --git a/sms-service/src/sms/backend/vault.go b/sms-service/src/sms/backend/vault.go index d92ac43..0b62bb5 100644 --- a/sms-service/src/sms/backend/vault.go +++ b/sms-service/src/sms/backend/vault.go @@ -78,6 +78,18 @@ func (v *Vault) GetStatus() (bool, error) { return sealStatus.Sealed, nil } +// Unseal is a passthrough API that allows any +// unseal or initialization processes for the backend +func (v *Vault) Unseal(shard string) error { + sys := v.vaultClient.Sys() + _, err := sys.Unseal(shard) + if err != nil { + return err + } + + return nil +} + // GetSecret returns a secret mounted on a particular domain name // The secret itself is referenced via its name which translates to // a mount path in vault @@ -284,6 +296,7 @@ func (v *Vault) checkToken() error { defer v.tokenLock.Unlock() // Init Role if it is not yet done + // Role needs to be created before token can be created if v.initRoleDone == false { err := v.initRole() if err != nil { diff --git a/sms-service/src/sms/handler/handler.go b/sms-service/src/sms/handler/handler.go index fde6718..2288092 100644 --- a/sms-service/src/sms/handler/handler.go +++ b/sms-service/src/sms/handler/handler.go @@ -169,14 +169,28 @@ func (h handler) loginHandler(w http.ResponseWriter, r *http.Request) { } -// initSMSHandler -func (h handler) initSMSHandler(w http.ResponseWriter, r *http.Request) { - -} - -// unsealHandler +// unsealHandler is a pass through that sends requests from quorum client +// to the backend. func (h handler) unsealHandler(w http.ResponseWriter, r *http.Request) { + // Get shards to be used for unseal + type unsealStruct struct { + UnsealShard string `json:"unsealshard"` + } + + var inp unsealStruct + decoder := json.NewDecoder(r.Body) + decoder.DisallowUnknownFields() + err := decoder.Decode(&inp) + if err != nil { + http.Error(w, "Bad input JSON", http.StatusBadRequest) + return + } + err = h.secretBackend.Unseal(inp.UnsealShard) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } } // CreateRouter returns an http.Handler for the registered URLs @@ -193,7 +207,6 @@ func CreateRouter(b smsbackend.SecretBackend) http.Handler { // to unseal and to provide root token to sms service router.HandleFunc("/v1/sms/status", h.statusHandler).Methods("GET") router.HandleFunc("/v1/sms/unseal", h.unsealHandler).Methods("POST") - router.HandleFunc("/v1/sms/init", h.initSMSHandler).Methods("POST") router.HandleFunc("/v1/sms/domain", h.createSecretDomainHandler).Methods("POST") router.HandleFunc("/v1/sms/domain/{domName}", h.deleteSecretDomainHandler).Methods("DELETE") diff --git a/sms-service/src/sms/handler/handler_test.go b/sms-service/src/sms/handler/handler_test.go index 56aa5ac..82bd78e 100644 --- a/sms-service/src/sms/handler/handler_test.go +++ b/sms-service/src/sms/handler/handler_test.go @@ -42,6 +42,10 @@ func (b *TestBackend) GetStatus() (bool, error) { return true, nil } +func (b *TestBackend) Unseal(shard string) error { + return nil +} + func (b *TestBackend) GetSecret(dom string, sec string) (smsbackend.Secret, error) { return smsbackend.Secret{}, nil } -- cgit 1.2.3-korg