3.0.2 tls web-server under k8s3.0.2

- external version 3.0.2 - internal version 5.0.2 for code change - no API change - https server is enabled when either of the following pairs are found in fs: 1. etc/cert/cert and etc/cert/pass (old behavior) 2. etc/cert/cert.p12 and etc/cert/p12.pass - added alternative - hide secrets when logging the config - changed Dockerfile to copy the whole etc/ folder that might contain etc/cert/* files - easier to test - replaced CRLF with LF in swagger-ui.js - no code change - unit tested Coverage summary Statements : 77.45% ( 910/1175 ) Branches : 53.7% ( 283/527 ) Functions : 79.9% ( 159/199 ) Lines : 77.85% ( 900/1156 ) Change-Id: I921e0d6ac9573f60fa98910f799f9d034b573542 Signed-off-by: Alex Shatov <alexs@att.com> Issue-ID: DCAEGEN2-780
author: Alex Shatov <alexs@att.com> 2018-09-17 16:21:53 -0400
committer: Alex Shatov <alexs@att.com> 2018-09-17 16:21:53 -0400
commit: cb017456dbe09fc8f3e5270e641ab8f323ecde76 (patch)
tree: f62de1c4b25754700f0138785a9874db8170d83d /lib/config.js
parent: ceda84d021dde70299f96984ca7aec16740854be (diff)
1 files changed, 28 insertions, 16 deletions
diff --git a/lib/config.js b/lib/config.js
index fd7d38c..8daa87f 100644
--- a/lib/config.js
+++ b/lib/config.js
@@ -52,10 +52,12 @@ See the License for the specific language governing permissions and limitations
  * Basic authentication and supply "admin" as a user name with "admin123" as the password or
  * supply "other" as the user name with "other123" as the password.
  *
- * The dispatcher will attempt to run using TLS (i.e., as an HTTPS server) if a certificate
- * file in pkcs12 format is stored at etc/cert/cert and a file containing the corresponding
- * passphrase is stored at etc/cert/pass.  These files can be made available to the container
- * running the dispatcher by mounting a volume to the container.
+ * The deployment-handler will attempt to run its web-server using TLS (i.e., as an HTTPS server)
+ * if a certificate file in pkcs12 format is stored at etc/cert/cert and a file containing the
+ * corresponding passphrase is stored at etc/cert/pass.
+ *   - alternative files can be at etc/cert/cert.p12 and etc/cert/p12.pass, respectively.
+ * These files can be made available to the container running the deployment-handler by
+ * mounting a volume to the container.
  */
 "use strict";
 
@@ -65,6 +67,9 @@ const consul = require("./consul");
 
 const SSL_CERT_FILE = "etc/cert/cert";
 const SSL_PASS_FILE = "etc/cert/pass";
+const SSL_CERT_P12_FILE = "etc/cert/cert.p12";
+const SSL_P12_PASS_FILE = "etc/cert/p12.pass";
+
 const PACKAGE_JSON_FILE = "./package.json";
 
 const CONFIG_KEY = "deployment_handler";	/* Configuration is stored under the name "deployment_handler" */
@@ -120,21 +125,21 @@ const getFileContents = function(path) {
             else {
                 resolve(data);
             }
-        })
-    })
+        });
+    });
 };
 
 /* Check for a TLS cert file and passphrase */
-const getTLSCredentials = function() {
-	var ssl = {};
+const getTLSCredentials = function(ssl_pass_file, ssl_cert_file) {
+	const ssl = {};
 
 	/* Get the passphrase */
-	return getFileContents(SSL_PASS_FILE)
+	return getFileContents(ssl_pass_file)
 	.then(function(phrase) {
 		ssl.passphrase = phrase.toString('utf8').trim();
 
 		/* Get the cert */
-		return getFileContents(SSL_CERT_FILE);
+		return getFileContents(ssl_cert_file);
 	})
 
 	.then(function(cert) {
@@ -143,9 +148,10 @@ const getTLSCredentials = function() {
 	})
 
 	.catch(function(err) {
-		return {};
+		console.log((new Date()) + ": getTLSCredentials", err.toString());
+		return;
 	});
-}
+};
 
 exports.configure = function() {
 	const config = {};
@@ -202,11 +208,17 @@ exports.configure = function() {
 	.then(function(invService) {
 		config.inventory.url = config.inventory.protocol + "://" + invService.address + ":" + invService.port + INV_API_PATH;
 
-		/* Get TLS credentials, if they exist */
-		return getTLSCredentials();
+		console.log((new Date()) + ": looking for tls files", SSL_PASS_FILE, SSL_CERT_FILE);
+		return getTLSCredentials(SSL_PASS_FILE, SSL_CERT_FILE);
+	})
+	.then(function(tls) {
+		if (tls) {return tls;}
+
+		console.log((new Date()) + ": looking for alternative tls files", SSL_P12_PASS_FILE, SSL_CERT_P12_FILE);
+		return getTLSCredentials(SSL_P12_PASS_FILE, SSL_CERT_P12_FILE);
 	})
 	.then(function(tls) {
-		config.ssl = tls;
+		if (tls) {config.ssl = tls;}
 
 		/* Check for missing required configuration parameters */
 		const missing = findMissingConfig(config);
@@ -214,7 +226,7 @@ exports.configure = function() {
 			throw new Error ("Required configuration elements missing: " + missing.join(','));
 			config = null;
 		}
-		console.log( (new Date()) + ": config -> " + JSON.stringify(config, undefined, 2));
+		console.log((new Date()) + ": config -> " + JSON.stringify(config, utils.hideSecrets, 2));
 		return config;
 	});
 };
author	Alex Shatov <alexs@att.com>	2018-09-17 16:21:53 -0400
committer	Alex Shatov <alexs@att.com>	2018-09-17 16:21:53 -0400
commit	cb017456dbe09fc8f3e5270e641ab8f323ecde76 (patch)
tree	f62de1c4b25754700f0138785a9874db8170d83d /lib/config.js
parent	ceda84d021dde70299f96984ca7aec16740854be (diff)