3.0.2 tls web-server under k8s3.0.2

- external version 3.0.2
- internal version 5.0.2 for code change - no API change
- https server is enabled when either of the following pairs
  are found in fs:
  1. etc/cert/cert and etc/cert/pass (old behavior)
  2. etc/cert/cert.p12 and etc/cert/p12.pass - added alternative
- hide secrets when logging the config
- changed Dockerfile to copy the whole etc/ folder
  that might contain etc/cert/* files - easier to test
- replaced CRLF with LF in swagger-ui.js - no code change
- unit tested

Coverage summary
Statements   : 77.45% ( 910/1175 )
Branches     : 53.7% ( 283/527 )
Functions    : 79.9% ( 159/199 )
Lines        : 77.85% ( 900/1156 )

Change-Id: I921e0d6ac9573f60fa98910f799f9d034b573542
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-780

3 files changed, 71 insertions, 54 deletions

diff --git a/lib/config.js b/lib/config.js
index fd7d38c..8daa87f 100644
--- a/lib/config.js
+++ b/lib/config.js
@@ -52,10 +52,12 @@ See the License for the specific language governing permissions and limitations
  * Basic authentication and supply "admin" as a user name with "admin123" as the password or
  * supply "other" as the user name with "other123" as the password.
  *
- * The dispatcher will attempt to run using TLS (i.e., as an HTTPS server) if a certificate
- * file in pkcs12 format is stored at etc/cert/cert and a file containing the corresponding
- * passphrase is stored at etc/cert/pass.  These files can be made available to the container
- * running the dispatcher by mounting a volume to the container.
+ * The deployment-handler will attempt to run its web-server using TLS (i.e., as an HTTPS server)
+ * if a certificate file in pkcs12 format is stored at etc/cert/cert and a file containing the
+ * corresponding passphrase is stored at etc/cert/pass.
+ *   - alternative files can be at etc/cert/cert.p12 and etc/cert/p12.pass, respectively.
+ * These files can be made available to the container running the deployment-handler by
+ * mounting a volume to the container.
  */
 "use strict";
 
@@ -65,6 +67,9 @@ const consul = require("./consul");
 
 const SSL_CERT_FILE = "etc/cert/cert";
 const SSL_PASS_FILE = "etc/cert/pass";
+const SSL_CERT_P12_FILE = "etc/cert/cert.p12";
+const SSL_P12_PASS_FILE = "etc/cert/p12.pass";
+
 const PACKAGE_JSON_FILE = "./package.json";
 
 const CONFIG_KEY = "deployment_handler";	/* Configuration is stored under the name "deployment_handler" */
@@ -120,21 +125,21 @@ const getFileContents = function(path) {
             else {
                 resolve(data);
             }
-        })
-    })
+        });
+    });
 };
 
 /* Check for a TLS cert file and passphrase */
-const getTLSCredentials = function() {
-	var ssl = {};
+const getTLSCredentials = function(ssl_pass_file, ssl_cert_file) {
+	const ssl = {};
 
 	/* Get the passphrase */
-	return getFileContents(SSL_PASS_FILE)
+	return getFileContents(ssl_pass_file)
 	.then(function(phrase) {
 		ssl.passphrase = phrase.toString('utf8').trim();
 
 		/* Get the cert */
-		return getFileContents(SSL_CERT_FILE);
+		return getFileContents(ssl_cert_file);
 	})
 
 	.then(function(cert) {
@@ -143,9 +148,10 @@ const getTLSCredentials = function() {
 	})
 
 	.catch(function(err) {
-		return {};
+		console.log((new Date()) + ": getTLSCredentials", err.toString());
+		return;
 	});
-}
+};
 
 exports.configure = function() {
 	const config = {};
@@ -202,11 +208,17 @@ exports.configure = function() {
 	.then(function(invService) {
 		config.inventory.url = config.inventory.protocol + "://" + invService.address + ":" + invService.port + INV_API_PATH;
 
-		/* Get TLS credentials, if they exist */
-		return getTLSCredentials();
+		console.log((new Date()) + ": looking for tls files", SSL_PASS_FILE, SSL_CERT_FILE);
+		return getTLSCredentials(SSL_PASS_FILE, SSL_CERT_FILE);
+	})
+	.then(function(tls) {
+		if (tls) {return tls;}
+
+		console.log((new Date()) + ": looking for alternative tls files", SSL_P12_PASS_FILE, SSL_CERT_P12_FILE);
+		return getTLSCredentials(SSL_P12_PASS_FILE, SSL_CERT_P12_FILE);
 	})
 	.then(function(tls) {
-		config.ssl = tls;
+		if (tls) {config.ssl = tls;}
 
 		/* Check for missing required configuration parameters */
 		const missing = findMissingConfig(config);
@@ -214,7 +226,7 @@ exports.configure = function() {
 			throw new Error ("Required configuration elements missing: " + missing.join(','));
 			config = null;
 		}
-		console.log( (new Date()) + ": config -> " + JSON.stringify(config, undefined, 2));
+		console.log((new Date()) + ": config -> " + JSON.stringify(config, utils.hideSecrets, 2));
 		return config;
 	});
 };
diff --git a/lib/swagger-ui.js b/lib/swagger-ui.js
index 8c50255..e397c75 100644
--- a/lib/swagger-ui.js
+++ b/lib/swagger-ui.js
@@ -1,31 +1,31 @@
-/*

-Copyright(c) 2017 AT&T Intellectual Property. All rights reserved.

-

-Licensed under the Apache License, Version 2.0 (the "License");

-you may not use this file except in compliance with the License.

-

-You may obtain a copy of the License at

-

-       http://www.apache.org/licenses/LICENSE-2.0

-

-Unless required by applicable law or agreed to in writing,

-software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR

-CONDITIONS OF ANY KIND, either express or implied.

-See the License for the specific language governing permissions and limitations under the License.

-*/

-

-/**

- * swagger-ui for deployment-handler API

- */

-

-"use strict";

-

-// ========================================================

-

-const app = require('express')();

-const swaggerUi = require('swagger-ui-express');

-const YAML = require('yamljs');

-const swaggerDocument = YAML.load('./deployment-handler-API.yaml');

-app.use("/", swaggerUi.serve, swaggerUi.setup(swaggerDocument));

-

-module.exports = app;

+/*
+Copyright(c) 2017 AT&T Intellectual Property. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and limitations under the License.
+*/
+
+/**
+ * swagger-ui for deployment-handler API
+ */
+
+"use strict";
+
+// ========================================================
+
+const app = require('express')();
+const swaggerUi = require('swagger-ui-express');
+const YAML = require('yamljs');
+const swaggerDocument = YAML.load('./deployment-handler-API.yaml');
+app.use("/", swaggerUi.serve, swaggerUi.setup(swaggerDocument));
+
+module.exports = app;
diff --git a/lib/utils.js b/lib/utils.js
index 70146e3..8caf280 100644
--- a/lib/utils.js
+++ b/lib/utils.js
@@ -1,16 +1,16 @@
 /*
-Copyright(c) 2017 AT&T Intellectual Property. All rights reserved. 
+Copyright(c) 2017-2018 AT&T Intellectual Property. All rights reserved.
 
-Licensed under the Apache License, Version 2.0 (the "License"); 
+Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 
 You may obtain a copy of the License at
 
        http://www.apache.org/licenses/LICENSE-2.0
 
-Unless required by applicable law or agreed to in writing, 
+Unless required by applicable law or agreed to in writing,
 software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
-CONDITIONS OF ANY KIND, either express or implied. 
+CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and limitations under the License.
 */
 
@@ -26,14 +26,19 @@ exports.hasProperty = function(o, key) {
 		if (typeof(o) === 'object' && o !== null && (e in o) &&  (typeof o[e] !== 'undefined')) {
 			o = o[e];
 			return true;
-		}	
+		}
 		else {
 			return false;
-		} 
+		}
 	});
 };
 
 /* Generate a random ID string */
 exports.generateId = function() {
-	return uuid();	
+	return uuid();
+};
+
+const hide_fields = ["passphrase", "pfx"];
+exports.hideSecrets = function(key, value) {
+	return (key && hide_fields.includes(key) && "*") || value;
 };