Skip to content

Commit

Permalink
refactor: moving consul access and role interface
Browse files Browse the repository at this point in the history
Moving configureConsulAccess and createRole to go-mod-secrets to
consolidate consul API.

Closes: edgexfoundry#3227

Signed-off-by: Rico Chavez-Lopez <[email protected]>
  • Loading branch information
ItsRico committed Oct 19, 2022
1 parent a0e04e5 commit 0b38361
Show file tree
Hide file tree
Showing 10 changed files with 78 additions and 364 deletions.
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,12 @@ module github.com/edgexfoundry/edgex-go

require (
bitbucket.org/bertimus9/systemstat v0.0.0-20180207000608-0eeff89b0690
github.com/eclipse/paho.mqtt.golang v1.4.1
github.com/edgexfoundry/go-mod-bootstrap/v2 v2.3.0-dev.16
github.com/edgexfoundry/go-mod-core-contracts/v2 v2.3.0-dev.16
github.com/edgexfoundry/go-mod-messaging/v2 v2.3.0-dev.15
github.com/edgexfoundry/go-mod-registry/v2 v2.2.0
github.com/edgexfoundry/go-mod-secrets/v2 v2.3.0-dev.7
github.com/edgexfoundry/go-mod-secrets/v2 v2.3.0-dev.9
github.com/fxamacker/cbor/v2 v2.4.0
github.com/golang-jwt/jwt/v4 v4.4.2
github.com/gomodule/redigo v1.8.9
Expand All @@ -27,7 +28,6 @@ require (
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da // indirect
github.com/cenkalti/backoff v2.2.1+incompatible // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/eclipse/paho.mqtt.golang v1.4.1 // indirect
github.com/edgexfoundry/go-mod-configuration/v2 v2.2.0 // indirect
github.com/fatih/color v1.9.0 // indirect
github.com/go-kit/log v0.2.1 // indirect
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,8 @@ github.com/edgexfoundry/go-mod-messaging/v2 v2.3.0-dev.15 h1:Kddm7MEqId6j3sXVaA5
github.com/edgexfoundry/go-mod-messaging/v2 v2.3.0-dev.15/go.mod h1:yLJ9EK4Feg409FDr0oP87LbaRLyOSGJk/ikaIfEDKcI=
github.com/edgexfoundry/go-mod-registry/v2 v2.2.0 h1:dk9ul1t7INAiyZXeu/GrpinFE3qOekdy8uZOqEGgIiE=
github.com/edgexfoundry/go-mod-registry/v2 v2.2.0/go.mod h1:DUQRnAd5fVzoROc5SI+PTFUD/vCNeZmZHBMrLElbmwI=
github.com/edgexfoundry/go-mod-secrets/v2 v2.3.0-dev.7 h1:BFg7lzSVitQGvGY1mZucMXI5HNLgORDWde8a3L5dWsM=
github.com/edgexfoundry/go-mod-secrets/v2 v2.3.0-dev.7/go.mod h1:h/FohFNY8xHalioLg1bhjAuEj0z+danSDtixirvaXmQ=
github.com/edgexfoundry/go-mod-secrets/v2 v2.3.0-dev.9 h1:K6wGLHXASBcCEJrIec4vvTNkuooduOS+9TtjhrBm3Jc=
github.com/edgexfoundry/go-mod-secrets/v2 v2.3.0-dev.9/go.mod h1:h/FohFNY8xHalioLg1bhjAuEj0z+danSDtixirvaXmQ=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
Expand Down
19 changes: 4 additions & 15 deletions internal/security/bootstrapper/command/setupacl/aclbootstrap.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,22 +25,11 @@ import (
"path/filepath"

"github.com/edgexfoundry/go-mod-secrets/v2/pkg/token/fileioperformer"
"github.com/edgexfoundry/go-mod-secrets/v2/pkg/types"
)

// BootStrapACLTokenInfo is the key portion of the response metadata from consulACLBootstrapAPI
type BootStrapACLTokenInfo struct {
SecretID string `json:"SecretID"`
Policies []Policy `json:"Policies"`
}

// Policy is the metadata for ACL policy
type Policy struct {
ID string `json:"ID"`
Name string `json:"Name"`
}

// generateBootStrapACLToken should only be called once per Consul agent
func (c *cmd) generateBootStrapACLToken() (*BootStrapACLTokenInfo, error) {
func (c *cmd) generateBootStrapACLToken() (*types.BootStrapACLTokenInfo, error) {
aclBootstrapURL, err := c.getRegistryApiUrl(consulACLBootstrapAPI)
if err != nil {
return nil, err
Expand All @@ -64,7 +53,7 @@ func (c *cmd) generateBootStrapACLToken() (*BootStrapACLTokenInfo, error) {
return nil, fmt.Errorf("Failed to read response body of bootstrap ACL: %w", err)
}

var bootstrapACLToken BootStrapACLTokenInfo
var bootstrapACLToken types.BootStrapACLTokenInfo
switch resp.StatusCode {
case http.StatusOK:
if err := json.NewDecoder(bytes.NewReader(responseBody)).Decode(&bootstrapACLToken); err != nil {
Expand All @@ -77,7 +66,7 @@ func (c *cmd) generateBootStrapACLToken() (*BootStrapACLTokenInfo, error) {
}
}

func (c *cmd) saveBootstrapACLToken(tokenInfoToBeSaved *BootStrapACLTokenInfo) error {
func (c *cmd) saveBootstrapACLToken(tokenInfoToBeSaved *types.BootStrapACLTokenInfo) error {
// Write the token to the specified file
tokenFileAbsPath, err := filepath.Abs(c.configuration.StageGate.Registry.ACL.BootstrapTokenPath)
if err != nil {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (

"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/command/setupacl/share"
"github.com/edgexfoundry/go-mod-core-contracts/v2/common"
"github.com/edgexfoundry/go-mod-secrets/v2/pkg/types"
)

const (
Expand Down Expand Up @@ -108,7 +109,7 @@ const (
// getOrCreateRegistryPolicy retrieves or creates a new policy
// it inserts a new policy if the policy name does not exist and returns a policy
// it returns the same policy if the policy name already exists
func (c *cmd) getOrCreateRegistryPolicy(tokenID, policyName, policyRules string) (*Policy, error) {
func (c *cmd) getOrCreateRegistryPolicy(tokenID, policyName, policyRules string) (*types.Policy, error) {
// try to get the policy to see if it exists or not
policy, err := c.getPolicyByName(tokenID, policyName)
if err != nil {
Expand Down Expand Up @@ -165,7 +166,7 @@ func (c *cmd) getOrCreateRegistryPolicy(tokenID, policyName, policyRules string)
return nil, fmt.Errorf("Failed to read create a new policy response body: %w", err)
}

var created Policy
var created types.Policy

switch resp.StatusCode {
case http.StatusOK:
Expand All @@ -183,7 +184,7 @@ func (c *cmd) getOrCreateRegistryPolicy(tokenID, policyName, policyRules string)
}

// getPolicyByName gets policy by policy name, returns nil if not found
func (c *cmd) getPolicyByName(tokenID, policyName string) (*Policy, error) {
func (c *cmd) getPolicyByName(tokenID, policyName string) (*types.Policy, error) {
readPolicyByNameURL, err := c.getRegistryApiUrl(fmt.Sprintf(consulReadPolicyByNameAPI, policyName))
if err != nil {
return nil, err
Expand Down Expand Up @@ -211,7 +212,7 @@ func (c *cmd) getPolicyByName(tokenID, policyName string) (*Policy, error) {

switch resp.StatusCode {
case http.StatusOK:
var existing Policy
var existing types.Policy
if err := json.NewDecoder(bytes.NewReader(readPolicyResp)).Decode(&existing); err != nil {
return nil, fmt.Errorf("failed to decode Policy json data: %v", err)
}
Expand Down
139 changes: 0 additions & 139 deletions internal/security/bootstrapper/command/setupacl/aclroles.go

This file was deleted.

101 changes: 0 additions & 101 deletions internal/security/bootstrapper/command/setupacl/aclroles_test.go

This file was deleted.

Loading

0 comments on commit 0b38361

Please sign in to comment.