diff --git a/cmd/security-secrets-setup/security-secrets-setup b/cmd/security-secrets-setup/security-secrets-setup deleted file mode 100644 index fca81e4902..0000000000 Binary files a/cmd/security-secrets-setup/security-secrets-setup and /dev/null differ diff --git a/go.mod b/go.mod index 02a7113b57..9e9aecfa20 100644 --- a/go.mod +++ b/go.mod @@ -5,11 +5,11 @@ require ( github.com/BurntSushi/toml v0.3.1 github.com/OneOfOne/xxhash v1.2.8 github.com/dgrijalva/jwt-go v3.2.0+incompatible - github.com/edgexfoundry/go-mod-bootstrap v0.0.60 + github.com/edgexfoundry/go-mod-bootstrap v0.0.64 github.com/edgexfoundry/go-mod-configuration v0.0.8 - github.com/edgexfoundry/go-mod-core-contracts v0.1.130 + github.com/edgexfoundry/go-mod-core-contracts v0.1.131 github.com/edgexfoundry/go-mod-messaging v0.1.28 - github.com/edgexfoundry/go-mod-registry v0.1.26 + github.com/edgexfoundry/go-mod-registry v0.1.27 github.com/edgexfoundry/go-mod-secrets v0.0.29 github.com/fxamacker/cbor/v2 v2.2.0 github.com/gomodule/redigo v2.0.0+incompatible @@ -24,6 +24,4 @@ require ( gopkg.in/yaml.v2 v2.4.0 ) -replace github.com/edgexfoundry/go-mod-bootstrap => ../go-mod-bootstrap - go 1.15 diff --git a/internal/security/fileprovider/provider_test.go b/internal/security/fileprovider/provider_test.go index 916357ace6..23cfaf25ce 100644 --- a/internal/security/fileprovider/provider_test.go +++ b/internal/security/fileprovider/provider_test.go @@ -25,15 +25,15 @@ import ( "strings" "testing" + loaderMock "github.com/edgexfoundry/go-mod-secrets/pkg/token/authtokenloader/mocks" + fileMock "github.com/edgexfoundry/go-mod-secrets/pkg/token/fileioperformer/mocks" + "github.com/edgexfoundry/edgex-go/internal/security/fileprovider/config" "github.com/edgexfoundry/edgex-go/internal/security/secretstoreclient" . "github.com/edgexfoundry/edgex-go/internal/security/secretstoreclient/mocks" "github.com/edgexfoundry/go-mod-core-contracts/clients/logger" - . "github.com/edgexfoundry/go-mod-secrets/pkg/token/authtokenloader/mocks" - . "github.com/edgexfoundry/go-mod-secrets/pkg/token/fileioperformer/mocks" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" @@ -60,7 +60,7 @@ func TestMultipleTokensWithNoDefaults(t *testing.T) { // Arrange mockLogger := logger.MockLogger{} - mockFileIoPerformer := &MockFileIoPerformer{} + mockFileIoPerformer := &fileMock.FileIoPerformer{} expectedService1Dir := filepath.Join(outputDir, "service1") expectedService1File := filepath.Join(expectedService1Dir, outputFilename) service1Buffer := new(bytes.Buffer) @@ -73,7 +73,7 @@ func TestMultipleTokensWithNoDefaults(t *testing.T) { mockFileIoPerformer.On("MkdirAll", expectedService2Dir, os.FileMode(0700)).Return(nil) mockFileIoPerformer.On("OpenFileWriter", expectedService2File, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, os.FileMode(0600)).Return(&writeCloserBuffer{service2Buffer}, nil) - mockAuthTokenLoader := &MockAuthTokenLoader{} + mockAuthTokenLoader := &loaderMock.AuthTokenLoader{} mockAuthTokenLoader.On("Load", privilegedTokenPath).Return("fake-priv-token", nil) expectedService1Policy := "{}" @@ -153,7 +153,7 @@ func TestNoDefaultsCustomPolicy(t *testing.T) { // Arrange mockLogger := logger.MockLogger{} - mockFileIoPerformer := &MockFileIoPerformer{} + mockFileIoPerformer := &fileMock.FileIoPerformer{} expectedService1Dir := filepath.Join(outputDir, "myservice") expectedService1File := filepath.Join(expectedService1Dir, outputFilename) service1Buffer := new(bytes.Buffer) @@ -161,7 +161,7 @@ func TestNoDefaultsCustomPolicy(t *testing.T) { mockFileIoPerformer.On("OpenFileReader", configFile, os.O_RDONLY, os.FileMode(0400)).Return(strings.NewReader(`{"myservice":{"custom_policy":{"path":{"secret/non/standard/location/*":{"capabilities":["list","read"]}}}}}`), nil) mockFileIoPerformer.On("OpenFileWriter", expectedService1File, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, os.FileMode(0600)).Return(&writeCloserBuffer{service1Buffer}, nil) - mockAuthTokenLoader := &MockAuthTokenLoader{} + mockAuthTokenLoader := &loaderMock.AuthTokenLoader{} mockAuthTokenLoader.On("Load", privilegedTokenPath).Return("fake-priv-token", nil) expectedService1Policy := `{"path":{"secret/non/standard/location/*":{"capabilities":["list","read"]}}}` @@ -201,7 +201,7 @@ func TestNoDefaultsCustomTokenParameters(t *testing.T) { // Arrange mockLogger := logger.MockLogger{} - mockFileIoPerformer := &MockFileIoPerformer{} + mockFileIoPerformer := &fileMock.FileIoPerformer{} expectedService1Dir := filepath.Join(outputDir, "myservice") expectedService1File := filepath.Join(expectedService1Dir, outputFilename) service1Buffer := new(bytes.Buffer) @@ -209,7 +209,7 @@ func TestNoDefaultsCustomTokenParameters(t *testing.T) { mockFileIoPerformer.On("OpenFileReader", configFile, os.O_RDONLY, os.FileMode(0400)).Return(strings.NewReader(`{"myservice":{"custom_token_parameters":{"key1":"value1"}}}`), nil) mockFileIoPerformer.On("OpenFileWriter", expectedService1File, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, os.FileMode(0600)).Return(&writeCloserBuffer{service1Buffer}, nil) - mockAuthTokenLoader := &MockAuthTokenLoader{} + mockAuthTokenLoader := &loaderMock.AuthTokenLoader{} mockAuthTokenLoader.On("Load", privilegedTokenPath).Return("fake-priv-token", nil) expectedService1Policy := "{}" @@ -285,7 +285,7 @@ func TestTokenFilePermissions(t *testing.T) { // Arrange mockLogger := logger.MockLogger{} - mockFileIoPerformer := &MockFileIoPerformer{} + mockFileIoPerformer := &fileMock.FileIoPerformer{} expectedService1Dir := filepath.Join(outputDir, "myservice") expectedService1File := filepath.Join(expectedService1Dir, outputFilename) service1Buffer := new(bytes.Buffer) @@ -293,7 +293,7 @@ func TestTokenFilePermissions(t *testing.T) { mockFileIoPerformer.On("OpenFileReader", configFile, os.O_RDONLY, os.FileMode(0400)).Return(strings.NewReader(`{"myservice":{"file_permissions":{"uid":0,"gid":0,"mode_octal":"0664"}}}`), nil) mockFileIoPerformer.On("OpenFileWriter", expectedService1File, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, os.FileMode(0600)).Return(&writeCloserBuffer{service1Buffer}, nil) - mockAuthTokenLoader := &MockAuthTokenLoader{} + mockAuthTokenLoader := &loaderMock.AuthTokenLoader{} mockAuthTokenLoader.On("Load", privilegedTokenPath).Return("fake-priv-token", nil) expectedService1Parameters := makeMetaServiceName("myservice") @@ -329,8 +329,8 @@ func TestTokenFilePermissions(t *testing.T) { func TestErrorLoading1(t *testing.T) { // Arrange mockLogger := logger.MockLogger{} - mockFileIoPerformer := &MockFileIoPerformer{} - mockAuthTokenLoader := &MockAuthTokenLoader{} + mockFileIoPerformer := &fileMock.FileIoPerformer{} + mockAuthTokenLoader := &loaderMock.AuthTokenLoader{} mockAuthTokenLoader.On("Load", "tokenpath").Return("atoken", errors.New("an error")) mockSecretStoreClient := &MockSecretStoreClient{} @@ -352,9 +352,9 @@ func TestErrorLoading1(t *testing.T) { func TestErrorLoading2(t *testing.T) { // Arrange mockLogger := logger.MockLogger{} - mockFileIoPerformer := &MockFileIoPerformer{} + mockFileIoPerformer := &fileMock.FileIoPerformer{} mockFileIoPerformer.On("OpenFileReader", "", os.O_RDONLY, os.FileMode(0400)).Return(strings.NewReader(""), errors.New("an error")) - mockAuthTokenLoader := &MockAuthTokenLoader{} + mockAuthTokenLoader := &loaderMock.AuthTokenLoader{} mockAuthTokenLoader.On("Load", "tokenpath").Return("atoken", nil) mockSecretStoreClient := &MockSecretStoreClient{} @@ -403,7 +403,7 @@ func runTokensWithDefault(serviceName string, additionalKeysEnv string, t *testi _ = os.Setenv(addSecretstoreTokensEnvKey, additionalKeysEnv) - mockFileIoPerformer := &MockFileIoPerformer{} + mockFileIoPerformer := &fileMock.FileIoPerformer{} expectedService1Dir := filepath.Join(outputDir, serviceName) expectedService1File := filepath.Join(expectedService1Dir, outputFilename) service1Buffer := new(bytes.Buffer) @@ -439,7 +439,7 @@ func runTokensWithDefault(serviceName string, additionalKeysEnv string, t *testi os.FileMode(0600)).Return(&writeCloserBuffer{expectedSrvBuf}, nil) } - mockAuthTokenLoader := &MockAuthTokenLoader{} + mockAuthTokenLoader := &loaderMock.AuthTokenLoader{} mockAuthTokenLoader.On("Load", privilegedTokenPath).Return("fake-priv-token", nil) expectedService1Policy := `{"path":{"secret/edgex/` + serviceName + `/*":{"capabilities":["create","update","delete","list","read"]}}}` diff --git a/internal/security/fileprovider/tokenconfig_test.go b/internal/security/fileprovider/tokenconfig_test.go index 3c1b1d7315..f512749cbd 100644 --- a/internal/security/fileprovider/tokenconfig_test.go +++ b/internal/security/fileprovider/tokenconfig_test.go @@ -21,7 +21,7 @@ import ( "strings" "testing" - . "github.com/edgexfoundry/go-mod-secrets/pkg/token/fileioperformer/mocks" + "github.com/edgexfoundry/go-mod-secrets/pkg/token/fileioperformer/mocks" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -43,7 +43,7 @@ const sampleJSON = `{ func TestLoadTokenConfig(t *testing.T) { stringReader := strings.NewReader(sampleJSON) - mockFileIoPerformer := &MockFileIoPerformer{} + mockFileIoPerformer := &mocks.FileIoPerformer{} mockFileIoPerformer.On("OpenFileReader", "dummy-file", os.O_RDONLY, os.FileMode(0400)).Return(stringReader, nil) var tokenConf TokenConfFile @@ -62,7 +62,7 @@ func TestLoadTokenConfig(t *testing.T) { func TestLoadTokenConfigError1(t *testing.T) { stringReader := strings.NewReader(sampleJSON) - mockFileIoPerformer := &MockFileIoPerformer{} + mockFileIoPerformer := &mocks.FileIoPerformer{} mockFileIoPerformer.On("OpenFileReader", "dummy-file", os.O_RDONLY, os.FileMode(0400)).Return(stringReader, errors.New("an error")) var tokenConf TokenConfFile @@ -72,7 +72,7 @@ func TestLoadTokenConfigError1(t *testing.T) { func TestLoadTokenConfigError2(t *testing.T) { stringReader := strings.NewReader("in{valid") - mockFileIoPerformer := &MockFileIoPerformer{} + mockFileIoPerformer := &mocks.FileIoPerformer{} mockFileIoPerformer.On("OpenFileReader", "dummy-file", os.O_RDONLY, os.FileMode(0400)).Return(stringReader, nil) var tokenConf TokenConfFile diff --git a/internal/security/kdf/methods_test.go b/internal/security/kdf/methods_test.go index 2e02902652..93671212b3 100644 --- a/internal/security/kdf/methods_test.go +++ b/internal/security/kdf/methods_test.go @@ -15,7 +15,7 @@ import ( "testing" "time" - . "github.com/edgexfoundry/go-mod-secrets/pkg/token/fileioperformer/mocks" + "github.com/edgexfoundry/go-mod-secrets/pkg/token/fileioperformer/mocks" "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" @@ -31,7 +31,7 @@ func TestNoErrorKdfCreateSalt(t *testing.T) { mockSeedFile := &mockSeedFile{} mockSeedFile.On("Write", mock.Anything).Return(32, nil) mockSeedFile.On("Close").Return(nil) - mockFileOpener := &MockFileIoPerformer{} + mockFileOpener := &mocks.FileIoPerformer{} mockFileOpener.On("OpenFileWriter", "/target/kdf-salt.dat", os.O_RDWR|os.O_CREATE|os.O_TRUNC, os.FileMode(0600)).Return(mockSeedFile, nil) keyDeriver := NewKdf(mockFileOpener, "/target", sha256.New) @@ -58,7 +58,7 @@ func TestNoErrorKdfReadSalt(t *testing.T) { } }).Return(32, nil) mockSeedFile.On("Close").Return(nil) - mockFileOpener := &MockFileIoPerformer{} + mockFileOpener := &mocks.FileIoPerformer{} mockFileOpener.On("OpenFileReader", "/target/kdf-salt.dat", os.O_RDONLY, os.FileMode(0400)).Return(mockSeedFile, nil) keyDeriver := NewKdf(mockFileOpener, "/target", sha256.New) expected, _ := hex.DecodeString(expectedKey) @@ -79,7 +79,7 @@ func TestFailedStat(t *testing.T) { mockFileInfo := &mockFileInfo{} defer mockOsStat(func(string) (os.FileInfo, error) { return mockFileInfo, os.ErrPermission })() mockSeedFile := &mockSeedFile{} - mockFileOpener := &MockFileIoPerformer{} + mockFileOpener := &mocks.FileIoPerformer{} keyDeriver := NewKdf(mockFileOpener, "/target", sha256.New) // Act @@ -97,7 +97,7 @@ func TestFailedFileOpenForReading(t *testing.T) { mockFileInfo := &mockFileInfo{} defer mockOsStat(func(string) (os.FileInfo, error) { return mockFileInfo, nil })() mockSeedFile := &mockSeedFile{} - mockFileOpener := &MockFileIoPerformer{} + mockFileOpener := &mocks.FileIoPerformer{} mockFileOpener.On("OpenFileReader", "/target/kdf-salt.dat", os.O_RDONLY, os.FileMode(0400)).Return(mockSeedFile, errors.New("error")) keyDeriver := NewKdf(mockFileOpener, "/target", sha256.New) @@ -117,7 +117,7 @@ func TestFailedRead(t *testing.T) { mockSeedFile := &mockSeedFile{} mockSeedFile.On("Read", mock.Anything).Return(0, errors.New("error")) mockSeedFile.On("Close").Return(nil) - mockFileOpener := &MockFileIoPerformer{} + mockFileOpener := &mocks.FileIoPerformer{} mockFileOpener.On("OpenFileReader", "/target/kdf-salt.dat", os.O_RDONLY, os.FileMode(0400)).Return(mockSeedFile, nil) keyDeriver := NewKdf(mockFileOpener, "/target", sha256.New) @@ -138,7 +138,7 @@ func TestShortRead(t *testing.T) { mockSeedFile := &mockSeedFile{} mockSeedFile.On("Read", mock.Anything).Return(1, nil) mockSeedFile.On("Close").Return(nil) - mockFileOpener := &MockFileIoPerformer{} + mockFileOpener := &mocks.FileIoPerformer{} mockFileOpener.On("OpenFileReader", "/target/kdf-salt.dat", os.O_RDONLY, os.FileMode(0400)).Return(mockSeedFile, nil) keyDeriver := NewKdf(mockFileOpener, "/target", sha256.New) @@ -158,7 +158,7 @@ func TestFailedFileOpenForWriting(t *testing.T) { mockFileInfo := &mockFileInfo{} defer mockOsStat(func(string) (os.FileInfo, error) { return mockFileInfo, os.ErrNotExist })() mockSeedFile := &mockSeedFile{} - mockFileOpener := &MockFileIoPerformer{} + mockFileOpener := &mocks.FileIoPerformer{} mockFileOpener.On("OpenFileWriter", "/target/kdf-salt.dat", os.O_RDWR|os.O_CREATE|os.O_TRUNC, os.FileMode(0600)).Return(mockSeedFile, errors.New("error")) keyDeriver := NewKdf(mockFileOpener, "/target", sha256.New) @@ -178,7 +178,7 @@ func TestFailedWrite(t *testing.T) { mockSeedFile := &mockSeedFile{} mockSeedFile.On("Write", mock.Anything).Return(32, errors.New("error")) mockSeedFile.On("Close").Return(nil) - mockFileOpener := &MockFileIoPerformer{} + mockFileOpener := &mocks.FileIoPerformer{} mockFileOpener.On("OpenFileWriter", "/target/kdf-salt.dat", os.O_RDWR|os.O_CREATE|os.O_TRUNC, os.FileMode(0600)).Return(mockSeedFile, nil) keyDeriver := NewKdf(mockFileOpener, "/target", sha256.New) @@ -199,7 +199,7 @@ func TestShortWrite(t *testing.T) { mockSeedFile := &mockSeedFile{} mockSeedFile.On("Write", mock.Anything).Return(15, nil) mockSeedFile.On("Close").Return(nil) - mockFileOpener := &MockFileIoPerformer{} + mockFileOpener := &mocks.FileIoPerformer{} mockFileOpener.On("OpenFileWriter", "/target/kdf-salt.dat", os.O_RDWR|os.O_CREATE|os.O_TRUNC, os.FileMode(0600)).Return(mockSeedFile, nil) keyDeriver := NewKdf(mockFileOpener, "/target", sha256.New) diff --git a/internal/security/secretstore/init_test.go b/internal/security/secretstore/init_test.go index 803177702a..3d6ed1175b 100644 --- a/internal/security/secretstore/init_test.go +++ b/internal/security/secretstore/init_test.go @@ -11,10 +11,11 @@ import ( "strings" "testing" + "github.com/edgexfoundry/go-mod-secrets/pkg/token/fileioperformer/mocks" + "github.com/edgexfoundry/edgex-go/internal/security/secretstoreclient" "github.com/edgexfoundry/go-mod-core-contracts/clients/logger" - . "github.com/edgexfoundry/go-mod-secrets/pkg/token/fileioperformer/mocks" "github.com/stretchr/testify/assert" ) @@ -34,7 +35,7 @@ func TestLoadInitResponse(t *testing.T) { // Arrange assert := assert.New(t) mockLogger := logger.MockLogger{} - fileOpener := &MockFileIoPerformer{} + fileOpener := &mocks.FileIoPerformer{} stringReader := strings.NewReader(sampleJSON) fileOpener.On("OpenFileReader", "/foo/bar.baz", os.O_RDONLY, os.FileMode(0400)).Return(stringReader, nil) secretConfig := secretstoreclient.SecretServiceInfo{ @@ -55,7 +56,7 @@ func TestSaveInitResponse(t *testing.T) { // Arrange assert := assert.New(t) mockLogger := logger.MockLogger{} - fileOpener := &MockFileIoPerformer{} + fileOpener := &mocks.FileIoPerformer{} fileOpener.On("OpenFileWriter", "/foo/bar.baz", os.O_CREATE|os.O_TRUNC|os.O_WRONLY, os.FileMode(0600)).Return(&discardWriterCloser{}, nil) secretConfig := secretstoreclient.SecretServiceInfo{ TokenFolderPath: "/foo", diff --git a/internal/security/secretstore/vmkencryption_test.go b/internal/security/secretstore/vmkencryption_test.go index cd67ed5348..136ccd0a86 100644 --- a/internal/security/secretstore/vmkencryption_test.go +++ b/internal/security/secretstore/vmkencryption_test.go @@ -14,7 +14,7 @@ import ( . "github.com/edgexfoundry/edgex-go/internal/security/pipedhexreader/mocks" "github.com/edgexfoundry/edgex-go/internal/security/secretstoreclient" - . "github.com/edgexfoundry/go-mod-secrets/pkg/token/fileioperformer/mocks" + "github.com/edgexfoundry/go-mod-secrets/pkg/token/fileioperformer/mocks" "github.com/stretchr/testify/require" ) @@ -22,7 +22,7 @@ import ( // TestVMKEncryptionNoIkm tests the no-op path func TestVMKEncryptionNoIkm(t *testing.T) { // Arrange - fileOpener := &MockFileIoPerformer{} + fileOpener := &mocks.FileIoPerformer{} pipedHexReader := &MockPipedHexReader{} kdf := &MockKeyDeriver{} @@ -42,7 +42,7 @@ func TestVMKEncryptionNoIkm(t *testing.T) { func TestVMKEncryption(t *testing.T) { // Arrange fakeIkm := make([]byte, 512) - fileOpener := &MockFileIoPerformer{} + fileOpener := &mocks.FileIoPerformer{} pipedHexReader := &MockPipedHexReader{} pipedHexReader.On("ReadHexBytesFromExe", "/bin/myikm").Return(fakeIkm, nil) kdf := &MockKeyDeriver{} @@ -77,7 +77,7 @@ func TestVMKEncryption(t *testing.T) { func TestVMKEncryptionFailPath(t *testing.T) { // Arrange fakeIkm := make([]byte, 512) - fileOpener := &MockFileIoPerformer{} + fileOpener := &mocks.FileIoPerformer{} pipedHexReader := &MockPipedHexReader{} pipedHexReader.On("ReadHexBytesFromExe", "/bin/myikm").Return(fakeIkm, errors.New("error")) kdf := &MockKeyDeriver{}