feat: Remove security services initialization for mongodb (#2885)

Signed-off-by: Bryon Nevis <[email protected]> Co-authored-by: Lenny Goodell <[email protected]>
edgexfoundry · Nov 20, 2020 · bd94ef4 · bd94ef4
1 parent 39e6b04
commit bd94ef4
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 123 deletions.
diff --git a/.gitignore b/.gitignore
@@ -19,7 +19,7 @@ cmd/core-command/core-command
 cmd/core-data/core-data
 cmd/core-metadata/core-metadata
 cmd/security-proxy-setup/security-proxy-setup
-cmd/security-file-token-provider/*
+cmd/security-file-token-provider/security-file-token-provider
 cmd/security-secrets-setup/config/*
 cmd/security-secrets-setup/security-secrets-setup
 cmd/security-secretstore-setup/security-secretstore-setup

diff --git a/cmd/security-file-token-provider/res/token-config.json b/cmd/security-file-token-provider/res/token-config.json
@@ -3,12 +3,6 @@
     "edgex_use_defaults": true,
     "custom_policy": {
       "path": {
-        "secret/edgex/metadata/mongodb": {
-          "capabilities": [
-            "list",
-            "read"
-          ]
-        },
         "secret/edgex/metadata/redisdb": {
           "capabilities": [
             "list",
@@ -22,12 +16,6 @@
     "edgex_use_defaults": true,
     "custom_policy": {
       "path": {
-        "secret/edgex/coredata/mongodb": {
-          "capabilities": [
-            "list",
-            "read"
-          ]
-        },
         "secret/edgex/coredata/redisdb": {
           "capabilities": [
             "list",
@@ -41,12 +29,6 @@
     "edgex_use_defaults": true,
     "custom_policy": {
       "path": {
-        "secret/edgex/metadata/mongodb": {
-          "capabilities": [
-            "list",
-            "read"
-          ]
-        },
         "secret/edgex/metadata/redisdb": {
           "capabilities": [
             "list",
@@ -56,19 +38,6 @@
       }
     }
   },
-  "edgex-mongo": {
-    "edgex_use_defaults": true,
-    "custom_policy": {
-      "path": {
-        "secret/edgex/mongo/*": {
-          "capabilities": [
-            "list",
-            "read"
-          ]
-        }
-      }
-    }
-  },
   "edgex-security-bootstrap-redis": {
     "edgex_use_defaults": true,
     "custom_policy": {
@@ -82,29 +51,10 @@
       }
     }
   },
-  "edgex-support-logging": {
-    "edgex_use_defaults": true,
-    "custom_policy": {
-      "path": {
-        "secret/edgex/logging/mongodb": {
-          "capabilities": [
-            "list",
-            "read"
-          ]
-        }
-      }
-    }
-  },
   "edgex-support-notifications": {
     "edgex_use_defaults": true,
     "custom_policy": {
       "path": {
-        "secret/edgex/notifications/mongodb": {
-          "capabilities": [
-            "list",
-            "read"
-          ]
-        },
         "secret/edgex/notifications/redisdb": {
           "capabilities": [
             "list",
@@ -114,35 +64,10 @@
       }
     }
   },
-  "edgex-support-rulesengine": {
-    "edgex_use_defaults": true,
-    "custom_policy": {
-      "path": {
-        "secret/edgex/rulesengine/mongodb": {
-          "capabilities": [
-            "list",
-            "read"
-          ]
-        },
-        "secret/edgex/rulesengine/redisdb": {
-          "capabilities": [
-            "list",
-            "read"
-          ]
-        }
-      }
-    }
-  },
   "edgex-application-service": {
     "edgex_use_defaults": true,
     "custom_policy": {
       "path": {
-        "secret/edgex/appservice/mongodb": {
-          "capabilities": [
-            "list",
-            "read"
-          ]
-        },
         "secret/edgex/appservice/redisdb": {
           "capabilities": [
             "list",
@@ -159,12 +84,6 @@
     "edgex_use_defaults": true,
     "custom_policy": {
       "path": {
-        "secret/edgex/scheduler/mongodb": {
-          "capabilities": [
-            "list",
-            "read"
-          ]
-        },
         "secret/edgex/scheduler/redisdb": {
           "capabilities": [
             "list",
@@ -187,15 +106,6 @@
             "delete"
           ]
         },
-        "secret/edgex/mongo/*": {
-          "capabilities": [
-            "list",
-            "read",
-            "create",
-            "update",
-            "delete"
-          ]
-        },
         "secret/edgex/redis/*": {
           "capabilities": [
             "list",
@@ -214,4 +124,4 @@
   "edgex-security-file-token-provider": {
     "edgex_use_defaults": true
   }
-}
+}
diff --git a/internal/security/secretstore/init.go b/internal/security/secretstore/init.go
@@ -295,18 +295,17 @@ func (b *Bootstrap) BootstrapHandler(ctx context.Context, _ *sync.WaitGroup, _ s
 
 	// continue credential creation
 
-	// A little note on why there are two secrets paths. For each microservice, the username/password
-	// is uploaded to the vault on both /v1/secret/edgex/%s/mongodb and /v1/secret/edgex/mongo/%s).
-	// The go-mod-secrets client requires a Path property to prefix all secrets. docker-edgex-mongo
-	// uses that
-	// (https://github.com/edgexfoundry/docker-edgex-mongo/blob/master/cmd/res/configuration.toml) in
-	// order to enumerate the users and passwords when setting up the initial database authentication.
-	// So edgex/%s/mongodb is for the microservices (microservices are restricted to their specific
-	// edgex/%s), and edgex/mongo/* is enumerated by docker-edgex-mongo to initialize the database.
+	// A little note on why there are two secrets paths. For each microservice, the
+	// username/password is uploaded to the vault on both /v1/secret/edgex/%s/redisdb and
+	// /v1/secret/edgex/redisdb/%s). The go-mod-secrets client requires a Path property to prefix all
+	// secrets.
+	// So edgex/%s/redisdb is for the microservices (microservices are restricted to their specific
+	// edgex/%s), and edgex/redisdb/* is enumerated to initialize the database.
 	//
 	// The Redis implementation parallels the existing Mongo code but until the update for Redis 6,
 	// there is only a single Redis password.
 	//
+
 	// Redis 5.x only supports a single shared password. When Redis 6 is released, this can be updated
 	// to a per service password.
 
@@ -320,39 +319,17 @@ func (b *Bootstrap) BootstrapHandler(ctx context.Context, _ *sync.WaitGroup, _ s
 		Password: redis5Password,
 	}
 
-	for dbname, info := range configuration.Databases {
+	for _, info := range configuration.Databases {
 		service := info.Service
-		// generate credentials
-		password, err := cred.GeneratePassword(ctx)
-		if err != nil {
-			lc.Error(fmt.Sprintf("failed to generate credential pair for service %s", service))
-			os.Exit(1)
-		}
-		pair := UserPasswordPair{
-			User:     info.Username,
-			Password: password,
-		}
 
 		// add credentials to service path if specified and they're not already there
 		if len(service) != 0 {
-			err = addServiceCredential(lc, "mongodb", cred, service, pair)
-			if err != nil {
-				lc.Error(err.Error())
-				os.Exit(1)
-			}
-
 			err = addServiceCredential(lc, "redisdb", cred, service, redis5Pair)
 			if err != nil {
 				lc.Error(err.Error())
 				os.Exit(1)
 			}
 		}
-
-		err = addDBCredential(lc, "mongo", cred, dbname, pair)
-		if err != nil {
-			lc.Error(err.Error())
-			os.Exit(1)
-		}
 	}
 
 	// security-bootstrap-redis uses the path /v1/secret/edgex/bootstrap-redis/ and go-mod-bootstrap