feat(security): Address PR feedback

Address Lenny's PR feedbacks

Signed-off-by: Jim Wang <[email protected]>

cmd/security-bootstrapper/entrypoint-scripts/consul_wait_install.sh

@@ -68,13 +68,13 @@ exec docker-entrypoint.sh agent -ui -bootstrap -server -client 0.0.0.0 &
 
 # wait for the consul port
 echo "$(date) Executing dockerize on Consul with waiting on its own port \
-  tcp://${REGISTRY_HOST}:${STAGEGATE_CONSUL_PORT}"
-/edgex-init/dockerize -wait tcp://"${REGISTRY_HOST}":"${STAGEGATE_CONSUL_PORT}" \
+  tcp://${STAGEGATE_REGISTRY_HOST}:${STAGEGATE_REGISTRY_PORT}"
+/edgex-init/dockerize -wait tcp://"${STAGEGATE_REGISTRY_HOST}":"${STAGEGATE_REGISTRY_PORT}" \
   -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
 # Signal that Consul is ready for services blocked waiting on Consul
 /edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
-  --port="${STAGEGATE_CONSUL_READYPORT}" --host="${REGISTRY_HOST}"
+  --port="${STAGEGATE_REGISTRY_READYPORT}" --host="${STAGEGATE_REGISTRY_HOST}"
 if [ $? -ne 0 ]; then
     echo "$(date) failed to gating the consul ready port, exits"
 fi

cmd/security-bootstrapper/entrypoint-scripts/kong_wait_install.sh

@@ -32,9 +32,10 @@ echo "$(date) Executing dockerize with waiting on tcp://${STAGEGATE_BOOTSTRAPPER
   -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
 echo "$(date) Kong waits on Postgres to be initialized"
-/edgex-init/dockerize -wait tcp://"${STAGEGATE_PG_HOST}":"${STAGEGATE_PG_READYPORT}" \
+/edgex-init/dockerize -wait tcp://"${STAGEGATE_KONGDB_HOST}":"${STAGEGATE_KONGDB_READYPORT}" \
   -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
+# KONG_PG_PASSWORD_FILE is env used by Kong, it is for kong-db's password file
 echo "$(date) Executing dockerize with waiting on file:${KONG_PG_PASSWORD_FILE}"
 /edgex-init/dockerize -wait file://"${KONG_PG_PASSWORD_FILE}" \
   -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
@@ -52,7 +53,7 @@ until [ $pg_inited -eq 1 ]; do
     fi
   fi
   if [ $pg_inited -ne 1 ]; then
-    echo "$(date) waiting for ${STAGEGATE_PG_HOST} to be initialized"
+    echo "$(date) waiting for ${STAGEGATE_KONGDB_HOST} to be initialized"
     sleep 1
   fi
 done

cmd/security-bootstrapper/entrypoint-scripts/postgres_wait_install.sh

@@ -52,6 +52,7 @@ done
 
 echo "$(date) ${SECRETSTORE_HOST} is ready"
 
+# POSTGRES_PASSWORD_FILE env is used by Postgres and it is for the db password file
 # if password already in then re-use
 if [ -n "${POSTGRES_PASSWORD_FILE}" ] && [ -f "${POSTGRES_PASSWORD_FILE}" ]; then
   echo "$(date) previous file already exists, skipping creation"
@@ -83,16 +84,16 @@ until [ $pg_inited -eq 1 ]; do
     fi
   fi
   if [ $pg_inited -ne 1 ]; then
-    echo "$(date) waiting for ${STAGEGATE_PG_HOST} to be initialized"
+    echo "$(date) waiting for ${STAGEGATE_KONGDB_HOST} to be initialized"
     sleep 1
   fi
 done
 
-echo "$(date) ${STAGEGATE_PG_HOST} is initialized"
+echo "$(date) ${STAGEGATE_KONGDB_HOST} is initialized"
 
 # Signal that Postgres is ready for services blocked waiting on Postgres
 /edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
-  --port="${STAGEGATE_PG_READYPORT}" --host="${STAGEGATE_PG_HOST}"
+  --port="${STAGEGATE_KONGDB_READYPORT}" --host="${STAGEGATE_KONGDB_HOST}"
 if [ $? -ne 0 ]; then
   echo "$(date) failed to gating the postgres ready port, exits"
 fi

cmd/security-bootstrapper/entrypoint-scripts/redis_wait_install.sh

@@ -28,13 +28,14 @@ echo "Script for waiting security bootstrapping on Redis"
 
 # gating on the TokensReadyPort
 echo "$(date) Executing dockerize on Redis with waiting on TokensReadyPort \
-  tcp://${STAGEGATE_VAULTWORKER_HOST}:${STAGEGATE_VAULTWORKER_TOKENS_READYPORT}"
-/edgex-init/dockerize -wait tcp://"${STAGEGATE_VAULTWORKER_HOST}":"${STAGEGATE_VAULTWORKER_TOKENS_READYPORT}" \
+  tcp://${STAGEGATE_SECRETSTORESETUP_HOST}:${STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT}"
+/edgex-init/dockerize -wait tcp://"${STAGEGATE_SECRETSTORESETUP_HOST}":"${STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT}" \
   -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
 # the bootstrap-redis needs the connection from Redis db to set it up.
-# Hence, here bootstrap-redis runs in background and then starts the Redis db.
-echo "$(date) ${STAGEGATE_VAULTWORKER_HOST} tokens ready, bootstrapping redis..."
+# Hence, here bootstrap-redis runs in background and then after bootstrap-redis starts,
+# the Redis db starts in background.
+echo "$(date) ${STAGEGATE_SECRETSTORESETUP_HOST} tokens ready, bootstrapping redis..."
 /edgex-init/bootstrap-redis/security-bootstrap-redis --confdir=/edgex-init/bootstrap-redis/res &
 redis_bootstrapper_pid=$!
 
@@ -55,7 +56,7 @@ fi
 
 # Signal that Redis is ready for services blocked waiting on Redis
 /edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
-  --port="${STAGEGATE_REDIS_READYPORT}" --host="${DATABASES_PRIMARY_HOST}"
+  --port="${STAGEGATE_DATABASE_READYPORT}" --host="${DATABASES_PRIMARY_HOST}"
 if [ $? -ne 0 ]; then
   echo "$(date) failed to gating the redis ready port, exits"
 fi

cmd/security-bootstrapper/entrypoint.sh

@@ -33,7 +33,8 @@ fi
 DEFAULT_EDGEX_USER_ID=2002
 EDGEX_USER_ID=${EDGEX_USER:-$DEFAULT_EDGEX_USER_ID}
 
-# only doing the bootstrapping with the env. injecting into all other related containers
+# During the bootstrapping, environment variables come for compose file environment files,
+# which then injecting into all other related containers on other services' entrypoint scripts
 # if the executable is not 'security-bootstrapper'; then we consider it not running the bootstrapping process
 # for the user may just want to debug into the container shell itself
 if [ "$1" = 'security-bootstrapper' ]; then

cmd/security-bootstrapper/res/configuration.toml

@@ -7,19 +7,21 @@ LogLevel = 'INFO'
     StartPort = 54321
   [StageGate.Ready]
     ToRunPort = 54329
-  [StageGate.VaultWorker]
-    Host = "edgex-vault-worker"
-    [StageGate.VaultWorker.Tokens]
+  [StageGate.SecretStoreSetup]
+    Host = "edgex-secretstore-setup"
+    [StageGate.SecretStoreSetup.Tokens]
       ReadyPort = 54322
-  [StageGate.Redis]
+  [StageGate.Database]
+    # this is intended to be the same as Database.Primary.Host/.Port for other services
     Host = "edgex-redis"
     Port = 6379
     ReadyPort = 54323
-  [StageGate.Consul]
+  [StageGate.Registry]
+    # this is intended to be the same as Registry.Host/.Port for other services
     Host = "edgex-core-consul"
     Port = 8500
     ReadyPort = 54324
-  [StageGate.PG]
+  [StageGate.KongDb]
     Host = "kong-db"
     Port = 5432
     ReadyPort = 54325

cmd/security-secretstore-setup/entrypoint.sh

@@ -37,10 +37,7 @@ chown -Rh ${EDGEX_USER}:${EDGEX_GROUP} /tmp/edgex/secrets
 
 # Signal tokens ready port for other services waiting on
 /edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
-  --port="${STAGEGATE_VAULTWORKER_TOKENS_READYPORT}" --host="${STAGEGATE_VAULTWORKER_HOST}"
+  --port="${STAGEGATE_SECRETSTORESETUP_TOKENS_READYPORT}" --host="${STAGEGATE_SECRETSTORESETUP_HOST}"
 if [ $? -ne 0 ]; then
   echo "$(date) failed to gating the tokens ready port"
 fi
-
-echo "Waiting for termination signal"
-exec tail -f /dev/null

internal/security/bootstrapper/command/cmd_dispatcher.go

@@ -28,7 +28,7 @@ import (
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/config"
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/interfaces"
 
-	"github.com/edgexfoundry/go-mod-core-contracts/clients/logger"
+	"github.com/edgexfoundry/go-mod-core-contracts/v2/clients/logger"
 )
 
 // NewCommand instantiates a command implementing interfaces.Command based on the input command argument

internal/security/bootstrapper/command/cmd_dispatcher_test.go

@@ -24,7 +24,7 @@ import (
 
 	"github.com/stretchr/testify/require"
 
-	"github.com/edgexfoundry/go-mod-core-contracts/clients/logger"
+	"github.com/edgexfoundry/go-mod-core-contracts/v2/clients/logger"
 )
 
 func TestNewCommand(t *testing.T) {

internal/security/bootstrapper/command/flags_common.go

@@ -22,7 +22,7 @@ import (
 
 	"github.com/edgexfoundry/edgex-go/internal"
 
-	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/flags"
+	"github.com/edgexfoundry/go-mod-bootstrap/v2/bootstrap/flags"
 )
 
 // commonFlags is a custom implementation of flags.Common from go-mod-bootstrap

internal/security/bootstrapper/command/gate/command.go

@@ -27,7 +27,7 @@ import (
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/interfaces"
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/tcp"
 
-	"github.com/edgexfoundry/go-mod-core-contracts/clients/logger"
+	"github.com/edgexfoundry/go-mod-core-contracts/v2/clients/logger"
 )
 
 const (
@@ -85,31 +85,31 @@ func (c *cmd) Execute() (statusCode int, err error) {
 	// wait on for others to be done: each of tcp dialers is a blocking call
 	c.loggingClient.Debug("Waiting on dependent semaphores required to raise the ready-to-run semaphore ...")
 	if err := tcp.DialTcp(
-		c.config.StageGate.Consul.Host,
-		c.config.StageGate.Consul.ReadyPort,
+		c.config.StageGate.Registry.Host,
+		c.config.StageGate.Registry.ReadyPort,
 		c.loggingClient); err != nil {
 		retErr := fmt.Errorf("found error while waiting for readiness of Consul at %s:%d, err: %v",
-			c.config.StageGate.Consul.Host, c.config.StageGate.Consul.ReadyPort, err)
+			c.config.StageGate.Registry.Host, c.config.StageGate.Registry.ReadyPort, err)
 		return interfaces.StatusCodeExitWithError, retErr
 	}
 	c.loggingClient.Info("Consul is ready")
 
 	if err := tcp.DialTcp(
-		c.config.StageGate.PG.Host,
-		c.config.StageGate.PG.ReadyPort,
+		c.config.StageGate.KongDB.Host,
+		c.config.StageGate.KongDB.ReadyPort,
 		c.loggingClient); err != nil {
 		retErr := fmt.Errorf("found error while waiting for readiness of Postgres at %s:%d, err: %v",
-			c.config.StageGate.PG.Host, c.config.StageGate.PG.ReadyPort, err)
+			c.config.StageGate.KongDB.Host, c.config.StageGate.KongDB.ReadyPort, err)
 		return interfaces.StatusCodeExitWithError, retErr
 	}
 	c.loggingClient.Info("Postgres is ready")
 
 	if err := tcp.DialTcp(
-		c.config.StageGate.Redis.Host,
-		c.config.StageGate.Redis.ReadyPort,
+		c.config.StageGate.Database.Host,
+		c.config.StageGate.Database.ReadyPort,
 		c.loggingClient); err != nil {
 		retErr := fmt.Errorf("found error while waiting for readiness of Redis at %s:%d, err: %v",
-			c.config.StageGate.Redis.Host, c.config.StageGate.Redis.ReadyPort, err)
+			c.config.StageGate.Database.Host, c.config.StageGate.Database.ReadyPort, err)
 		return interfaces.StatusCodeExitWithError, retErr
 	}
 	c.loggingClient.Info("Redis is ready")

internal/security/bootstrapper/command/gate/command_test.go

@@ -21,13 +21,13 @@ import (
 	"testing"
 	"time"
 
+	"github.com/stretchr/testify/require"
+
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/config"
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/interfaces"
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/tcp"
 
-	"github.com/stretchr/testify/require"
-
-	"github.com/edgexfoundry/go-mod-core-contracts/clients/logger"
+	"github.com/edgexfoundry/go-mod-core-contracts/v2/clients/logger"
 )
 
 func TestNewCommand(t *testing.T) {
@@ -62,9 +62,9 @@ func TestNewCommand(t *testing.T) {
 type testConfig struct {
 	testHost              string
 	bootstrapperStartPort int
-	consulReadyPort       int
-	redisReadyPort        int
-	postgresReadyPort     int
+	registryReadyPort     int
+	databaseReadyPort     int
+	kongDBReadyPort       int
 	readyToRunPort        int
 }
 
@@ -75,9 +75,9 @@ func TestExecuteWithAllDependentsRun(t *testing.T) {
 	testConfig := &testConfig{
 		testHost:              "localhost",
 		bootstrapperStartPort: 28001,
-		consulReadyPort:       28002,
-		redisReadyPort:        28003,
-		postgresReadyPort:     28004,
+		registryReadyPort:     28002,
+		databaseReadyPort:     28003,
+		kongDBReadyPort:       28004,
 		readyToRunPort:        28009,
 	}
 	config := setupMockServiceConfigs(testConfig)
@@ -107,15 +107,15 @@ func TestExecuteWithAllDependentsRun(t *testing.T) {
 	tcpSrvErr := make(chan error)
 	// start up all other dependent mock services:
 	go func() {
-		tcpSrvErr <- tcp.NewTcpServer().StartListener(testConfig.consulReadyPort,
+		tcpSrvErr <- tcp.NewTcpServer().StartListener(testConfig.registryReadyPort,
 			lc, testHost)
 	}()
 	go func() {
-		tcpSrvErr <- tcp.NewTcpServer().StartListener(testConfig.postgresReadyPort,
+		tcpSrvErr <- tcp.NewTcpServer().StartListener(testConfig.kongDBReadyPort,
 			lc, testHost)
 	}()
 	go func() {
-		tcpSrvErr <- tcp.NewTcpServer().StartListener(testConfig.redisReadyPort,
+		tcpSrvErr <- tcp.NewTcpServer().StartListener(testConfig.databaseReadyPort,
 			lc, testHost)
 	}()
 
@@ -137,20 +137,20 @@ func setupMockServiceConfigs(testConf *testConfig) *config.ConfigurationStruct {
 			Host:      testConf.testHost,
 			StartPort: testConf.bootstrapperStartPort,
 		},
-		Consul: config.ConsulInfo{
+		Registry: config.RegistryInfo{
 			Host:      testConf.testHost,
 			Port:      12001,
-			ReadyPort: testConf.consulReadyPort,
+			ReadyPort: testConf.registryReadyPort,
 		},
-		Redis: config.RedisInfo{
+		Database: config.DatabaseInfo{
 			Host:      testConf.testHost,
 			Port:      12002,
-			ReadyPort: testConf.redisReadyPort,
+			ReadyPort: testConf.databaseReadyPort,
 		},
-		PG: config.PostgresInfo{
+		KongDB: config.KongDBInfo{
 			Host:      testConf.testHost,
 			Port:      12003,
-			ReadyPort: testConf.postgresReadyPort,
+			ReadyPort: testConf.kongDBReadyPort,
 		},
 		Ready: config.ReadyInfo{
 			ToRunPort: testConf.readyToRunPort,

internal/security/bootstrapper/command/genpassword/command.go

@@ -28,7 +28,7 @@ import (
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/config"
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/interfaces"
 
-	"github.com/edgexfoundry/go-mod-core-contracts/clients/logger"
+	"github.com/edgexfoundry/go-mod-core-contracts/v2/clients/logger"
 )
 
 const (

internal/security/bootstrapper/command/genpassword/command_test.go

@@ -20,12 +20,12 @@ import (
 	"sync"
 	"testing"
 
+	"github.com/stretchr/testify/require"
+
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/config"
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/interfaces"
 
-	"github.com/stretchr/testify/require"
-
-	"github.com/edgexfoundry/go-mod-core-contracts/clients/logger"
+	"github.com/edgexfoundry/go-mod-core-contracts/v2/clients/logger"
 )
 
 func TestNewCommand(t *testing.T) {

internal/security/bootstrapper/command/gethttpstatus/command.go

@@ -30,7 +30,7 @@ import (
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/interfaces"
 	"github.com/edgexfoundry/edgex-go/internal/security/secretstoreclient"
 
-	"github.com/edgexfoundry/go-mod-core-contracts/clients/logger"
+	"github.com/edgexfoundry/go-mod-core-contracts/v2/clients/logger"
 )
 
 const (

internal/security/bootstrapper/command/gethttpstatus/command_test.go

@@ -22,12 +22,12 @@ import (
 	"sync"
 	"testing"
 
+	"github.com/stretchr/testify/require"
+
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/config"
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/interfaces"
 
-	"github.com/stretchr/testify/require"
-
-	"github.com/edgexfoundry/go-mod-core-contracts/clients/logger"
+	"github.com/edgexfoundry/go-mod-core-contracts/v2/clients/logger"
 )
 
 func TestNewCommand(t *testing.T) {

internal/security/bootstrapper/command/help/command.go

@@ -24,7 +24,7 @@ import (
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/config"
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/interfaces"
 
-	"github.com/edgexfoundry/go-mod-core-contracts/clients/logger"
+	"github.com/edgexfoundry/go-mod-core-contracts/v2/clients/logger"
 )
 
 const (

internal/security/bootstrapper/command/help/command_test.go

@@ -18,12 +18,12 @@ package help
 import (
 	"testing"
 
+	"github.com/stretchr/testify/require"
+
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/config"
 	"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/interfaces"
 
-	"github.com/edgexfoundry/go-mod-core-contracts/clients/logger"
-
-	"github.com/stretchr/testify/require"
+	"github.com/edgexfoundry/go-mod-core-contracts/v2/clients/logger"
 )
 
 // TestHelp tests functionality of help command