refactor: Use new enhanced SecretProvider

closes #2888 Signed-off-by: Lenny Goodell <[email protected]>
edgexfoundry · Dec 19, 2020 · f2776a8 · f2776a8
1 parent bbb161a
commit f2776a8
Show file tree

Hide file tree

Showing 29 changed files with 168 additions and 82 deletions.
diff --git a/cmd/core-command/res/configuration.toml b/cmd/core-command/res/configuration.toml
@@ -1,5 +1,11 @@
 [Writable]
 LogLevel = 'INFO'
+  [Writable.InsecureSecrets]
+    [Writable.InsecureSecrets.DB]
+    path = "redisdb"
+      [Writable.InsecureSecrets.DB.Secrets]
+      username = ""
+      password = ""
 
 [Service]
 BootTimeout = 30000
@@ -27,8 +33,6 @@ Type = 'consul'
   [Databases.Primary]
   Host = 'localhost'
   Name = 'metadata'
-  Password = 'password'
-  Username = 'meta'
   Port = 6379
   Timeout = 5000
   Type = 'redisdb'

diff --git a/cmd/core-data/res/configuration.toml b/cmd/core-data/res/configuration.toml
@@ -6,6 +6,12 @@ ServiceUpdateLastConnected = false
 ValidateCheck = false
 LogLevel = 'INFO'
 ChecksumAlgo = 'xxHash'
+   [Writable.InsecureSecrets]
+      [Writable.InsecureSecrets.DB]
+         path = "redisdb"
+            [Writable.InsecureSecrets.DB.Secrets]
+            username = ""
+            password = ""
 
 [Service]
 BootTimeout = 30000
@@ -33,8 +39,6 @@ Type = 'consul'
   [Databases.Primary]
   Host = 'localhost'
   Name = 'coredata'
-  Password = 'password'
-  Username = 'core'
   Port = 6379
   Timeout = 5000
   Type = 'redisdb'

diff --git a/cmd/core-metadata/res/configuration.toml b/cmd/core-metadata/res/configuration.toml
@@ -1,6 +1,12 @@
 [Writable]
 LogLevel = 'INFO'
 EnableValueDescriptorManagement = false
+  [Writable.InsecureSecrets]
+    [Writable.InsecureSecrets.DB]
+    path = "redisdb"
+      [Writable.InsecureSecrets.DB.Secrets]
+      username = ""
+      password = ""
 
 [Service]
 BootTimeout = 30000

diff --git a/cmd/security-secrets-setup/security-secrets-setup b/cmd/security-secrets-setup/security-secrets-setup
diff --git a/cmd/support-notifications/res/configuration.toml b/cmd/support-notifications/res/configuration.toml
@@ -1,6 +1,12 @@
 [Writable]
 ResendLimit = 2
 LogLevel = 'INFO'
+  [Writable.InsecureSecrets]
+    [Writable.InsecureSecrets.DB]
+    path = "redisdb"
+      [Writable.InsecureSecrets.DB.Secrets]
+      username = ""
+      password = ""
 
 [Service]
 BootTimeout = 30000
@@ -22,8 +28,6 @@ Type = 'consul'
   [Databases.Primary]
   Host = 'localhost'
   Name = 'notifications'
-  Password = 'password'
-  Username = 'notifications'
   Port = 6379
   Timeout = 5000
   Type = 'redisdb'

diff --git a/cmd/support-scheduler/res/configuration.toml b/cmd/support-scheduler/res/configuration.toml
@@ -1,6 +1,12 @@
 [Writable]
 ScheduleIntervalTime = 500
 LogLevel = 'INFO'
+    [Writable.InsecureSecrets]
+        [Writable.InsecureSecrets.DB]
+        path = "redisdb"
+            [Writable.InsecureSecrets.DB.Secrets]
+            username = ""
+            password = ""
 
 [Service]
 BootTimeout = 30000
@@ -22,8 +28,6 @@ Type = 'consul'
   [Databases.Primary]
   Host = 'localhost'
   Name = 'scheduler'
-  Password = 'password'
-  Username = 'scheduler'
   Port = 6379
   Timeout = 5000
   Type = 'redisdb'

diff --git a/go.mod b/go.mod
@@ -10,18 +10,20 @@ require (
 	github.com/edgexfoundry/go-mod-core-contracts v0.1.130
 	github.com/edgexfoundry/go-mod-messaging v0.1.28
 	github.com/edgexfoundry/go-mod-registry v0.1.26
-	github.com/edgexfoundry/go-mod-secrets v0.0.26
+	github.com/edgexfoundry/go-mod-secrets v0.0.29
 	github.com/fxamacker/cbor/v2 v2.2.0
 	github.com/gomodule/redigo v2.0.0+incompatible
 	github.com/google/uuid v1.1.2
 	github.com/gorilla/mux v1.8.0
 	github.com/imdario/mergo v0.3.11
 	github.com/pkg/errors v0.8.1
 	github.com/robfig/cron v0.0.0-20180505203441-b41be1df6967
-	github.com/stretchr/testify v1.5.1
+	github.com/stretchr/testify v1.6.1
 	golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2
 	gopkg.in/eapache/queue.v1 v1.1.0
 	gopkg.in/yaml.v2 v2.4.0
 )
 
+replace github.com/edgexfoundry/go-mod-bootstrap => ../go-mod-bootstrap
+
 go 1.15
diff --git a/internal/core/command/config/config.go b/internal/core/command/config/config.go
@@ -30,7 +30,8 @@ type ConfigurationStruct struct {
 
 // WritableInfo contains configuration properties that can be updated and applied without restarting the service.
 type WritableInfo struct {
-	LogLevel string
+	LogLevel        string
+	InsecureSecrets bootstrapConfig.InsecureSecrets
 }
 
 // UpdateFromRaw converts configuration received from the registry to a service-specific configuration struct which is
@@ -90,3 +91,8 @@ func (c *ConfigurationStruct) GetRegistryInfo() bootstrapConfig.RegistryInfo {
 func (c *ConfigurationStruct) GetDatabaseInfo() map[string]bootstrapConfig.Database {
 	return c.Databases
 }
+
+// GetInsecureSecrets returns the service's InsecureSecrets.
+func (c *ConfigurationStruct) GetInsecureSecrets() bootstrapConfig.InsecureSecrets {
+	return c.Writable.InsecureSecrets
+}
diff --git a/internal/core/command/main.go b/internal/core/command/main.go
@@ -27,10 +27,7 @@ import (
 
 	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap"
 	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/flags"
-	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/handlers/httpserver"
-	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/handlers/message"
-	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/handlers/secret"
-	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/handlers/testing"
+	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/handlers"
 	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/interfaces"
 	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/startup"
 	"github.com/edgexfoundry/go-mod-bootstrap/di"
@@ -60,7 +57,7 @@ func Main(ctx context.Context, cancel context.CancelFunc, router *mux.Router, re
 		},
 	})
 
-	httpServer := httpserver.NewBootstrap(router, true)
+	httpServer := handlers.NewHttpServer(router, true)
 
 	bootstrap.Run(
 		ctx,
@@ -72,13 +69,13 @@ func Main(ctx context.Context, cancel context.CancelFunc, router *mux.Router, re
 		startupTimer,
 		dic,
 		[]interfaces.BootstrapHandler{
-			secret.NewSecret().BootstrapHandler,
+			handlers.SecureProviderBootstrapHandler,
 			database.NewDatabase(httpServer, configuration).BootstrapHandler,
 			NewBootstrap(router).BootstrapHandler,
 			telemetry.BootstrapHandler,
 			httpServer.BootstrapHandler,
-			message.NewBootstrap(clients.CoreCommandServiceKey, edgex.Version).BootstrapHandler,
-			testing.NewBootstrap(httpServer, readyStream).BootstrapHandler,
+			handlers.NewStartMessage(clients.CoreCommandServiceKey, edgex.Version).BootstrapHandler,
+			handlers.NewReady(httpServer, readyStream).BootstrapHandler,
 		})
 
 	// code here!

diff --git a/internal/core/data/config/config.go b/internal/core/data/config/config.go
@@ -37,6 +37,7 @@ type WritableInfo struct {
 	ValidateCheck              bool
 	LogLevel                   string
 	ChecksumAlgo               string
+	InsecureSecrets            bootstrapConfig.InsecureSecrets
 }
 
 // MessageQueueInfo provides parameters related to connecting to a message queue
@@ -120,3 +121,8 @@ func (c *ConfigurationStruct) GetRegistryInfo() bootstrapConfig.RegistryInfo {
 func (c *ConfigurationStruct) GetDatabaseInfo() map[string]bootstrapConfig.Database {
 	return c.Databases
 }
+
+// GetInsecureSecrets returns the service's InsecureSecrets.
+func (c *ConfigurationStruct) GetInsecureSecrets() bootstrapConfig.InsecureSecrets {
+	return c.Writable.InsecureSecrets
+}
diff --git a/internal/core/data/init.go b/internal/core/data/init.go
@@ -24,7 +24,9 @@ import (
 	v2DataContainer "github.com/edgexfoundry/edgex-go/internal/core/data/v2/bootstrap/container"
 	errorContainer "github.com/edgexfoundry/edgex-go/internal/pkg/container"
 	"github.com/edgexfoundry/edgex-go/internal/pkg/errorconcept"
+
 	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/container"
+	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/secret"
 	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/startup"
 	"github.com/edgexfoundry/go-mod-bootstrap/di"
 	"github.com/edgexfoundry/go-mod-core-contracts/clients"
@@ -62,14 +64,15 @@ func (b *Bootstrap) BootstrapHandler(ctx context.Context, wg *sync.WaitGroup, st
 	// For Redis Streams MessageBus, we reuse the Redis instance running for the DB, which may have a password,
 	// so we need to get and use the DB credentials for the MessageBus connection.
 	if configuration.MessageQueue.Type == "redisstreams" {
-		credentials, err := container.CredentialsProviderFrom(dic.Get).GetDatabaseCredentials(configuration.Databases["Primary"])
+		secretProvider := container.SecretProviderFrom(dic.Get)
+		credentials, err := secretProvider.GetSecrets(configuration.Databases["Primary"].Type)
 		if err != nil {
 			lc.Error(fmt.Sprintf("Error getting DB creds for RedisStreams: %s", err.Error()))
 			return false
 		}
 
 		lc.Info("DB Credentials set for using Redis Streams")
-		configuration.MessageQueue.Optional["Password"] = credentials.Password
+		configuration.MessageQueue.Optional["Password"] = credentials[secret.PasswordKey]
 	}
 
 	// Create the messaging client

diff --git a/internal/core/data/main.go b/internal/core/data/main.go
@@ -25,14 +25,11 @@ import (
 	v2DataContainer "github.com/edgexfoundry/edgex-go/internal/core/data/v2/bootstrap/container"
 	"github.com/edgexfoundry/edgex-go/internal/pkg/bootstrap/handlers/database"
 	"github.com/edgexfoundry/edgex-go/internal/pkg/telemetry"
-	"github.com/edgexfoundry/edgex-go/internal/pkg/v2/bootstrap/handlers"
+	v2Handlers "github.com/edgexfoundry/edgex-go/internal/pkg/v2/bootstrap/handlers"
+	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/handlers"
 
 	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap"
 	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/flags"
-	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/handlers/httpserver"
-	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/handlers/message"
-	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/handlers/secret"
-	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/handlers/testing"
 	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/interfaces"
 	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/startup"
 	"github.com/edgexfoundry/go-mod-bootstrap/di"
@@ -62,7 +59,7 @@ func Main(ctx context.Context, cancel context.CancelFunc, router *mux.Router, re
 		},
 	})
 
-	httpServer := httpserver.NewBootstrap(router, true)
+	httpServer := handlers.NewHttpServer(router, true)
 
 	bootstrap.Run(
 		ctx,
@@ -74,14 +71,14 @@ func Main(ctx context.Context, cancel context.CancelFunc, router *mux.Router, re
 		startupTimer,
 		dic,
 		[]interfaces.BootstrapHandler{
-			secret.NewSecret().BootstrapHandler,
+			handlers.SecureProviderBootstrapHandler,
 			database.NewDatabaseForCoreData(httpServer, configuration).BootstrapHandler,
-			handlers.NewDatabase(httpServer, configuration, v2DataContainer.DBClientInterfaceName).BootstrapHandler, // add v2 db client bootstrap handler
+			v2Handlers.NewDatabase(httpServer, configuration, v2DataContainer.DBClientInterfaceName).BootstrapHandler, // add v2 db client bootstrap handler
 			NewBootstrap(router).BootstrapHandler,
 			telemetry.BootstrapHandler,
 			httpServer.BootstrapHandler,
-			message.NewBootstrap(clients.CoreDataServiceKey, edgex.Version).BootstrapHandler,
-			testing.NewBootstrap(httpServer, readyStream).BootstrapHandler,
+			handlers.NewStartMessage(clients.CoreDataServiceKey, edgex.Version).BootstrapHandler,
+			handlers.NewReady(httpServer, readyStream).BootstrapHandler,
 		},
 	)
 }
diff --git a/internal/core/metadata/config/config.go b/internal/core/metadata/config/config.go
@@ -32,6 +32,7 @@ type ConfigurationStruct struct {
 type WritableInfo struct {
 	LogLevel                        string
 	EnableValueDescriptorManagement bool
+	InsecureSecrets                 bootstrapConfig.InsecureSecrets
 }
 
 // Notification Info provides properties related to the assembly of notification content
@@ -102,3 +103,8 @@ func (c *ConfigurationStruct) GetRegistryInfo() bootstrapConfig.RegistryInfo {
 func (c *ConfigurationStruct) GetDatabaseInfo() map[string]bootstrapConfig.Database {
 	return c.Databases
 }
+
+// GetInsecureSecrets returns the service's InsecureSecrets.
+func (c *ConfigurationStruct) GetInsecureSecrets() bootstrapConfig.InsecureSecrets {
+	return c.Writable.InsecureSecrets
+}
diff --git a/internal/core/metadata/main.go b/internal/core/metadata/main.go
@@ -25,14 +25,11 @@ import (
 	v2MetadataContainer "github.com/edgexfoundry/edgex-go/internal/core/metadata/v2/bootstrap/container"
 	"github.com/edgexfoundry/edgex-go/internal/pkg/bootstrap/handlers/database"
 	"github.com/edgexfoundry/edgex-go/internal/pkg/telemetry"
-	"github.com/edgexfoundry/edgex-go/internal/pkg/v2/bootstrap/handlers"
+	v2Handlers "github.com/edgexfoundry/edgex-go/internal/pkg/v2/bootstrap/handlers"
+	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/handlers"
 
 	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap"
 	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/flags"
-	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/handlers/httpserver"
-	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/handlers/message"
-	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/handlers/secret"
-	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/handlers/testing"
 	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/interfaces"
 	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/startup"
 	"github.com/edgexfoundry/go-mod-bootstrap/di"
@@ -61,7 +58,7 @@ func Main(ctx context.Context, cancel context.CancelFunc, router *mux.Router, re
 		},
 	})
 
-	httpServer := httpserver.NewBootstrap(router, true)
+	httpServer := handlers.NewHttpServer(router, true)
 
 	bootstrap.Run(
 		ctx,
@@ -73,13 +70,13 @@ func Main(ctx context.Context, cancel context.CancelFunc, router *mux.Router, re
 		startupTimer,
 		dic,
 		[]interfaces.BootstrapHandler{
-			secret.NewSecret().BootstrapHandler,
+			handlers.SecureProviderBootstrapHandler,
 			database.NewDatabase(httpServer, configuration).BootstrapHandler,
-			handlers.NewDatabase(httpServer, configuration, v2MetadataContainer.DBClientInterfaceName).BootstrapHandler, // add v2 db client bootstrap handler
+			v2Handlers.NewDatabase(httpServer, configuration, v2MetadataContainer.DBClientInterfaceName).BootstrapHandler, // add v2 db client bootstrap handler
 			NewBootstrap(router).BootstrapHandler,
 			telemetry.BootstrapHandler,
 			httpServer.BootstrapHandler,
-			message.NewBootstrap(clients.CoreMetaDataServiceKey, edgex.Version).BootstrapHandler,
-			testing.NewBootstrap(httpServer, readyStream).BootstrapHandler,
+			handlers.NewStartMessage(clients.CoreMetaDataServiceKey, edgex.Version).BootstrapHandler,
+			handlers.NewReady(httpServer, readyStream).BootstrapHandler,
 		})
 }
diff --git a/internal/pkg/bootstrap/handlers/database/database.go b/internal/pkg/bootstrap/handlers/database/database.go
@@ -25,8 +25,8 @@ import (
 	"github.com/edgexfoundry/edgex-go/internal/pkg/db"
 	dbInterfaces "github.com/edgexfoundry/edgex-go/internal/pkg/db/interfaces"
 	"github.com/edgexfoundry/edgex-go/internal/pkg/db/redis"
-
 	bootstrapContainer "github.com/edgexfoundry/go-mod-bootstrap/bootstrap/container"
+	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/secret"
 	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/startup"
 	bootstrapConfig "github.com/edgexfoundry/go-mod-bootstrap/config"
 	"github.com/edgexfoundry/go-mod-bootstrap/di"
@@ -95,15 +95,23 @@ func (d Database) BootstrapHandler(
 	dic *di.Container) bool {
 
 	lc := bootstrapContainer.LoggingClientFrom(dic.Get)
+	secretProvider := bootstrapContainer.SecretProviderFrom(dic.Get)
 
 	// get database credentials.
 	var credentials bootstrapConfig.Credentials
 	for startupTimer.HasNotElapsed() {
 		var err error
-		credentials, err = bootstrapContainer.CredentialsProviderFrom(dic.Get).GetDatabaseCredentials(d.database.GetDatabaseInfo()["Primary"])
+
+		secrets, err := secretProvider.GetSecrets(d.database.GetDatabaseInfo()["Primary"].Type)
 		if err == nil {
+			credentials = bootstrapConfig.Credentials{
+				Username: secrets[secret.UsernameKey],
+				Password: secrets[secret.PasswordKey],
+			}
+
 			break
 		}
+
 		lc.Warn(fmt.Sprintf("couldn't retrieve database credentials: %v", err.Error()))
 		startupTimer.SleepForInterval()
 	}