feat(security): Address PR feedback

Address Bryon's PR feedback

Signed-off-by: Jim Wang <[email protected]>

cmd/security-bootstrapper/entrypoint-scripts/redis_wait_install.sh

@@ -47,26 +47,12 @@ if [ $redis_bootstrapping_status -ne 0 ]; then
 fi
 
 # make sure the config file is present before redis server starts up
-/edgex-init/security-bootstrapper --confdir=/edgex-init/res waitFor \
-  -uri file://"${DATABASECONFIG_PATH}"/"${DATABASECONFIG_NAME}" \
-  -timeout "${STAGEGATE_WAITFOR_TIMEOUT}"
+if [ ! -f "${DATABASECONFIG_PATH}"/"${DATABASECONFIG_NAME}" ]; then
+  ehco "$(date) Error: conf file ${DATABASECONFIG_PATH}/${DATABASECONFIG_NAME} not exists"
+  exit 1
+fi
 
 # starting redis with config file
+# security-bootstrapper in this case should just wait for the Redis's port
 echo "$(date) Starting edgex-redis ..."
-exec /usr/local/bin/docker-entrypoint.sh redis-server "${DATABASECONFIG_PATH}"/"${DATABASECONFIG_NAME}" &
-
-# wait for the Redis port
-echo "$(date) Executing waitFor on database redis with waiting on its own port \
-  tcp://${STAGEGATE_DATABASE_HOST}:${STAGEGATE_DATABASE_PORT}"
-/edgex-init/security-bootstrapper --confdir=/edgex-init/res waitFor \
-  -uri tcp://"${STAGEGATE_DATABASE_HOST}":"${STAGEGATE_DATABASE_PORT}" \
-  -timeout "${STAGEGATE_WAITFOR_TIMEOUT}"
-
-echo "$(date) redis is bootstrapped and ready"
-
-# Signal that Redis is ready for services blocked waiting on Redis
-/edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
-  --port="${STAGEGATE_DATABASE_READYPORT}" --host="${DATABASES_PRIMARY_HOST}"
-if [ $? -ne 0 ]; then
-  echo "$(date) failed to gating the redis ready port, exits"
-fi
+exec /usr/local/bin/docker-entrypoint.sh redis-server "${DATABASECONFIG_PATH}"/"${DATABASECONFIG_NAME}"

cmd/security-bootstrapper/res-bootstrap-redis/configuration.toml

@@ -40,5 +40,5 @@ TokenFile = '/vault/config/assets/resp-init.json'
   Type = 'redisdb'
 
 [DatabaseConfig]
-  Path = '/user/local/etc/redis/conf'
+  Path = '/path/to/redis/conf/dir'
   Name = 'redis.conf'

internal/security/bootstrapper/redis/handlers/handlers.go

@@ -57,6 +57,7 @@ func (handler *Handler) GetCredentials(ctx context.Context, _ *sync.WaitGroup, s
 	}
 
 	for startupTimer.HasNotElapsed() {
+		// retrieve database credentials from secretstore
 		secrets, err := secretProvider.GetSecrets(config.Databases["Primary"].Type)
 		if err == nil {
 			credentials.Username = secrets[secret.UsernameKey]

snap/snapcraft.yaml

@@ -87,7 +87,6 @@ apps:
       SAVE_OPT1: "--save 900 1"
       SAVE_OPT2: "--save 300 10"
       CONFIG_FILE: "$SNAP_DATA/redis/conf/redis.conf"
-      DONE_FILE: "$SNAP_DATA/redis/conf/.done"
     daemon: simple
     plugs: [network, network-bind]
   postgres:
@@ -181,10 +180,10 @@ apps:
     start-timeout: 15m
     plugs: [network]
   # This is a simple service which calls into vault to retrieve the Redis password and then 
-  # generate Redis config file for Redis to start up with credentials and ACL rules. 
-  # Redis should be start once the doneFile is created. Once the config file has been generated and 
-  # verified authenticated connection, this service exits. In the Docker version, 
-  # the customized redis' entrypoint.sh performs the similar actions as described above.
+  # to generate Redis config file for Redis server to start up with credentials and ACL rules. 
+  # Redis can be started once the confFile is created. Once the config file has been generated, 
+  # this service exits. In the Docker version, the customized redis' entrypoint.sh performs 
+  # the similar actions as described above.
   security-bootstrap-redis:
     adapter: none
     after: