refactor: Refactored SecretProvider into seperate Secure & Insecure i…

…mplementations Signed-off-by: lenny <[email protected]>
edgexfoundry · Dec 15, 2020 · eb10c7c · eb10c7c
1 parent e698871
commit eb10c7c
Show file tree

Hide file tree

Showing 14 changed files with 555 additions and 298 deletions.
diff --git a/bootstrap/environment/variables_test.go b/bootstrap/environment/variables_test.go
@@ -21,16 +21,14 @@ import (
 	"strconv"
 	"testing"
 
-	"github.com/edgexfoundry/go-mod-secrets/pkg/providers/vault"
-	"github.com/stretchr/testify/require"
+	"github.com/edgexfoundry/go-mod-bootstrap/config"
 
 	"github.com/edgexfoundry/go-mod-configuration/pkg/types"
-
 	"github.com/edgexfoundry/go-mod-core-contracts/clients/logger"
+	secretsTypes "github.com/edgexfoundry/go-mod-secrets/pkg/types"
 
 	"github.com/stretchr/testify/assert"
-
-	"github.com/edgexfoundry/go-mod-bootstrap/config"
+	"github.com/stretchr/testify/require"
 )
 
 const (
@@ -327,7 +325,7 @@ func TestOverrideConfigurationExactCase(t *testing.T) {
 		List:     []string{"val1"},
 		FloatVal: float32(11.11),
 		SecretStore: config.SecretStoreInfo{
-			Authentication: vault.AuthenticationInfo{
+			Authentication: secretsTypes.AuthenticationInfo{
 				AuthType: "none",
 			},
 		},
@@ -383,7 +381,7 @@ func TestOverrideConfigurationUppercase(t *testing.T) {
 		List:     []string{"val1"},
 		FloatVal: float32(11.11),
 		SecretStore: config.SecretStoreInfo{
-			Authentication: vault.AuthenticationInfo{
+			Authentication: secretsTypes.AuthenticationInfo{
 				AuthType:  "none",
 				AuthToken: expectedAuthToken,
 			},
@@ -432,7 +430,7 @@ func TestOverrideConfigurationWithBlankValue(t *testing.T) {
 		List:     []string{"val1"},
 		FloatVal: float32(11.11),
 		SecretStore: config.SecretStoreInfo{
-			Authentication: vault.AuthenticationInfo{
+			Authentication: secretsTypes.AuthenticationInfo{
 				AuthType:  "none",
 				AuthToken: expectedAuthToken,
 			},
@@ -463,7 +461,7 @@ func TestOverrideConfigurationWithEqualInValue(t *testing.T) {
 		SecretStore config.SecretStoreInfo
 	}{
 		SecretStore: config.SecretStoreInfo{
-			Authentication: vault.AuthenticationInfo{
+			Authentication: secretsTypes.AuthenticationInfo{
 				AuthType:  "none",
 				AuthToken: expectedAuthToken,
 			},

diff --git a/bootstrap/handlers/httpserver/httpserver.go → bootstrap/handlers/httpserver.go b/bootstrap/handlers/httpserver/httpserver.go → bootstrap/handlers/httpserver.go
@@ -12,7 +12,7 @@
  * the License.
  *******************************************************************************/
 
-package httpserver
+package handlers
 
 import (
 	"context"
@@ -35,8 +35,8 @@ type HttpServer struct {
 	doListenAndServe bool
 }
 
-// NewBootstrap is a factory method that returns an initialized HttpServer receiver struct.
-func NewBootstrap(router *mux.Router, doListenAndServe bool) *HttpServer {
+// NewHttpServer is a factory method that returns an initialized HttpServer receiver struct.
+func NewHttpServer(router *mux.Router, doListenAndServe bool) *HttpServer {
 	return &HttpServer{
 		router:           router,
 		isRunning:        false,

diff --git a/bootstrap/handlers/message/message.go → bootstrap/handlers/message.go b/bootstrap/handlers/message/message.go → bootstrap/handlers/message.go
@@ -12,7 +12,7 @@
  * the License.
  *******************************************************************************/
 
-package message
+package handlers
 
 import (
 	"context"
@@ -30,8 +30,8 @@ type StartMessage struct {
 	version    string
 }
 
-// NewBootstrap is a factory method that returns an initialized StartMessage receiver struct.
-func NewBootstrap(serviceKey, version string) *StartMessage {
+// NewStartMessage is a factory method that returns an initialized StartMessage receiver struct.
+func NewStartMessage(serviceKey, version string) *StartMessage {
 	return &StartMessage{
 		serviceKey: serviceKey,
 		version:    version,

diff --git a/bootstrap/handlers/testing/ready.go → bootstrap/handlers/ready.go b/bootstrap/handlers/testing/ready.go → bootstrap/handlers/ready.go
@@ -12,7 +12,7 @@
  * the License.
  *******************************************************************************/
 
-package testing
+package handlers
 
 import (
 	"context"
@@ -33,8 +33,8 @@ type Ready struct {
 	stream     chan<- bool
 }
 
-// NewBootstrap is a factory method that returns an initialized Ready receiver struct.
-func NewBootstrap(httpServer httpServer, stream chan<- bool) *Ready {
+// NewReady is a factory method that returns an initialized Ready receiver struct.
+func NewReady(httpServer httpServer, stream chan<- bool) *Ready {
 	return &Ready{
 		httpServer: httpServer,
 		stream:     stream,

diff --git a/bootstrap/secret/handler.go → bootstrap/handlers/secret.go b/bootstrap/secret/handler.go → bootstrap/handlers/secret.go
@@ -12,14 +12,16 @@
  * the License.
  *******************************************************************************/
 
-package secret
+package handlers
 
 import (
 	"context"
 	"fmt"
 	"sync"
 
 	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/container"
+	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/interfaces"
+	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/secret"
 	"github.com/edgexfoundry/go-mod-bootstrap/bootstrap/startup"
 	"github.com/edgexfoundry/go-mod-bootstrap/config"
 	"github.com/edgexfoundry/go-mod-bootstrap/di"
@@ -30,55 +32,67 @@ import (
 	"github.com/edgexfoundry/go-mod-secrets/pkg/token/fileioperformer"
 )
 
-// BootstrapHandler full initializes the Provider store manager.
-func (p *Provider) BootstrapHandler(
+// SecureProviderBootstrapHandler full initializes the Secret Provider.
+func SecureProviderBootstrapHandler(
 	ctx context.Context,
 	_ *sync.WaitGroup,
 	startupTimer startup.Timer,
 	dic *di.Container) bool {
+	lc := container.LoggingClientFrom(dic.Get)
+	configuration := container.ConfigurationFrom(dic.Get)
 
-	p.lc = container.LoggingClientFrom(dic.Get)
-	p.configuration = container.ConfigurationFrom(dic.Get)
+	var provider interfaces.SecretProvider
 
-	// attempt to create a new SecretProvider client only if security is enabled.
-	if p.IsSecurityEnabled() {
+	switch secret.IsSecurityEnabled() {
+	case true:
+		// attempt to create a new Secure client only if security is enabled.
 		var err error
 
-		p.lc.Info("Creating SecretClient")
+		lc.Info("Creating SecretClient")
 
-		secretStoreConfig := p.configuration.GetBootstrap().SecretStore
+		secretStoreConfig := configuration.GetBootstrap().SecretStore
 
 		for startupTimer.HasNotElapsed() {
 			var secretConfig types.SecretConfig
 
-			p.lc.Info("Reading secret store configuration and authentication token")
+			lc.Info("Reading secret store configuration and authentication token")
 
-			secretConfig, err = p.getSecretConfig(secretStoreConfig, dic)
+			tokenLoader := container.AuthTokenLoaderFrom(dic.Get)
+			if tokenLoader == nil {
+				tokenLoader = authtokenloader.NewAuthTokenLoader(fileioperformer.NewDefaultFileIoPerformer())
+			}
+
+			secretConfig, err = getSecretConfig(secretStoreConfig, tokenLoader)
 			if err == nil {
+				secureProvider := secret.NewSecureProvider(configuration, lc, tokenLoader)
 				var secretClient secrets.SecretClient
 
-				p.lc.Info("Attempting to create secret client")
-				secretClient, err = secrets.NewClient(ctx, secretConfig, p.lc, p.defaultTokenExpiredCallback)
+				lc.Info("Attempting to create secret client")
+				secretClient, err = secrets.NewClient(ctx, secretConfig, lc, secureProvider.DefaultTokenExpiredCallback)
 				if err == nil {
-					p.secretClient = secretClient
-					p.lc.Info("Created SecretClient")
+					secureProvider.SetClient(secretClient)
+					provider = secureProvider
+					lc.Info("Created SecretClient")
 					break
 				}
 			}
 
-			p.lc.Warn(fmt.Sprintf("Retryable failure while creating SecretClient: %s", err.Error()))
+			lc.Warn(fmt.Sprintf("Retryable failure while creating SecretClient: %s", err.Error()))
 			startupTimer.SleepForInterval()
 		}
 
 		if err != nil {
-			p.lc.Error(fmt.Sprintf("unable to create SecretClient: %s", err.Error()))
+			lc.Error(fmt.Sprintf("unable to create SecretClient: %s", err.Error()))
 			return false
 		}
+
+	case false:
+		provider = secret.NewInsecureProvider(configuration, lc)
 	}
 
 	dic.Update(di.ServiceConstructorMap{
 		container.SecretProviderName: func(get di.Get) interface{} {
-			return p
+			return provider
 		},
 	})
 
@@ -87,7 +101,7 @@ func (p *Provider) BootstrapHandler(
 
 // getSecretConfig creates a SecretConfig based on the SecretStoreInfo configuration properties.
 // If a token file is present it will override the Authentication.AuthToken value.
-func (p *Provider) getSecretConfig(secretStoreInfo config.SecretStoreInfo, dic *di.Container) (types.SecretConfig, error) {
+func getSecretConfig(secretStoreInfo config.SecretStoreInfo, tokenLoader authtokenloader.AuthTokenLoader) (types.SecretConfig, error) {
 	secretConfig := types.SecretConfig{
 		Host:                    secretStoreInfo.Host,
 		Port:                    secretStoreInfo.Port,
@@ -101,25 +115,15 @@ func (p *Provider) getSecretConfig(secretStoreInfo config.SecretStoreInfo, dic *
 		RetryWaitPeriod:         secretStoreInfo.RetryWaitPeriod,
 	}
 
-	if !p.IsSecurityEnabled() || secretStoreInfo.TokenFile == "" {
+	if !secret.IsSecurityEnabled() || secretStoreInfo.TokenFile == "" {
 		return secretConfig, nil
 	}
 
-	// only bother getting a token if security is enabled and the configuration-provided token file is not empty.
-	fileIoPerformer := container.FileIoPerformerFrom(dic.Get)
-	if fileIoPerformer == nil {
-		fileIoPerformer = fileioperformer.NewDefaultFileIoPerformer()
-	}
-
-	tokenLoader := container.AuthTokenLoaderFrom(dic.Get)
-	if tokenLoader == nil {
-		tokenLoader = authtokenloader.NewAuthTokenLoader(fileIoPerformer)
-	}
-
 	token, err := tokenLoader.Load(secretStoreInfo.TokenFile)
 	if err != nil {
 		return secretConfig, err
 	}
+
 	secretConfig.Authentication.AuthToken = token
 	return secretConfig, nil
 }