Skip to content

Commit 13df0a5

Browse files
SkarlsoSkarlso
authored
Refactoring the certificate service. (#245)
* Refactoring the certificate service. * Fixed missing cert * Added certificate * Added moar * Left outs * Fixed test
1 parent ec28241 commit 13df0a5

15 files changed

+83
-187
lines changed

handlers/handler.go

+2-1
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,8 @@ func (s *GaiaHandler) InitHandlers(e *echo.Echo) error {
8383
// Worker
8484
// initialize the worker provider
8585
workerProvider := workers.NewWorkerProvider(workers.Dependencies{
86-
Scheduler: s.deps.Scheduler,
86+
Scheduler: s.deps.Scheduler,
87+
Certificate: s.deps.Certificate,
8788
})
8889
e.GET(p+"worker/secret", workerProvider.GetWorkerRegisterSecret)
8990
e.POST(p+"worker/register", workerProvider.RegisterWorker)

handlers/hook_test.go

-5
Original file line numberDiff line numberDiff line change
@@ -61,17 +61,12 @@ func TestHookReceive(t *testing.T) {
6161
VaultPath: dataDir,
6262
HomePath: dataDir,
6363
}
64-
_, err = services.CertificateService()
65-
if err != nil {
66-
t.Fatalf("cannot initialize certificate service: %v", err.Error())
67-
}
6864

6965
m := new(MockVaultStorer)
7066
v, _ := services.VaultService(m)
7167
v.Add("GITHUB_WEBHOOK_SECRET", []byte("superawesomesecretgithubpassword"))
7268
defer func() {
7369
services.MockVaultService(nil)
74-
services.MockCertificateService(nil)
7570
}()
7671
e := echo.New()
7772

handlers/providers/workers/worker_provider.go

+5-2
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,16 @@
11
package workers
22

33
import (
4-
"github.com/gaia-pipeline/gaia/workers/scheduler/service"
54
"github.com/labstack/echo"
5+
6+
"github.com/gaia-pipeline/gaia/security"
7+
"github.com/gaia-pipeline/gaia/workers/scheduler/service"
68
)
79

810
// Dependencies define dependencies which this service needs.
911
type Dependencies struct {
10-
Scheduler service.GaiaScheduler
12+
Scheduler service.GaiaScheduler
13+
Certificate security.CAAPI
1114
}
1215

1316
type workerProvider struct {

handlers/providers/workers/workers.go

+3-8
Original file line numberDiff line numberDiff line change
@@ -71,24 +71,19 @@ func (wp *workerProvider) RegisterWorker(c echo.Context) error {
7171
}
7272

7373
// Generate certificates for worker
74-
cert, err := services.CertificateService()
75-
if err != nil {
76-
gaia.Cfg.Logger.Error("cannot get certificate service", "error", err.Error())
77-
return c.String(http.StatusInternalServerError, "cannot get certificate service")
78-
}
79-
crtPath, keyPath, err := cert.CreateSignedCertWithValidOpts("", hoursBeforeValid, hoursAfterValid)
74+
crtPath, keyPath, err := wp.deps.Certificate.CreateSignedCertWithValidOpts("", hoursBeforeValid, hoursAfterValid)
8075
if err != nil {
8176
gaia.Cfg.Logger.Error("cannot create signed certificate", "error", err.Error())
8277
return c.String(http.StatusInternalServerError, "cannot create signed certificate")
8378
}
8479
defer func() {
85-
if err := cert.CleanupCerts(crtPath, keyPath); err != nil {
80+
if err := wp.deps.Certificate.CleanupCerts(crtPath, keyPath); err != nil {
8681
gaia.Cfg.Logger.Error("failed to remove worker certificates", "error", err)
8782
}
8883
}()
8984

9085
// Get public cert from CA (required for mTLS)
91-
caCertPath, _ := cert.GetCACertPath()
86+
caCertPath, _ := wp.deps.Certificate.GetCACertPath()
9287
caCert, err := ioutil.ReadFile(caCertPath)
9388
if err != nil {
9489
gaia.Cfg.Logger.Error("cannot load CA cert", "error", err.Error())

handlers/service.go

+2
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package handlers
22

33
import (
4+
"github.com/gaia-pipeline/gaia/security"
45
"github.com/gaia-pipeline/gaia/workers/pipeline"
56
"github.com/gaia-pipeline/gaia/workers/scheduler/service"
67
)
@@ -9,6 +10,7 @@ import (
910
type Dependencies struct {
1011
Scheduler service.GaiaScheduler
1112
PipelineService pipeline.Service
13+
Certificate security.CAAPI
1214
}
1315

1416
// GaiaHandler defines handler functions throughout Gaia.

handlers/user_test.go

-9
Original file line numberDiff line numberDiff line change
@@ -100,11 +100,6 @@ func TestDeleteUserNotAllowedForAutoUser(t *testing.T) {
100100
VaultPath: dataDir,
101101
}
102102

103-
_, err := services.CertificateService()
104-
if err != nil {
105-
t.Fatalf("cannot initialize certificate service: %v", err.Error())
106-
}
107-
108103
pipelineService := pipeline.NewGaiaPipelineService(pipeline.Dependencies{
109104
Scheduler: &mockScheduleService{},
110105
})
@@ -165,10 +160,6 @@ func TestResetAutoUserTriggerToken(t *testing.T) {
165160
PipelineService: pipelineService,
166161
})
167162

168-
_, err := services.CertificateService()
169-
if err != nil {
170-
t.Fatalf("cannot initialize certificate service: %v", err.Error())
171-
}
172163
t.Run("reset auto user token", func(t *testing.T) {
173164
user := gaia.User{}
174165
user.Username = "auto"

handlers/vault_test.go

-6
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,6 @@ import (
1111
"github.com/gaia-pipeline/gaia/workers/pipeline"
1212

1313
"github.com/gaia-pipeline/gaia"
14-
"github.com/gaia-pipeline/gaia/services"
1514
"github.com/hashicorp/go-hclog"
1615
"github.com/labstack/echo"
1716
)
@@ -30,11 +29,6 @@ func TestVaultWorkflowAddListDelete(t *testing.T) {
3029
VaultPath: dataDir,
3130
}
3231

33-
_, err := services.CertificateService()
34-
if err != nil {
35-
t.Fatalf("cannot initialize certificate service: %v", err.Error())
36-
}
37-
3832
pipelineService := pipeline.NewGaiaPipelineService(pipeline.Dependencies{
3933
Scheduler: &mockScheduleService{},
4034
})

handlers/workers_test.go

+21-37
Original file line numberDiff line numberDiff line change
@@ -63,19 +63,18 @@ func TestRegisterWorker(t *testing.T) {
6363
DevMode: true,
6464
}
6565

66-
wp := workers.NewWorkerProvider(workers.Dependencies{Scheduler: nil})
6766
// Initialize store
6867
m := &mockStorageService{}
6968
services.MockStorageService(m)
7069
dataStore, _ := services.StorageService()
7170
defer func() { services.MockStorageService(nil) }()
7271

7372
// Initialize certificate store
74-
_, err = services.CertificateService()
73+
ca, err := security.InitCA()
7574
if err != nil {
7675
t.Fatalf("cannot initialize certificate service: %v", err)
7776
}
78-
77+
wp := workers.NewWorkerProvider(workers.Dependencies{Scheduler: nil, Certificate: ca})
7978
// Initialize vault
8079
v, err := services.DefaultVaultService()
8180
if err != nil {
@@ -98,6 +97,7 @@ func TestRegisterWorker(t *testing.T) {
9897
handlerService := NewGaiaHandler(Dependencies{
9998
Scheduler: nil,
10099
PipelineService: nil,
100+
Certificate: ca,
101101
})
102102
// Initialize echo
103103
e := echo.New()
@@ -214,12 +214,6 @@ func TestDeregisterWorker(t *testing.T) {
214214
dataStore, _ := services.StorageService()
215215
defer func() { services.MockStorageService(nil) }()
216216

217-
// Initialize certificate store
218-
_, err = services.CertificateService()
219-
if err != nil {
220-
t.Fatalf("cannot initialize certificate service: %v", err)
221-
}
222-
223217
// Initialize vault
224218
v, err := services.DefaultVaultService()
225219
if err != nil {
@@ -239,16 +233,18 @@ func TestDeregisterWorker(t *testing.T) {
239233
t.Fatal(err)
240234
}
241235

236+
ca, _ := security.InitCA()
242237
handlerService := NewGaiaHandler(Dependencies{
243238
Scheduler: nil,
244239
PipelineService: nil,
240+
Certificate: ca,
245241
})
246242
// Initialize echo
247243
e := echo.New()
248244
if err := handlerService.InitHandlers(e); err != nil {
249245
t.Fatal(err)
250246
}
251-
wp := workers.NewWorkerProvider(workers.Dependencies{Scheduler: nil})
247+
wp := workers.NewWorkerProvider(workers.Dependencies{Scheduler: nil, Certificate: ca})
252248

253249
// Test with non-existing worker
254250
t.Run("non-existing worker", func(t *testing.T) {
@@ -342,12 +338,6 @@ func TestGetWorkerRegisterSecret(t *testing.T) {
342338
DevMode: true,
343339
}
344340

345-
// Initialize certificate store
346-
_, err = services.CertificateService()
347-
if err != nil {
348-
t.Fatalf("cannot initialize certificate service: %v", err)
349-
}
350-
351341
// Initialize vault
352342
v, err := services.DefaultVaultService()
353343
if err != nil {
@@ -360,17 +350,18 @@ func TestGetWorkerRegisterSecret(t *testing.T) {
360350
if err := v.SaveSecrets(); err != nil {
361351
t.Fatal(err)
362352
}
363-
353+
ca, _ := security.InitCA()
364354
handlerService := NewGaiaHandler(Dependencies{
365355
Scheduler: nil,
366356
PipelineService: nil,
357+
Certificate: ca,
367358
})
368359
// Initialize echo
369360
e := echo.New()
370361
if err := handlerService.InitHandlers(e); err != nil {
371362
t.Fatal(err)
372363
}
373-
wp := workers.NewWorkerProvider(workers.Dependencies{Scheduler: nil})
364+
wp := workers.NewWorkerProvider(workers.Dependencies{Scheduler: nil, Certificate: ca})
374365
// Test get global worker secret
375366
t.Run("global secret success", func(t *testing.T) {
376367
req := httptest.NewRequest(echo.GET, "/api/"+gaia.APIVersion+"/worker/secret", nil)
@@ -424,7 +415,7 @@ func TestGetWorkerStatusOverview(t *testing.T) {
424415
defer func() { services.MockStorageService(nil) }()
425416

426417
// Initialize certificate store
427-
ca, err := services.CertificateService()
418+
ca, err := security.InitCA()
428419
if err != nil {
429420
t.Fatalf("cannot initialize certificate service: %v", err)
430421
}
@@ -459,6 +450,7 @@ func TestGetWorkerStatusOverview(t *testing.T) {
459450
handlerService := NewGaiaHandler(Dependencies{
460451
Scheduler: scheduler,
461452
PipelineService: nil,
453+
Certificate: ca,
462454
})
463455
// Initialize echo
464456
e := echo.New()
@@ -469,7 +461,8 @@ func TestGetWorkerStatusOverview(t *testing.T) {
469461
// Test empty worker status overview
470462
{
471463
wp := workers.NewWorkerProvider(workers.Dependencies{
472-
Scheduler: scheduler,
464+
Scheduler: scheduler,
465+
Certificate: ca,
473466
})
474467
req := httptest.NewRequest(echo.GET, "/api/"+gaia.APIVersion+"/worker/status", nil)
475468
req.Header.Set("Content-Type", "application/json")
@@ -509,7 +502,8 @@ func TestGetWorkerStatusOverview(t *testing.T) {
509502
// Test with registered worker
510503
{
511504
wp := workers.NewWorkerProvider(workers.Dependencies{
512-
Scheduler: scheduler,
505+
Scheduler: scheduler,
506+
Certificate: ca,
513507
})
514508
body := registerWorker{
515509
Name: "my-worker",
@@ -593,12 +587,6 @@ func TestGetWorker(t *testing.T) {
593587
dataStore, _ := services.StorageService()
594588
defer func() { services.MockStorageService(nil) }()
595589

596-
// Initialize certificate store
597-
_, err = services.CertificateService()
598-
if err != nil {
599-
t.Fatalf("cannot initialize certificate service: %v", err)
600-
}
601-
602590
// Initialize vault
603591
v, err := services.DefaultVaultService()
604592
if err != nil {
@@ -617,10 +605,11 @@ func TestGetWorker(t *testing.T) {
617605
if err := v.SaveSecrets(); err != nil {
618606
t.Fatal(err)
619607
}
620-
608+
ca, _ := security.InitCA()
621609
handlerService := NewGaiaHandler(Dependencies{
622610
Scheduler: nil,
623611
PipelineService: nil,
612+
Certificate: ca,
624613
})
625614
// Initialize echo
626615
e := echo.New()
@@ -629,7 +618,7 @@ func TestGetWorker(t *testing.T) {
629618
}
630619

631620
t.Run("get worker success", func(t *testing.T) {
632-
wp := workers.NewWorkerProvider(workers.Dependencies{Scheduler: nil})
621+
wp := workers.NewWorkerProvider(workers.Dependencies{Scheduler: nil, Certificate: ca})
633622
workerName := "my-worker"
634623
body := registerWorker{
635624
Name: workerName,
@@ -698,12 +687,6 @@ func TestResetWorkerRegisterSecret(t *testing.T) {
698687
DevMode: true,
699688
}
700689

701-
// Initialize certificate store
702-
_, err = services.CertificateService()
703-
if err != nil {
704-
t.Fatalf("cannot initialize certificate service: %v", err)
705-
}
706-
707690
// Initialize vault
708691
v, err := services.DefaultVaultService()
709692
if err != nil {
@@ -716,17 +699,18 @@ func TestResetWorkerRegisterSecret(t *testing.T) {
716699
if err := v.SaveSecrets(); err != nil {
717700
t.Fatal(err)
718701
}
719-
702+
ca, _ := security.InitCA()
720703
handlerService := NewGaiaHandler(Dependencies{
721704
Scheduler: nil,
722705
PipelineService: nil,
706+
Certificate: ca,
723707
})
724708
// Initialize echo
725709
e := echo.New()
726710
if err := handlerService.InitHandlers(e); err != nil {
727711
t.Fatal(err)
728712
}
729-
wp := workers.NewWorkerProvider(workers.Dependencies{Scheduler: nil})
713+
wp := workers.NewWorkerProvider(workers.Dependencies{Scheduler: nil, Certificate: ca})
730714
// Test reset global worker secret
731715
t.Run("global secret reset success", func(t *testing.T) {
732716
req := httptest.NewRequest(echo.POST, "/api/"+gaia.APIVersion+"/worker/secret", nil)

server/server.go

+5-2
Original file line numberDiff line numberDiff line change
@@ -153,7 +153,7 @@ func Start() (err error) {
153153
}
154154

155155
// Initialize the certificate manager service
156-
ca, err := services.CertificateService()
156+
ca, err := security.InitCA()
157157
if err != nil {
158158
gaia.Cfg.Logger.Error("cannot create CA", "error", err.Error())
159159
return
@@ -253,6 +253,7 @@ func Start() (err error) {
253253
handlerService := handlers.NewGaiaHandler(handlers.Dependencies{
254254
Scheduler: schedulerService,
255255
PipelineService: pipelineService,
256+
Certificate: ca,
256257
})
257258

258259
err = handlerService.InitHandlers(echoInstance)
@@ -269,7 +270,9 @@ func Start() (err error) {
269270

270271
// Start worker gRPC server.
271272
// We need this in both modes (server and worker) for docker worker to run.
272-
workerServer := server.InitWorkerServer()
273+
workerServer := server.InitWorkerServer(server.Dependencies{
274+
Certificate: ca,
275+
})
273276
go func() {
274277
if err := workerServer.Start(); err != nil {
275278
gaia.Cfg.Logger.Error("failed to start gRPC worker server", "error", err)

0 commit comments

Comments
 (0)