addressed comments.

Author: Skarlso

cmd/gaia/main.go

@@ -134,7 +134,7 @@ func main() {
 	}
 
 	// Setup CA for cerificate signing
-	_, err = security.InitCA()
+	cert, err := security.InitCA()
 	if err != nil {
 		gaia.Cfg.Logger.Error("cannot create CA", "error", err.Error())
 		os.Exit(1)
@@ -175,7 +175,7 @@ func main() {
 		// Set default to data folder
 		gaia.Cfg.VaultPath = gaia.Cfg.DataPath
 	}
-	_, err = security.NewVault()
+	_, err = security.NewVault(cert)
 	if err != nil {
 		gaia.Cfg.Logger.Error("error initiating vault")
 		os.Exit(1)

frontend/client/store/modules/menu/index.js

@@ -22,21 +22,21 @@ const state = {
       },
       component: lazyLoading('pipeline/create')
     },
-    {
-      name: 'Settings',
-      path: '/settings',
-      meta: {
-        icon: 'fa-cogs'
-      },
-      component: lazyLoading('settings', true)
-    },
     {
       name: 'Vault',
       path: '/vault',
       meta: {
         icon: 'fa-lock'
       },
       component: lazyLoading('vault', true)
+    },
+    {
+      name: 'Settings',
+      path: '/settings',
+      meta: {
+        icon: 'fa-cogs'
+      },
+      component: lazyLoading('settings', true)
     }
   ]
 }

handlers/vault.go

@@ -5,7 +5,6 @@ import (
 
 	"github.com/gaia-pipeline/gaia/security"
 
-	"github.com/gaia-pipeline/gaia"
 	"github.com/labstack/echo"
 )
 
@@ -24,26 +23,25 @@ func UpdateSecret(c echo.Context) error {
 	s := new(updateSecret)
 	err := c.Bind(s)
 	if err != nil {
-		gaia.Cfg.Logger.Error("error reading secret", "error", err.Error())
 		return c.String(http.StatusBadRequest, err.Error())
 	}
-	v, err := security.NewVault()
+	cert, err := security.InitCA()
+	if err != nil {
+		return c.String(http.StatusInternalServerError, err.Error())
+	}
+	v, err := security.NewVault(cert)
 	if err != nil {
-		gaia.Cfg.Logger.Error("error initializing vault", "error", err.Error())
 		return c.String(http.StatusInternalServerError, err.Error())
 	}
 	err = v.LoadSecrets()
 	if err != nil {
-		gaia.Cfg.Logger.Error("error opening vault", "error", err.Error())
 		return c.String(http.StatusInternalServerError, err.Error())
 	}
 	v.Add(s.Key, []byte(s.Value))
 	err = v.SaveSecrets()
 	if err != nil {
-		gaia.Cfg.Logger.Error("error saving vault", "error", err.Error())
 		return c.String(http.StatusInternalServerError, err.Error())
 	}
-	gaia.Cfg.Logger.Info("secret successfully updated")
 	return c.String(http.StatusOK, "secret successfully updated")
 }
 
@@ -52,40 +50,41 @@ func AddSecret(c echo.Context) error {
 	s := new(secret)
 	err := c.Bind(s)
 	if err != nil {
-		gaia.Cfg.Logger.Error("error reading secret", "error", err.Error())
 		return c.String(http.StatusBadRequest, err.Error())
 	}
-	v, err := security.NewVault()
+	cert, err := security.InitCA()
+	if err != nil {
+		return c.String(http.StatusInternalServerError, err.Error())
+	}
+	v, err := security.NewVault(cert)
 	if err != nil {
-		gaia.Cfg.Logger.Error("error initializing vault", "error", err.Error())
 		return c.String(http.StatusInternalServerError, err.Error())
 	}
 	err = v.LoadSecrets()
 	if err != nil {
-		gaia.Cfg.Logger.Error("error opening vault", "error", err.Error())
 		return c.String(http.StatusInternalServerError, err.Error())
 	}
 	v.Add(s.Key, []byte(s.Value))
 	err = v.SaveSecrets()
 	if err != nil {
-		gaia.Cfg.Logger.Error("error saving vault", "error", err.Error())
 		return c.String(http.StatusInternalServerError, err.Error())
 	}
-	gaia.Cfg.Logger.Info("secret successfully added")
-	return c.String(http.StatusOK, "secret successfully added")
+	return c.String(http.StatusCreated, "secret successfully added")
 }
 
 // ListSecrets retrieves all secrets from the vault.
 func ListSecrets(c echo.Context) error {
 	secrets := make([]secret, 0)
-	v, err := security.NewVault()
+	cert, err := security.InitCA()
+	if err != nil {
+		return c.String(http.StatusInternalServerError, err.Error())
+	}
+	v, err := security.NewVault(cert)
 	if err != nil {
-		gaia.Cfg.Logger.Error("error initializing vault", "error", err.Error())
 		return c.String(http.StatusInternalServerError, err.Error())
 	}
 	err = v.LoadSecrets()
 	if err != nil {
-		gaia.Cfg.Logger.Error("error opening vault", "error", err.Error())
 		return c.String(http.StatusInternalServerError, err.Error())
 	}
 	kvs := v.GetAll()
@@ -102,20 +101,21 @@ func RemoveSecret(c echo.Context) error {
 	if key == "" {
 		return c.String(http.StatusBadRequest, "invalid key given")
 	}
-	v, err := security.NewVault()
+	cert, err := security.InitCA()
+	if err != nil {
+		return c.String(http.StatusInternalServerError, err.Error())
+	}
+	v, err := security.NewVault(cert)
 	if err != nil {
-		gaia.Cfg.Logger.Error("error initializing vault", "error", err.Error())
 		return c.String(http.StatusInternalServerError, err.Error())
 	}
 	err = v.LoadSecrets()
 	if err != nil {
-		gaia.Cfg.Logger.Error("error opening vault", "error", err.Error())
 		return c.String(http.StatusInternalServerError, err.Error())
 	}
 	v.Remove(key)
 	err = v.SaveSecrets()
 	if err != nil {
-		gaia.Cfg.Logger.Error("error opening vault", "error", err.Error())
 		return c.String(http.StatusInternalServerError, err.Error())
 	}
 	return c.String(http.StatusOK, "secret successfully deleted")

security/vault.go

@@ -23,8 +23,8 @@ const (
 
 // Vault is a secret storage for data that gaia needs to store encrypted.
 type Vault struct {
-	Path string
-	Cert []byte
+	path string
+	cert []byte
 	data map[string][]byte
 	sync.RWMutex
 }
@@ -33,7 +33,7 @@ type Vault struct {
 // The format is:
 // KEY=VALUE
 // KEY2=VALUE2
-func NewVault() (*Vault, error) {
+func NewVault(ca *CA) (*Vault, error) {
 	v := new(Vault)
 	// Creating vault file
 	vaultPath := filepath.Join(gaia.Cfg.VaultPath, vaultName)
@@ -47,23 +47,20 @@ func NewVault() (*Vault, error) {
 	}
 
 	// Setting up certificate key content
-	c, err := InitCA()
+	_, certKey := ca.GetCACertPath()
+	data, err := ioutil.ReadFile(certKey)
 	if err != nil {
 		return nil, err
 	}
-	data, err := ioutil.ReadFile(c.caKeyPath)
-	if err != nil {
-		return nil, err
-	}
-	v.Cert = data
-	v.Path = vaultPath
+	v.cert = data
+	v.path = vaultPath
 	v.data = make(map[string][]byte, 0)
 	return v, nil
 }
 
 // LoadSecrets decrypts the contents of the vault and fills up a map of data to work with.
 func (v *Vault) LoadSecrets() error {
-	r, err := ioutil.ReadFile(v.Path)
+	r, err := ioutil.ReadFile(v.path)
 	if err != nil {
 		return err
 	}
@@ -82,12 +79,14 @@ func (v *Vault) SaveSecrets() error {
 	if err != nil {
 		return err
 	}
-	err = ioutil.WriteFile(v.Path, []byte(encryptedData), 0400)
+	err = ioutil.WriteFile(v.path, []byte(encryptedData), 0400)
 	return err
 }
 
 // GetAll returns all keys and values in a copy of the internal data.
 func (v *Vault) GetAll() []string {
+	v.RLock()
+	defer v.RUnlock()
 	m := make([]string, 0)
 	for k := range v.data {
 		m = append(m, k)
@@ -136,7 +135,7 @@ func (v *Vault) encrypt(data []byte) (string, error) {
 		// User has deleted all the secrets. the file will be empty.
 		return "", nil
 	}
-	paddedPassword := v.pad(v.Cert)
+	paddedPassword := v.pad(v.cert)
 	ci := base64.URLEncoding.EncodeToString(paddedPassword)
 	block, err := aes.NewCipher([]byte(ci[:aes.BlockSize]))
 	if err != nil {
@@ -161,7 +160,7 @@ func (v *Vault) decrypt(data []byte) ([]byte, error) {
 		gaia.Cfg.Logger.Info("the vault is empty")
 		return []byte{}, nil
 	}
-	paddedPassword := v.pad(v.Cert)
+	paddedPassword := v.pad(v.cert)
 	ci := base64.URLEncoding.EncodeToString(paddedPassword)
 	block, err := aes.NewCipher([]byte(ci[:aes.BlockSize]))
 	if err != nil {

security/vault_test.go

@@ -22,12 +22,13 @@ func TestNewVault(t *testing.T) {
 		Output: buf,
 		Name:   "Gaia",
 	})
-	v, err := NewVault()
+	c, _ := InitCA()
+	v, err := NewVault(c)
 	if err != nil {
 		t.Fatal(err)
 	}
-	if v.Path != filepath.Join(gaia.Cfg.VaultPath, vaultName) {
-		t.Fatal("file path of vault file did not equal expected. was:", v.Path)
+	if v.path != filepath.Join(gaia.Cfg.VaultPath, vaultName) {
+		t.Fatal("file path of vault file did not equal expected. was:", v.path)
 	}
 }
 
@@ -42,7 +43,8 @@ func TestAddAndGet(t *testing.T) {
 		Output: buf,
 		Name:   "Gaia",
 	})
-	v, err := NewVault()
+	c, _ := InitCA()
+	v, err := NewVault(c)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -64,7 +66,8 @@ func TestCloseLoadSecrets(t *testing.T) {
 		Output: buf,
 		Name:   "Gaia",
 	})
-	v, err := NewVault()
+	c, _ := InitCA()
+	v, err := NewVault(c)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -96,19 +99,20 @@ func TestCloseLoadSecretsWithInvalidPassword(t *testing.T) {
 		Output: buf,
 		Name:   "Gaia",
 	})
-	v, err := NewVault()
+	c, _ := InitCA()
+	v, err := NewVault(c)
 	if err != nil {
 		t.Fatal(err)
 	}
-	v.Cert = []byte("test")
+	v.cert = []byte("test")
 	v.Add("key1", []byte("value1"))
 	v.Add("key2", []byte("value2"))
 	err = v.SaveSecrets()
 	if err != nil {
 		t.Fatal(err)
 	}
 	v.data = make(map[string][]byte, 0)
-	v.Cert = []byte("invalid")
+	v.cert = []byte("invalid")
 	err = v.LoadSecrets()
 	if err == nil {
 		t.Fatal("error should not have been nil.")
@@ -130,21 +134,22 @@ func TestAnExistingVaultFileIsNotOverwritten(t *testing.T) {
 		Output: buf,
 		Name:   "Gaia",
 	})
-	v, err := NewVault()
+	c, _ := InitCA()
+	v, err := NewVault(c)
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.Remove(vaultName)
 	defer os.Remove("ca.crt")
 	defer os.Remove("ca.key")
-	v.Cert = []byte("test")
+	v.cert = []byte("test")
 	v.Add("test", []byte("value"))
 	v.SaveSecrets()
-	v2, _ := NewVault()
-	if v2.Path != v.Path {
-		t.Fatal("paths should have equaled. were: ", v2.Path, v.Path)
+	v2, _ := NewVault(c)
+	if v2.path != v.path {
+		t.Fatal("paths should have equaled. were: ", v2.path, v.path)
 	}
-	v2.Cert = []byte("test")
+	v2.cert = []byte("test")
 	v2.LoadSecrets()
 	if err != nil {
 		t.Fatal(err)
@@ -163,7 +168,8 @@ func TestRemovingFromTheVault(t *testing.T) {
 	gaia.Cfg = &gaia.Config{}
 	gaia.Cfg.VaultPath = tmp
 	gaia.Cfg.CAPath = tmp
-	v, err := NewVault()
+	c, _ := InitCA()
+	v, err := NewVault(c)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -201,7 +207,8 @@ func TestGetAll(t *testing.T) {
 	gaia.Cfg = &gaia.Config{}
 	gaia.Cfg.VaultPath = tmp
 	gaia.Cfg.CAPath = tmp
-	v, err := NewVault()
+	c, _ := InitCA()
+	v, err := NewVault(c)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -226,7 +233,8 @@ func TestEditValueWithAddingItAgain(t *testing.T) {
 	gaia.Cfg = &gaia.Config{}
 	gaia.Cfg.VaultPath = tmp
 	gaia.Cfg.CAPath = tmp
-	v, _ := NewVault()
+	c, _ := InitCA()
+	v, _ := NewVault(c)
 	v.Add("key1", []byte("value1"))
 	v.SaveSecrets()
 	v.data = make(map[string][]byte, 0)