Updates and Improvements (#963)

* moved docs Signed-off-by: Volkan Özçelik <[email protected]> * go version upgrade Signed-off-by: Volkan Özçelik <[email protected]> * fmt Signed-off-by: Volkan Özçelik <[email protected]> * test fix Signed-off-by: Volkan Özçelik <[email protected]> * WIP Signed-off-by: Volkan Özçelik <[email protected]> * signature changes Signed-off-by: Volkan Özçelik <[email protected]> * fix build error Signed-off-by: Volkan Özçelik <[email protected]> * fixes Signed-off-by: Volkan Özçelik <[email protected]> * fix build errors Signed-off-by: Volkan Özçelik <[email protected]> * commit before last stable Signed-off-by: Volkan Özçelik <[email protected]> * updates before last stable Signed-off-by: Volkan Özçelik <[email protected]> * update before last passing integration test Signed-off-by: Volkan Özçelik <[email protected]> * build fix Signed-off-by: Volkan Özçelik <[email protected]> * commit after lastworking Signed-off-by: Volkan Özçelik <[email protected]> * update after last passing integration test Signed-off-by: Volkan Özçelik <[email protected]> * changes after last successful integration test run Signed-off-by: Volkan Özçelik <[email protected]> * dependency update Signed-off-by: Volkan Özçelik <[email protected]> * changes after last known passing integration test Signed-off-by: Volkan Özçelik <[email protected]> * changes after the last successful integration test Signed-off-by: Volkan Özçelik <[email protected]> * update after last succesful inetgration test Signed-off-by: Volkan Özçelik <[email protected]> * build fix Signed-off-by: Volkan Özçelik <[email protected]> * buildfix Signed-off-by: Volkan Özçelik <[email protected]> * update after last successful integration run Signed-off-by: Volkan Özçelik <[email protected]> * secret population logic Signed-off-by: Volkan Özçelik <[email protected]> * remove side effect from isSentinel Signed-off-by: Volkan Özçelik <[email protected]> * update after last successful build Signed-off-by: Volkan Özçelik <[email protected]> * hopefully, last commit Signed-off-by: Volkan Özçelik <[email protected]> --------- Signed-off-by: Volkan Özçelik <[email protected]> Signed-off-by: Volkan Özçelik <[email protected]>
vmware-tanzu · May 17, 2024 · 1bfdbb6 · 1bfdbb6
1 parent 564db67
commit 1bfdbb6
Show file tree

Hide file tree

Showing 368 changed files with 8,138 additions and 11,676 deletions.
diff --git a/app/init_container/cmd/main.go b/app/init_container/cmd/main.go
@@ -11,6 +11,7 @@
 package main
 
 import (
+	"github.com/vmware-tanzu/secrets-manager/core/constants"
 	"github.com/vmware-tanzu/secrets-manager/core/crypto"
 	"github.com/vmware-tanzu/secrets-manager/core/env"
 	log "github.com/vmware-tanzu/secrets-manager/core/log/std"
@@ -22,9 +23,11 @@ func main() {
 	id := crypto.Id()
 
 	//Print the diagnostic information about the environment.
-	envVarsToPrint := []string{"APP_VERSION", "VSECM_LOG_LEVEL",
-		"VSECM_SAFE_ENDPOINT_URL"}
-	log.PrintEnvironmentInfo(&id, envVarsToPrint)
+	log.PrintEnvironmentInfo(&id, []string{
+		string(constants.AppVersion),
+		string(constants.VSecMLogLevel),
+		string(constants.VSecMSafeEndpointUrl),
+	})
 
 	log.InfoLn(&id, "Starting VSecM Init Container")
 

diff --git a/app/inspector/cmd/main.go b/app/inspector/cmd/main.go
@@ -11,6 +11,8 @@
 package main
 
 import (
+	"fmt"
+
 	"github.com/vmware-tanzu/secrets-manager/core/system"
 	"github.com/vmware-tanzu/secrets-manager/sdk/sentry"
 )
@@ -21,15 +23,15 @@ func main() {
 	// Fetch the secret from the VSecM Safe.
 	d, err := sentry.Fetch()
 	if err != nil {
-		println("Err:", err.Error())
+		fmt.Println("Err:", err.Error())
 		return
 	}
 
 	if d.Data == "" {
-		println("<nil>")
+		fmt.Println("<nil>")
 		return
 	}
 
 	// d.Data is a collection of VSecM secrets.
-	println(d.Data)
+	fmt.Println(d.Data)
 }
diff --git a/app/keygen/cmd/decrypt.go b/app/keygen/cmd/decrypt.go
@@ -21,15 +21,15 @@ import (
 	"github.com/vmware-tanzu/secrets-manager/core/env"
 )
 
-func secrets() entity.SecretStringTimeListResponse {
+func secrets() entity.SecretEncryptedListResponse {
 	p := env.ExportedSecretPathForKeyGen()
 
 	content, err := os.ReadFile(p)
 	if err != nil {
 		log.Fatalf("Error reading file: %v", err)
 	}
 
-	var secrets entity.SecretStringTimeListResponse
+	var secrets entity.SecretEncryptedListResponse
 
 	err = json.Unmarshal(content, &secrets)
 	if err != nil {
@@ -44,24 +44,24 @@ func printDecryptedKeys() {
 
 	algorithm := ss.Algorithm
 
-	println("Algorithm:", algorithm)
-	println("---")
+	fmt.Println("Algorithm:", algorithm)
+	fmt.Println("---")
 	for _, secret := range ss.Secrets {
-		println("Name:", secret.Name)
+		fmt.Println("Name:", secret.Name)
 
 		values := secret.EncryptedValue
 
 		for i, v := range values {
 			dv, err := crypto.Decrypt([]byte(v), algorithm)
 			if err != nil {
-				println("Error decrypting value:", err.Error())
+				fmt.Println("Error decrypting value:", err.Error())
 				continue
 			}
 			fmt.Printf("Value[%d]: %s\n", i, dv)
 		}
 
-		println("Created:", secret.Created)
-		println("Updated:", secret.Updated)
-		println("---")
+		fmt.Println("Created:", secret.Created.String())
+		fmt.Println("Updated:", secret.Updated.String())
+		fmt.Println("---")
 	}
 }
diff --git a/app/keygen/cmd/generate.go b/app/keygen/cmd/generate.go
@@ -11,19 +11,23 @@
 package main
 
 import (
+	"fmt"
+
 	"github.com/vmware-tanzu/secrets-manager/core/crypto"
 )
 
 func printGeneratedKeys() {
-	privateKey, publicKey, aesSeed, err := crypto.GenerateKeys()
+	rkt, err := crypto.NewRootKeyCollection()
 
 	if err != nil {
-		println("Failed to generate keys:")
-		println(err.Error())
+		fmt.Println()
+		fmt.Println("Failed to generate keys:")
+		fmt.Println(err.Error())
+		fmt.Println()
 		return
 	}
 
-	println()
-	println(crypto.CombineKeys(privateKey, publicKey, aesSeed))
-	println()
+	fmt.Println()
+	fmt.Println(rkt.Combine())
+	fmt.Println()
 }
diff --git a/app/keygen/cmd/main.go b/app/keygen/cmd/main.go
@@ -11,6 +11,7 @@
 package main
 
 import (
+	"github.com/vmware-tanzu/secrets-manager/core/constants"
 	"github.com/vmware-tanzu/secrets-manager/core/crypto"
 	"github.com/vmware-tanzu/secrets-manager/core/env"
 	log "github.com/vmware-tanzu/secrets-manager/core/log/std"
@@ -20,10 +21,11 @@ func main() {
 	id := crypto.Id()
 
 	//Print the diagnostic information about the environment.
-	envVarsToPrint := []string{
-		"APP_VERSION", "VSECM_LOG_LEVEL", "VSECM_KEYGEN_DECRYPT",
-	}
-	log.PrintEnvironmentInfo(&id, envVarsToPrint)
+	log.PrintEnvironmentInfo(&id, []string{
+		string(constants.AppVersion),
+		string(constants.VSecMLogLevel),
+		string(constants.VSecMKeyGenDecryptMode),
+	})
 
 	if env.KeyGenDecrypt() {
 		printDecryptedKeys()

diff --git a/app/keystone/cmd/main.go b/app/keystone/cmd/main.go
@@ -15,6 +15,7 @@ import (
 	sys "log"
 	"os"
 
+	"github.com/vmware-tanzu/secrets-manager/core/constants"
 	"github.com/vmware-tanzu/secrets-manager/core/crypto"
 	log "github.com/vmware-tanzu/secrets-manager/core/log/std"
 	"github.com/vmware-tanzu/secrets-manager/core/system"
@@ -24,12 +25,11 @@ func main() {
 	id := crypto.Id()
 
 	//Print the diagnostic information about the environment.
-	envVarsToPrint := []string{"APP_VERSION"}
-	log.PrintEnvironmentInfo(&id, envVarsToPrint)
+	log.PrintEnvironmentInfo(&id, []string{string(constants.AppVersion)})
 
 	sys.Println(
 		"VSecM Keystone",
-		fmt.Sprintf("v%s", os.Getenv("APP_VERSION")),
+		fmt.Sprintf("v%s", os.Getenv(string(constants.AppVersion))),
 	)
 
 	// Run on the main thread to wait forever.

diff --git a/app/safe/cmd/main.go b/app/safe/cmd/main.go
@@ -17,6 +17,7 @@ import (
 
 	"github.com/vmware-tanzu/secrets-manager/app/safe/internal/bootstrap"
 	server "github.com/vmware-tanzu/secrets-manager/app/safe/internal/server/engine"
+	"github.com/vmware-tanzu/secrets-manager/core/constants"
 	"github.com/vmware-tanzu/secrets-manager/core/crypto"
 	log "github.com/vmware-tanzu/secrets-manager/core/log/std"
 	"github.com/vmware-tanzu/secrets-manager/core/probe"
@@ -26,13 +27,13 @@ func main() {
 	id := crypto.Id()
 
 	//Print the diagnostic information about the environment.
-	envVarsToPrint := []string{"APP_VERSION", "VSECM_LOG_LEVEL",
-		"VSECM_SAFE_FIPS_COMPLIANT", "VSECM_SAFE_SPIFFEID_PREFIX",
-		"VSECM_SAFE_TLS_PORT", "VSECM_SAFE_REMOVE_LINKED_K8S_SECRETS"}
-	log.PrintEnvironmentInfo(&id, envVarsToPrint)
+	log.PrintEnvironmentInfo(&id, []string{
+		string(constants.AppVersion),
+		string(constants.VSecMLogLevel),
+	})
 
 	ctx, cancel := context.WithCancel(
-		context.WithValue(context.Background(), "correlationId", &id),
+		context.WithValue(context.Background(), constants.CorrelationId, &id),
 	)
 	defer cancel()
 
@@ -62,11 +63,12 @@ func main() {
 	go bootstrap.NotifyTimeout(timedOut)
 
 	// Create initial cryptographic seeds off-cycle.
-	go bootstrap.CreateCryptoKey(&id, updatedSecret)
+	go bootstrap.CreateRootKey(&id, updatedSecret)
 
 	// App is alive; however, not yet ready to accept connections.
 	go probe.CreateLiveness()
 
+	log.InfoLn(&id, "before acquiring source...")
 	source := bootstrap.AcquireSource(ctx, acquiredSvid)
 	defer func(s *workloadapi.X509Source) {
 		if s == nil {