minor refactoring (#1010)

Signed-off-by: Volkan Özçelik <[email protected]>
vmware-tanzu · Jun 24, 2024 · 1aa876f · 1aa876f
1 parent 89327d4
commit 1aa876f
Show file tree

Hide file tree

Showing 14 changed files with 106 additions and 209 deletions.
diff --git a/app/init_container/cmd/main.go b/app/init_container/cmd/main.go
@@ -34,8 +34,7 @@ func main() {
 	// Wait for a specified duration before exiting the init container.
 	// This can be useful when you want things to reconcile before
 	// starting the main container.
-	d := env.WaitBeforeExitForInitContainer()
-	go startup.Watch(d)
+	go startup.Watch(env.WaitBeforeExitForInitContainer())
 
 	// Block the process from exiting, but also be graceful and honor the
 	// termination signals that may come from the orchestrator.

diff --git a/app/inspector/cmd/main.go b/app/inspector/cmd/main.go
@@ -33,6 +33,6 @@ func main() {
 		return
 	}
 
-	// d.Data is a collection of VSecM secrets.
+	// d.Data is a serialized collection of VSecM secrets.
 	fmt.Println(d.Data)
 }
diff --git a/app/safe/internal/bootstrap/bootstrap.go b/app/safe/internal/bootstrap/bootstrap.go
@@ -18,13 +18,11 @@ import (
 
 	"github.com/spiffe/go-spiffe/v2/workloadapi"
 
-	"github.com/vmware-tanzu/secrets-manager/app/safe/internal/state/queue"
 	"github.com/vmware-tanzu/secrets-manager/core/constants/key"
 	"github.com/vmware-tanzu/secrets-manager/core/constants/val"
 	"github.com/vmware-tanzu/secrets-manager/core/crypto"
 	"github.com/vmware-tanzu/secrets-manager/core/env"
 	log "github.com/vmware-tanzu/secrets-manager/core/log/std"
-	"github.com/vmware-tanzu/secrets-manager/core/probe"
 	"github.com/vmware-tanzu/secrets-manager/core/validation"
 )
 
@@ -83,16 +81,7 @@ func Monitor(
 				correlationId,
 				"remaining operations before ready:", counter)
 			if counter == 0 {
-				queue.Initialize()
-				log.DebugLn(
-					correlationId,
-					"Creating readiness probe.")
-
-				<-probe.CreateReadiness()
-
-				log.AuditLn(
-					correlationId,
-					"VSecM Safe is ready to serve.")
+				completeInitialization(correlationId)
 			}
 		// Updated the root key:
 		case <-channels.UpdatedSecret:
@@ -102,16 +91,7 @@ func Monitor(
 				correlationId,
 				"remaining operations before ready:", counter)
 			if counter == 0 {
-				queue.Initialize()
-				log.DebugLn(
-					correlationId,
-					"Creating readiness probe.")
-
-				<-probe.CreateReadiness()
-
-				log.AuditLn(
-					correlationId,
-					"VSecM Safe is ready to serve.")
+				completeInitialization(correlationId)
 			}
 		// VSecM Safe REST API is ready to serve:
 		case <-channels.ServerStarted:
@@ -121,17 +101,7 @@ func Monitor(
 				correlationId,
 				"remaining operations before ready:", counter)
 			if counter == 0 {
-				// Start all background jobs.
-				queue.Initialize()
-				log.DebugLn(
-					correlationId,
-					"Creating readiness probe.")
-
-				<-probe.CreateReadiness()
-
-				log.AuditLn(
-					correlationId,
-					"VSecM Safe is ready to serve.")
+				completeInitialization(correlationId)
 			}
 		// Things didn't start in a timely manner:
 		case <-timedOut:

diff --git a/app/safe/internal/bootstrap/init.go b/app/safe/internal/bootstrap/init.go
@@ -0,0 +1,26 @@
+/*
+|    Protect your secrets, protect your sensitive data.
+:    Explore VMware Secrets Manager docs at https://vsecm.com/
+</
+<>/  keep your secrets... secret
+>/
+<>/' Copyright 2023-present VMware Secrets Manager contributors.
+>/'  SPDX-License-Identifier: BSD-2-Clause
+*/
+
+package bootstrap
+
+import (
+	"github.com/vmware-tanzu/secrets-manager/app/safe/internal/state/queue"
+	log "github.com/vmware-tanzu/secrets-manager/core/log/std"
+	"github.com/vmware-tanzu/secrets-manager/core/probe"
+)
+
+func completeInitialization(correlationId *string) {
+	queue.Initialize()
+	log.DebugLn(correlationId, "Creating readiness probe.")
+
+	<-probe.CreateReadiness()
+
+	log.AuditLn(correlationId, "VSecM Safe is ready to serve.")
+}
diff --git a/app/safe/internal/bootstrap/init_test.go b/app/safe/internal/bootstrap/init_test.go
@@ -0,0 +1,11 @@
+/*
+|    Protect your secrets, protect your sensitive data.
+:    Explore VMware Secrets Manager docs at https://vsecm.com/
+</
+<>/  keep your secrets... secret
+>/
+<>/' Copyright 2023-present VMware Secrets Manager contributors.
+>/'  SPDX-License-Identifier: BSD-2-Clause
+*/
+
+package bootstrap
diff --git a/app/safe/internal/server/handle/handle.go b/app/safe/internal/server/handle/handle.go
@@ -11,6 +11,7 @@
 package handle
 
 import (
+	routeFallback "github.com/vmware-tanzu/secrets-manager/app/safe/internal/server/route/fallback"
 	"net/http"
 
 	"github.com/spiffe/go-spiffe/v2/workloadapi"
@@ -40,9 +41,10 @@ func InitializeRoutes(source *workloadapi.X509Source) {
 		id, err := s.IdFromRequest(r)
 
 		if err != nil {
-			log.WarnLn(
-				&cid,
-				"Handler: blocking insecure svid", id, err)
+			log.WarnLn(&cid, "Handler: blocking insecure svid", id, err)
+
+			routeFallback.Fallback(cid, r, w)
+
 			return
 		}
 
@@ -54,34 +56,6 @@ func InitializeRoutes(source *workloadapi.X509Source) {
 			&cid,
 			"Handler: got svid:", sid, "path", p, "method", m)
 
-		switch {
-		case routeSentinelGetKeystone(cid, r, w):
-			log.TraceLn(&cid, "InitializeRoutes:Handler:routeSentinelGetKeystone")
-			return
-		case routeSentinelGetSecrets(cid, r, w):
-			log.TraceLn(&cid, "InitializeRoutes:Handler:routeSentinelGetSecrets")
-			return
-		case routeSentinelGetSecretsReveal(cid, r, w):
-			log.TraceLn(&cid, "InitializeRoutes:Handler:routeSentinelGetSecretsReveal")
-			return
-		case routeSentinelPostSecrets(cid, r, w):
-			log.TraceLn(&cid, "InitializeRoutes:Handler:routeSentinelPostSecrets")
-			return
-		case routeSentinelDeleteSecrets(cid, r, w):
-			log.TraceLn(&cid, "InitializeRoutes:Handler:routeSentinelDeleteSecrets")
-			return
-		case routeSentinelPostKeys(cid, r, w):
-			log.TraceLn(&cid, "InitializeRoutes:Handler:routeSentinelPostKeys")
-			return
-		case routeWorkloadGetSecrets(cid, r, w):
-			log.TraceLn(&cid, "InitializeRoutes:Handler:routeWorkloadGetSecrets")
-			return
-		case routeWorkloadPostSecrets(cid, r, w):
-			log.TraceLn(&cid, "InitializeRoutes:Handler:routeWorkloadPostSecrets")
-			return
-		}
-
-		log.TraceLn(&cid, "InitializeRoutes:Handler:routeFallback")
-		routeFallback(cid, r, w)
+		route(cid, r, w)
 	})
 }
diff --git a/app/safe/internal/server/handle/route.go b/app/safe/internal/server/handle/route.go
@@ -11,7 +11,7 @@
 package handle
 
 import (
-	"io"
+	routeFallback "github.com/vmware-tanzu/secrets-manager/app/safe/internal/server/route/fallback"
 	"net/http"
 
 	routeDelete "github.com/vmware-tanzu/secrets-manager/app/safe/internal/server/route/delete"
@@ -21,155 +21,42 @@ import (
 	routeReceive "github.com/vmware-tanzu/secrets-manager/app/safe/internal/server/route/receive"
 	routeSecret "github.com/vmware-tanzu/secrets-manager/app/safe/internal/server/route/secret"
 	"github.com/vmware-tanzu/secrets-manager/core/constants/url"
-	log "github.com/vmware-tanzu/secrets-manager/core/log/std"
 )
 
-func routeSentinelGetKeystone(
-	cid string, r *http.Request, w http.ResponseWriter,
-) bool {
-	p := r.URL.Path
-	m := r.Method
-
-	// Return the current state of the Keystone secret.
-	// Either "initialized", or "pending"
-	if m == http.MethodGet && p == url.SentinelKeystone {
-		log.DebugLn(&cid, "Handler:routeSentinelGetKeystone")
-		routeKeystone.Status(cid, w, r)
-
-		return true
-	}
-
-	return false
-}
-
-func routeSentinelGetSecrets(
-	cid string, r *http.Request, w http.ResponseWriter,
-) bool {
-	p := r.URL.Path
-	m := r.Method
-
-	// Route to list secrets.
-	// Only VSecM Sentinel is allowed to call this API endpoint.
-	// Calling it from anywhere else will error out.
-	if m == http.MethodGet && p == url.SentinelSecrets {
-		log.DebugLn(&cid, "Handler:routeSentinelGetSecrets")
-		routeList.Masked(cid, w, r)
-
-		return true
-	}
-
-	return false
-}
-
-func routeSentinelGetSecretsReveal(
-	cid string, r *http.Request, w http.ResponseWriter,
-) bool {
-	p := r.URL.Path
-	m := r.Method
-
-	if m == http.MethodGet && p == url.SentinelSecretsWithReveal {
-		log.DebugLn(&cid, "Handler:routeSentinelGetSecretsReveal")
-		routeList.Encrypted(cid, w, r)
-
-		return true
-	}
-
-	return false
-}
-
-func routeSentinelPostSecrets(
-	cid string, r *http.Request, w http.ResponseWriter,
-) bool {
-	p := r.URL.Path
-	m := r.Method
-
-	// Route to add secrets to VSecM Safe.
-	// Only VSecM Sentinel is allowed to call this API endpoint.
-	// Calling it from anywhere else will error out.
-	if m == http.MethodPost && p == url.SentinelSecrets {
-		log.DebugLn(&cid, "Handler:routeSentinelPostSecrets")
-		routeSecret.Secret(cid, w, r)
-
-		return true
-	}
-
-	return false
-}
-
-func routeSentinelDeleteSecrets(
-	cid string, r *http.Request, w http.ResponseWriter,
-) bool {
-	p := r.URL.Path
-	m := r.Method
+type handler func(string, *http.Request, http.ResponseWriter)
 
+func factory(p, m string) handler {
+	switch {
+	case m == http.MethodGet && p == url.SentinelKeystone:
+		return routeKeystone.Status
+	case m == http.MethodGet && p == url.SentinelSecretsWithReveal:
+		return routeList.Encrypted
+	case m == http.MethodPost && p == url.SentinelSecrets:
+		return routeSecret.Secret
 	// Route to delete secrets from VSecM Safe.
 	// Only VSecM Sentinel is allowed to call this API endpoint.
 	// Calling it from anywhere else will error out.
-	if m == http.MethodDelete && p == url.SentinelSecrets {
-		log.DebugLn(&cid, "Handler:routeSentinelDeleteSecrets")
-		routeDelete.Delete(cid, w, r)
-
-		return true
-	}
-
-	return false
-}
-
-func routeSentinelPostKeys(
-	cid string, r *http.Request, w http.ResponseWriter,
-) bool {
-	p := r.URL.Path
-	m := r.Method
-
+	case m == http.MethodDelete && p == url.SentinelSecrets:
+		return routeDelete.Delete
 	// Route to define the root key.
 	// Only VSecM Sentinel is allowed to call this API endpoint.
-	if m == http.MethodPost && p == url.SentinelKeys {
-		log.DebugLn(&cid, "Handler:routeSentinelPostKeys")
-		routeReceive.Keys(cid, w, r)
-
-		return true
-	}
-
-	return false
-}
-
-func routeWorkloadGetSecrets(
-	cid string, r *http.Request, w http.ResponseWriter,
-) bool {
-	p := r.URL.Path
-	m := r.Method
-
+	case m == http.MethodPost && p == url.SentinelKeys:
+		return routeReceive.Keys
 	// Route to fetch secrets.
 	// Only a VSecM-nominated workload is allowed to
 	// call this API endpoint. Calling it from anywhere else will
 	// error out.
-	if m == http.MethodGet && p == url.WorkloadSecrets {
-		log.DebugLn(&cid, "Handler:routeWorkloadGetSecrets")
-		routeFetch.Fetch(cid, w, r)
-
-		return true
+	case m == http.MethodGet && p == url.WorkloadSecrets:
+		return routeFetch.Fetch
+	case m == http.MethodPost && p == url.WorkloadSecrets:
+		panic("routeWorkloadPostSecrets not implemented")
+	default:
+		return routeFallback.Fallback
 	}
-
-	return false
 }
 
-func routeWorkloadPostSecrets(
-	cid string, r *http.Request, w http.ResponseWriter,
-) bool {
-	log.DebugLn(&cid,
-		"Handler:routeWorkloadPostSecrets: will post", r.Method, r.URL.Path)
-
-	panic("routeWorkloadPostSecrets not implemented")
-}
-
-func routeFallback(
+func route(
 	cid string, r *http.Request, w http.ResponseWriter,
 ) {
-	log.DebugLn(&cid, "Handler: route mismatch:", r.RequestURI)
-
-	w.WriteHeader(http.StatusBadRequest)
-	_, err := io.WriteString(w, "")
-	if err != nil {
-		log.WarnLn(&cid, "Problem writing response:", err.Error())
-	}
+	factory(r.URL.Path, r.Method)(cid, r, w)
 }
diff --git a/app/safe/internal/server/route/delete/delete.go b/app/safe/internal/server/route/delete/delete.go
@@ -39,7 +39,7 @@ import (
 //   - spiffeid: A string representing the SPIFFE ID of the client making the
 //     request.
 func Delete(
-	cid string, w http.ResponseWriter, r *http.Request,
+	cid string, r *http.Request, w http.ResponseWriter,
 ) {
 	spiffeid := s.IdAsString(r)