chore: change vault constructor visibility

0xPolygonID · Aug 9, 2023 · 64e5343 · 64e5343
1 parent 28d516c
commit 64e5343
Show file tree

Hide file tree

Showing 14 changed files with 42 additions and 23 deletions.
diff --git a/Makefile b/Makefile
@@ -203,8 +203,8 @@ restart-ui-arm: rm-issuer-imgs up run-arm run-ui-arm
 
 
 # usage: make new_password=xxx change-this-default-password
-.PHONY: change-this-default-password
-change-this-default-password:
+.PHONY: change-vault-password
+change-vault-password:
 	docker exec issuer-vault-1 \
 	vault write auth/userpass/users/issuernode password=$(new_password)
 

diff --git a/README.md b/README.md
@@ -195,7 +195,7 @@ the authentication method is recommended for production environments, and it is
 the issuer node contributors team.** Please try to avoid using the root token authentication method.
 
 ```bash
-make new_password=your_new_password change-this-default-password
+make new_password=your_new_password change-vault-password
 ```
 then modify the .env-issuer file with the new password, enable the user and pass authentication method and comment the root token line:
 

diff --git a/cmd/issuer_initializer/main.go b/cmd/issuer_initializer/main.go
@@ -37,7 +37,7 @@ func main() {
 	}
 
 	vaultCli, err := providers.VaultClient(ctx, providers.Config{
-		UserPAssAuthEnabled: cfg.VaultUserPassAuthEnabled,
+		UserPassAuthEnabled: cfg.VaultUserPassAuthEnabled,
 		Address:             cfg.KeyStore.Address,
 		Token:               cfg.KeyStore.Token,
 		Pass:                cfg.VaultUserPassAuthPassword,

diff --git a/cmd/notifications/main.go b/cmd/notifications/main.go
@@ -8,6 +8,7 @@ import (
 	"syscall"
 
 	"github.com/hashicorp/vault/api"
+
 	"github.com/polygonid/sh-id-platform/internal/config"
 	"github.com/polygonid/sh-id-platform/internal/core/event"
 	"github.com/polygonid/sh-id-platform/internal/core/ports"
@@ -60,7 +61,7 @@ func main() {
 	connectionsRepository := repositories.NewConnections()
 
 	vaultCli, err := providers.VaultClient(ctx, providers.Config{
-		UserPAssAuthEnabled: cfg.VaultUserPassAuthEnabled,
+		UserPassAuthEnabled: cfg.VaultUserPassAuthEnabled,
 		Address:             cfg.KeyStore.Address,
 		Token:               cfg.KeyStore.Token,
 		Pass:                cfg.VaultUserPassAuthPassword,

diff --git a/cmd/pending_publisher/main.go b/cmd/pending_publisher/main.go
@@ -76,7 +76,7 @@ func main() {
 	}
 
 	vaultCli, err := providers.VaultClient(ctx, providers.Config{
-		UserPAssAuthEnabled: cfg.VaultUserPassAuthEnabled,
+		UserPassAuthEnabled: cfg.VaultUserPassAuthEnabled,
 		Address:             cfg.KeyStore.Address,
 		Token:               cfg.KeyStore.Token,
 		Pass:                cfg.VaultUserPassAuthPassword,

diff --git a/cmd/platform/main.go b/cmd/platform/main.go
@@ -13,6 +13,7 @@ import (
 	chiMiddleware "github.com/go-chi/chi/v5/middleware"
 	"github.com/go-chi/cors"
 	redis2 "github.com/go-redis/redis/v8"
+
 	"github.com/polygonid/sh-id-platform/internal/api"
 	"github.com/polygonid/sh-id-platform/internal/config"
 	"github.com/polygonid/sh-id-platform/internal/core/services"
@@ -71,7 +72,7 @@ func main() {
 	}
 
 	vaultCli, err := providers.VaultClient(ctx, providers.Config{
-		UserPAssAuthEnabled: cfg.VaultUserPassAuthEnabled,
+		UserPassAuthEnabled: cfg.VaultUserPassAuthEnabled,
 		Address:             cfg.KeyStore.Address,
 		Token:               cfg.KeyStore.Token,
 		Pass:                cfg.VaultUserPassAuthPassword,

diff --git a/cmd/platform_ui/main.go b/cmd/platform_ui/main.go
@@ -81,7 +81,7 @@ func main() {
 	}
 
 	vaultCli, err := providers.VaultClient(ctx, providers.Config{
-		UserPAssAuthEnabled: cfg.VaultUserPassAuthEnabled,
+		UserPassAuthEnabled: cfg.VaultUserPassAuthEnabled,
 		Address:             cfg.KeyStore.Address,
 		Token:               cfg.KeyStore.Token,
 		Pass:                cfg.VaultUserPassAuthPassword,

diff --git a/internal/api/main_test.go b/internal/api/main_test.go
@@ -56,7 +56,10 @@ func TestMain(m *testing.M) {
 
 	cachex = cache.NewMemoryCache()
 
-	vaultCli, err = providers.NewVaultClient(cfgForTesting.KeyStore.Address, cfgForTesting.KeyStore.Token)
+	vaultCli, err = providers.VaultClient(ctx, providers.Config{
+		Address: cfgForTesting.KeyStore.Address,
+		Token:   cfgForTesting.KeyStore.Token,
+	})
 	if err != nil {
 		log.Error(ctx, "failed to acquire vault client", "err", err)
 		os.Exit(1)

diff --git a/internal/api_ui/main_test.go b/internal/api_ui/main_test.go
@@ -57,7 +57,10 @@ func TestMain(m *testing.M) {
 
 	cachex = cache.NewMemoryCache()
 
-	vaultCli, err = providers.NewVaultClient(cfgForTesting.KeyStore.Address, cfgForTesting.KeyStore.Token)
+	vaultCli, err = providers.VaultClient(context.Background(), providers.Config{
+		Address: cfgForTesting.KeyStore.Address,
+		Token:   cfgForTesting.KeyStore.Token,
+	})
 	if err != nil {
 		log.Error(ctx, "failed to acquire vault client", "err", err)
 		os.Exit(1)

diff --git a/internal/config/config.go b/internal/config/config.go
@@ -3,7 +3,6 @@ package config
 import (
 	"context"
 	"fmt"
-
 	"net/url"
 	"os"
 	"path/filepath"
@@ -12,10 +11,10 @@ import (
 	"strings"
 	"time"
 
+	"github.com/hashicorp/vault/api"
 	core "github.com/iden3/go-iden3-core"
 	"github.com/spf13/viper"
 
-	"github.com/hashicorp/vault/api"
 	"github.com/polygonid/sh-id-platform/internal/common"
 	"github.com/polygonid/sh-id-platform/internal/log"
 	"github.com/polygonid/sh-id-platform/internal/providers"

diff --git a/internal/core/services/tests/main_test.go b/internal/core/services/tests/main_test.go
@@ -47,7 +47,10 @@ func TestMain(m *testing.M) {
 	}
 	storage = s
 
-	vaultCli, err = providers.NewVaultClient(cfgForTesting.KeyStore.Address, cfgForTesting.KeyStore.Token)
+	vaultCli, err = providers.VaultClient(ctx, providers.Config{
+		Address: cfgForTesting.KeyStore.Address,
+		Token:   cfgForTesting.KeyStore.Token,
+	})
 	if err != nil {
 		log.Error(ctx, "failed to acquire vault client", "err", err)
 		os.Exit(1)

diff --git a/internal/kms/main_test.go b/internal/kms/main_test.go
@@ -1,6 +1,7 @@
 package kms
 
 import (
+	"context"
 	"os"
 	"testing"
 
@@ -36,7 +37,10 @@ func testKMSSetup(t testing.TB) TestKMS {
 	k := TestKMS{t: t}
 	var err error
 
-	k.VaultCli, err = providers.NewVaultClient(cfg.Address, cfg.Token)
+	k.VaultCli, err = providers.VaultClient(context.Background(), providers.Config{
+		Address: cfg.Address,
+		Token:   cfg.Token,
+	})
 	require.NoError(t, err)
 
 	k.KMS = NewKMS()

diff --git a/internal/kms/vaultPluginIden3KeyProvider_test.go b/internal/kms/vaultPluginIden3KeyProvider_test.go
@@ -125,7 +125,10 @@ func randomDID(t *testing.T) core.DID {
 func setupPluginBJJProvider(t *testing.T) (vaultCli *api.Client, mountPath string) {
 	t.Helper()
 	var err error
-	vaultCli, err = providers.NewVaultClient(cfg.Address, cfg.Token)
+	vaultCli, err = providers.VaultClient(context.Background(), providers.Config{
+		Address: cfg.Address,
+		Token:   cfg.Token,
+	})
 	require.NoError(t, err)
 	mountPath = cfg.PluginIden3MountPath
 	return

diff --git a/internal/providers/vault.go b/internal/providers/vault.go
@@ -22,9 +22,11 @@ var DidNotFound = errors.New("did not found in vault")
 // HTTPClientTimeout http client timeout TODO: move to config
 const HTTPClientTimeout = 10 * time.Second
 
+// Config vault configuration
+// If UserPassAuthEnabled is true, then vault client will be created with userpass auth and Pass must be provided
 type Config struct {
 	Address             string
-	UserPAssAuthEnabled bool
+	UserPassAuthEnabled bool
 	Token               string
 	Pass                string
 }
@@ -33,13 +35,13 @@ type Config struct {
 func VaultClient(ctx context.Context, cfg Config) (*vault.Client, error) {
 	var vaultCli *vault.Client
 	var err error
-	if cfg.UserPAssAuthEnabled {
+	if cfg.UserPassAuthEnabled {
 		log.Info(ctx, "Vault userpass auth enabled")
 		if cfg.Pass == "" {
 			log.Error(ctx, "Vault userpass auth enabled but password not provided")
 			return nil, errors.New("Vault userpass auth enabled but password not provided")
 		}
-		vaultCli, err = NewVaultClientWithUserPassAuth(ctx, cfg.Address, cfg.Pass)
+		vaultCli, err = newVaultClientWithUserPassAuth(ctx, cfg.Address, cfg.Pass)
 		if err != nil {
 			log.Error(ctx, "cannot init vault client with userpass auth: ", "err", err)
 			return nil, err
@@ -50,7 +52,7 @@ func VaultClient(ctx context.Context, cfg Config) (*vault.Client, error) {
 			log.Error(ctx, "Vault userpass auth not enabled but token not provided")
 			return nil, errors.New("Vault userpass auth not enabled but token not provided")
 		}
-		vaultCli, err = NewVaultClient(cfg.Address, cfg.Token)
+		vaultCli, err = newVaultClientWithToken(cfg.Address, cfg.Token)
 		if err != nil {
 			log.Error(ctx, "cannot init vault client: ", "err", err)
 			return nil, err
@@ -60,8 +62,8 @@ func VaultClient(ctx context.Context, cfg Config) (*vault.Client, error) {
 	return vaultCli, nil
 }
 
-// NewVaultClient checks vault configuration and creates new vault client
-func NewVaultClient(address, token string) (*vault.Client, error) {
+// newVaultClientWithToken checks vault configuration and creates new vault client
+func newVaultClientWithToken(address, token string) (*vault.Client, error) {
 	if address == "" {
 		return nil, errors.New("vault address is not specified")
 	}
@@ -82,8 +84,8 @@ func NewVaultClient(address, token string) (*vault.Client, error) {
 	return client, nil
 }
 
-// NewVaultClientWithUserPassAuth checks vault configuration and creates new vault client with userpass auth
-func NewVaultClientWithUserPassAuth(ctx context.Context, address string, pass string) (*vault.Client, error) {
+// newVaultClientWithUserPassAuth checks vault configuration and creates new vault client with userpass auth
+func newVaultClientWithUserPassAuth(ctx context.Context, address string, pass string) (*vault.Client, error) {
 	config := vault.DefaultConfig()
 	config.Address = address
 	config.HttpClient.Timeout = HTTPClientTimeout