v0.0.4-beta (#10)

coinbase · Oct 19, 2023 · 06e523c · 06e523c
1 parent e433f3c
commit 06e523c
Show file tree

Hide file tree

Showing 25 changed files with 716 additions and 414 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,12 +1,12 @@
-.github/
+config/*.yml
 docs/
 examples/
 pkg/
 test/
 terraform/
+.github/
 
 *.md
-
 .dockerignore
 .git
-.gitignore
+.gitignore
diff --git a/test/config/config.test.local.sandbox.yml → config/config.test.local.sandbox.yml b/test/config/config.test.local.sandbox.yml → config/config.test.local.sandbox.yml
diff --git a/docs/GETTING_STARTED.md b/docs/GETTING_STARTED.md
@@ -172,7 +172,7 @@ Run the `baseca` Container
 
 ```sh
 docker run -p 9090:9090 -e database_credentials=secret -v ~/.aws/:/home/baseca/.aws/:ro \
-  -v /path/to/baseca/config:/home/baseca/config ghcr.io/coinbase/baseca:VERSION_SHA
+  -v /path/to/local/baseca/config:/home/baseca/config ghcr.io/coinbase/baseca:VERSION_SHA
 ```
 
 ### 3b. Compile `baseca` as Executable (Option B)
@@ -340,6 +340,10 @@ func main() {
       SigningAlgorithm:      x509.SHA512WithRSA,
       PublicKeyAlgorithm:    x509.RSA,
       KeySize:               4096,
+      DistinguishedName: baseca.DistinguishedName{
+        Organization: []string{"Coinbase"},
+        // Additional Fields
+      },
       Output: baseca.Output{
         PrivateKey:                   "/tmp/private.key", // baseca Generate Private Key Output Location
         Certificate:                  "/tmp/certificate.crt", // baseca Signed Leaf Certificate Output Location

diff --git a/internal/config/load.go b/internal/config/load.go
@@ -3,13 +3,20 @@ package config
 import (
 	"errors"
 	"fmt"
+	"os"
+	"path/filepath"
+	"runtime"
 
 	"github.com/coinbase/baseca/internal/logger"
 	"github.com/mitchellh/mapstructure"
 	"github.com/spf13/viper"
 	"go.uber.org/zap"
 )
 
+const (
+	configuration = "config.test.local.sandbox.yml"
+)
+
 type configProvider struct {
 	v *viper.Viper
 }
@@ -70,3 +77,48 @@ func (cp *configProvider) Get(path string, cfg any) error {
 func (cp *configProvider) Exists(path string) bool {
 	return cp.v.Get(path) != nil
 }
+
+func GetTestConfigurationPath() (*Config, error) {
+	_, filename, _, ok := runtime.Caller(0)
+	if !ok {
+		fmt.Println("Error: Unable to get current file path")
+	}
+
+	baseDir := filepath.Dir(filename)
+	for {
+		if _, err := os.Stat(filepath.Join(baseDir, "go.mod")); err == nil {
+			break
+		}
+
+		parentDir := filepath.Dir(baseDir)
+		if parentDir == baseDir {
+			fmt.Println("Error: Unable to find base directory")
+			break
+		}
+
+		baseDir = parentDir
+	}
+
+	path := fmt.Sprintf("%s/config/%s", baseDir, configuration)
+	config, err := provideConfig(path)
+	if err != nil {
+		return nil, err
+	}
+	return config, nil
+}
+
+func provideConfig(path string) (*Config, error) {
+	ctxLogger := logger.ContextLogger{Logger: logger.DefaultLogger}
+
+	v, err := BuildViper(path)
+	if err != nil {
+		ctxLogger.Error(err.Error())
+	}
+
+	config, err := LoadConfig(v)
+	if err != nil {
+		return nil, err
+	}
+
+	return config, err
+}
diff --git a/internal/lib/util/validator/domain.go b/internal/lib/util/validator/domain.go
@@ -9,7 +9,7 @@ import (
 )
 
 const (
-	_dns_regular_expression = `^[a-zA-Z*.]+$`
+	_dns_regular_expression = `^[a-zA-Z0-9*._-]+$`
 )
 
 var valid_domains []string

diff --git a/internal/v1/accounts/accounts_test.go b/internal/v1/accounts/accounts_test.go
@@ -3,12 +3,12 @@ package accounts
 import (
 	mock_store "github.com/coinbase/baseca/db/mock"
 	db "github.com/coinbase/baseca/db/sqlc"
+	"github.com/coinbase/baseca/internal/config"
 	"github.com/coinbase/baseca/internal/lib/util/validator"
-	"github.com/coinbase/baseca/test"
 )
 
 func buildAccountsConfig(store *mock_store.MockStore) (*Service, error) {
-	config, err := test.GetTestConfigurationPath()
+	config, err := config.GetTestConfigurationPath()
 	if err != nil {
 		return nil, err
 	}

diff --git a/internal/v1/accounts/service_test.go b/internal/v1/accounts/service_test.go
@@ -178,7 +178,7 @@ func TestCreateServiceAccount(t *testing.T) {
 			req: &apiv1.CreateServiceAccountRequest{
 				ServiceAccount:          "example",
 				Environment:             "sandbox",
-				SubjectAlternativeNames: []string{"000.example.com"},
+				SubjectAlternativeNames: []string{"{}.example.com"},
 				ExtendedKey:             "EndEntityServerAuthCertificate",
 				CertificateAuthorities:  []string{"sandbox_use1"},
 				SubordinateCa:           "infrastructure",

diff --git a/internal/v1/certificate/certificate_test.go b/internal/v1/certificate/certificate_test.go
@@ -18,8 +18,8 @@ import (
 	acm_pca "github.com/coinbase/baseca/internal/client/acmpca"
 	"github.com/coinbase/baseca/internal/client/firehose"
 	redis_client "github.com/coinbase/baseca/internal/client/redis"
+	"github.com/coinbase/baseca/internal/config"
 	"github.com/coinbase/baseca/internal/lib/util/validator"
-	"github.com/coinbase/baseca/test"
 	"github.com/go-redis/redis/v8"
 	"github.com/stretchr/testify/mock"
 )
@@ -112,7 +112,7 @@ func (m *mockedPrivateCaClient) GetCertificateAuthorityCertificate(ctx context.C
 }
 
 func buildCertificateConfig(store *mock_store.MockStore) (*Certificate, error) {
-	config, err := test.GetTestConfigurationPath()
+	config, err := config.GetTestConfigurationPath()
 	if err != nil {
 		return nil, err
 	}

diff --git a/internal/v1/middleware/authentication.go b/internal/v1/middleware/authentication.go
@@ -30,16 +30,15 @@ func (m *Middleware) ServerAuthenticationInterceptor(ctx context.Context, req an
 	var ok bool
 
 	methods := map[string]string{
-		"/grpc.health.v1.Health/Check":                            _pass_auth,
-		"/baseca.v1.Account/LoginUser":                            _pass_auth,
-		"/baseca.v1.Account/UpdateUserCredentials":                _pass_auth,
-		"/baseca.v1.Certificate/SignCSR":                          _service_auth,
-		"/baseca.v1.Certificate/OperationsSignCSR":                _provisioner_auth,
-		"/baseca.v1.Certificate/QueryCertificateMetadata":         _provisioner_auth,
-		"/baseca.v1.Certificate/GetSignedIntermediateCertificate": _provisioner_auth,
-		"/baseca.v1.Service/ProvisionServiceAccount":              _provisioner_auth,
-		"/baseca.v1.Service/GetServiceAccountByMetadata":          _provisioner_auth,
-		"/baseca.v1.Service/DeleteProvisionedServiceAccount":      _provisioner_auth,
+		"/grpc.health.v1.Health/Check":                       _pass_auth,
+		"/baseca.v1.Account/LoginUser":                       _pass_auth,
+		"/baseca.v1.Account/UpdateUserCredentials":           _pass_auth,
+		"/baseca.v1.Certificate/SignCSR":                     _service_auth,
+		"/baseca.v1.Certificate/OperationsSignCSR":           _provisioner_auth,
+		"/baseca.v1.Certificate/QueryCertificateMetadata":    _provisioner_auth,
+		"/baseca.v1.Service/ProvisionServiceAccount":         _provisioner_auth,
+		"/baseca.v1.Service/GetServiceAccountByMetadata":     _provisioner_auth,
+		"/baseca.v1.Service/DeleteProvisionedServiceAccount": _provisioner_auth,
 	}
 
 	if auth, ok = methods[info.FullMethod]; !ok {

diff --git a/internal/v1/users/users_test.go b/internal/v1/users/users_test.go
@@ -6,8 +6,8 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/kms"
 	mock_store "github.com/coinbase/baseca/db/mock"
 	db "github.com/coinbase/baseca/db/sqlc"
+	"github.com/coinbase/baseca/internal/config"
 	lib "github.com/coinbase/baseca/internal/lib/authentication"
-	"github.com/coinbase/baseca/test"
 	"github.com/stretchr/testify/mock"
 )
 
@@ -26,7 +26,7 @@ func (m *mockedKmsClient) Verify(ctx context.Context, params *kms.VerifyInput, o
 }
 
 func buildUsersConfig(store *mock_store.MockStore) (*User, error) {
-	config, err := test.GetTestConfigurationPath()
+	config, err := config.GetTestConfigurationPath()
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/client/certificate.go b/pkg/client/certificate.go
@@ -2,14 +2,13 @@ package baseca
 
 import (
 	"context"
-	"fmt"
-	"os"
 
 	apiv1 "github.com/coinbase/baseca/gen/go/baseca/v1"
 	"github.com/coinbase/baseca/pkg/types"
+	"github.com/coinbase/baseca/pkg/util"
 )
 
-func (c *client) IssueCertificate(certificateRequest CertificateRequest) (*apiv1.SignedCertificate, error) {
+func (c *Client) IssueCertificate(certificateRequest CertificateRequest) (*apiv1.SignedCertificate, error) {
 	signingRequest, err := GenerateCSR(certificateRequest)
 	if err != nil {
 		return nil, err
@@ -24,7 +23,7 @@ func (c *client) IssueCertificate(certificateRequest CertificateRequest) (*apiv1
 		return nil, err
 	}
 
-	err = parseCertificateFormat(signedCertificate, types.SignedCertificate{
+	err = util.ParseCertificateFormat(signedCertificate, types.SignedCertificate{
 		CertificatePath:                  certificateRequest.Output.Certificate,
 		IntermediateCertificateChainPath: certificateRequest.Output.IntermediateCertificateChain,
 		RootCertificateChainPath:         certificateRequest.Output.RootCertificateChain,
@@ -36,34 +35,3 @@ func (c *client) IssueCertificate(certificateRequest CertificateRequest) (*apiv1
 
 	return signedCertificate, nil
 }
-
-func parseCertificateFormat(certificate *apiv1.SignedCertificate, parameter types.SignedCertificate) error {
-	// Leaf Certificate Path
-	if len(parameter.CertificatePath) != 0 {
-		certificate := []byte(certificate.Certificate)
-		if err := os.WriteFile(parameter.CertificatePath, certificate, os.ModePerm); err != nil {
-			return fmt.Errorf("error writing certificate to [%s]", parameter.CertificatePath)
-		}
-	}
-
-	// Intermediate Certificate Chain Path
-	if len(parameter.IntermediateCertificateChainPath) != 0 {
-		certificate := []byte(certificate.IntermediateCertificateChain)
-		if err := os.WriteFile(parameter.IntermediateCertificateChainPath, certificate, os.ModePerm); err != nil {
-			return fmt.Errorf("error writing certificate to [%s]", parameter.IntermediateCertificateChainPath)
-		}
-	}
-
-	// Root Certificate Chain Path
-	if len(parameter.RootCertificateChainPath) != 0 {
-		certificate := []byte(certificate.CertificateChain)
-		if err := os.WriteFile(parameter.RootCertificateChainPath, certificate, os.ModePerm); err != nil {
-			return fmt.Errorf("error writing certificate chain to [%s]", parameter.RootCertificateChainPath)
-		}
-	}
-	return nil
-}
-
-func (c *client) QueryCertificateMetadata(req *apiv1.QueryCertificateMetadataRequest) (*apiv1.CertificatesParameter, error) {
-	return c.Certificate.QueryCertificateMetadata(context.Background(), req)
-}
-Original file line number
+Diff line change
@@ Expand Up / @@ -9,7 +9,7 @@ import ( @@
     )
     const (
-    	_dns_regular_expression = `^[a-zA-Z*.]+$`
+    	_dns_regular_expression = `^[a-zA-Z0-9*._-]+$`
     )
     var valid_domains []string
@@ Expand Down @@