Skip to content

Commit

Permalink
review cleanup, user + service keys use orgs, not origins
Browse files Browse the repository at this point in the history
  • Loading branch information
Dave Parfitt committed Apr 14, 2016
1 parent f039077 commit af847d8
Show file tree
Hide file tree
Showing 7 changed files with 72 additions and 39 deletions.
24 changes: 13 additions & 11 deletions components/core/src/crypto.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,10 @@ use util::perm;
/// considered the **secret key** file.
/// - **Origin** - refers to build-time operations, including signing and
/// verifification of an artifact.
/// - **Organization** - refers to run-time operations that can happen in Habitat,
/// - **Organization** / **Org** - refers to run-time operations that can happen in Habitat,
/// such as deploying a package signed in a different origin into your own organization.
/// Abbreviated as "org" in CLI params and variable names.
/// - **Org vs Origin** - Habitat packages come from an origin and run in an organization
/// - **Signing keys** - aka **sig** keys. These are used to sign and verify
/// packages. Contains a `sig.key` file suffix. Sig keys are NOT compatible with
/// box keys.
Expand Down Expand Up @@ -374,19 +376,19 @@ pub fn generate_origin_sig_key(origin: &str) -> Result<String> {
Ok(keyname)
}

// generate a service box key, return the name of the key we generated
pub fn generate_service_box_key(origin: &str, service: &str, group: &str) -> Result<String> {
/// generate a service box key, return the name of the key we generated
pub fn generate_service_box_key(org: &str, service_group: &str) -> Result<String> {
let revision = mk_revision_string();
let keyname = mk_service_box_key_name(origin, &revision, service, group);
let keyname = mk_service_box_key_name(org, &revision, service_group);
debug!("new user sig key name = {}", &keyname);
try!(generate_box_keypair_files(&keyname));
Ok(keyname)
}

// generate a user box key, return the name of the key we generated
pub fn generate_user_box_key(origin: &str, user: &str) -> Result<String> {
/// generate a user box key, return the name of the key we generated
pub fn generate_user_box_key(org: &str, user: &str) -> Result<String> {
let revision = mk_revision_string();
let keyname = mk_user_box_key_name(origin, &revision, &user);
let keyname = mk_user_box_key_name(org, &revision, &user);
debug!("new user sig key name = {}", &keyname);
try!(generate_box_keypair_files(&keyname));
Ok(keyname)
Expand All @@ -413,12 +415,12 @@ fn mk_origin_sig_key_name(origin: &str, revision: &str) -> String {
format!("{}-{}", origin, revision)
}

fn mk_service_box_key_name(origin: &str, revision: &str, service: &str, group: &str) -> String {
format!("{}.{}@{}-{}", service, group, origin, revision)
fn mk_service_box_key_name(org: &str, revision: &str, service_group: &str) -> String {
format!("{}@{}-{}", service_group, org, revision)
}

fn mk_user_box_key_name(origin: &str, revision: &str, user: &str) -> String {
format!("{}@{}-{}", user, origin, revision)
fn mk_user_box_key_name(org: &str, revision: &str, user: &str) -> String {
format!("{}@{}-{}", user, org, revision)
}

fn generate_box_keypair_files(keyname: &str) -> Result<(BoxPublicKey, BoxSecretKey)> {
Expand Down
18 changes: 9 additions & 9 deletions components/core/tests/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,28 +80,28 @@ fn generate_key_revisions_test() {

#[test]
fn generate_box_keys_test() {
// Note, user + service keys use org, not origin
let key_dir = "/tmp/habitat_test_keys";
let _ = fs::remove_dir_all(&key_dir);
fs::create_dir_all(&key_dir).unwrap();

// override the location where Habitat wants to store keys
env::set_var("HAB_CACHE_KEY_PATH", &key_dir);

let test_origin = "myorigin";
let test_org = "someorg";
let test_user = "foo";
let test_service = "bar";
let test_group = "testgroup";
let test_service_group = "bar.testgroup";

// generated keys SHOULD be in the following 2 formats:
let test_user_key_name = format!("{}@{}", test_user, test_origin);
let test_service_key_name = format!("{}.{}@{}", test_service, test_group, test_origin);
let test_user_key_name = format!("{}@{}", test_user, test_org);
let test_service_key_name = format!("{}@{}", test_service_group, test_org);

if !wait_until_ok(|| hcore::crypto::generate_user_box_key(test_origin, test_user)) {
if !wait_until_ok(|| hcore::crypto::generate_user_box_key(test_org, test_user)) {
panic!("Can't generate a user box key");
}

if !wait_until_ok(|| {
hcore::crypto::generate_service_box_key(test_origin, test_service, test_group)
hcore::crypto::generate_service_box_key(test_org, test_service_group)
}) {
panic!("Can't generate a service box key");
}
Expand All @@ -123,12 +123,12 @@ fn generate_box_keys_test() {
Err(e) => panic!("Can't get service key revisions {}", e),
};

if !wait_until_ok(|| hcore::crypto::generate_user_box_key(test_origin, test_user)) {
if !wait_until_ok(|| hcore::crypto::generate_user_box_key(test_org, test_user)) {
panic!("Can't generate a second user box key");
}

if !wait_until_ok(|| {
hcore::crypto::generate_service_box_key(test_origin, test_service, test_group)
hcore::crypto::generate_service_box_key(test_org, test_service_group)
}) {
panic!("Can't generate a second service box key");
}
Expand Down
1 change: 1 addition & 0 deletions components/hab/Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions components/hab/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ authors = ["Adam Jacob <[email protected]>", "Jamie Winsor <[email protected]>", "Fletche
hyper = "*"
libc = "*"
log = "*"
regex = "*"
# Temporary depdency for gossip/rumor injection code duplication.
rustc-serialize = "*"
# Temporary depdency for gossip/rumor injection code duplication.
Expand Down
24 changes: 17 additions & 7 deletions components/hab/src/cli.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

use std::path::Path;
use std::result;

use regex::Regex;
use clap::{App, AppSettings};
use url::Url;

Expand Down Expand Up @@ -66,7 +66,7 @@ pub fn get() -> App<'static, 'static> {
(@setting ArgRequiredElseHelp)
(@subcommand generate =>
(about: "Generates an origin key")
(@arg ORIGIN: --origin +required +takes_value)
(@arg ORIGIN: +required +takes_value)
)
)
)
Expand All @@ -78,9 +78,9 @@ pub fn get() -> App<'static, 'static> {
(@setting ArgRequiredElseHelp)
(@subcommand generate =>
(about: "Generates a service key")
(@arg ORIGIN: --origin +takes_value)
(@arg SERVICE: --service +required +takes_value)
(@arg GROUP: --group +required +takes_value)
(@arg SERVICE_GROUP: +required +takes_value {valid_service_group})
(@arg ORG: --org +takes_value
"The user's organization")
)
)
)
Expand All @@ -92,8 +92,9 @@ pub fn get() -> App<'static, 'static> {
(@setting ArgRequiredElseHelp)
(@subcommand generate =>
(about: "Generates a user key")
(@arg ORIGIN: --origin +takes_value)
(@arg USER: --user +required +takes_value)
(@arg USER: +required +takes_value)
(@arg ORG: --org +takes_value
"The service's organization")
)
)
)
Expand Down Expand Up @@ -179,3 +180,12 @@ fn valid_url(val: String) -> result::Result<(), String> {
}
}

fn valid_service_group(val: String) -> result::Result<(), String> {
let regex = Regex::new(".+\\..+").unwrap();
if regex.is_match(&val) {
Ok(())
} else {
Err(format!("SERVICE_GROUP: '{}' is not valid", &val))
}
}

8 changes: 4 additions & 4 deletions components/hab/src/command/artifact/crypto.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,14 +13,14 @@ pub fn generate_origin_key(origin: &str) -> Result<()> {
Ok(())
}

pub fn generate_user_key(origin: &str, user: &str) -> Result<()> {
let keyname = try!(crypto::generate_user_box_key(origin, user));
pub fn generate_user_key(org: &str, user: &str) -> Result<()> {
let keyname = try!(crypto::generate_user_box_key(org, user));
println!("Successfully generated user key {}", keyname);
Ok(())
}

pub fn generate_service_key(origin: &str, service: &str, group: &str) -> Result<()> {
let keyname = try!(crypto::generate_service_box_key(origin, service, group));
pub fn generate_service_key(org: &str, service_group: &str) -> Result<()> {
let keyname = try!(crypto::generate_service_box_key(org, service_group));
println!("Successfully generated service key {}", keyname);
Ok(())
}
Expand Down
35 changes: 27 additions & 8 deletions components/hab/src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ extern crate clap;
extern crate hyper;
#[macro_use]
extern crate log;
extern crate regex;
// Temporary depdency for gossip/rumor injection code duplication.
extern crate rustc_serialize;
extern crate url;
Expand All @@ -31,11 +32,12 @@ use std::path::{Path, PathBuf};
use std::str::FromStr;

use clap::ArgMatches;

use error::{Error, Result};
use hcore::service::ServiceGroup;
use hcore::package::PackageIdent;
use hcore::url::DEFAULT_DEPOT_URL;

use error::{Error, Result};

const SUP_CMD: &'static str = "hab-sup";
const SUP_CMD_ENVVAR: &'static str = "HABITAT_SUP_BINARY";
Expand All @@ -44,6 +46,9 @@ const SUP_PACKAGE_IDENT: &'static str = "chef/hab-sup";
/// you can skip the --origin CLI param if you specify this env var
const HABITAT_ORIGIN_ENVVAR: &'static str = "HABITAT_ORIGIN";

/// you can skip the org CLI param if you specify this env var
const HABITAT_ORG_ENVVAR: &'static str = "HABITAT_ORG";

fn main() {
if let Err(e) = run_hab() {
println!("{}", e);
Expand Down Expand Up @@ -182,20 +187,18 @@ fn sub_rumor_inject(m: &ArgMatches) -> Result<()> {
Ok(())
}


fn sub_service_key_generate(m: &ArgMatches) -> Result<()> {
let origin = try!(origin_param_or_env(&m));
let service = m.value_of("SERVICE").unwrap(); // clap required
let group = m.value_of("GROUP").unwrap(); // clap required
try!(command::artifact::crypto::generate_service_key(&origin, service, group));
let org = try!(org_param_or_env(&m));
let service_group = m.value_of("SERVICE_GROUP").unwrap(); // clap required
try!(command::artifact::crypto::generate_service_key(&org, service_group));
Ok(())

}

fn sub_user_key_generate(m: &ArgMatches) -> Result<()> {
let origin = try!(origin_param_or_env(&m));
let org = try!(org_param_or_env(&m));
let user = m.value_of("USER").unwrap(); // clap required
try!(command::artifact::crypto::generate_user_key(&origin, user));
try!(command::artifact::crypto::generate_user_key(&org, user));
Ok(())
}

Expand Down Expand Up @@ -243,3 +246,19 @@ fn origin_param_or_env(m: &ArgMatches) -> Result<String> {
}
}
}


// check to see if the user has passed in an ORG param
// if not, check the HABITAT_ORG env var. If that's
// empty too, then error
fn org_param_or_env(m: &ArgMatches) -> Result<String> {
match m.value_of("ORG") {
Some(o) => Ok(o.to_string()),
None => {
match env::var(HABITAT_ORG_ENVVAR) {
Ok(v) => Ok(v),
Err(_) => return Err(Error::CryptoCLI("No organization specified".to_string()))
}
}
}
}

0 comments on commit af847d8

Please sign in to comment.