Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DO NOT MERGE: Test on go mod version #4105

Closed
12 changes: 6 additions & 6 deletions go.mod
Original file line number Diff line number Diff line change
@@ -2,19 +2,19 @@ module github.com/edgexfoundry/edgex-go

require (
bitbucket.org/bertimus9/systemstat v0.0.0-20180207000608-0eeff89b0690
github.com/edgexfoundry/go-mod-bootstrap/v2 v2.2.0
github.com/edgexfoundry/go-mod-core-contracts/v2 v2.2.0
github.com/edgexfoundry/go-mod-bootstrap/v2 v2.2.1-dev.9
github.com/edgexfoundry/go-mod-core-contracts/v2 v2.3.0-dev.13
github.com/edgexfoundry/go-mod-messaging/v2 v2.3.0-dev.12
github.com/edgexfoundry/go-mod-registry/v2 v2.2.0
github.com/edgexfoundry/go-mod-secrets/v2 v2.2.0
github.com/edgexfoundry/go-mod-secrets/v2 v2.2.1-dev.5
github.com/fxamacker/cbor/v2 v2.4.0
github.com/golang-jwt/jwt/v4 v4.4.2
github.com/gomodule/redigo v1.8.9
github.com/google/uuid v1.3.0
github.com/gorilla/mux v1.8.0
github.com/lib/pq v1.10.6
github.com/pelletier/go-toml v1.9.5
github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475
github.com/spiffe/go-spiffe/v2 v2.1.1
github.com/stretchr/testify v1.8.0
golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e
@@ -30,11 +30,11 @@ require (
github.com/eclipse/paho.mqtt.golang v1.4.1 // indirect
github.com/edgexfoundry/go-mod-configuration/v2 v2.2.0 // indirect
github.com/fatih/color v1.9.0 // indirect
github.com/go-kit/log v0.2.0 // indirect
github.com/go-kit/log v0.2.1 // indirect
github.com/go-logfmt/logfmt v0.5.1 // indirect
github.com/go-playground/locales v0.14.0 // indirect
github.com/go-playground/universal-translator v0.18.0 // indirect
github.com/go-playground/validator/v10 v10.10.1 // indirect
github.com/go-playground/validator/v10 v10.11.0 // indirect
github.com/go-redis/redis/v7 v7.3.0 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/gorilla/websocket v1.4.2 // indirect
24 changes: 12 additions & 12 deletions go.sum
Original file line number Diff line number Diff line change
@@ -32,18 +32,18 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/eclipse/paho.mqtt.golang v1.4.1 h1:tUSpviiL5G3P9SZZJPC4ZULZJsxQKXxfENpMvdbAXAI=
github.com/eclipse/paho.mqtt.golang v1.4.1/go.mod h1:JGt0RsEwEX+Xa/agj90YJ9d9DH2b7upDZMK9HRbFvCA=
github.com/edgexfoundry/go-mod-bootstrap/v2 v2.2.0 h1:4UVNGRaKbkH5aEhQrto26Q65ydmhZYReRw/6ZNQ5J5E=
github.com/edgexfoundry/go-mod-bootstrap/v2 v2.2.0/go.mod h1:JKRxVTC5g1IRoQuT6T7pW6O6XnfjQTZgFjEazPHAHng=
github.com/edgexfoundry/go-mod-bootstrap/v2 v2.2.1-dev.9 h1:++2ANnQCz+89t5VF+LVbSWUHM0fteDjO4qoqt+RGq7k=
github.com/edgexfoundry/go-mod-bootstrap/v2 v2.2.1-dev.9/go.mod h1:HTrESzn1iz6C3Sg+3ZDBtklpkCxHX0Cf8sGFAFlwM8s=
github.com/edgexfoundry/go-mod-configuration/v2 v2.2.0 h1:AZeaAPJM5X93ITFgwbwluYDtYEJ7tkCMSlj35GwfLLU=
github.com/edgexfoundry/go-mod-configuration/v2 v2.2.0/go.mod h1:YP17JhMnXTitowXE13QJwFaKo0oc03iyoKLjWAYl4FE=
github.com/edgexfoundry/go-mod-core-contracts/v2 v2.2.0 h1:Sfi9jAIgRXZaJQw8Ji6+8//47D+iOyGiXQSNZXhy3HE=
github.com/edgexfoundry/go-mod-core-contracts/v2 v2.2.0/go.mod h1:jyfVSx7mI3u/o/oo10COxBRBvJ8O/9I3z2xAwPmNt/Q=
github.com/edgexfoundry/go-mod-core-contracts/v2 v2.3.0-dev.13 h1:lPjtuVk2QXoUxs6sAsb0qflxmREB5kgHIjFrkNNnx6A=
github.com/edgexfoundry/go-mod-core-contracts/v2 v2.3.0-dev.13/go.mod h1:YdJ0iBWad86sgOs6am01mE3IAX6d22H08f/enVho4TU=
github.com/edgexfoundry/go-mod-messaging/v2 v2.3.0-dev.12 h1:YdO9V8pSFK3L2FSpPru3OulK0kFCt96+tsdxTtkfeqk=
github.com/edgexfoundry/go-mod-messaging/v2 v2.3.0-dev.12/go.mod h1:yLJ9EK4Feg409FDr0oP87LbaRLyOSGJk/ikaIfEDKcI=
github.com/edgexfoundry/go-mod-registry/v2 v2.2.0 h1:dk9ul1t7INAiyZXeu/GrpinFE3qOekdy8uZOqEGgIiE=
github.com/edgexfoundry/go-mod-registry/v2 v2.2.0/go.mod h1:DUQRnAd5fVzoROc5SI+PTFUD/vCNeZmZHBMrLElbmwI=
github.com/edgexfoundry/go-mod-secrets/v2 v2.2.0 h1:Rqr1CgBXppAeehCkPAHQ6hjyLlm2KTR4IKiKpExm7gg=
github.com/edgexfoundry/go-mod-secrets/v2 v2.2.0/go.mod h1:dQiOiga0KMGHXqFs4nI+Rp19hQR3gZ+3lDRgI9x5Q7M=
github.com/edgexfoundry/go-mod-secrets/v2 v2.2.1-dev.5 h1:B6LCod0L4qh/+zZdzoMucL7lArZrT1NIpT5naya+CXU=
github.com/edgexfoundry/go-mod-secrets/v2 v2.2.1-dev.5/go.mod h1:h/FohFNY8xHalioLg1bhjAuEj0z+danSDtixirvaXmQ=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -58,8 +58,8 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88=
github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/go-kit/log v0.2.0 h1:7i2K3eKTos3Vc0enKCfnVcgHh2olr/MyfboYq7cAcFw=
github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
github.com/go-kit/log v0.2.1 h1:MRVx0/zhvdseW+Gza6N9rVzU/IVzaeE1SFI4raAhmBU=
github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
github.com/go-logfmt/logfmt v0.5.1 h1:otpy5pqBCBZ1ng9RQ0dPu4PN7ba75Y/aA+UpowDyNVA=
github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
@@ -68,8 +68,8 @@ github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb
github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
github.com/go-playground/validator/v10 v10.10.1 h1:uA0+amWMiglNZKZ9FJRKUAe9U3RX91eVn1JYXMWt7ig=
github.com/go-playground/validator/v10 v10.10.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
github.com/go-playground/validator/v10 v10.11.0 h1:0W+xRM511GY47Yy3bZUbJVitCNg2BOGlCyvTqsp/xIw=
github.com/go-playground/validator/v10 v10.11.0/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
github.com/go-redis/redis/v7 v7.3.0 h1:3oHqd0W7f/VLKBxeYTEpqdMUsmMectngjM9OtoRoIgg=
github.com/go-redis/redis/v7 v7.3.0/go.mod h1:JDNMw23GTyLNC4GZu9njt15ctBQVn7xjRfnwdHj/Dcg=
github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs=
@@ -218,8 +218,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a h1:9ZKAASQSHhDYGoxY8uLVpewe1GDZ2vu2Tr/vTdVAkFQ=
github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM=
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
9 changes: 6 additions & 3 deletions internal/constants.go
Original file line number Diff line number Diff line change
@@ -18,9 +18,12 @@ const (
BootTimeoutSecondsDefault = 30
BootRetrySecondsDefault = 1
ConfigFileName = "configuration.toml"
ConfigStemCore = "edgex/core/"
ConfigStemSecurity = "edgex/security/"
LogDurationKey = "duration"
// TODO: move the config stem constants in go-mod-contracts
ConfigStemApp = "edgex/appservices/"
ConfigStemCore = "edgex/core/"
ConfigStemDevice = "edgex/devices/"
ConfigStemSecurity = "edgex/security/"
LogDurationKey = "duration"
)

const (
52 changes: 44 additions & 8 deletions internal/security/bootstrapper/command/setupacl/command.go
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*******************************************************************************
* Copyright 2021 Intel Corporation
* Copyright 2022 Intel Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
@@ -38,6 +38,7 @@ import (
"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/helper"
"github.com/edgexfoundry/edgex-go/internal/security/bootstrapper/interfaces"

baseBootStrapConfig "github.com/edgexfoundry/go-mod-bootstrap/v2/bootstrap/config"
"github.com/edgexfoundry/go-mod-bootstrap/v2/bootstrap/startup"

"github.com/edgexfoundry/go-mod-secrets/v2/pkg"
@@ -249,23 +250,42 @@ func (c *cmd) saveACLTokens(bootstrapACLToken *BootStrapACLTokenInfo) error {
return nil
}

// createEdgeXACLTokenRoles creates secret store roles that can be used for genearting registry tokens
// createEdgeXACLTokenRoles creates secret store roles that can be used for generating registry tokens
// via Consul secret engine API /consul/creds/[role_name] later on for all EdgeX microservices
func (c *cmd) createEdgeXACLTokenRoles(bootstrapACLTokenID, secretstoreToken string) error {
edgexServicePolicy, err := c.getOrCreateRegistryPolicy(bootstrapACLTokenID, edgeXServicePolicyName, edgeXPolicyRules)
if err != nil {
return fmt.Errorf("failed to create edgex service policy: %v", err)
}

roleNames, err := c.getUniqueRoleNames()
if err != nil {
return fmt.Errorf("failed to get unique role names: %v", err)
}

// create registry roles for EdgeX
for roleName := range roleNames {
// create policy for each service role
servicePolicyRules := `
# HCL definition of server agent policy for EdgeX
node "" {
policy = "read"
}
node_prefix "edgex" {
policy = "write"
}
service "` + roleName + `" {
policy = "write"
}
service_prefix "" {
policy = "read"
}
key_prefix "` + c.getKeyPrefix(roleName) + `" {
policy = "write"
}
`

edgexServicePolicy, err := c.getOrCreateRegistryPolicy(bootstrapACLTokenID, "acl_policy_for_"+roleName, servicePolicyRules)
if err != nil {
return fmt.Errorf("failed to create edgex service policy: %v", err)
}

// create roles based on the service keys as the role names
// in phase 2, we are using the same policy rule for all services
edgexACLTokenRole := NewRegistryRole(roleName, ClientType, []Policy{
*edgexServicePolicy,
// localUse set to false as some EdgeX services may be running in a different node
@@ -280,6 +300,22 @@ func (c *cmd) createEdgeXACLTokenRoles(bootstrapACLTokenID, secretstoreToken str
return nil
}

// getKeyPrefix get the consul ACL key prefix for the service with the input roleName, ie. the service key-based
// Currently we support 2 types of custom services: app and device services
// if the input role name does not fall into the above two types, then it is categorized into core type for the key prefix
func (c *cmd) getKeyPrefix(roleName string) string {
if strings.HasPrefix(roleName, "app-") {
return internal.ConfigStemApp + baseBootStrapConfig.ConfigVersion + "/" + roleName
}

if strings.HasPrefix(roleName, "device-") {
return internal.ConfigStemDevice + baseBootStrapConfig.ConfigVersion + "/" + roleName
}

// anything else falls into the 3rd category: core bucket
return internal.ConfigStemCore + baseBootStrapConfig.ConfigVersion + "/" + roleName
}

func (c *cmd) getUniqueRoleNames() (map[string]struct{}, error) {
roleNamesFromConfig := c.configuration.StageGate.Registry.ACL.GetACLRoleNames()
if len(roleNamesFromConfig) == 0 {