package clustersecrets import ( "context" "database/sql" "edge-infra.dev/pkg/edge/api/types" "edge-infra.dev/pkg/edge/api/graph/model" "edge-infra.dev/pkg/edge/api/services" cc "edge-infra.dev/pkg/sds/clustersecrets/common" ) //go:generate mockgen -destination=../../mocks/mock_cluster_secret_service.go -package=mocks edge-infra.dev/pkg/edge/api/services/clustersecrets ClusterSecretService type ClusterSecretService interface { VerifySecretAndLeaseExist(ctx context.Context, clusterEdgeID string, secret cc.Secret) error // Cluster Secret Leases ObtainLease(ctx context.Context, clusterEdgeID string) (bool, error) ReleaseLease(ctx context.Context, clusterEdgeID string) error RevokeLease(ctx context.Context, clusterEdgeID string, username string) error RemoveUserFromLease(ctx context.Context, clusterSecretLeaseEdgeID string) error FetchLease(ctx context.Context, clusterEdgeID string) (model.ClusterSecretLease, error) FetchLeaseID(ctx context.Context, clusterEdgeID string) (string, error) CreateLease(ctx context.Context, clusterEdgeID string) (string, error) VerifyLeaseExists(ctx context.Context, clusterEdgeID string) (string, error) // Cluster Secrets AddClusterSecret(ctx context.Context, secret cc.ClusterSecret) error UpdateClusterSecret(ctx context.Context, clusterSecretEdgeID string, clusterSecretType model.ClusterSecretType, version string) error FetchClusterSecret(ctx context.Context, clusterEdgeID string, secretType model.ClusterSecretType) (cc.ClusterSecret, error) ExpireClusterSecrets(ctx context.Context, clusterSecretLeaseEdgeID string) error FetchClusterSecretVersions(ctx context.Context, clusterEdgeID string, secretType model.ClusterSecretType) ([]*model.ClusterSecretVersionInfo, error) VerifyClusterSecretExists(ctx context.Context, clusterEdgeID string, secret cc.Secret, leaseID string) error CheckSecretIsExpired(ctx context.Context, clusterEdgeID string, clusterSecretType model.ClusterSecretType) (bool, error) // Terminal Cluster Secrets FetchLatestTerminalClusterSecrets(ctx context.Context, clusterEdgeID string) ([]cc.TerminalClusterSecret, error) } type clusterSecretService struct { SQLDB *sql.DB GCPService services.GCPService *types.Config } type SecuritySettings struct { EdgeSecurityCompliance bool MaxLeasePeriod string MaxSecretValidityPeriod string } // NewClusterSecretService returns a new cluster secret service func NewClusterSecretService(sqlDB *sql.DB, gcpService services.GCPService, cfg *types.Config) *clusterSecretService { //nolint:revive return &clusterSecretService{ SQLDB: sqlDB, GCPService: gcpService, Config: cfg, } } // VerifySecretAndLeaseExist checks that the cluster secret and lease exist in the db func (s *clusterSecretService) VerifySecretAndLeaseExist(ctx context.Context, clusterEdgeID string, secret cc.Secret) error { leaseID, err := s.VerifyLeaseExists(ctx, clusterEdgeID) if err != nil { return err } return s.VerifyClusterSecretExists(ctx, clusterEdgeID, secret, leaseID) }