.gitlab-ci.yml

@@ -6,25 +6,22 @@ stages:
 - build
 - manifest
 - deploy
-- tech_registry
 
 variables:
+  DOCKER_TLS_CERTDIR: "/certs"
   DOCKER_CONFIG: ~/.docker/$CI_JOB_ID
   IMAGE_amd64:         $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/amd64:$CI_COMMIT_REF_NAME
   IMAGE_ppc64le:       $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/ppc64le:$CI_COMMIT_REF_NAME
   MANIFEST:            $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_REF_NAME
-  TECH_IMAGE_amd64:    $REGISTRY_TECH_URL/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/amd64:$CI_COMMIT_REF_NAME
-  TECH_IMAGE_ppc64le:  $REGISTRY_TECH_URL/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/ppc64le:$CI_COMMIT_REF_NAME
-  TECH_MANIFEST:       $REGISTRY_TECH_URL/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_REF_NAME
 
 before_script:
   - "[ -d $DOCKER_CONFIG ] || mkdir -p $DOCKER_CONFIG"
   - "echo '{ \"experimental\": \"enabled\" }' > $DOCKER_CONFIG/config.json"
   - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
-  - docker login $REGISTRY_TECH_URL --username $REGISTRY_TECH_USER --password $REGISTRY_TECH_PASS
 
 
 after_script:
+  - "docker rmi $MANIFEST $IMAGE_amd64 $IMAGE_ppc64le ||  true"
   - "rm -vRf $DOCKER_CONFIG"
 
 ppc64le:
@@ -54,34 +51,12 @@ manifest:
     - docker manifest annotate $MANIFEST $IMAGE_ppc64le --os linux --arch ppc64le
     - docker manifest push     $MANIFEST
 
-
 deploy:
   stage: deploy
   tags:
-    - hv2
+    - ppc64le
   only:
     - master
   script:
-    - apk add curl
-    - for ref in $DEPLOYENVS; do curl -X POST -F token=$TRIGGER_TOKEN     -F ref=$ref -F variables[branch]=$CI_COMMIT_REF_NAME $TRIGGER_CODE_BUILD; done
-    -                            curl -X POST -F token=$TRIGGER_TOKEN_VCL -F ref=$CI_COMMIT_REF_NAME                           $TRIGGER_CODE_VCL
+    - for ref in $DEPLOYENVS; do curl -X POST -F token=$TRIGGER_TOKEN -F ref=$ref -F variables[branch]=$CI_COMMIT_REF_NAME $TRIGGER_CODE_BUILD; done
 
-duplicate:
-  stage: tech_registry
-  tags:
-    - amd64
-  only:
-    refs:
-      - tags
-      - master
-  script:
-    - docker pull $IMAGE_amd64
-    - docker tag  $IMAGE_amd64   $TECH_IMAGE_amd64 
-    - docker pull $IMAGE_ppc64le
-    - docker tag  $IMAGE_ppc64le $TECH_IMAGE_ppc64le 
-    - docker push $TECH_IMAGE_amd64
-    - docker push $TECH_IMAGE_ppc64le
-    - docker manifest create   $TECH_MANIFEST $TECH_IMAGE_amd64 $TECH_IMAGE_ppc64le
-    - docker manifest annotate $TECH_MANIFEST $TECH_IMAGE_amd64   --os linux --arch amd64
-    - docker manifest annotate $TECH_MANIFEST $TECH_IMAGE_ppc64le --os linux --arch ppc64le
-    - docker manifest push     $TECH_MANIFEST

config/configs.go

@@ -25,6 +25,8 @@ var CaCertificatePEM []byte
 var VereignCaCertificatePEM []byte
 var VereignCaKeyPEM []byte
 
+var ReplaceKey bool
+
 var MaxMessageSize int
 
 var GrpcListenAddress string
@@ -42,6 +44,8 @@ func SetConfigValues(configFile, etcdURL string) {
 	viper.SetDefault("dataStorageUrl", "data-storage-agent:7777")
 	viper.SetDefault("entitiesManagerUrl", "entities-management-agent:7779")
 
+	viper.SetDefault("replaceKey", false)
+
 	viper.SetDefault("viamUUID", "viam-system")
 	viper.SetDefault("viamSession", "viam-session")
 
@@ -127,6 +131,8 @@ func SetConfigValues(configFile, etcdURL string) {
 	DataStorageUrl = viper.GetString("dataStorageUrl")
 	EntitiesManagerUrl = viper.GetString("entitiesManagerUrl")
 
+	ReplaceKey = viper.GetBool("replaceKey")
+
 	SystemAuth.Uuid = viper.GetString("viamUUID")
 	SystemAuth.Session = viper.GetString("viamSession")
 

handler/handler.go

@@ -22,8 +22,10 @@ import (
 	"errors"
 	"log"
 	"strings"
+
 	"code.vereign.com/code/viam-apis/clientutils"
 
+	"code.vereign.com/code/key-storage-agent/config"
 	keyutils "code.vereign.com/code/key-storage-agent/utils"
 	"code.vereign.com/code/viam-apis/authentication"
 	"code.vereign.com/code/viam-apis/key-storage-agent/api"
@@ -94,7 +96,7 @@ func (s *KeyStorageServerImpl) GetKey(ctx context.Context, in *api.GetKeyRequest
 	if in.KeyType == api.KeyType_KT_EMPTY {
 		getKeyResponse.StatusList = utils.AddStatus(getKeyResponse.StatusList,
 			"400", api.StatusType_ERROR, "KeyType cannot be empty")
-		return getKeyResponse, nil
+		return getKeyResponse, errors.New("KeyType cannot be empty")
 	}
 
 	key := &api.Key{}
@@ -105,21 +107,22 @@ func (s *KeyStorageServerImpl) GetKey(ctx context.Context, in *api.GetKeyRequest
 		getKeyResponse.Key = nil
 		getKeyResponse.StatusList = utils.AddStatus(getKeyResponse.StatusList,
 			"500", api.StatusType_ERROR, err.Error())
-		return getKeyResponse, nil
+		return getKeyResponse, err
 	}
 
 	if errorsString != "" {
 		getKeyResponse.Key = nil
 		getKeyResponse.StatusList = utils.AddStatus(getKeyResponse.StatusList,
 			"500", api.StatusType_ERROR, errorsString)
+		return nil, errors.New(errorsString)
 	}
-	
+
 	if !hasData {
 		log.Println("No such key " + in.Uuid)
 		getKeyResponse.Key = nil
 		getKeyResponse.StatusList = utils.AddStatus(getKeyResponse.StatusList,
 			"500", api.StatusType_ERROR, err.Error())
-		return getKeyResponse, nil
+		return getKeyResponse, err
 	}
 
 	getKeyResponse.Key = key
@@ -138,29 +141,31 @@ func (s *KeyStorageServerImpl) SetKey(ctx context.Context, in *api.SetKeyRequest
 	if in.Uuid == "root" {
 		setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
 			"400", api.StatusType_ERROR, "Can not set root CA keys")
-		return setKeyResponse, nil
+		return setKeyResponse, errors.New("Can not set root CA keys")
 	}
 
 	if in.KeyType == api.KeyType_KT_EMPTY {
 		setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
 			"400", api.StatusType_ERROR, "KeyType cannot be empty")
-		return setKeyResponse, nil
+		return setKeyResponse, errors.New("KeyType cannot be empty")
 	}
 
 	key := &api.Key{}
 
-	_, _, err := client.GetData("keys", in.Uuid+"/"+api.KeyType.String(in.KeyType), key)
-	if err != nil {
-		log.Printf("grpc call GetData to DataStorage failed: %s", err)
-		setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
-			"500", api.StatusType_ERROR, err.Error())
-		return setKeyResponse, nil
-	}
+	if config.ReplaceKey == false {
+		_, _, err := client.GetData("keys", in.Uuid+"/"+api.KeyType.String(in.KeyType), key)
+		if err != nil {
+			log.Printf("grpc call GetData to DataStorage failed: %s", err)
+			setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
+				"500", api.StatusType_ERROR, err.Error())
+			return setKeyResponse, err
+		}
 
-	if len(key.Content) > 0 {
-		setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
-			"400", api.StatusType_ERROR, "Key is already set")
-		return setKeyResponse, nil
+		if len(key.Content) > 0 {
+			setKeyResponse.StatusList = utils.AddStatus(setKeyResponse.StatusList,
+				"400", api.StatusType_ERROR, "Key is already set")
+			return setKeyResponse, errors.New("Key is already set")
+		}
 	}
 
 	result, errors, err := client.PutData("keys", in.Uuid+"/"+api.KeyType.String(in.KeyType), in.Key)
@@ -268,7 +273,7 @@ func (s *KeyStorageServerImpl) GetKeyId(ctx context.Context, in *api.GetKeyIdByK
 			log.Printf("Error: %s", errorsString)
 			return nil, errors.New(errorsString)
 		}
-	
+
 		if !hasData {
 			log.Println("No such checkID " + checkID)
 			return nil, errors.New("No such checkID " + checkID)