Merge pull request #9 from xmidt-org/credentials-improvements

Credentials improvements

config.go

@@ -6,15 +6,62 @@ package main
 import (
 	"fmt"
 	"os"
+	"time"
 
 	"github.com/goschtalt/goschtalt"
+	"github.com/xmidt-org/arrange/arrangehttp"
 	"github.com/xmidt-org/sallust"
+	"github.com/xmidt-org/wrp-go/v3"
 	"gopkg.in/dealancer/validate.v2"
 )
 
 type Config struct {
-	SpecialValue string
-	Logger       sallust.Config
+	Identity         Identity
+	OperationalState OperationalState
+	XmidtCredentials XmidtCredentials
+	Logger           sallust.Config
+}
+
+type Identity struct {
+	DeviceID             wrp.DeviceID
+	SerialNumber         string
+	HardwareModel        string
+	HardwareManufacturer string
+	FirmwareVersion      string
+	PartnerID            string
+}
+
+type OperationalState struct {
+	LastRebootReason string
+	BootTime         time.Time
+}
+
+type XmidtCredentials struct {
+	URL            string
+	HTTPClient     arrangehttp.ClientConfig
+	RefetchPercent float64
+}
+
+type XmidtService struct {
+	URL              string
+	JwtTxtRedirector JwtTxtRedirector
+	Backoff          Backoff
+}
+
+type JwtTxtRedirector struct {
+	Required          bool
+	AllowedAlgorithms []string
+	Timeout           time.Duration
+	PEMs              []string
+	PEMFiles          []string
+}
+
+// Backoff defines the parameters that limit the retry backoff algorithm.
+// The retries are a geometric progression.
+// 1, 3, 7, 15, 31 ... n = (2n+1)
+type Backoff struct {
+	MinDelay time.Duration
+	MaxDelay time.Duration
 }
 
 // Collect and process the configuration files and env vars and

go.mod

@@ -11,6 +11,8 @@ require (
 	github.com/goschtalt/yaml-decoder v0.0.1
 	github.com/goschtalt/yaml-encoder v0.0.3
 	github.com/stretchr/testify v1.8.4
+	github.com/ugorji/go/codec v1.2.11
+	github.com/xmidt-org/arrange v0.5.0
 	github.com/xmidt-org/eventor v0.0.0-20230910205925-8ff168bd12ed
 	github.com/xmidt-org/sallust v0.2.2
 	github.com/xmidt-org/wrp-go/v3 v3.2.0
@@ -26,7 +28,7 @@ require (
 	github.com/miekg/dns v1.1.56 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/ugorji/go/codec v1.2.11 // indirect
+	github.com/xmidt-org/httpaux v0.4.0 // indirect
 	go.uber.org/dig v1.17.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/mod v0.12.0 // indirect

go.sum

@@ -27,8 +27,8 @@ github.com/goschtalt/yaml-encoder v0.0.3 h1:vfQ3vXZNvoEFPa3NzOWNtweYVa+2qMh8eqhX
 github.com/goschtalt/yaml-encoder v0.0.3/go.mod h1:E9ANM2mgRmoqP+JTFFv03fVWcnn+QrIDfVu5shDvX3A=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw=
@@ -47,6 +47,7 @@ github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XF
 github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@@ -56,14 +57,18 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
 github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+github.com/xmidt-org/arrange v0.5.0 h1:ajkVHkr7dXnfCYm/6eafWoOab+6A3b2jEHQO0IdIIb0=
+github.com/xmidt-org/arrange v0.5.0/go.mod h1:PoZB9lR49ma0osydQbaWpNeA3XPoLkjP5RYUoOw8wZU=
 github.com/xmidt-org/eventor v0.0.0-20230910205925-8ff168bd12ed h1:KpcgFuumKrt/824H3gtmNI/IvgjsBo6rnlSnwXlFu60=
 github.com/xmidt-org/eventor v0.0.0-20230910205925-8ff168bd12ed/go.mod h1:X9Og+8y1Llz7N8F20UmjZUNgrxHubMVfBcroJ5SPtIY=
+github.com/xmidt-org/httpaux v0.4.0 h1:cAL/MzIBpSsv4xZZeq/Eu1J5M3vfNe49xr41mP3COKU=
+github.com/xmidt-org/httpaux v0.4.0/go.mod h1:UypqZwuZV1nn8D6+K1JDb+im9IZrLNg/2oO/Bgiybxc=
 github.com/xmidt-org/sallust v0.2.2 h1:MrINLEr7cMj6ENx/O76fvpfd5LNGYnk7OipZAGXPYA0=
 github.com/xmidt-org/sallust v0.2.2/go.mod h1:ytBoypcPw10OmjM6b92Jx3eoqWX4J5zVXOQozGwz4qs=
 github.com/xmidt-org/wrp-go/v3 v3.2.0 h1:XX5c0ZJYaTEvlHFk0lzxadoOMbxg5YtUkPWNXHoxTDE=
 github.com/xmidt-org/wrp-go/v3 v3.2.0/go.mod h1:46ily/xzmRUhs8gSbTKNeOA6ztwcHauZFnfr4hRpoHA=
-go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
-go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
+go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
+go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/dig v1.17.0 h1:5Chju+tUvcC+N7N6EV08BJz41UZuO3BmHcN4A287ZLI=
 go.uber.org/dig v1.17.0/go.mod h1:rTxpf7l5I0eBTlE6/9RL+lDybC7WFwY2QH55ZSjy1mU=
 go.uber.org/fx v1.20.0 h1:ZMC/pnRvhsthOZh9MZjMq5U8Or3mA9zBSPaLnzs3ihQ=

internal/credentials/cmd/example/main.go

@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"github.com/alecthomas/kong"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/xmidt-org/wrp-go/v3"
 	cred "github.com/xmidt-org/xmidt-agent/internal/credentials"
 	"github.com/xmidt-org/xmidt-agent/internal/credentials/event"
@@ -38,26 +39,28 @@ func main() {
 
 	client := http.DefaultClient
 
-	if cli.Private != "" || cli.Public != "" || cli.CA != "" {
-		if cli.Private == "" || cli.Public == "" || cli.CA == "" {
-			panic("--private, --public and --ca must be specified together")
+	if cli.Private != "" || cli.Public != "" {
+		if cli.Private == "" || cli.Public == "" {
+			panic("--private and --public must be specified together")
 		}
 
 		cert, err := tls.LoadX509KeyPair(cli.Public, cli.Private)
 		if err != nil {
 			panic(err)
 		}
 
-		caCert, err := os.ReadFile(cli.CA)
-		if err != nil {
-			panic(err)
-		}
-		caCertPool := x509.NewCertPool()
-		caCertPool.AppendCertsFromPEM(caCert)
-
 		tlsConfig := &tls.Config{
 			Certificates: []tls.Certificate{cert},
-			RootCAs:      caCertPool,
+		}
+
+		if cli.CA != "" {
+			caCert, err := os.ReadFile(cli.CA)
+			if err != nil {
+				panic(err)
+			}
+			caCertPool := x509.NewCertPool()
+			caCertPool.AppendCertsFromPEM(caCert)
+			tlsConfig.RootCAs = caCertPool
 		}
 		tr := &http.Transport{TLSClientConfig: tlsConfig}
 
@@ -117,4 +120,41 @@ func main() {
 	defer cancel()
 
 	credentials.WaitUntilFetched(ctx)
+	token, expires, err := credentials.Credentials()
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Printf("JWT:     %s\n", token)
+	fmt.Printf("Expires: %s\n", expires.Format(time.RFC3339))
+
+	claims := jwt.RegisteredClaims{}
+	parser := jwt.NewParser()
+	_, parts, err := parser.ParseUnverified(token, &claims)
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Println("Claims:")
+	fmt.Printf("  ID:             %s\n", claims.ID)
+	fmt.Printf("  ExpirationTime: %s\n", claims.ExpiresAt)
+	fmt.Printf("  IssuedAt:       %s\n", claims.IssuedAt)
+	fmt.Printf("  NotBefore:      %s\n", claims.NotBefore)
+	fmt.Printf("  Issuer:         %s\n", claims.Issuer)
+	fmt.Printf("  Subject:        %s\n", claims.Subject)
+	fmt.Printf("  Audience:       %s\n", claims.Audience)
+
+	header, err := parser.DecodeSegment(parts[0])
+	if err != nil {
+		panic(err)
+	}
+
+	body, err := parser.DecodeSegment(parts[1])
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Println("Parts:")
+	fmt.Printf("  Header: %s\n", header)
+	fmt.Printf("  Body:   %s\n", body)
 }