687505c833
NOISSUE - Remove Development Mode on Certs Creation ( #1908 )
...
* Fix certificate creation in development mode
This commit removes certificate creation in development mode. Previously, the `MF_CERTS_VAULT_HOST` environment variable was not being properly checked, resulting in incorrect behavior when issuing certificates. This commit ensures that the correct mode is set based on the value of `MF_CERTS_VAULT_HOST`.
Signed-off-by: Rodney Osodo <socials@rodneyosodo.com>
* Fix certificate revocation in README.md
The README.md file has been updated to clarify the process of revoking certificates. The previous instructions were incorrect, and the correct method is now provided. The certificates can be revoked using the `certs` service by providing the `thing_id` of the thing for which the certificate was issued.
```
curl -s -S -X DELETE http://localhost:9019/certs/revoke -H "Authorization: Bearer $TOK" -H 'Content-Type: application/json' -d '{"thing_id":"c30b8842-507c-4bcd-973c-74008cef3be5"}'
```
Signed-off-by: Rodney Osodo <socials@rodneyosodo.com>
---------
Signed-off-by: Rodney Osodo <socials@rodneyosodo.com>
2023-10-18 11:48:47 +02:00
fde435060c
NOISSUE - Implementation of gRPC mTLS ( #1848 )
...
Rebase with master and squash commits
add: rootCA and clientCA in grpc server
add: rootCA and client certificate in grpc client
add: docker-compose for grpc-mtls and make target for mtls cert generation
fix: typo in makefile
fix: loadCertFile function in internal/clients/grpc/connect.go
fix: env.parser test
remove: commented lines
add: make commands
update: make commands and grpc clients
fix: typo in makefile
fix: loadCertFile function in internal/clients/grpc/connect.go
remove: commented lines
update: make commands and grpc clients
update: make commands and docker-compose
add: end of line
fix: typos in makefile
add: end of line
fix: typos in makefile
revert: grafana port in .env
change: loadCertFile function
change: certficate logic
change: env name and update in compose file
fix: makefile
remove: tls env var
change: ioutil to os for ReadFile
change loadfile
remove: test which is no needed
fix: docker project name
single docker-compose file
single docker-compose file
single docker-compose file
fix space and new lines
fix makefile
add: GRPC_TLS varaible and imporved logging in gRPC Client
fix mtls and tls env vars
fix mtls and tls env vars
grpc_mtls
fix docker-compose
fix makefile
fix const name to go idomatic
---------
Signed-off-by: Arvindh <arvindh91@gmail.com>
2023-08-16 19:11:33 +02:00
d008ae5d97
NOISSUE - Add cert revocation to SDK ( #1693 )
...
* initial commit
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* fix certificate revoking
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* change from mapstructure to json
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* add comments to serial modification
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* fix typo
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* update vault docker version
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* write env variables
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* change env path
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* return revocation time
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* revert to intermediate CA
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* remove deadcode
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* make revoke cert output readable
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* remove keybits and keytype
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* remove dead code
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* make inline
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* add empty line
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* remove commented code
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* remove keyBits
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
* remove keyBits
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
Signed-off-by: rodneyosodo <socials@rodneyosodo.com>
Co-authored-by: rodneyosodo <socials@rodneyosodo.com>
2023-01-13 14:33:00 +01:00
aa014c2191
NOISSUE - Add view and list serials endpoints in certs service ( #1483 )
...
* NOISSUE - Add view and list serials endpoints in certs service
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Fix vault-unseal.sh script
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Rename Cert field days_valid into hours_valid
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Fix provision service
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Use ownerID, rename daysValid -> hoursValid
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Add key_type to api
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Fix tabulation
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Add expiration date in view response
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Rename HoursValid -> Expiration and remove unecessary expiration convertion
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Add ListSerials tests and fix mocks
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Fix RetrieveByThing count
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Add ViewCert tests
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Add missing error check
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Simplify API
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Revert Makefile
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Fix typo
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* NOISSUE - Add view and list serials endpoints in certs service
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Fix vault-unseal.sh script
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Rename Cert field days_valid into hours_valid
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Fix provision service
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Use ownerID, rename daysValid -> hoursValid
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Add key_type to api
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Fix tabulation
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Add expiration date in view response
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Rename HoursValid -> Expiration and remove unecessary expiration convertion
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Add ListSerials tests and fix mocks
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Fix RetrieveByThing count
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Add ViewCert tests
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Add missing error check
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Simplify API
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Revert Makefile
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Rm if else
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Rename HoursValid -> TTL
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* revert typo
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* revert typo
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
* Rename hoursValid -> ttl
Signed-off-by: Manuel Imperiale <manuel.imperiale@gmail.com>
2022-01-04 19:42:13 +01:00
74aa93fbb6
NOISSUE - Certs service refactor ( #1369 )
...
* remove owner id
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* add certs mock
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* remove not wanted changes
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* refactor certs
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* addint tests
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* addint tests
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* adding tests
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* add certs test
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* add certs test
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* add cert test, remove default implementation
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* fix default value for vault host
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* add cert test, remove default implementation
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* linter cleaning
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* fix comments, and logging
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* use mocks from other services
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* rename struct and url path params
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* resolve minor comments
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* resolve comments
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* align url params naming
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* resolve comments
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* resolve comments
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* fix typo
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* resolve comments
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* remove struct revoke
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* refactor certRes
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
2021-03-15 12:27:32 +01:00
6b1f4d54f8
NOISSUE - Fix certs and vault deployment, reorganize and remove unnecessary vars ( #1368 )
...
* remove owner id
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* fix certs, fix scripts, reorganize env vars
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* set pki path vars
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* add certs mock
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* remove not wanted changes
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* update readme
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* correct rsa_bits to key_bits
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* fix tabulation
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* hardcode vault version
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* add env desc
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* renam variables
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* use Mainflux Labs
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* replace BG with Belgrade
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
2021-03-02 12:20:52 +01:00
39a649c1bb
MF-1342 - Use environment variables in docker-compose to use tagged version of image ( #1343 )
...
* add MF_RELEASE_TAG
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* update readme file for MF_RELEASE_TAG
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* update readme file for MF_RELEASE_TAG
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* fix explanation, space
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* fix bad search/replace
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* fix bad search/replace
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* minor changes
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* fix readme
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* improve explanation for tag
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* replace snippet with link to code section
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* improve explanation for tag
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* replace snippet with link to code section
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
* remove MF_RELEASE_TAG from service readme
Signed-off-by: Mirko Teodorovic <mirko.teodorovic@gmail.com>
2021-02-02 16:26:02 +01:00
46c675cd5f
NOISSSUE - Vault integration as an addon. ( #1266 )
...
Integrates Vault PKI service as a service addon.
Also adds some helper scripts to help setup the CA in Vault, as well as
some docs to explain how to use them.
Originally based from https://github.com/mteodor/vault .
Signed-off-by: Joao Matos <joao@tritao.eu>
Co-authored-by: Dušan Borovčanin <dusan.borovcanin@mainflux.com>
2020-10-31 21:44:25 +01:00
b1ackd0t