Merge pull request #32 from jn9e9/feature/iss-6-auto-select

Auto select provider and authenticator when creating basic client

.github/workflows/codacy-analysis.yml

@@ -14,9 +14,7 @@ name: Codacy Security Scan
 
 on:
   push:
-    branches: [ master ]
   pull_request:
-    branches: [ master ]
 
 jobs:
   codacy-security-scan:

.github/workflows/codeql-analysis.yml

@@ -18,10 +18,7 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ master ]
   pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ master ]
   schedule:
     - cron: '44 22 * * 6'
 

e2etest/management_ops_test.go

@@ -12,7 +12,7 @@ import (
 )
 
 func TestInitialiseClient(t *testing.T) {
-	c, err := parsec.InitClient()
+	c, err := parsec.CreateConfiguredClient("ci test app")
 	if err != nil {
 		t.Fatal(err)
 		return

e2etest/provider_cfg/all/Dockerfile

@@ -1,7 +1,7 @@
 # Copyright 2021 Contributors to the Parsec project.
 # SPDX-License-Identifier: Apache-2.0
 
-FROM tpm2software/tpm2-tss:ubuntu-18.04
+FROM ghcr.io/tpm2-software/ubuntu-18.04:latest
 
 ENV PKG_CONFIG_PATH /usr/local/lib/pkgconfig
 

e2etest/provider_cfg/tpm/Dockerfile

@@ -1,7 +1,7 @@
 # Copyright 2021 Contributors to the Parsec project.
 # SPDX-License-Identifier: Apache-2.0
 
-FROM tpm2software/tpm2-tss:ubuntu-18.04
+FROM ghcr.io/tpm2-software/ubuntu-18.04:latest
 
 ENV PKG_CONFIG_PATH /usr/local/lib/pkgconfig
 

e2etest/scripts/ci.sh

@@ -96,6 +96,7 @@ trap cleanup EXIT
 
 if [ "$PROVIDER_NAME" = "tpm" ] || [ "$PROVIDER_NAME" = "all" ]; then
     echo  Start and configure TPM server
+    rm -f NVChip
     tpm_server &
     TPM_SRV_PID=$!
     sleep 5

e2etest/testclient_test.go

@@ -17,7 +17,7 @@ type testClient struct {
 }
 
 func initFixture(t *testing.T) *testClient {
-	c, err := parsec.InitClient()
+	c, err := parsec.CreateConfiguredClient("ci-test-client")
 	if err != nil {
 		t.Fatal(err)
 		return nil

go.mod

@@ -13,6 +13,8 @@ require (
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/sirupsen/logrus v1.7.0
 	github.com/stretchr/testify v1.4.0 // indirect
+	golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5 // indirect
+	golang.org/x/tools v0.1.0 // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
 	google.golang.org/protobuf v1.23.0
 	gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b // indirect

go.sum

@@ -155,6 +155,9 @@ golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f h1:kz4KIr+xcPUsI3VMoqWfPM
 golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5 h1:2M3HP5CCK1Si9FQhwnzYhXdG6DXeebvUHFpre8QvbyI=
+golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -192,6 +195,8 @@ golang.org/x/sys v0.0.0-20201202213521-69691e467435 h1:25AvDqqB9PrNqj1FLf2/70I4W
 golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091 h1:DMyOG0U+gKfu8JZzg2UQe9MeaC1X+xQWlAKcRnjxjCw=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 h1:myAQVi0cGEoqQVR5POX+8RR2mrocKqNN1hmeMqhX27k=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
@@ -201,10 +206,13 @@ golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDq
 golang.org/x/tools v0.0.0-20191118222007-07fc4c7f2b98 h1:tZwpOHmF1OEL9wJGSgBALnhFg/8VKjQTtctCX51GLNI=
 golang.org/x/tools v0.0.0-20191118222007-07fc4c7f2b98/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e h1:4nW4NLDYnU28ojHaHO8OVxFHk/aQ33U01a9cjED+pzE=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=

interface/README.md

@@ -10,4 +10,5 @@ This code is not part of the Parsec go language client public api and should not
 - [go-protobuf](https://github.com/parallaxsecond/parsec-client-go/tree/master/interface/go-protobuf) Intermediate protocol buffers definition files modified to add go packages - not stored in git.
 - [operations](https://github.com/parallaxsecond/parsec-client-go/tree/master/interface/operations) Generated code for marshaling and unmarshaling protocol buffers messages to communicate with parsec daemon.  These files *are* stored in git so that end application developers do not need to install protocol buffers compilers.
 - [parsec-operations](https://github.com/parallaxsecond/parsec-client-go/tree/master/interface/parsec-operations)  Git submodule containing protocol buffers definition of the parsec client interface.
-- [requests](https://github.com/parallaxsecond/parsec-client-go/tree/master/interface/requests) Basic client to interface with the parsec daemon.  This client is functional but exposes protocol buffer specific extensions to data-types and so is not suitable for end application developers. 
+- [requests](https://github.com/parallaxsecond/parsec-client-go/tree/master/interface/requests) Basic client to interface with the parsec daemon.  This client is functional but exposes protocol buffer specific extensions to data-types and so is not suitable for end application developers. 
+

interface/auth/auth_internal_test.go

@@ -15,22 +15,14 @@ import (
 
 var _ = Describe("auth", func() {
 	Describe("factory", func() {
-		var (
-			authType      AuthenticationType
-			authenticator Authenticator
-			err           error
-		)
-		JustBeforeEach(func() {
-			authenticator, err = AuthenticatorFactory(authType)
-		})
+		var authenticator Authenticator
 		Context("Creating no auth authenticator", func() {
 			BeforeEach(func() {
-				authType = AuthNoAuth
+				authenticator = NewNoAuthAuthenticator()
 			})
-			It("Should return *noAuthAuthenticator and no error", func() {
-				Expect(err).NotTo(HaveOccurred())
+			It("Should return *noAuthAuthenticator", func() {
 				Expect(reflect.TypeOf(authenticator).String()).To(Equal("*auth.noAuthAuthenticator"))
-				Expect(authenticator.Info().ID).To(Equal(AuthNoAuth))
+				Expect(authenticator.GetType()).To(Equal(AuthNoAuth))
 			})
 			It("Should return an empty auth buffer", func() {
 				tok, tokerr := authenticator.NewRequestAuth()
@@ -43,12 +35,11 @@ var _ = Describe("auth", func() {
 		})
 		Context("Creating unix peer authenticator", func() {
 			BeforeEach(func() {
-				authType = AuthUnixPeerCredentials
+				authenticator = NewUnixPeerAuthenticator()
 			})
-			It("Should return *unixPeerAuthenticator and no error", func() {
-				Expect(err).NotTo(HaveOccurred())
+			It("Should return *unixPeerAuthenticator", func() {
 				Expect(reflect.TypeOf(authenticator).String()).To(Equal("*auth.unixPeerAuthenticator"))
-				Expect(authenticator.Info().ID).To(Equal(AuthUnixPeerCredentials))
+				Expect(authenticator.GetType()).To(Equal(AuthUnixPeerCredentials))
 			})
 			It("Should return a 32 bit auth buffer", func() {
 				tok, tokerr := authenticator.NewRequestAuth()
@@ -65,54 +56,24 @@ var _ = Describe("auth", func() {
 				Expect(fmt.Sprint(uid)).To(Equal(currentUser.Uid))
 			})
 		})
-		Context("Creating AuthJwt authenticator", func() {
-			BeforeEach(func() {
-				authType = AuthJwt
-			})
-			It("Should be a valid auth type", func() {
-				Expect(authType.IsValid()).To(BeTrue())
-			})
-			It("Should fail", func() {
-				Expect(err).To(HaveOccurred())
-				Expect(authenticator).To(BeNil())
-			})
-		})
-		Context("Creating AuthJwtSvid authenticator", func() {
-			BeforeEach(func() {
-				authType = AuthJwtSvid
-			})
-			It("Should be a valid auth type", func() {
-				Expect(authType.IsValid()).To(BeTrue())
-			})
-			It("Should fail", func() {
-				Expect(err).To(HaveOccurred())
-				Expect(authenticator).To(BeNil())
-			})
-		})
 		Context("Creating AuthDirect authenticator", func() {
+			const appName = "test app name"
 			BeforeEach(func() {
-				authType = AuthDirect
-			})
-			It("Should be a valid auth type", func() {
-				Expect(authType.IsValid()).To(BeTrue())
+				authenticator = NewDirectAuthenticator(appName)
 			})
-			It("Should fail", func() {
-				Expect(err).To(HaveOccurred())
-				Expect(authenticator).To(BeNil())
+			It("Should return *directAuthenticator", func() {
+				Expect(reflect.TypeOf(authenticator).String()).To(Equal("*auth.directAuthenticator"))
+				Expect(authenticator.GetType()).To(Equal(AuthDirect))
 			})
-		})
-		Context("Creating invalid authenticators", func() {
-			It("Should fail, but have invalid authtype", func() {
-				for a := AuthJwtSvid + 1; a < 255; a++ {
-					authType = a
-					authenticator, err = AuthenticatorFactory(authType)
-				}
-				Expect(authType.IsValid()).To(BeFalse())
-				Expect(err).To(HaveOccurred())
-				Expect(authenticator).To(BeNil())
+			It("Should return bytes encoding app name", func() {
+				tok, tokerr := authenticator.NewRequestAuth()
+				Expect(tok).NotTo(BeNil())
+				Expect(tokerr).NotTo(HaveOccurred())
+				Expect(tok.AuthType()).To(Equal(AuthDirect))
+				buf := tok.Buffer().Bytes()
+				Expect(string(buf)).To(Equal(appName))
 			})
 		})
-
 	})
 	Describe("Conversion from uint32", func() {
 		Context("For valid types", func() {

interface/auth/direct.go

@@ -2,3 +2,33 @@
 // SPDX-License-Identifier: Apache-2.0
 
 package auth
+
+import (
+	"bytes"
+)
+
+type directAuthenticator struct {
+	appName string
+}
+
+// NewDirectAuthenticator creates a new Direct authenticator that uses appName as the
+// means of authentication.
+func NewDirectAuthenticator(appName string) Authenticator {
+	return &directAuthenticator{appName: appName}
+}
+
+// NewRequestAuth creates a new request authentication payload
+func (a *directAuthenticator) NewRequestAuth() (RequestAuthToken, error) {
+	buf := &bytes.Buffer{}
+	_, err := buf.WriteString(a.appName)
+	if err != nil {
+		return nil, err
+	}
+	r := &DefaultRequestAuthToken{buf: buf, authType: AuthDirect}
+	return r, nil
+}
+
+// GetType get the type of the authenticator
+func (a *directAuthenticator) GetType() AuthenticationType {
+	return AuthDirect
+}

interface/auth/mod.go

@@ -35,45 +35,14 @@ func NewAuthenticationTypeFromU32(t uint32) (AuthenticationType, error) {
 	return AuthenticationType(t), nil
 }
 
-// AuthenticatorInfo contains information about an authenticator.
-// Id is the id used to select the authenticator
-// Name name of the authenticator
-type AuthenticatorInfo struct {
-	ID          AuthenticationType
-	Description string
-	VersionMaj  uint32
-	VersionMin  uint32
-	VersionRev  uint32
-}
-
 // Authenticator interface for an authenticator
-// Info returns information about the authenticator
+// GetType get the type of the authenticator
 // NewRequestAuth creates a RequestAuthToken ready to populate a request
 type Authenticator interface {
-	Info() AuthenticatorInfo
+	GetType() AuthenticationType
 	NewRequestAuth() (RequestAuthToken, error)
 }
 
-// AuthenticatorFactory Create an authenticator for the given authentication type
-func AuthenticatorFactory(authType AuthenticationType) (Authenticator, error) {
-	var auth Authenticator
-	var err error
-	switch authType {
-	case AuthNoAuth:
-		auth, err = newNoAuthAuthenticator()
-	case AuthUnixPeerCredentials:
-		auth, err = newUnixPeerAuthenticator()
-	case AuthJwt, AuthDirect, AuthJwtSvid:
-		err = fmt.Errorf("unsupported authenticator type %v", authType)
-	default:
-		err = fmt.Errorf("invalid authenticator type %v", authType)
-	}
-	if err != nil {
-		return nil, err
-	}
-	return auth, nil
-}
-
 // RequestAuthToken describes interface for token to contain an authentication field in a request
 type RequestAuthToken interface {
 	Buffer() *bytes.Buffer

interface/auth/no_auth.go

@@ -10,17 +10,19 @@ import (
 type noAuthAuthenticator struct {
 }
 
-func newNoAuthAuthenticator() (Authenticator, error) {
-	return &noAuthAuthenticator{}, nil
-}
-
-func (a noAuthAuthenticator) Info() AuthenticatorInfo {
-	return AuthenticatorInfo{ID: AuthNoAuth, Description: "No authentication - for testing only"}
+// NewNoAuthAuthenticator create a new authenticator that provides no authentication.
+// Used for testing and for core operations such as list_providers and list_authenticators
+func NewNoAuthAuthenticator() Authenticator {
+	return &noAuthAuthenticator{}
 }
 
 // NewRequestAuth creates a new request authentication payload
-// Currently defaults to UnixPeerCredentials
 func (a noAuthAuthenticator) NewRequestAuth() (RequestAuthToken, error) {
 	r := &DefaultRequestAuthToken{buf: &bytes.Buffer{}, authType: AuthNoAuth}
 	return r, nil
 }
+
+// GetType get the type of the authenticator
+func (a *noAuthAuthenticator) GetType() AuthenticationType {
+	return AuthNoAuth
+}

interface/auth/unix_peer.go

@@ -13,16 +13,13 @@ import (
 type unixPeerAuthenticator struct {
 }
 
-func newUnixPeerAuthenticator() (Authenticator, error) {
-	return &unixPeerAuthenticator{}, nil
-}
-
-func (a unixPeerAuthenticator) Info() AuthenticatorInfo {
-	return AuthenticatorInfo{ID: AuthUnixPeerCredentials, Description: "Unix peer credentials"}
+// NewUnixPeerAuthenticator creates a new authenticator that uses current unix user id as
+// means of authentication.
+func NewUnixPeerAuthenticator() Authenticator {
+	return &unixPeerAuthenticator{}
 }
 
 // NewRequestAuth creates a new request authentication payload
-// Currently defaults to UnixPeerCredentials
 func (a unixPeerAuthenticator) NewRequestAuth() (RequestAuthToken, error) {
 	r := &DefaultRequestAuthToken{buf: &bytes.Buffer{}, authType: AuthUnixPeerCredentials}
 	currentUser, err := user.Current()
@@ -42,3 +39,8 @@ func (a unixPeerAuthenticator) NewRequestAuth() (RequestAuthToken, error) {
 	}
 	return r, nil
 }
+
+// GetType get the type of the authenticator
+func (a *unixPeerAuthenticator) GetType() AuthenticationType {
+	return AuthUnixPeerCredentials
+}