diff --git a/charts/sda-svc/templates/download-deploy.yaml b/charts/sda-svc/templates/download-deploy.yaml index 733b9771d..2de812ed6 100644 --- a/charts/sda-svc/templates/download-deploy.yaml +++ b/charts/sda-svc/templates/download-deploy.yaml @@ -141,9 +141,9 @@ spec: value: {{ .Values.global.log.level | quote }} {{- end }} {{- if .Values.global.download.serveDecrypted.c4ghKeyFile }} - - name: APP_C4GHPRIVATEKEYPATH + - name: APP_C4GH_PRIVATEKEYPATH value: {{ template "c4ghPath" . }}/{{ .Values.global.download.serveDecrypted.c4ghKeyFile }} - - name: APP_C4GHPASSPHRASE + - name: APP_C4GH_PASSPHRASE valueFrom: secretKeyRef: name: {{ required "A secret for the transient c4gh key is required" .Values.global.download.serveDecrypted.secretName }} diff --git a/sda-download/api/sda/sda_test.go b/sda-download/api/sda/sda_test.go index 55c142163..3733d0b61 100644 --- a/sda-download/api/sda/sda_test.go +++ b/sda-download/api/sda/sda_test.go @@ -410,8 +410,8 @@ func TestDownload_Fail_FileNotFound(t *testing.T) { return "", errors.New("file not found") } - viper.Set("app.c4ghPrivateKeyPath", privateKeyFilePath) - viper.Set("app.c4ghPassphrase", "password") + viper.Set("app.c4gh.privateKeyPath", privateKeyFilePath) + viper.Set("app.c4gh.passphrase", "password") config.Config.App.Crypt4GHPrivateKey, config.Config.App.Crypt4GHPublicKeyB64, err = config.GetC4GHKeys() assert.NoError(t, err, "Could not load c4gh keys") @@ -443,8 +443,8 @@ func TestDownload_Fail_FileNotFound(t *testing.T) { database.CheckFilePermission = originalCheckFilePermission config.Config.App.Crypt4GHPublicKeyB64 = originalServeUnencryptedDataTrigger config.Config.App.Crypt4GHPrivateKey = originalC4ghPrivateKeyFilepath - viper.Set("app.c4ghPrivateKeyPath", "") - viper.Set("app.c4ghPassphrase", "") + viper.Set("app.c4gh.privateKeyPath", "") + viper.Set("app.c4gh.passphrase", "") } @@ -468,8 +468,8 @@ func TestDownload_Fail_NoPermissions(t *testing.T) { return session.Cache{} } - viper.Set("app.c4ghPrivateKeyPath", privateKeyFilePath) - viper.Set("app.c4ghPassphrase", "password") + viper.Set("app.c4gh.privateKeyPath", privateKeyFilePath) + viper.Set("app.c4gh.passphrase", "password") config.Config.App.Crypt4GHPrivateKey, config.Config.App.Crypt4GHPublicKeyB64, err = config.GetC4GHKeys() assert.NoError(t, err, "Could not load c4gh keys") @@ -502,8 +502,8 @@ func TestDownload_Fail_NoPermissions(t *testing.T) { middleware.GetCacheFromContext = originalGetCacheFromContext config.Config.App.Crypt4GHPublicKeyB64 = originalServeUnencryptedDataTrigger config.Config.App.Crypt4GHPrivateKey = originalC4ghPrivateKeyFilepath - viper.Set("app.c4ghPrivateKeyPath", "") - viper.Set("app.c4ghPassphrase", "") + viper.Set("app.c4gh.privateKeyPath", "") + viper.Set("app.c4gh.passphrase", "") } @@ -532,8 +532,8 @@ func TestDownload_Fail_GetFile(t *testing.T) { return nil, errors.New("database error") } - viper.Set("app.c4ghPrivateKeyPath", privateKeyFilePath) - viper.Set("app.c4ghPassphrase", "password") + viper.Set("app.c4gh.privateKeyPath", privateKeyFilePath) + viper.Set("app.c4gh.passphrase", "password") config.Config.App.Crypt4GHPrivateKey, config.Config.App.Crypt4GHPublicKeyB64, err = config.GetC4GHKeys() assert.NoError(t, err, "Could not load c4gh keys") @@ -567,8 +567,8 @@ func TestDownload_Fail_GetFile(t *testing.T) { database.GetFile = originalGetFile config.Config.App.Crypt4GHPublicKeyB64 = originalServeUnencryptedDataTrigger config.Config.App.Crypt4GHPrivateKey = originalC4ghPrivateKeyFilepath - viper.Set("app.c4ghPrivateKeyPath", "") - viper.Set("app.c4ghPassphrase", "") + viper.Set("app.c4gh.privateKeyPath", "") + viper.Set("app.c4gh.passphrase", "") } @@ -604,8 +604,8 @@ func TestDownload_Fail_OpenFile(t *testing.T) { return fileDetails, nil } - viper.Set("app.c4ghPrivateKeyPath", privateKeyFilePath) - viper.Set("app.c4ghPassphrase", "password") + viper.Set("app.c4gh.privateKeyPath", privateKeyFilePath) + viper.Set("app.c4gh.passphrase", "password") config.Config.App.Crypt4GHPrivateKey, config.Config.App.Crypt4GHPublicKeyB64, err = config.GetC4GHKeys() assert.NoError(t, err, "Could not load c4gh keys") @@ -642,8 +642,8 @@ func TestDownload_Fail_OpenFile(t *testing.T) { database.GetFile = originalGetFile config.Config.App.Crypt4GHPublicKeyB64 = originalServeUnencryptedDataTrigger config.Config.App.Crypt4GHPrivateKey = originalC4ghPrivateKeyFilepath - viper.Set("app.c4ghPrivateKeyPath", "") - viper.Set("app.c4ghPassphrase", "") + viper.Set("app.c4gh.privateKeyPath", "") + viper.Set("app.c4gh.passphrase", "") } func Test_CalucalateCoords(t *testing.T) { @@ -795,8 +795,8 @@ func TestDownload_Whole_Range_Encrypted(t *testing.T) { config.Config.Reencrypt.ClientKey = keyfile.Name() config.Config.Reencrypt.Timeout = 10 - viper.Set("app.c4ghPrivateKeyPath", privateKeyFilePath) - viper.Set("app.c4ghPassphrase", "password") + viper.Set("app.c4gh.privateKeyPath", privateKeyFilePath) + viper.Set("app.c4gh.passphrase", "password") config.Config.App.Crypt4GHPrivateKey, config.Config.App.Crypt4GHPublicKeyB64, err = config.GetC4GHKeys() assert.NoError(t, err, "Could not load c4gh keys") @@ -944,8 +944,8 @@ func TestDownload_Whole_Range_Encrypted(t *testing.T) { database.GetFile = originalGetFile config.Config.App.Crypt4GHPublicKeyB64 = originalServeUnencryptedDataTrigger config.Config.App.Crypt4GHPrivateKey = originalC4ghPrivateKeyFilepath - viper.Set("app.c4ghPrivateKeyPath", "") - viper.Set("app.c4ghPassphrase", "") + viper.Set("app.c4gh.privateKeyPath", "") + viper.Set("app.c4gh.passphrase", "") } func GenerateTestC4ghKey(t *testing.T) (string, error) { diff --git a/sda-download/dev_utils/compose-no-tls.yml b/sda-download/dev_utils/compose-no-tls.yml index ac0434f2d..a858a793e 100644 --- a/sda-download/dev_utils/compose-no-tls.yml +++ b/sda-download/dev_utils/compose-no-tls.yml @@ -88,8 +88,8 @@ services: - ARCHIVE_URL=http://s3 - ARCHIVE_TYPE=s3 - DB_HOST=db - - APP_C4GHPRIVATEKEYPATH=/dev_utils/c4gh.sec.pem - - APP_C4GHPASSPHRASE=oaagCP1YgAZeEyl2eJAkHv9lkcWXWFgm + - APP_C4GH_PRIVATEKEYPATH=/dev_utils/c4gh.sec.pem + - APP_C4GH_PASSPHRASE=oaagCP1YgAZeEyl2eJAkHv9lkcWXWFgm image: neicnordic/sda-download:latest build: context: .. diff --git a/sda-download/dev_utils/compose.yml b/sda-download/dev_utils/compose.yml index f9f7ad954..d771dd663 100644 --- a/sda-download/dev_utils/compose.yml +++ b/sda-download/dev_utils/compose.yml @@ -121,8 +121,8 @@ services: condition: service_started env_file: ./env.download environment: - - APP_C4GHPRIVATEKEYPATH=/dev_utils/c4gh.sec.pem - - APP_C4GHPASSPHRASE=oaagCP1YgAZeEyl2eJAkHv9lkcWXWFgm + - APP_C4GH_PRIVATEKEYPATH=/dev_utils/c4gh.sec.pem + - APP_C4GH_PASSPHRASE=oaagCP1YgAZeEyl2eJAkHv9lkcWXWFgm image: neicnordic/sda-download:latest volumes: - ./config.yaml:/config.yaml diff --git a/sda-download/internal/config/config.go b/sda-download/internal/config/config.go index 160f263a7..cf724a01c 100644 --- a/sda-download/internal/config/config.go +++ b/sda-download/internal/config/config.go @@ -376,10 +376,10 @@ func (c *Map) appConfig() error { } var err error - if viper.IsSet("app.c4ghPrivateKeyPath") { + if viper.IsSet("app.c4gh.privateKeyPath") { - if !viper.IsSet("app.c4ghPassphrase") { - return errors.New("app.c4ghPassphrase is not set") + if !viper.IsSet("app.c4gh.passphrase") { + return errors.New("app.c4gh.passphrase is not set") } c.App.Crypt4GHPrivateKey, c.App.Crypt4GHPublicKeyB64, err = GetC4GHKeys() @@ -487,8 +487,8 @@ func constructWhitelist(obj []TrustedISS) *jwk.MapWhitelist { // GetC4GHKey reads and decrypts and returns the c4gh key func GetC4GHKeys() ([32]byte, string, error) { - keyPath := viper.GetString("app.c4ghPrivateKeyPath") - passphrase := viper.GetString("app.c4ghPassphrase") + keyPath := viper.GetString("app.c4gh.privateKeyPath") + passphrase := viper.GetString("app.c4gh.passphrase") // Make sure the key path and passphrase is valid keyFile, err := os.Open(keyPath) diff --git a/sda-download/internal/config/config_test.go b/sda-download/internal/config/config_test.go index bb57340e9..e4da7865b 100644 --- a/sda-download/internal/config/config_test.go +++ b/sda-download/internal/config/config_test.go @@ -96,8 +96,8 @@ func (suite *TestSuite) TestAppConfig() { viper.Set("app.serverkey", "test") viper.Set("log.logLevel", "debug") viper.Set("db.sslmode", "disable") - viper.Set("app.c4ghPrivateKeyPath", privateKeyFile.Name()) - viper.Set("app.c4ghPassphrase", "password") + viper.Set("app.c4gh.PrivateKeyPath", privateKeyFile.Name()) + viper.Set("app.c4gh.passphrase", "password") c = &Map{} err = c.appConfig() @@ -116,13 +116,13 @@ func (suite *TestSuite) TestAppConfig() { assert.Nilf(suite.T(), err, "Incorrect public c4gh key generated (bad key)") // Check false c4gh key - viper.Set("app.c4ghPrivateKeyPath", "some/nonexistent.key") + viper.Set("app.c4gh.privateKeyPath", "some/nonexistent.key") err = c.appConfig() assert.ErrorContains(suite.T(), err, "no such file or directory") // Check false c4gh key - viper.Set("app.c4ghPrivateKeyPath", privateKeyFile.Name()) - viper.Set("app.c4ghPassphrase", "blablabla") + viper.Set("app.c4gh.privateKeyPath", privateKeyFile.Name()) + viper.Set("app.c4gh.passphrase", "blablabla") err = c.appConfig() assert.ErrorContains(suite.T(), err, "chacha20poly1305: message authentication failed") }