Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate keystore to master #27066

Merged
merged 27 commits into from
Dec 18, 2024
Merged

Migrate keystore to master #27066

merged 27 commits into from
Dec 18, 2024

Conversation

pereyra-m
Copy link
Member

@pereyra-m pereyra-m commented Nov 26, 2024
edited
Loading

Related issue
Closes #26971

Description

This PR migrates the wazuh-keystore to the master branch and adapts it to the project structure. The QA/UT tests and required utils were also migrated.

The OpenSSL v3.1.0 was added to vcpkg because it was missing and it was the closest version to the one used at branch v4.10.0.

The IndexerConnector class was updated to read the keystore and the plain text credentials were removed.

The SPECS and installer scripts were modified to include the new binary, but the RPM package can't be built due to previous errors.
The folders and binaries permissions were preserved but due to facebook/rocksdb#11503 the internal RocksDB files will have 644 instead of 640.

Until this PR is merged #26908, the root:wazuh permissions will be used instead of wazuh:wazuh.

Tests

I've installed a package built from this branch and configured the keystore credentials.
A test event is properly indexed

2024-11-27_20-44

@pereyra-m pereyra-m self-assigned this Nov 26, 2024
@pereyra-m pereyra-m linked an issue Nov 26, 2024 that may be closed by this pull request
Migrate keystore tool #26971
Closed
2 tasks
@pereyra-m pereyra-m force-pushed the enhancement/26971-migrate-keystore-tool branch 2 times, most recently from 965bb18 to 19679b8 Compare November 27, 2024 07:39
@pereyra-m pereyra-m marked this pull request as ready for review November 27, 2024 07:41
@pereyra-m pereyra-m force-pushed the enhancement/26971-migrate-keystore-tool branch 3 times, most recently from 4b0b74d to 6a755db Compare November 28, 2024 03:58
@github-actions GitHub Actions
Copy link

Coverage reports

The coverage report can be downloaded from here

Module Line coverage Function coverage
base 81.4% ✅ 85.3% ✅
conf 94.1% ✅ 95.3% ✅
indexerconnector 94.7% ✅ 91.9% ✅
keystore 90.7% ✅ 91.7% ✅

🟢 All modules have passed the coverage check

@pereyra-m pereyra-m force-pushed the enhancement/26971-migrate-keystore-tool branch from 6a755db to 2157bda Compare November 28, 2024 12:53
@github-actions GitHub Actions
Copy link

Coverage reports

The coverage report can be downloaded from here

Module Line coverage Function coverage
base 81.4% ✅ 85.3% ✅
conf 94.1% ✅ 95.3% ✅
indexerconnector 94.7% ✅ 91.9% ✅
keystore 90.7% ✅ 91.7% ✅

🟢 All modules have passed the coverage check

@pereyra-m pereyra-m force-pushed the enhancement/26971-migrate-keystore-tool branch 3 times, most recently from f6e3f90 to 7a70871 Compare November 28, 2024 13:38
@github-actions GitHub Actions
Copy link

Coverage reports

The coverage report can be downloaded from here

Module Line coverage Function coverage
base 81.4% ✅ 85.3% ✅
conf 94.1% ✅ 95.3% ✅
indexerconnector 94.7% ✅ 91.9% ✅
keystore 90.7% ✅ 91.7% ✅

🟢 All modules have passed the coverage check

@github-actions GitHub Actions
Copy link

Coverage reports

The coverage report can be downloaded from here

Module Line coverage Function coverage
base 81.4% ✅ 85.3% ✅
conf 94.1% ✅ 95.3% ✅
indexerconnector 94.7% ✅ 91.9% ✅
keystore 90.7% ✅ 91.7% ✅

🟢 All modules have passed the coverage check

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 4, 2024

Coverage reports

The coverage report can be downloaded from here

Module Line coverage Function coverage
base 82.0% ✅ 86.1% ✅
conf 94.1% ✅ 95.3% ✅
indexerconnector 94.7% ✅ 91.9% ✅
keystore 96.0% ✅ 92.3% ✅

🟢 All modules have passed the coverage check

@pereyra-m pereyra-m force-pushed the enhancement/26971-migrate-keystore-tool branch from d2e0e4b to 3d2e058 Compare December 4, 2024 05:06
@pereyra-m pereyra-m requested a review from Dwordcito December 4, 2024 05:06
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 4, 2024

Coverage reports

The coverage report can be downloaded from here

Module Line coverage Function coverage
base 82.1% ✅ 86.1% ✅
conf 94.1% ✅ 95.3% ✅
indexerconnector 94.7% ✅ 91.9% ✅
keystore 96.0% ✅ 92.3% ✅

🟢 All modules have passed the coverage check

@pereyra-m pereyra-m force-pushed the enhancement/26971-migrate-keystore-tool branch from 3d2e058 to 31487ba Compare December 4, 2024 05:22
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 4, 2024

Coverage reports

The coverage report can be downloaded from here

Module Line coverage Function coverage
base 82.1% ✅ 86.1% ✅
conf 94.1% ✅ 95.3% ✅
indexerconnector 94.7% ✅ 91.9% ✅
keystore 96.0% ✅ 92.3% ✅

🟢 All modules have passed the coverage check

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 4, 2024

Coverage reports

The coverage report can be downloaded from here

Module Line coverage Function coverage
base 82.1% ✅ 86.1% ✅
conf 94.1% ✅ 95.3% ✅
indexerconnector 94.7% ✅ 91.9% ✅
keystore 100.0% ✅ 90.0% ✅

🟢 All modules have passed the coverage check

MiguelazoDS
MiguelazoDS reviewed Dec 4, 2024
View reviewed changes
src/engine/source/base/include/base/utils/keyValueFile.hpp Outdated
std::ofstream file(m_filePath);
if (!file.is_open())
{
throw std::runtime_error("Error creating key-value file due to: " + std::string(strerror(errno)));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it expect to fail if the folder is not created?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question.
In the installer, the folder /etc/wazuh-server should exist.
The problem is that the error message in this case isn't helpful

pereyra-m and others added 21 commits December 18, 2024 15:53
@pereyra-m @Dwordcito
Use keystore for IndexerConnector instead of plain credentials
d0e9840
@pereyra-m @Dwordcito
Allow to change keystore path for testing and remove legacy UT relate…
5b1498f 
…d to upgrade feature
@pereyra-m @Dwordcito
Add ignore error flag for coverage due to GTest macros
46be0b9
@pereyra-m @Dwordcito
Update keystore binary, tool and tests with path flag
637076e
@pereyra-m @Dwordcito
Remove username and password from IndexerConnector after rebase
7af3c08
@pereyra-m @Dwordcito
Moving keystore from RocksDB to key-value file
2b54f14
@pereyra-m @Dwordcito
Add binary data UT and remove metadata from key-value file
df063c4
@pereyra-m @Dwordcito
Create required keystore folder for tests
0a3468f
@pereyra-m @Dwordcito
Fix typo, add method documentation and use vector instead of string f…
9a73142 
…or get method
@pereyra-m @Dwordcito
Encrypt the whole file instead of each value
ca03e86
@pereyra-m @Dwordcito
Update folder name to fix coverage error messages
0a649f8
@pereyra-m @Dwordcito
Restore username-password configuration parameters to IndexerConnector
16553ce
@pereyra-m @Dwordcito
Fix style and remove separator from password
ea7d916
@pereyra-m @Dwordcito
Revert IndexerConnector changes related to the wazuh-keystore
48c3506
@pereyra-m @Dwordcito
Improve error handling for wazuh-keystore
41e1615
@pereyra-m @Dwordcito
Move helper to FS module
7040675
@pereyra-m @Dwordcito
Update doxygen and remove documentation from .cpp
a0a5c4f
@pereyra-m @Dwordcito
Update OpenSSL to latest version
e316e9c
@pereyra-m @Dwordcito
Improve const correctness, data types and exception messages
de96784
@pereyra-m @Dwordcito
Remove deprecated path after rebase
3bb96be
@Dwordcito
Rebase fixes.
414a665
@Dwordcito Dwordcito force-pushed the enhancement/26971-migrate-keystore-tool branch from 2d954e6 to 414a665 Compare December 18, 2024 18:55
@github-actions GitHub Actions
Copy link

Coverage reports

The coverage report can be downloaded from here

Module Line coverage Function coverage
base 81.9% ✅ 86.9% ✅
fs 95.6% ✅ 100.0% ✅
keystore 87.8% ✅ 100.0% ✅

🟢 All modules have passed the coverage check

@Dwordcito
Copy link
Member

@pereyra-m is OOO, I made some changes in the Keystore::filecreate class, because we call the std::ofstream constructor with the filename and not with the filepath.

@github-actions GitHub Actions
Copy link

Coverage reports

The coverage report can be downloaded from here

Module Line coverage Function coverage
base 81.9% ✅ 86.9% ✅
fs 95.6% ✅ 100.0% ✅
keystore 85.7% ✅ 100.0% ✅

🟢 All modules have passed the coverage check

sebasfalcone
sebasfalcone approved these changes Dec 18, 2024
View reviewed changes
Copy link
Contributor

@sebasfalcone sebasfalcone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Testing

Insert values

./wazuh-keystore -k stdin
stdin_value
Key store file updated successfully.

echo "echo_value" | ./wazuh-keystore -k echo      
Key store file updated successfully.

./wazuh-keystore -k file -vp value.txt 
Key store file updated successfully.

./wazuh-keystore -k arg -v arg_value  
Key store file updated successfully.

Read values

python3 read.py
arg:arg_value
echo:echo_value
file:file_value
stdin:stdin_value

Overwrite values

./wazuh-keystore -k arg -v arg_value_new
Key store file updated successfully.

python3 read.py
arg:arg_value_new
echo:echo_value
file:file_value
stdin:stdin_value

@Dwordcito Dwordcito merged commit 5d52679 into master Dec 18, 2024
8 checks passed
@Dwordcito Dwordcito deleted the enhancement/26971-migrate-keystore-tool branch December 18, 2024 23:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sebasfalcone sebasfalcone sebasfalcone approved these changes

@juliancnn juliancnn Awaiting requested review from juliancnn

@MiguelazoDS MiguelazoDS Awaiting requested review from MiguelazoDS

@Dwordcito Dwordcito Awaiting requested review from Dwordcito

Assignees

@pereyra-m pereyra-m

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Migrate keystore tool
4 participants
@pereyra-m @MiguelazoDS @sebasfalcone @Dwordcito