adds ability to turn encryption on and off per plugin

intelsdi-x · Sep 28, 2015 · b29baa4 · b29baa4
1 parent 3e035d0
commit b29baa4
Show file tree

Hide file tree

Showing 16 changed files with 171 additions and 200 deletions.
diff --git a/control/available_plugin.go b/control/available_plugin.go
@@ -1,7 +1,6 @@
 package control
 
 import (
-	"crypto/rsa"
 	"errors"
 	"fmt"
 	"strconv"
@@ -68,7 +67,7 @@ type availablePlugin struct {
 
 // newAvailablePlugin returns an availablePlugin with information from a
 // plugin.Response
-func newAvailablePlugin(resp *plugin.Response, privKey *rsa.PrivateKey, emitter gomit.Emitter, ep executablePlugin) (*availablePlugin, error) {
+func newAvailablePlugin(resp *plugin.Response, emitter gomit.Emitter, ep executablePlugin) (*availablePlugin, error) {
 	if resp.Type != plugin.CollectorPluginType && resp.Type != plugin.ProcessorPluginType && resp.Type != plugin.PublisherPluginType {
 		return nil, ErrBadType
 	}
@@ -90,13 +89,13 @@ func newAvailablePlugin(resp *plugin.Response, privKey *rsa.PrivateKey, emitter
 	case plugin.CollectorPluginType:
 		switch resp.Meta.RPCType {
 		case plugin.JSONRPC:
-			c, e := client.NewCollectorHttpJSONRPCClient(listenUrl, DefaultClientTimeout, resp.PublicKey, privKey)
+			c, e := client.NewCollectorHttpJSONRPCClient(listenUrl, DefaultClientTimeout, resp.PublicKey, !resp.Meta.Unsecure)
 			if e != nil {
 				return nil, errors.New("error while creating client connection: " + e.Error())
 			}
 			ap.client = c
 		case plugin.NativeRPC:
-			c, e := client.NewCollectorNativeClient(resp.ListenAddress, DefaultClientTimeout, resp.PublicKey, privKey)
+			c, e := client.NewCollectorNativeClient(resp.ListenAddress, DefaultClientTimeout, resp.PublicKey, !resp.Meta.Unsecure)
 			if e != nil {
 				return nil, errors.New("error while creating client connection: " + e.Error())
 			}
@@ -105,13 +104,13 @@ func newAvailablePlugin(resp *plugin.Response, privKey *rsa.PrivateKey, emitter
 	case plugin.PublisherPluginType:
 		switch resp.Meta.RPCType {
 		case plugin.JSONRPC:
-			c, e := client.NewPublisherHttpJSONRPCClient(listenUrl, DefaultClientTimeout, resp.PublicKey, privKey)
+			c, e := client.NewPublisherHttpJSONRPCClient(listenUrl, DefaultClientTimeout, resp.PublicKey, !resp.Meta.Unsecure)
 			if e != nil {
 				return nil, errors.New("error while creating client connection: " + e.Error())
 			}
 			ap.client = c
 		case plugin.NativeRPC:
-			c, e := client.NewPublisherNativeClient(resp.ListenAddress, DefaultClientTimeout, resp.PublicKey, privKey)
+			c, e := client.NewPublisherNativeClient(resp.ListenAddress, DefaultClientTimeout, resp.PublicKey, !resp.Meta.Unsecure)
 			if e != nil {
 				return nil, errors.New("error while creating client connection: " + e.Error())
 			}
@@ -120,13 +119,13 @@ func newAvailablePlugin(resp *plugin.Response, privKey *rsa.PrivateKey, emitter
 	case plugin.ProcessorPluginType:
 		switch resp.Meta.RPCType {
 		case plugin.JSONRPC:
-			c, e := client.NewProcessorHttpJSONRPCClient(listenUrl, DefaultClientTimeout, resp.PublicKey, privKey)
+			c, e := client.NewProcessorHttpJSONRPCClient(listenUrl, DefaultClientTimeout, resp.PublicKey, !resp.Meta.Unsecure)
 			if e != nil {
 				return nil, errors.New("error while creating client connection: " + e.Error())
 			}
 			ap.client = c
 		case plugin.NativeRPC:
-			c, e := client.NewProcessorNativeClient(resp.ListenAddress, DefaultClientTimeout, resp.PublicKey, privKey)
+			c, e := client.NewProcessorNativeClient(resp.ListenAddress, DefaultClientTimeout, resp.PublicKey, !resp.Meta.Unsecure)
 			if e != nil {
 				return nil, errors.New("error while creating client connection: " + e.Error())
 			}

diff --git a/control/available_plugin_test.go b/control/available_plugin_test.go
@@ -1,8 +1,6 @@
 package control
 
 import (
-	"crypto/rand"
-	"crypto/rsa"
 	"errors"
 	"net"
 	"testing"
@@ -14,8 +12,6 @@ import (
 
 func TestAvailablePlugin(t *testing.T) {
 	Convey("newAvailablePlugin()", t, func() {
-		key, err := rsa.GenerateKey(rand.Reader, 2048)
-		So(err, ShouldBeNil)
 		Convey("returns an availablePlugin", func() {
 			ln, _ := net.Listen("tcp", ":4000")
 			defer ln.Close()
@@ -27,17 +23,15 @@ func TestAvailablePlugin(t *testing.T) {
 				Type:          plugin.CollectorPluginType,
 				ListenAddress: "127.0.0.1:4000",
 			}
-			ap, err := newAvailablePlugin(resp, key, nil, nil)
+			ap, err := newAvailablePlugin(resp, nil, nil)
 			So(ap, ShouldHaveSameTypeAs, new(availablePlugin))
 			So(err, ShouldBeNil)
 		})
 	})
 
 	Convey("Stop()", t, func() {
 		Convey("returns nil if plugin successfully stopped", func() {
-			key, err := rsa.GenerateKey(rand.Reader, 2048)
-			So(err, ShouldBeNil)
-			r := newRunner(&routing.RoundRobinStrategy{}, key)
+			r := newRunner(&routing.RoundRobinStrategy{})
 			a := plugin.Arg{
 				PluginLogPath: "/tmp/pulse-test-plugin-stop.log",
 			}
@@ -89,8 +83,6 @@ func TestAvailablePlugins(t *testing.T) {
 		})
 	})
 	Convey("it returns an error if client cannot be created", t, func() {
-		key, err := rsa.GenerateKey(rand.Reader, 2048)
-		So(err, ShouldBeNil)
 		resp := &plugin.Response{
 			Meta: plugin.PluginMeta{
 				Name:    "test",
@@ -99,7 +91,7 @@ func TestAvailablePlugins(t *testing.T) {
 			Type:          plugin.CollectorPluginType,
 			ListenAddress: "localhost:",
 		}
-		ap, err := newAvailablePlugin(resp, key, nil, nil)
+		ap, err := newAvailablePlugin(resp, nil, nil)
 		So(ap, ShouldBeNil)
 		So(err, ShouldNotBeNil)
 	})

diff --git a/control/control.go b/control/control.go
@@ -1,8 +1,6 @@
 package control
 
 import (
-	"crypto/rand"
-	"crypto/rsa"
 	"errors"
 	"fmt"
 	"strconv"
@@ -24,11 +22,7 @@ import (
 	"github.com/intelsdi-x/pulse/pkg/psigning"
 )
 
-// control private key (RSA private key)
-// control public key (RSA public key)
 // Plugin token = token generated by plugin and passed to control
-// Session token = plugin seed encrypted by control private key, verified by plugin using control public key
-//
 
 var (
 	controlLogger = log.WithFields(log.Fields{
@@ -47,8 +41,6 @@ type pluginControl struct {
 	Started        bool
 
 	autodiscoverPaths []string
-	privKey           *rsa.PrivateKey
-	pubKey            *rsa.PublicKey
 	eventManager      *gomit.EventController
 
 	pluginManager  managesPlugins
@@ -117,14 +109,7 @@ func CacheExpiration(t time.Duration) controlOpt {
 // New returns a new pluginControl instance
 func New(opts ...controlOpt) *pluginControl {
 
-	key, err := rsa.GenerateKey(rand.Reader, 2048)
-	if err != nil {
-		panic(err)
-	}
-	c := &pluginControl{
-		pubKey:  &key.PublicKey,
-		privKey: key,
-	}
+	c := &pluginControl{}
 	// Initialize components
 	//
 	// Event Manager
@@ -141,7 +126,7 @@ func New(opts ...controlOpt) *pluginControl {
 	}).Debug("metric catalog created")
 
 	// Plugin Manager
-	c.pluginManager = newPluginManager(c.pubKey, c.privKey)
+	c.pluginManager = newPluginManager()
 	controlLogger.WithFields(log.Fields{
 		"_block": "new",
 	}).Debug("plugin manager created")
@@ -156,7 +141,7 @@ func New(opts ...controlOpt) *pluginControl {
 
 	// Plugin Runner
 	// TODO (danielscottt): handle routing strat changes via events
-	c.pluginRunner = newRunner(&routing.RoundRobinStrategy{}, c.privKey)
+	c.pluginRunner = newRunner(&routing.RoundRobinStrategy{})
 	controlLogger.WithFields(log.Fields{
 		"_block": "new",
 	}).Debug("runner created")
@@ -169,7 +154,7 @@ func New(opts ...controlOpt) *pluginControl {
 	// Wire event manager
 
 	// Start stuff
-	err = c.pluginRunner.Start()
+	err := c.pluginRunner.Start()
 	if err != nil {
 		panic(err)
 	}

diff --git a/control/control_test.go b/control/control_test.go
@@ -2,8 +2,6 @@ package control
 
 import (
 	"bytes"
-	"crypto/rand"
-	"crypto/rsa"
 	"encoding/gob"
 	"encoding/json"
 	"errors"
@@ -363,15 +361,14 @@ func TestStop(t *testing.T) {
 }
 
 func TestPluginCatalog(t *testing.T) {
-	key, _ := rsa.GenerateKey(rand.Reader, 2048)
 	ts := time.Now()
 
 	c := New()
 
 	// We need our own plugin manager to drop mock
 	// loaded plugins into.  Aribitrarily adding
 	// plugins from the pm is no longer supported.
-	tpm := newPluginManager(&key.PublicKey, key)
+	tpm := newPluginManager()
 	c.pluginManager = tpm
 
 	lp1 := new(loadedPlugin)

diff --git a/control/monitor_test.go b/control/monitor_test.go
@@ -12,20 +12,6 @@ import (
 	. "github.com/smartystreets/goconvey/convey"
 )
 
-type mockPluginClient struct{}
-
-func (mp *mockPluginClient) Ping() error {
-	return nil
-}
-
-func (mp *mockPluginClient) Kill(r string) error {
-	return nil
-}
-
-func (mp *mockPluginClient) GetConfigPolicy() error {
-	return nil
-}
-
 func TestMonitor(t *testing.T) {
 	Convey("monitor", t, func() {
 		aps := newAvailablePlugins(&routing.RoundRobinStrategy{})

diff --git a/control/plugin/client/httpjsonrpc.go b/control/plugin/client/httpjsonrpc.go
@@ -33,58 +33,64 @@ type httpJSONRPCClient struct {
 }
 
 // NewCollectorHttpJSONRPCClient returns CollectorHttpJSONRPCClient
-func NewCollectorHttpJSONRPCClient(u string, timeout time.Duration, pub *rsa.PublicKey, priv *rsa.PrivateKey) (PluginCollectorClient, error) {
-	key, err := encrypter.GenerateKey()
-	if err != nil {
-		return nil, err
-	}
-	e := encrypter.New(pub, priv)
-	e.Key = key
-	enc := encoding.NewJsonEncoder()
-	enc.SetEncrypter(e)
-	return &httpJSONRPCClient{
+func NewCollectorHttpJSONRPCClient(u string, timeout time.Duration, pub *rsa.PublicKey, secure bool) (PluginCollectorClient, error) {
+	hjr := &httpJSONRPCClient{
 		url:        u,
 		timeout:    timeout,
 		pluginType: plugin.CollectorPluginType,
-		encrypter:  e,
-		encoder:    enc,
-	}, nil
+		encoder:    encoding.NewJsonEncoder(),
+	}
+	if secure {
+		key, err := encrypter.GenerateKey()
+		if err != nil {
+			return nil, err
+		}
+		e := encrypter.New(pub, nil)
+		e.Key = key
+		hjr.encoder.SetEncrypter(e)
+		hjr.encrypter = e
+	}
+	return hjr, nil
 }
 
-func NewProcessorHttpJSONRPCClient(u string, timeout time.Duration, pub *rsa.PublicKey, priv *rsa.PrivateKey) (PluginProcessorClient, error) {
-	key, err := encrypter.GenerateKey()
-	if err != nil {
-		return nil, err
-	}
-	e := encrypter.New(pub, priv)
-	e.Key = key
-	enc := encoding.NewJsonEncoder()
-	enc.SetEncrypter(e)
-	return &httpJSONRPCClient{
+func NewProcessorHttpJSONRPCClient(u string, timeout time.Duration, pub *rsa.PublicKey, secure bool) (PluginProcessorClient, error) {
+	hjr := &httpJSONRPCClient{
 		url:        u,
 		timeout:    timeout,
 		pluginType: plugin.ProcessorPluginType,
-		encrypter:  e,
-		encoder:    enc,
-	}, nil
+		encoder:    encoding.NewJsonEncoder(),
+	}
+	if secure {
+		key, err := encrypter.GenerateKey()
+		if err != nil {
+			return nil, err
+		}
+		e := encrypter.New(pub, nil)
+		e.Key = key
+		hjr.encoder.SetEncrypter(e)
+		hjr.encrypter = e
+	}
+	return hjr, nil
 }
 
-func NewPublisherHttpJSONRPCClient(u string, timeout time.Duration, pub *rsa.PublicKey, priv *rsa.PrivateKey) (PluginPublisherClient, error) {
-	key, err := encrypter.GenerateKey()
-	if err != nil {
-		return nil, err
-	}
-	e := encrypter.New(pub, priv)
-	e.Key = key
-	enc := encoding.NewJsonEncoder()
-	enc.SetEncrypter(e)
-	return &httpJSONRPCClient{
+func NewPublisherHttpJSONRPCClient(u string, timeout time.Duration, pub *rsa.PublicKey, secure bool) (PluginPublisherClient, error) {
+	hjr := &httpJSONRPCClient{
 		url:        u,
 		timeout:    timeout,
 		pluginType: plugin.PublisherPluginType,
-		encrypter:  e,
-		encoder:    enc,
-	}, nil
+		encoder:    encoding.NewJsonEncoder(),
+	}
+	if secure {
+		key, err := encrypter.GenerateKey()
+		if err != nil {
+			return nil, err
+		}
+		e := encrypter.New(pub, nil)
+		e.Key = key
+		hjr.encoder.SetEncrypter(e)
+		hjr.encrypter = e
+	}
+	return hjr, nil
 }
 
 // Ping

diff --git a/control/plugin/client/httpjsonrpc_test.go b/control/plugin/client/httpjsonrpc_test.go
@@ -26,7 +26,7 @@ import (
 )
 
 var (
-	key, _    = rsa.GenerateKey(crand.Reader, 2048)
+	key, _    = rsa.GenerateKey(crand.Reader, 1024)
 	symkey, _ = encrypter.GenerateKey()
 )
 
@@ -122,7 +122,7 @@ func (m *mockSessionStatePluginProxy) Kill(arg []byte, b *[]byte) error {
 var httpStarted = false
 
 func startHTTPJSONRPC() (string, *mockSessionStatePluginProxy) {
-	encr := encrypter.New(&key.PublicKey, key)
+	encr := encrypter.New(&key.PublicKey, nil)
 	encr.Key = symkey
 	ee := encoding.NewJsonEncoder()
 	ee.SetEncrypter(encr)
@@ -159,7 +159,7 @@ func TestHTTPJSONRPC(t *testing.T) {
 
 	Convey("Collector Client", t, func() {
 		session.c = true
-		c, err := NewCollectorHttpJSONRPCClient(fmt.Sprintf("http://%v", addr), 1*time.Second, &key.PublicKey, key)
+		c, err := NewCollectorHttpJSONRPCClient(fmt.Sprintf("http://%v", addr), 1*time.Second, &key.PublicKey, true)
 		So(err, ShouldBeNil)
 		So(c, ShouldNotBeNil)
 		cl := c.(*httpJSONRPCClient)
@@ -253,7 +253,7 @@ func TestHTTPJSONRPC(t *testing.T) {
 
 	Convey("Processor Client", t, func() {
 		session.c = false
-		p, _ := NewProcessorHttpJSONRPCClient(fmt.Sprintf("http://%v", addr), 1*time.Second, &key.PublicKey, key)
+		p, _ := NewProcessorHttpJSONRPCClient(fmt.Sprintf("http://%v", addr), 1*time.Second, &key.PublicKey, true)
 		cl := p.(*httpJSONRPCClient)
 		cl.encrypter.Key = symkey
 		So(p, ShouldNotBeNil)
@@ -293,7 +293,7 @@ func TestHTTPJSONRPC(t *testing.T) {
 
 	Convey("Publisher Client", t, func() {
 		session.c = false
-		p, _ := NewPublisherHttpJSONRPCClient(fmt.Sprintf("http://%v", addr), 1*time.Second, &key.PublicKey, key)
+		p, _ := NewPublisherHttpJSONRPCClient(fmt.Sprintf("http://%v", addr), 1*time.Second, &key.PublicKey, true)
 		cl := p.(*httpJSONRPCClient)
 		cl.encrypter.Key = symkey
 		So(p, ShouldNotBeNil)