refactor: make get key return OpenBao.Key

Signed-off-by: Francesco Noacco <francesco.noacco@secomind.com>

Author: noaccOS

apps/astarte_pairing/lib/astarte_pairing/fdo/open_bao/core.ex

@@ -46,6 +46,16 @@ defmodule Astarte.Pairing.FDO.OpenBao.Core do
     end
   end
 
+  @spec key_algorithm_enum :: Keyword.t(String.t())
+  def key_algorithm_enum do
+    [
+      es256: "ecdsa-p256",
+      es384: "ecdsa-p384",
+      rs256: "rsa-2048",
+      rs384: "rsa-3072"
+    ]
+  end
+
   @spec digest_type(digest_type) :: {:ok, String.t()} | :error
   def digest_type(:sha), do: {:ok, "sha1"}
   def digest_type(:sha224), do: {:ok, "sha2-224"}
@@ -225,21 +235,19 @@ defmodule Astarte.Pairing.FDO.OpenBao.Core do
     end
   end
 
-  @spec get_key(String.t(), String.t()) ::
-          :error | {:error, Jason.DecodeError.t()} | {:ok, any()}
+  @spec get_key(String.t(), String.t()) :: {:ok, String.t()} | :error
   def get_key(key_name, namespace) do
     headers = [{"Content-Type", "application/json"}]
 
     options = [{:namespace, namespace}]
 
     case Client.get("/transit/keys/#{key_name}", headers, options) do
       {:ok, %HTTPoison.Response{status_code: 200, body: resp_body}} ->
-        parse_json_data(resp_body)
+        {:ok, resp_body}
 
       error_resp ->
-        Logger.error(
-          "Encountered HTTP error while getting key #{key_name}: #{inspect(error_resp)}"
-        )
+        "Encountered HTTP error while getting key #{key_name}: #{inspect(error_resp)}"
+        |> Logger.error()
 
         :error
     end
@@ -338,7 +346,7 @@ defmodule Astarte.Pairing.FDO.OpenBao.Core do
     end
   end
 
-  defp parse_json_data(json_str) do
+  def parse_json_data(json_str) do
     with {:ok, map} when is_map(map) <- Jason.decode(json_str),
          {:ok, data} <- Map.fetch(map, "data") do
       {:ok, data}

apps/astarte_pairing/lib/astarte_pairing/fdo/open_bao/key.ex

@@ -21,14 +21,42 @@ defmodule Astarte.Pairing.FDO.OpenBao.Key do
   `COSE.Keys.Key` implementation for OpenBao keys.
   """
 
-  use TypedStruct
+  use TypedEctoSchema
+
+  import Ecto.Changeset
 
   alias Astarte.Pairing.FDO.OpenBao.Core
+  alias Astarte.Pairing.FDO.OpenBao.Key
+
+  @primary_key false
+  typed_embedded_schema do
+    field :name, :string
+    field :namespace, :string
+    field :alg, Ecto.Enum, values: Core.key_algorithm_enum()
+    field :public_pem, :string
+  end
+
+  @doc """
+  Convert the result from OpenBao's API into `t()`
+  """
+  @spec parse(String.t(), String.t(), String.t()) :: {:ok, t()} | {:error, term()}
+  def parse(key_name, namespace, response_body) do
+    with {:ok, data} <- Core.parse_json_data(response_body) do
+      params = %{
+        "namespace" => namespace,
+        "name" => key_name,
+        "alg" => data["type"],
+        "public_pem" => get_in(data, ["keys", "1", "public_key"])
+      }
+
+      changeset = changeset(%Key{}, params)
+      apply_action(changeset, :insert)
+    end
+  end
 
-  typedstruct do
-    field :name, String.t()
-    field :namespace, String.t()
-    field :alg, Core.key_algorithm()
+  def changeset(key, params) do
+    key
+    |> cast(params, [:namespace, :name, :alg, :public_pem])
   end
 end
 

apps/astarte_pairing/lib/astarte_pairing/fdo/open_bao/open_bao.ex

@@ -20,8 +20,9 @@ defmodule Astarte.Pairing.FDO.OpenBao do
   @moduledoc """
   Functionality to interface with OpenBao APIs.
   """
-
-  alias Astarte.Pairing.FDO.OpenBao.{Client, Core}
+  alias Astarte.Pairing.FDO.OpenBao.Client
+  alias Astarte.Pairing.FDO.OpenBao.Core
+  alias Astarte.Pairing.FDO.OpenBao.Key
   alias COSE.Keys.ECC
   alias COSE.Keys.RSA
 
@@ -31,17 +32,18 @@ defmodule Astarte.Pairing.FDO.OpenBao do
   def get_key(key_name, opts \\ []) do
     namespace = Keyword.fetch!(opts, :namespace)
 
-    Core.get_key(key_name, namespace)
+    with {:ok, resp} <- Core.get_key(key_name, namespace) do
+      Key.parse(key_name, namespace, resp)
+    end
   end
 
   @spec list_keys_names() :: {:ok, map()} | :error
   def list_keys_names(opts \\ []) do
     namespace = Keyword.fetch!(opts, :namespace)
+
     Core.list_keys(namespace)
   end
 
-  alias Astarte.Pairing.FDO.OpenBao.Core
-
   def create_namespace(realm_name, user_id \\ nil, key_algorithm) do
     with {:ok, algorithm} <- Core.key_type_to_string(key_algorithm),
          namespace_tokens = Core.namespace_tokens(realm_name, user_id, algorithm),

apps/astarte_pairing/test/astarte_pairing/fdo/open_bao/core_test.exs

@@ -222,7 +222,7 @@ defmodule Astarte.Pairing.FDO.OpenBao.CoreTest do
         |> String.trim_trailing()
 
       assert {:ok, key_data} = OpenBao.get_key(key_name, opts)
-      stored_pem = get_in(key_data, ["keys", "1", "public_key"]) |> String.trim_trailing()
+      stored_pem = key_data.public_pem |> String.trim_trailing()
       assert expected_pub_pem == stored_pem
     end
 
@@ -244,7 +244,7 @@ defmodule Astarte.Pairing.FDO.OpenBao.CoreTest do
         |> String.trim_trailing()
 
       assert {:ok, key_data} = OpenBao.get_key(key_name, opts)
-      stored_pem = get_in(key_data, ["keys", "1", "public_key"]) |> String.trim_trailing()
+      stored_pem = key_data.public_pem |> String.trim_trailing()
       assert expected_pub_pem == stored_pem
     end
 
@@ -266,7 +266,7 @@ defmodule Astarte.Pairing.FDO.OpenBao.CoreTest do
         |> String.trim_trailing()
 
       assert {:ok, key_data} = OpenBao.get_key(key_name, opts)
-      stored_pem = get_in(key_data, ["keys", "1", "public_key"]) |> String.trim_trailing()
+      stored_pem = key_data.public_pem |> String.trim_trailing()
       assert expected_pub_pem == stored_pem
     end
   end

apps/astarte_pairing/test/astarte_pairing/fdo/open_bao/open_bao_test.exs

@@ -24,6 +24,7 @@ defmodule Astarte.Pairing.FDO.OpenBaoTest do
   alias Astarte.Pairing.FDO.OpenBao
   alias Astarte.Pairing.FDO.OpenBao.Client
   alias Astarte.Pairing.FDO.OpenBao.Core
+  alias Astarte.Pairing.FDO.OpenBao.Key
   alias COSE.Keys.ECC
 
   import Astarte.Helpers.OpenBao
@@ -250,6 +251,7 @@ defmodule Astarte.Pairing.FDO.OpenBaoTest do
         key_type: key_type,
         key_type_to_string: key_type_to_string,
         allow_key_export_and_backup: allow_key_export_and_backup,
+        namespace: namespace,
         opts: opts
       }
     end
@@ -259,6 +261,7 @@ defmodule Astarte.Pairing.FDO.OpenBaoTest do
       key_name: key_name,
       key_type: key_type,
       key_type_to_string: key_type_to_string,
+      namespace: namespace,
       allow_key_export_and_backup: allow_key_export_and_backup,
       opts: opts
     } do
@@ -271,14 +274,16 @@ defmodule Astarte.Pairing.FDO.OpenBaoTest do
                "allow_plaintext_backup" => ^allow_key_export_and_backup
              } = key_data
 
-      assert {:ok, key_data} == OpenBao.get_key(key_name, opts)
+      assert {:ok, %Key{name: ^key_name, namespace: ^namespace, alg: ^key_type}} =
+               OpenBao.get_key(key_name, opts)
     end
 
     @tag key_type: :es384
     test "of type EC384", %{
       key_name: key_name,
       key_type: key_type,
       key_type_to_string: key_type_to_string,
+      namespace: namespace,
       allow_key_export_and_backup: allow_key_export_and_backup,
       opts: opts
     } do
@@ -291,14 +296,16 @@ defmodule Astarte.Pairing.FDO.OpenBaoTest do
                "allow_plaintext_backup" => ^allow_key_export_and_backup
              } = key_data
 
-      assert {:ok, key_data} == OpenBao.get_key(key_name, opts)
+      assert {:ok, %Key{name: ^key_name, namespace: ^namespace, alg: ^key_type}} =
+               OpenBao.get_key(key_name, opts)
     end
 
     @tag key_type: :rs256
     test "of type RSA2048", %{
       key_name: key_name,
       key_type: key_type,
       key_type_to_string: key_type_to_string,
+      namespace: namespace,
       allow_key_export_and_backup: allow_key_export_and_backup,
       opts: opts
     } do
@@ -311,14 +318,16 @@ defmodule Astarte.Pairing.FDO.OpenBaoTest do
                "allow_plaintext_backup" => ^allow_key_export_and_backup
              } = key_data
 
-      assert {:ok, key_data} == OpenBao.get_key(key_name, opts)
+      assert {:ok, %Key{name: ^key_name, namespace: ^namespace, alg: ^key_type}} =
+               OpenBao.get_key(key_name, opts)
     end
 
     @tag key_type: :rs384
     test "of type RSA3072", %{
       key_name: key_name,
       key_type: key_type,
       key_type_to_string: key_type_to_string,
+      namespace: namespace,
       allow_key_export_and_backup: allow_key_export_and_backup,
       opts: opts
     } do
@@ -331,7 +340,8 @@ defmodule Astarte.Pairing.FDO.OpenBaoTest do
                "allow_plaintext_backup" => ^allow_key_export_and_backup
              } = key_data
 
-      assert {:ok, key_data} == OpenBao.get_key(key_name, opts)
+      assert {:ok, %Key{name: ^key_name, namespace: ^namespace, alg: ^key_type}} =
+               OpenBao.get_key(key_name, opts)
     end
   end