Merge pull request #25 from MGTheTrain/feature/rest-api

Feature/rest api

.gitignore

@@ -22,4 +22,8 @@ go.work
 go.work.sum
 
 # env file
-.env
+.env
+
+# tmp files
+*.tmp
+*.temp

.vscode/launch.json

@@ -0,0 +1,35 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+
+        {
+            "name": "Launch Package",
+            "type": "go",
+            "request": "launch",
+            "mode": "auto",
+            "program": "${fileDirname}",
+            "env": {
+                "PORT": "8080",
+                "DATABASE_TYPE": "postgres",
+                "DATABASE_DSN": "user=postgres password=postgres host=localhost port=5432 sslmode=disable",
+                "DATABASE_NAME": "meta",
+                "BLOB_CONNECTOR_CLOUD_PROVIDER": "azure",
+                "BLOB_CONNECTOR_CONNECTION_STRING": "DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;",
+                "BLOB_CONNECTOR_CONTAINER_NAME": "blobs",
+                "KEY_CONNECTOR_CLOUD_PROVIDER": "azure",
+                "KEY_CONNECTOR_CONNECTION_STRING": "DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;",
+                "KEY_CONNECTOR_CONTAINER_NAME": "keys",
+                "LOGGER_LOG_LEVEL": "info",
+                "LOGGER_LOG_TYPE": "console",
+                "LOGGER_FILE_PATH": "",
+                "PKCS11_MODULE_PATH": "/usr/lib/softhsm/libsofthsm2.so",
+                "PKCS11_SO_PIN": "123456",
+                "PKCS11_USER_PIN": "234567",
+                "PKCS11_SLOT_ID": "0x0"
+            }
+        }
+    ]
+}

CHANGELOG.md

@@ -15,6 +15,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **Logging**: Integrated console and file logging (e.g. using structured logging with `logrus`) 
 - **Manage cryptographic material**: Enabled management of private/public key pairs and symmetric keys and implemented key lifecycle management including primarily key generation and key export
 - **Secure file storage integration**: Provided mechanisms to securely store encrypted files in Azure Blob Storage 
+- **RESTful API**: Provided HTTP endpoints to manage cryptographic material and secure data (files, metadata) at rest.
+- **Documentation**: Provided clear API documentation (e.g. Swagger/OpenAPI) for ease of integration by other developers.
+- **Versioning**: Implemented proper API versioning to maintain backward compatibility as the API evolves.
 
 ## [0.1.0] - TBD-TBD-TBD
 

Makefile

@@ -2,44 +2,37 @@ SCRIPT_DIR = "scripts"
 
 .PHONY: format-and-lint run-unit-tests run-integration-tests \
         spin-up-integration-test-docker-containers \
-        shut-down-integration-test-docker-containers \
-        spin-up-docker-containers shut-down-docker-containers help
+        spin-up-docker-containers shut-down-docker-containers \
+		generate-swagger-docs help
 
 # Help target to list all available targets
 help:
 	@echo "Available Makefile targets:"
-	@echo "  format-and-lint                     - Run the format and linting script"
-	@echo "  run-unit-tests                      - Run the unit tests"
-	@echo "  run-integration-tests               - Run the integration tests"
+	@echo "  format-and-lint                     		- Run the format and linting script"
+	@echo "  run-unit-tests                      		- Run the unit tests"
+	@echo "  run-integration-tests               		- Run the integration tests"
 	@echo "  spin-up-integration-test-docker-containers - Spin up Docker containers for integration tests (Postgres, Azure Blob Storage)"
-	@echo "  shut-down-integration-test-docker-containers - Shut down Docker containers for integration tests"
-	@echo "  spin-up-docker-containers           - Spin up Docker containers with internal containerized applications"
-	@echo "  shut-down-docker-containers         - Shut down the application Docker containers"
+	@echo "  spin-up-docker-containers           		- Spin up Docker containers with internal containerized applications"
+	@echo "  shut-down-docker-containers         		- Shut down the application Docker containers"
+	@echo "  generate-swagger-docs         				- Convert Go annotations to Swagger Documentation 2.0"
 
-# Run the format and lint script
 format-and-lint:
 	@cd $(SCRIPT_DIR) && ./format-and-lint.sh
 
-# Run unit tests
 run-unit-tests:
 	@cd $(SCRIPT_DIR) && ./run-test.sh -u
 
-# Run integration tests
 run-integration-tests:
 	@cd $(SCRIPT_DIR) && ./run-test.sh -i
 
-# Spin up Docker containers for integration tests
 spin-up-integration-test-docker-containers:
 	docker-compose up -d postgres azure-blob-storage
 
-# Shut down Docker containers for integration tests
-shut-down-integration-test-docker-containers:
-	docker-compose down postgres azure-blob-storage -v
-
-# Spin up Docker containers with internal containerized applications
 spin-up-docker-containers:
 	docker-compose up -d --build
 
-# Shut down Docker containers with internal containerized applications
 shut-down-docker-containers:
 	docker-compose down -v
+
+generate-swagger-docs:
+	@cd $(SCRIPT_DIR) && ./generate-docs.sh

README.md

@@ -22,16 +22,16 @@ Interfaces (CLIs, gRPC APIs, RESTful Web APIs) for managing cryptographic keys a
 
 ### Functional
 
-- [ ] **Provide RESTful API**: Expose HTTP endpoints to manage cryptographic material and secure data (files, metadata) at rest.
-- [ ] **Provide gRPC API**: Expose gRPC endpoints to manage cryptographic material and secure data (files, metadata) at rest.
+- [x] **RESTful API**: Provide HTTP endpoints to manage cryptographic material and secure data (files, metadata) at rest.
+- [ ] **gRPC API**: Provide gRPC endpoints to manage cryptographic material and secure data (files, metadata) at rest.
 - [x] **Asymmetric encryption and decryption**: Support RSA encryption algorithm for data protection.
 - [x] **Symmetric encryption**: Support for symmetric key encryption (e.g. AES) for data protection.
 - [x] **Signature creation and verification:** Support for hashing algorithms (e.g. SHA-256, SHA-512) to create digital signatures and the ability to verify these signatures using asymmetric keys (RSA, ECDSA).
 - [x] **PKCS#11 integration**: Enable key management and cryptographic operations (such as RSA-PKCS encryption/decryption and RSA-PSS or ECDSA signing/verification) through PKCS#11 interfaces supporting both FIPS-compliant hardware and software environments.
 - [ ] **Manage cryptographic material and Key management lifecycle**: Enable management of private/public key pairs and symmetric keys and implement key lifecycle management
     - [x] Generation
     - [ ] ~~Import~~ (keys can only be generated by the system) 
-    - [x] Export (only public keys for verifying signatures shall be exported trough API endpoints)
+    - [x] Export
     - [ ] Rotation
     - [ ] Revocation
     - [ ] Expiration
@@ -48,11 +48,10 @@ Interfaces (CLIs, gRPC APIs, RESTful Web APIs) for managing cryptographic keys a
 - [ ] **Performance optimization**: Ensure cryptographic operations are optimized for performance, especially for large files and high throughput environments.
 - [x] **Logging**: Integrate logging (e.g. using structured logging with `logrus`) 
 - [ ] **Monitoring**: Integrate monitoring (e.g. Prometheus, Grafana) to track API usage, performance and errors.
-- [ ] **Error handling and resiliency**: Implement comprehensive error handling and retries for operations that may fail, with clear error messages and status codes for the API.
 - [ ] **Security**: Ensure that all cryptographic material and metadata is securely encrypted before storing it using a master key
 - [ ] **Access control**: Secure APIs using authorization mechanisms including OAuth 2.0 and JWTs. Implement relationship-based access control (ReBAC) for APIs, ensuring that users can only perform operations on cryptographic material based on their defined relationships and permissions within the system.
-- [ ] **Documentation**: Provide clear API documentation (e.g. Swagger/OpenAPI) for ease of integration by other developers.
-- [ ] **Versioning**: Implement proper API versioning to maintain backward compatibility as the API evolves.
+- [x] **Documentation**: Provide clear API documentation (e.g. Swagger/OpenAPI) for ease of integration by other developers.
+- [x] **Versioning**: Implement proper API versioning to maintain backward compatibility as the API evolves.
 - [ ] **Audit logging**: Maintain logs of all cryptographic operations and key management activities for compliance and auditing purposes.
 
 
@@ -96,7 +95,7 @@ To run `integration tests` on Unix systems execute
 ```sh
 make spin-up-integration-test-docker-containers
 make run-integration-tests
-make shut-down-integration-test-docker-containers # Optionally clear docker resources
+make shut-down-docker-containers 
 ```
 
 ### Applications

cmd/crypto-vault-service/.dockerignore

@@ -0,0 +1,29 @@
+# If you prefer the allow list template instead of the deny list, see community template:
+# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
+#
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+# Go workspace file
+go.work
+go.work.sum
+
+# env file
+.env
+
+# tmp files
+*.tmp
+*.temp

cmd/crypto-vault-service/Dockerfile

@@ -0,0 +1,22 @@
+# Build stage
+FROM golang:1.21-alpine AS build
+
+WORKDIR /app
+
+RUN apk update
+COPY go.mod go.sum ./
+RUN go mod tidy
+COPY . .
+RUN go build -o crypto_vault_service ./cmd/crypto-vault-service/crypto_vault_service.go
+
+# Serve stage
+FROM alpine:latest
+
+WORKDIR /root/
+
+RUN apk update && apk add --no-cache libc6-compat
+COPY --from=build /app/crypto_vault_service .
+
+EXPOSE 8080
+
+ENTRYPOINT ["./crypto_vault_service"]

cmd/crypto-vault-service/README.md

@@ -7,8 +7,8 @@
 
 ## Summary
 
-TBD
+REST service capable of managing cryptographic keys and securing data at rest (metadata, BLOB)
 
 ## Getting Started
 
-TBD
+Set up your IDE with the necessary Go tooling (such as the `delve` debugger) or use the provided [devcontainer.json file](../../.devcontainer/devcontainer.json). You can start the service by either running `go run crypto_vault_service.go` from this directory or by using the `spin-up-docker-containers Make target` from the [Makefile](../../Makefile). To explore the Swagger Web UI you need to either visit `http://localhost:8080/api/v1/cvs/swagger/index.html` or `http://localhost:5000/api/v1/cvs/swagger/index.html`.