Refactor key rotation and synchronization logic

- Improved error handling in key rotation and health check functions to return errors from VaultSyncInitDefault.
- Cleaned up code by removing unnecessary blank lines and comments.
- Enhanced logging to provide better insights into failures during Vault operations.
- Updated test cases to ensure proper error handling and response validation.
- Consolidated mutex declarations for better readability.
- Added SPDX license headers to several files for compliance.
- Fixed minor issues in user account handling and subscriber configuration APIs.

Signed-off-by: PedroVhGit <pedrovh040110@gmail.com>

Author: vhPedroGitHub

backend/factory/factory.go

@@ -37,7 +37,6 @@ func GetConfig() *Config {
 // TODO: Support configuration update from REST api
 func InitConfigFactory(f string) error {
 	content, err := os.ReadFile(f)
-
 	if err != nil {
 		return fmt.Errorf("[Configuration] %+v", err)
 	}

backend/logger/logger.go

@@ -19,6 +19,7 @@ var (
 	WebUILog    *zap.SugaredLogger
 	ContextLog  *zap.SugaredLogger
 	GinLog      *zap.SugaredLogger
+	GrpcLog     *zap.SugaredLogger
 	ConfigLog   *zap.SugaredLogger
 	DbLog       *zap.SugaredLogger
 	AuthLog     *zap.SugaredLogger
@@ -57,6 +58,7 @@ func init() {
 	WebUILog = log.Sugar().With("component", "WebUI", "category", "WebUI")
 	ContextLog = log.Sugar().With("component", "WebUI", "category", "Context")
 	GinLog = log.Sugar().With("component", "WebUI", "category", "GIN")
+	GrpcLog = log.Sugar().With("component", "WebUI", "category", "GRPC")
 	ConfigLog = log.Sugar().With("component", "WebUI", "category", "CONFIG")
 	DbLog = log.Sugar().With("component", "WebUI", "category", "DB")
 	AuthLog = log.Sugar().With("component", "WebUI", "category", "Auth")

backend/metrics/telemetry.go

@@ -18,6 +18,6 @@ import (
 func InitMetrics() {
 	http.Handle("/metrics", promhttp.Handler())
 	if err := http.ListenAndServe(":8080", nil); err != nil {
-		logger.InitLog.Errorf("could not open metrics port: %v", err)
+		logger.InitLog.Errorf("Could not open metrics port: %v", err)
 	}
 }

backend/ssm/apiclient/login_auth.go

@@ -7,8 +7,10 @@ import (
 	"github.com/omec-project/webconsole/backend/logger"
 )
 
-var AuthContext context.Context = context.Background()
-var CurrentJWT string = ""
+var (
+	AuthContext context.Context = context.Background()
+	CurrentJWT  string          = ""
+)
 
 // SetAuthContext sets the authentication context with the provided JWT token
 func SetAuthContext(jwt string) {
@@ -18,14 +20,14 @@ func SetAuthContext(jwt string) {
 
 // LoginSSM performs login to the SSM and returns the authentication token
 func LoginSSM(serviceId, password string) (string, error) {
-	var loginRequest = ssm_models.LoginRequest{
+	loginRequest := ssm_models.LoginRequest{
 		ServiceId: serviceId,
 		Password:  password,
 	}
 
-	apiClient := GetSSMAPIClient()
+	client := GetSSMAPIClient()
 
-	resp, r, err := apiClient.AuthenticationAPI.UserLogin(context.Background()).LoginRequest(loginRequest).Execute()
+	resp, r, err := client.AuthenticationAPI.UserLogin(context.Background()).LoginRequest(loginRequest).Execute()
 	if err != nil {
 		logger.WebUILog.Errorf("Error when calling `AuthenticationAPI.UserLogin`: %v", err)
 		logger.WebUILog.Errorf("Full HTTP response: %v", r)

backend/ssm/apiclient/login_auth_test.go

@@ -14,7 +14,9 @@ func TestLoginSSMSuccess(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
 		w.WriteHeader(http.StatusOK)
-		_, _ = w.Write([]byte(`{"token":"jwt123","message":"ok"}`))
+		if _, err := w.Write([]byte(`{"token":"jwt123","message":"ok"}`)); err != nil {
+			t.Fatalf("Failed to write response: %v", err)
+		}
 	}))
 	defer server.Close()
 
@@ -39,7 +41,9 @@ func TestLoginSSMError(t *testing.T) {
 
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusInternalServerError)
-		_, _ = w.Write([]byte(`{"message":"fail"}`))
+		if _, err := w.Write([]byte(`{"message":"fail"}`)); err != nil {
+			t.Fatalf("Failed to write response: %v", err)
+		}
 	}))
 	defer server.Close()
 

backend/ssm/apiclient/vault_client.go

@@ -1,6 +1,7 @@
 package apiclient
 
 import (
+	"errors"
 	"fmt"
 	"os"
 	"sync"
@@ -10,8 +11,10 @@ import (
 	"github.com/omec-project/webconsole/backend/logger"
 )
 
-var vaultClient *vault.Client
-var mutexVaultClient sync.Mutex
+var (
+	vaultClient      *vault.Client
+	mutexVaultClient sync.Mutex
+)
 
 // GetVaultClient creates and returns a configured Vault API client
 func GetVaultClient() (*vault.Client, error) {
@@ -22,6 +25,10 @@ func GetVaultClient() (*vault.Client, error) {
 		return vaultClient, nil
 	}
 
+	if factory.WebUIConfig == nil || factory.WebUIConfig.Configuration.Vault == nil {
+		return nil, errors.New("error: Vault Configuration Not Available")
+	}
+
 	logger.AppLog.Infof("Creating new Vault client for URI: %s", factory.WebUIConfig.Configuration.Vault.VaultUri)
 
 	config := vault.DefaultConfig()

backend/ssm/apiclient/vault_client_test.go

@@ -83,24 +83,24 @@ mbkm0oeQ/kmUoe82o/yXmbkm0oeQ/kmUoe82o/yXmbkm0oeQ/kmUoe82o/yXmbkm
 0oeQ/kmUoe82o/yXmbkm0oeQ/kmUoe82o/yXmbkm0oeQ/kmUoe82o/yXmbkm
 -----END PRIVATE KEY-----`
 
-	if _, err := crt.WriteString(crtContent); err != nil {
+	if _, err = crt.WriteString(crtContent); err != nil {
 		t.Fatalf("cannot write to temp crt file: %v", err)
 	}
-	if err := crt.Close(); err != nil {
+	if err = crt.Close(); err != nil {
 		t.Fatalf("cannot close temp crt file: %v", err)
 	}
 
-	if _, err := key.WriteString(keyContent); err != nil {
+	if _, err = key.WriteString(keyContent); err != nil {
 		t.Fatalf("cannot write to temp key file: %v", err)
 	}
-	if err := key.Close(); err != nil {
+	if err = key.Close(); err != nil {
 		t.Fatalf("cannot close temp key file: %v", err)
 	}
 
-	if _, err := ca.WriteString(crtContent); err != nil {
+	if _, err = ca.WriteString(crtContent); err != nil {
 		t.Fatalf("cannot write to temp ca file: %v", err)
 	}
-	if err := ca.Close(); err != nil {
+	if err = ca.Close(); err != nil {
 		t.Fatalf("cannot close temp ca file: %v", err)
 	}
 

backend/ssm/apiclient/vault_login_test.go

@@ -17,7 +17,9 @@ func TestLoginVaultAppRoleSuccess(t *testing.T) {
 			t.Fatalf("unexpected path: %s", r.URL.Path)
 		}
 		w.WriteHeader(http.StatusOK)
-		_, _ = w.Write([]byte(`{"auth":{"client_token":"tok-approle","accessor":"acc"}}`))
+		if _, err := w.Write([]byte(`{"auth":{"client_token":"tok-approle","accessor":"acc"}}`)); err != nil {
+			t.Fatalf("Failed to write response: %v", err)
+		}
 	}))
 	defer server.Close()
 
@@ -43,15 +45,20 @@ func TestLoginVaultKubernetesSuccess(t *testing.T) {
 		t.Fatalf("cannot create temp jwt file: %v", err)
 	}
 	defer os.Remove(jwtFile.Name())
-	_, _ = jwtFile.WriteString("dummy-jwt")
+	if _, err = jwtFile.WriteString("dummy-jwt"); err != nil {
+		t.Fatalf("Failed to write JWT file: %v", err)
+	}
 	jwtFile.Close()
 
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.URL.Path != "/v1/auth/kubernetes/login" {
 			t.Fatalf("unexpected path: %s", r.URL.Path)
 		}
 		w.WriteHeader(http.StatusOK)
-		_, _ = w.Write([]byte(`{"auth":{"client_token":"tok-k8s","accessor":"acc"}}`))
+		_, err = w.Write([]byte(`{"auth":{"client_token":"tok-k8s","accessor":"acc"}}`))
+		if err != nil {
+			t.Fatalf("Failed to write response: %v", err)
+		}
 	}))
 	defer server.Close()
 
@@ -77,7 +84,10 @@ func TestLoginVaultMTLSSuccess(t *testing.T) {
 			t.Fatalf("unexpected path: %s", r.URL.Path)
 		}
 		w.WriteHeader(http.StatusOK)
-		_, _ = w.Write([]byte(`{"auth":{"client_token":"tok-mtls","accessor":"acc"}}`))
+		_, err := w.Write([]byte(`{"auth":{"client_token":"tok-mtls","accessor":"acc"}}`))
+		if err != nil {
+			t.Fatalf("Failed to write response: %v", err)
+		}
 	}))
 	defer server.Close()
 
@@ -104,17 +114,25 @@ func TestLoginVaultPrefersK8s(t *testing.T) {
 		t.Fatalf("cannot create temp jwt file: %v", err)
 	}
 	defer os.Remove(jwtFile.Name())
-	_, _ = jwtFile.WriteString("dummy-jwt")
+	if _, err = jwtFile.WriteString("dummy-jwt"); err != nil {
+		t.Fatalf("Failed to write JWT file: %v", err)
+	}
 	jwtFile.Close()
 
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		switch r.URL.Path {
 		case "/v1/auth/kubernetes/login":
 			w.WriteHeader(http.StatusOK)
-			_, _ = w.Write([]byte(`{"auth":{"client_token":"tok-k8s","accessor":"acc"}}`))
+			_, err = w.Write([]byte(`{"auth":{"client_token":"tok-k8s","accessor":"acc"}}`))
+			if err != nil {
+				t.Fatalf("Failed to write response: %v", err)
+			}
 		case "/v1/auth/approle/login":
 			w.WriteHeader(http.StatusInternalServerError)
-			_, _ = w.Write([]byte(`{"errors":["should not hit approle"]}`))
+			_, err = w.Write([]byte(`{"errors":["should not hit approle"]}`))
+			if err != nil {
+				t.Fatalf("Failed to write response: %v", err)
+			}
 		default:
 			t.Fatalf("unexpected path: %s", r.URL.Path)
 		}

backend/ssm/ssm_sync/create_interface.go

@@ -17,15 +17,14 @@ type CreateAES128SSM struct{}
 func (c *CreateAES128SSM) CreateNewKeySSM(keyLabel string, id int32) (configmodels.K4, error) {
 	logger.AppLog.Infof("Creating new AES-128 key in SSM with label %s, id %d", keyLabel, id)
 
-	var genAESKeyRequest ssm_models.GenAESKeyRequest = ssm_models.GenAESKeyRequest{
+	genAESKeyRequest := ssm_models.GenAESKeyRequest{
 		Id:   id,
 		Bits: 128,
 	}
 
 	apiClient := apiclient.GetSSMAPIClient()
 
 	_, r, err := apiClient.KeyManagementAPI.GenerateAESKey(apiclient.AuthContext).GenAESKeyRequest(genAESKeyRequest).Execute()
-
 	if err != nil {
 		logger.AppLog.Errorf("Error when calling `KeyManagementAPI.GenerateAESKey`: %v", err)
 		logger.AppLog.Errorf("Full HTTP response: %v", r)
@@ -45,15 +44,14 @@ type CreateAES256SSM struct{}
 func (c *CreateAES256SSM) CreateNewKeySSM(keyLabel string, id int32) (configmodels.K4, error) {
 	logger.AppLog.Infof("Creating new AES-256 key in SSM with label %s, id %d", keyLabel, id)
 
-	var genAESKeyRequest ssm_models.GenAESKeyRequest = ssm_models.GenAESKeyRequest{
+	genAESKeyRequest := ssm_models.GenAESKeyRequest{
 		Id:   id,
 		Bits: 256,
 	}
 
 	apiClient := apiclient.GetSSMAPIClient()
 
 	_, r, err := apiClient.KeyManagementAPI.GenerateAESKey(apiclient.AuthContext).GenAESKeyRequest(genAESKeyRequest).Execute()
-
 	if err != nil {
 		logger.AppLog.Errorf("Error when calling `KeyManagementAPI.GenerateAESKey`: %v", err)
 		logger.AppLog.Errorf("Full HTTP response: %v", r)
@@ -73,13 +71,12 @@ type CreateDes3SSM struct{}
 func (c *CreateDes3SSM) CreateNewKeySSM(keyLabel string, id int32) (configmodels.K4, error) {
 	logger.AppLog.Infof("Creating new DES3 key in SSM with label %s, id %d", keyLabel, id)
 
-	var genDES3KeyRequest ssm_models.GenDES3KeyRequest = ssm_models.GenDES3KeyRequest{
+	genDES3KeyRequest := ssm_models.GenDES3KeyRequest{
 		Id: id,
 	}
 
 	apiClient := apiclient.GetSSMAPIClient()
 	_, r, err := apiClient.KeyManagementAPI.GenerateDES3Key(apiclient.AuthContext).GenDES3KeyRequest(genDES3KeyRequest).Execute()
-
 	if err != nil {
 		logger.AppLog.Errorf("Error when calling `KeyManagementAPI.GenerateDES3Key`: %v", err)
 		logger.AppLog.Errorf("Full HTTP response: %v", r)
@@ -99,13 +96,12 @@ type CreateDesSSM struct{}
 func (c *CreateDesSSM) CreateNewKeySSM(keyLabel string, id int32) (configmodels.K4, error) {
 	logger.AppLog.Infof("Creating new DES key in SSM with label %s, id %d", keyLabel, id)
 
-	var genDESKeyRequest ssm_models.GenDESKeyRequest = ssm_models.GenDESKeyRequest{
+	genDESKeyRequest := ssm_models.GenDESKeyRequest{
 		Id: id,
 	}
 
 	apiClient := apiclient.GetSSMAPIClient()
 	_, r, err := apiClient.KeyManagementAPI.GenerateDESKey(apiclient.AuthContext).GenDESKeyRequest(genDESKeyRequest).Execute()
-
 	if err != nil {
 		logger.AppLog.Errorf("Error when calling `KeyManagementAPI.GenerateDESKey`: %v", err)
 		logger.AppLog.Errorf("Full HTTP response: %v", r)

backend/ssm/ssm_sync/create_interface_test.go

@@ -1,7 +1,9 @@
 package ssmsync
 
 // Compile-time checks to ensure creators implement CreateKeySSM.
-var _ CreateKeySSM = (*CreateAES128SSM)(nil)
-var _ CreateKeySSM = (*CreateAES256SSM)(nil)
-var _ CreateKeySSM = (*CreateDes3SSM)(nil)
-var _ CreateKeySSM = (*CreateDesSSM)(nil)
+var (
+	_ CreateKeySSM = (*CreateAES128SSM)(nil)
+	_ CreateKeySSM = (*CreateAES256SSM)(nil)
+	_ CreateKeySSM = (*CreateDes3SSM)(nil)
+	_ CreateKeySSM = (*CreateDesSSM)(nil)
+)