fixin: added PK_ROOT_KEY ENV and changed --private-key-file to `-…

…-root-key-file` Related #404
MatrixAI · Jul 26, 2022 · 4f6a2b5 · 4f6a2b5
1 parent c15ae4f
commit 4f6a2b5
Show file tree

Hide file tree

Showing 6 changed files with 87 additions and 42 deletions.
diff --git a/src/bin/agent/CommandStart.ts b/src/bin/agent/CommandStart.ts
@@ -37,7 +37,7 @@ class CommandStart extends CommandPolykey {
     this.addOption(binOptions.backgroundOutFile);
     this.addOption(binOptions.backgroundErrFile);
     this.addOption(binOptions.fresh);
-    this.addOption(binOptions.privateKeyFile);
+    this.addOption(binOptions.rootKeyFile);
     this.action(async (options) => {
       options.clientHost =
         options.clientHost ?? config.defaults.networkConfig.clientHost;
@@ -89,10 +89,9 @@ class CommandStart extends CommandPolykey {
       const [seedNodes, defaults] = options.seedNodes;
       let seedNodes_ = seedNodes;
       if (defaults) seedNodes_ = { ...options.network, ...seedNodes };
-      const privateKeyPem =
-        options.privateKeyFile != null
-          ? await binProcessors.processPrivateKeyFile(options.privateKeyFile)
-          : undefined;
+      const privateKeyPem = await binProcessors.processRootKey(
+        options.rootKeyFile,
+      );
       const agentConfig = {
         password,
         nodePath: options.nodePath,

diff --git a/src/bin/bootstrap/CommandBootstrap.ts b/src/bin/bootstrap/CommandBootstrap.ts
@@ -11,7 +11,7 @@ class CommandBootstrap extends CommandPolykey {
     this.addOption(binOptions.recoveryCodeFile);
     this.addOption(binOptions.rootKeyPairBits);
     this.addOption(binOptions.fresh);
-    this.addOption(binOptions.privateKeyFile);
+    this.addOption(binOptions.rootKeyFile);
     this.action(async (options) => {
       const bootstrapUtils = await import('../../bootstrap/utils');
       const password = await binProcessors.processNewPassword(
@@ -22,10 +22,9 @@ class CommandBootstrap extends CommandPolykey {
         options.recoveryCodeFile,
         this.fs,
       );
-      const privateKeyPem =
-        options.privateKeyFile != null
-          ? await binProcessors.processPrivateKeyFile(options.privateKeyFile)
-          : undefined;
+      const privateKeyPem = await binProcessors.processRootKey(
+        options.rootKeyFile,
+      );
       const recoveryCodeOut = await bootstrapUtils.bootstrapState({
         password,
         nodePath: options.nodePath,

diff --git a/src/bin/utils/options.ts b/src/bin/utils/options.ts
@@ -163,12 +163,10 @@ const noPing = new commander.Option('--no-ping', 'Skip ping step').default(
   true,
 );
 
-const privateKeyFile = new commander.Option(
-  '--private-key-file <privateKeyFile>',
+const rootKeyFile = new commander.Option(
+  '--root-key-file <rootKeyFile>',
   'Override key generation with a private key Pem from a file.',
-)
-  .env('PK_PRIVATE_KEY_FILE')
-  .default(undefined);
+);
 
 export {
   nodePath,
@@ -194,5 +192,5 @@ export {
   pullVault,
   forceNodeAdd,
   noPing,
-  privateKeyFile,
+  rootKeyFile,
 };
diff --git a/src/bin/utils/processors.ts b/src/bin/utils/processors.ts
@@ -403,27 +403,27 @@ async function processAuthentication(
   return meta;
 }
 
-async function processPrivateKeyFile(
-  privateKeyFile: string,
+async function processRootKey(
+  privateKeyFile: string | undefined,
   fs: FileSystem = require('fs'),
-): Promise<PrivateKeyPem> {
-  let privateKeyPem: string;
-  try {
-    privateKeyPem = (
-      await fs.promises.readFile(privateKeyFile, 'utf-8')
-    ).trim();
-  } catch (e) {
-    throw new binErrors.ErrorCLIPrivateKeyFileRead(e.message, {
-      data: {
-        errno: e.errno,
-        syscall: e.syscall,
-        code: e.code,
-        path: e.path,
-      },
-      cause: e,
-    });
+): Promise<PrivateKeyPem | undefined> {
+  if (privateKeyFile != null) {
+    try {
+      return (await fs.promises.readFile(privateKeyFile, 'utf-8')).trim();
+    } catch (e) {
+      throw new binErrors.ErrorCLIPrivateKeyFileRead(e.message, {
+        data: {
+          errno: e.errno,
+          syscall: e.syscall,
+          code: e.code,
+          path: e.path,
+        },
+        cause: e,
+      });
+    }
+  } else if (typeof process.env['PK_ROOT_KEY'] === 'string') {
+    return process.env['PK_ROOT_KEY'];
   }
-  return privateKeyPem;
 }
 
 export {
@@ -435,5 +435,5 @@ export {
   processClientOptions,
   processClientStatus,
   processAuthentication,
-  processPrivateKeyFile,
+  processRootKey,
 };
diff --git a/tests/bin/agent/start.test.ts b/tests/bin/agent/start.test.ts
@@ -742,7 +742,43 @@ describe('start', () => {
     global.defaultTimeout * 2,
   );
   runTestIfPlatforms('linux', 'docker')(
-    'start with --private-key override',
+    'start with PK_ROOT_KEY env override',
+    async () => {
+      const status = new Status({
+        statusPath: path.join(dataDir, 'polykey', config.defaults.statusBase),
+        statusLockPath: path.join(
+          dataDir,
+          'polykey',
+          config.defaults.statusLockBase,
+        ),
+        fs,
+        logger,
+      });
+      const password = 'abc123';
+      // Make sure these ports are not occupied
+      const rootKeys = await keysUtils.generateKeyPair(4096);
+      const privateKeyPem = keysUtils.privateKeyToPem(rootKeys.privateKey);
+      const nodeId = keysUtils.publicKeyToNodeId(rootKeys.publicKey);
+      const agentProcess = await testBinUtils.pkSpawnSwitch(global.testCmd)(
+        ['agent', 'start', '--workers', '0', '--verbose'],
+        {
+          PK_NODE_PATH: path.join(dataDir, 'polykey'),
+          PK_PASSWORD: password,
+          PK_ROOT_KEY: privateKeyPem,
+        },
+        dataDir,
+        logger,
+      );
+      const statusInfo = await status.waitFor('LIVE');
+      expect(nodeId.equals(statusInfo.data.nodeId)).toBe(true);
+      agentProcess.kill('SIGINT');
+      // Check for graceful exit
+      await status.waitFor('DEAD');
+    },
+    global.defaultTimeout * 2,
+  );
+  runTestIfPlatforms('linux', 'docker')(
+    'start with --root-key-file override',
     async () => {
       const status = new Status({
         statusPath: path.join(dataDir, 'polykey', config.defaults.statusBase),
@@ -770,7 +806,7 @@ describe('start', () => {
           '--workers',
           '0',
           '--verbose',
-          '--private-key-file',
+          '--root-key-file',
           privateKeyPath,
         ],
         {

diff --git a/tests/bin/bootstrap.test.ts b/tests/bin/bootstrap.test.ts
@@ -55,7 +55,7 @@ describe('bootstrap', () => {
     },
     global.defaultTimeout * 2,
   );
-  runTestIfPlatforms('linux', 'docker')(
+  runTestIfPlatforms('linux', 'docker').only(
     'bootstraps node state from provided private key',
     async () => {
       const password = 'password';
@@ -67,21 +67,34 @@ describe('bootstrap', () => {
       await fs.promises.writeFile(privateKeyPath, privateKeyPem, {
         encoding: 'utf-8',
       });
-      const { exitCode } = await testBinUtils.pkStdioSwitch(global.testCmd)(
+      const { exitCode: exitCode1 } = await testBinUtils.pkStdioSwitch(
+        global.testCmd,
+      )(
         [
           'bootstrap',
           '--password-file',
           passwordPath,
           '--verbose',
-          '--private-key-file',
+          '--root-key-file',
           privateKeyPath,
         ],
         {
           PK_NODE_PATH: path.join(dataDir, 'polykey'),
         },
         dataDir,
       );
-      expect(exitCode).toBe(0);
+      expect(exitCode1).toBe(0);
+      const { exitCode: exitCode2 } = await testBinUtils.pkStdioSwitch(
+        global.testCmd,
+      )(
+        ['bootstrap', '--password-file', passwordPath, '--verbose'],
+        {
+          PK_NODE_PATH: path.join(dataDir, 'polykey2'),
+          PK_ROOT_KEY: privateKeyPem,
+        },
+        dataDir,
+      );
+      expect(exitCode2).toBe(0);
     },
     global.defaultTimeout * 2,
   );