#37 Add key rotation for groups and change init response to return in…

…fo about current user for rotation purposes
IronCoreLabs · Mar 2, 2020 · 3ae84d7 · 3ae84d7
1 parent a2ee488
commit 3ae84d7
Show file tree

Hide file tree

Showing 18 changed files with 659 additions and 273 deletions.
diff --git a/integration/Groups.ts b/integration/Groups.ts
@@ -1,5 +1,5 @@
 import * as inquirer from "inquirer";
-import {SDK, GroupDetailResponse} from "../ironnode";
+import {GroupDetailResponse, SDK} from "../ironnode";
 import {log} from "./Logger";
 
 /**
@@ -73,7 +73,7 @@ export function get(IronNode: SDK) {
  */
 export function create(IronNode: SDK) {
     return inquirer
-        .prompt<{id: string; name: string; addAsMember: boolean}>([
+        .prompt<{id: string; name: string; addAsMember: boolean; needsRotation: boolean}>([
             {
                 name: "id",
                 type: "input",
@@ -89,12 +89,19 @@ export function create(IronNode: SDK) {
                 type: "confirm",
                 message: "Add yourself as a member? ",
             },
+            {
+                name: "needsRotation",
+                type: "confirm",
+                message: "Create with needs rotation?",
+                default: false,
+            },
         ])
-        .then(({id, name, addAsMember}) => {
+        .then(({id, name, addAsMember, needsRotation}) => {
             const options = {
                 groupID: id || undefined,
                 groupName: name || undefined,
                 addAsMember,
+                needsRotation,
             };
             return IronNode.group.create(options);
         })
@@ -118,6 +125,15 @@ export function update(IronNode: SDK) {
         .then(log);
 }
 
+/**
+ * Rotate an existing groups private key
+ */
+export function rotatePrivateKey(IronNode: SDK) {
+    return getFormattedGroupList(IronNode, true)
+        .then(({id}) => IronNode.group.rotatePrivateKey(id))
+        .then(log);
+}
+
 /**
  * Add admins to a group that the user is an admin of.
  */

diff --git a/integration/index.ts b/integration/index.ts
@@ -1,7 +1,7 @@
 /* tslint:disable no-console*/
 import * as fs from "fs";
-import * as path from "path";
 import * as inquirer from "inquirer";
+import * as path from "path";
 import {initializeSDKWithLocalDevice} from "./sdkOperation";
 import {askForUserOperation} from "./userOperation";
 
@@ -22,14 +22,20 @@ if (hasLocalDevice) {
             type: "list",
             name: "useDevice",
             message: "Local device keys found, use them?",
-            choices: [{name: "Yes", value: true}, {name: "No", value: false}],
+            choices: [
+                {name: "Yes", value: true},
+                {name: "No", value: false},
+            ],
         })
         .then(({useDevice}) => {
             if (useDevice) {
                 return initializeSDKWithLocalDevice();
             }
             return askForUserOperation("Pick a user operation to run.").then(initializeSDKWithLocalDevice);
-        });
+        })
+        .catch((e) => console.error(e));
 } else {
-    askForUserOperation("No local device found, pick a user operation to run.").then(initializeSDKWithLocalDevice);
+    askForUserOperation("No local device found, pick a user operation to run.")
+        .then(initializeSDKWithLocalDevice)
+        .catch((e) => console.error(e));
 }
diff --git a/integration/sdkOperation.ts b/integration/sdkOperation.ts
@@ -5,6 +5,7 @@ import {SDK} from "../ironnode";
 import {initialize} from "../src/index";
 import * as Documents from "./Documents";
 import * as Groups from "./Groups";
+import {log} from "./Logger";
 import * as Users from "./Users";
 
 const topLevelPrompt: inquirer.ListQuestion<{operation: string}> = {
@@ -27,6 +28,7 @@ const topLevelPrompt: inquirer.ListQuestion<{operation: string}> = {
         {name: "Group Get", value: "groupGet"},
         {name: "Group Create", value: "groupCreate"},
         {name: "Group Update", value: "groupUpdate"},
+        {name: "Group Private Key Rotate", value: "groupRotate"},
         {name: "Group Add Admins", value: "groupAddAdmins"},
         {name: "Group Remove Admins", value: "groupRemoveAdmins"},
         {name: "Group Add Members", value: "groupAddMembers"},
@@ -74,6 +76,8 @@ function routeAnswerToOperation(IronNode: SDK, answer: string) {
             return Groups.create(IronNode);
         case "groupUpdate":
             return Groups.update(IronNode);
+        case "groupRotate":
+            return Groups.rotatePrivateKey(IronNode);
         case "groupAddAdmins":
             return Groups.addAdmins(IronNode);
         case "groupRemoveAdmins":
@@ -124,6 +128,9 @@ function askForOperation(IronNode: SDK): Promise<void> {
 export function initializeSDKWithLocalDevice() {
     const Config = require(path.join(__dirname, "./.device.json"));
     return initialize(Config.accountID, Config.segmentID, Config.deviceKeys.privateKey, Config.signingKeys.privateKey)
-        .then((IronNode) => askForOperation(IronNode))
+        .then((IronNode) => {
+            log(IronNode.userContext);
+            return askForOperation(IronNode);
+        })
         .catch((error) => console.error(`SDK Initialization Error: ${error.message}`));
 }
diff --git a/ironnode.d.ts b/ironnode.d.ts
@@ -26,6 +26,7 @@ export interface GroupCreateOptions {
     groupID?: string;
     groupName?: string;
     addAsMember?: boolean;
+    needsRotation?: boolean;
 }
 export interface GroupUpdateOptions {
     groupName: string | null;
@@ -95,6 +96,7 @@ export interface GroupListResponse {
 export interface GroupDetailResponse extends GroupMetaResponse {
     groupAdmins: string[];
     groupMembers: string[];
+    needsRotation: boolean;
 }
 export interface GroupUserEditResponse {
     succeeded: string[];
@@ -137,6 +139,7 @@ export interface Group {
     get(groupID: string): Promise<GroupMetaResponse | GroupDetailResponse>;
     create(options?: GroupCreateOptions): Promise<GroupDetailResponse>;
     update(groupID: string, options: GroupUpdateOptions): Promise<GroupMetaResponse>;
+    rotatePrivateKey(groupID: string): Promise<{needsRotation: boolean}>;
     deleteGroup(groupID: string): Promise<{id: string}>;
     addAdmins(groupID: string, adminList: string[]): Promise<GroupUserEditResponse>;
     removeAdmins(groupID: string, adminList: string[]): Promise<GroupUserEditResponse>;
@@ -155,6 +158,10 @@ export interface SDK {
     document: Document;
     group: Group;
     user: User;
+    userContext: {
+        userNeedsRotation: boolean;
+        groupsNeedingRotation: string[];
+    };
 }
 
 export class SDKError extends Error {

diff --git a/src/Constants.ts b/src/Constants.ts
@@ -68,5 +68,9 @@ export const ErrorCodes = {
     GROUP_REMOVE_ADMINS_REQUEST_FAILURE: 412,
     GROUP_UPDATE_REQUEST_FAILURE: 413,
     GROUP_DELETE_REQUEST_FAILURE: 414,
+    GROUP_CREATE_WITH_MEMBERS_OR_ADMINS_FAILURE: 415,
+    GROUP_PRIVATE_KEY_ROTATION_FAILURE: 416,
+    GROUP_UPDATE_KEY_REQUEST_FAILURE: 417,
+    GROUP_ROTATE_PRIVATE_KEY_NOT_ADMIN_FAILURE: 418,
     REQUEST_RATE_LIMITED: 500,
 };