rename acraproxy -> acra-connector (cossacklabs#168)

* rename `acraproxy` -> `acra-connector` * fix according reviews
modulexcite · May 3, 2018 · 2bcb374 · 2bcb374
1 parent cfc09e7
commit 2bcb374
Show file tree

Hide file tree

Showing 35 changed files with 331 additions and 259 deletions.
diff --git a/.circleci/integration.sh b/.circleci/integration.sh
@@ -1,15 +1,15 @@
 #!/usr/bin/env bash
 
 export TEST_ACRA_PORT=6000
-export TEST_PROXY_PORT=7000
-export TEST_PROXY_COMMAND_PORT=8000
+export TEST_CONNECTOR_PORT=7000
+export TEST_CONNECTOR_COMMAND_PORT=8000
 cd $HOME/project
 for version in $VERSIONS; do
     echo "-------------------- Testing Go version $version"
 
     export TEST_ACRA_PORT=$(expr ${TEST_ACRA_PORT} + 1);
-    export TEST_PROXY_PORT=$(expr ${TEST_PROXY_PORT} + 1);
-    export TEST_PROXY_COMMAND_PORT=$(expr ${TEST_PROXY_COMMAND_PORT} + 1);
+    export TEST_CONNECTOR_PORT=$(expr ${TEST_CONNECTOR_PORT} + 1);
+    export TEST_CONNECTOR_COMMAND_PORT=$(expr ${TEST_CONNECTOR_COMMAND_PORT} + 1);
     export GOROOT=$HOME/go_root_$version/go;
     export PATH=$GOROOT/bin/:$PATH;
     export GOPATH=$HOME/go_path_$version;

diff --git a/README.md b/README.md
@@ -73,27 +73,27 @@ Acra relies on our cryptographic library [Themis](https://www.github.com/cossack
 
 After successfully deploying and integrating Acra into your application, follow the 4 steps below:
 
-* Your app talks to **AcraProxy**, local daemon, via PostgreSQL/MySQL driver. **AcraProxy** emulates your normal PostgreSQL/MySQL database, forwards all the requests to **AcraServer** over a secure channel, and expects a plaintext output back. 
-* Then **AcraProxy** forwards it over the initial database connection to the application. It is connected to **AcraServer** via [Secure Session](https://github.com/cossacklabs/themis/wiki/Secure-Session-cryptosystem) or TLS, which ensures that the plaintext goes over a protected channel. It is highly desirable to run **AcraProxy** via a separate user to compartmentalise it from the client-facing code. 
+* Your app talks to **AcraConnector**, local daemon, via PostgreSQL/MySQL driver. **AcraConnector** emulates your normal PostgreSQL/MySQL database, forwards all the requests to **AcraServer** over a secure channel, and expects a plaintext output back.
+* Then **AcraConnector** forwards it over the initial database connection to the application. It is connected to **AcraServer** via [Secure Session](https://github.com/cossacklabs/themis/wiki/Secure-Session-cryptosystem) or TLS, which ensures that the plaintext goes over a protected channel. It is highly desirable to run **AcraConnector** via a separate user to compartmentalise it from the client-facing code.
 * **AcraServer** is the core entity that provides decryption services for all the encrypted envelopes that come from the database, and then re-packs database answers for the application. **AcraCensor** is part of AcraServer that allows customising the firewall rules for all the requests coming to the MySQL database.
 * To write the protected data to the database, you can use **AcraWriter library**, which generates AcraStructs and helps you  integrate it as a type into your ORM or database management code. You will need Acra's public key to do that. AcraStructs generated by AcraWriter are not readable by it — only the server has the right keys to decrypt it. 
-* You can connect to both **AcraProxy** and the database directly when you don't need encrypted reads/writes. However, increased performance might cost you some design elegance (which is sometimes perfectly fine when it's a conscious decision).
+* You can connect to both **AcraConnector** and the database directly when you don't need encrypted reads/writes. However, increased performance might cost you some design elegance (which is sometimes perfectly fine when it's a conscious decision).
 
 To better understand the architecture and data flow, please refer to [Architecture and data flow](https://github.com/cossacklabs/acra/wiki/Architecture-and-data-flow) section in the official documentation.
 
 The typical workflow looks like this: 
 
 - The app encrypts some data using AcraWriter, generating AcraStruct with AcraServer public key, and updates the database. 
-- The app sends SQL request through AcraProxy, which forwards it to AcraServer.
+- The app sends SQL request through AcraConnector, which forwards it to AcraServer.
 - AcraServer passes each query through AcraCensor, which can be configured to blacklist or whitelist some queries. AcraServer forwards the allowed queries to the database. AcraCensor can currently be only enabled for MySQL databases.
-- Upon receiving the answer, AcraServer tries to detect encrypted envelopes (AcraStructs). If it succeeds, AcraServer decrypts payload and replaces them with plaintext answer, which is then returned to AcraProxy over a secure channel. 
-- AcraProxy then provides an answer to the application, as if no complex security instrumentation was ever present within the system.
+- Upon receiving the answer, AcraServer tries to detect encrypted envelopes (AcraStructs). If it succeeds, AcraServer decrypts payload and replaces them with plaintext answer, which is then returned to AcraConnector over a secure channel.
+- AcraConnector then provides an answer to the application, as if no complex security instrumentation was ever present within the system.
 
 ## 4 steps to start
 
 * Read the [Quick start guide](https://github.com/cossacklabs/acra/wiki/Quick-start-guide) to launch all the components. We provide different ways of installing Acra: using Docker, downloading binaries, building from source. 
-* [Deploy AcraServer](https://github.com/cossacklabs/acra/wiki/Quick-start-guide) binaries in a separate virtual machine (or [try it in a docker container](https://github.com/cossacklabs/acra/wiki/Trying-Acra-with-Docker)). [Generate keys](https://github.com/cossacklabs/acra/wiki/Key-Management), put AcraServer public key into both clients (AcraProxy and AcraWriter, see next).
-* Deploy [AcraProxy](https://github.com/cossacklabs/acra/wiki/AcraProxy-and-AcraWriter#acraproxy) on each server where you need to read sensitive data. Generate proxy keys, provide a public key to AcraServer. Point your database access code to AcraProxy, access it as your normal database installation.
+* [Deploy AcraServer](https://github.com/cossacklabs/acra/wiki/Quick-start-guide) binaries in a separate virtual machine (or [try it in a docker container](https://github.com/cossacklabs/acra/wiki/Trying-Acra-with-Docker)). [Generate keys](https://github.com/cossacklabs/acra/wiki/Key-Management), put AcraServer public key into both clients (AcraConnector and AcraWriter, see next).
+* Deploy [AcraConnector](https://github.com/cossacklabs/acra/wiki/AcraProxy-and-AcraWriter#acraproxy) on each server where you need to read sensitive data. Generate acra-connector keys, provide a public key to AcraServer. Point your database access code to AcraConnector, access it as your normal database installation.
 * Integrate [AcraWriter](https://github.com/cossacklabs/acra/wiki/AcraProxy-and-AcraWriter#acrawriter) into your code where you need to store sensitive data, supply AcraWriter with proper server key.
 
 ## Additionally

diff --git a/benchmarks/write/write.go b/benchmarks/write/write.go
@@ -43,7 +43,7 @@ func CheckOneKey() {
 			panic(err)
 		}
 		if !exists {
-			fmt.Printf("Create keypair for acraproxy and for acraserver that will be used in onekey test. Key %v not exists\n", key)
+			fmt.Printf("Create keypair for AcraConnector and for AcraServer that will be used in onekey test. Key %v not exists\n", key)
 			os.Exit(1)
 		}
 	}

diff --git a/cmd/acraproxy/acraproxy.go → cmd/acra-connector/acra-connector.go b/cmd/acraproxy/acraproxy.go → cmd/acra-connector/acra-connector.go
@@ -37,13 +37,13 @@ import (
 )
 
 // DEFAULT_CONFIG_PATH relative path to config which will be parsed as default
-var SERVICE_NAME = "acraproxy"
+var SERVICE_NAME = "acra-connector"
 var DEFAULT_CONFIG_PATH = utils.GetConfigPathByName(SERVICE_NAME)
 
 func checkDependencies() error {
 	for _, toolName := range []string{"netstat", "awk"} {
 		if _, err := exec.LookPath(toolName); os.IsNotExist(err) {
-			return fmt.Errorf("AcraProxy need \"%v\" tool", toolName)
+			return fmt.Errorf("AcraConnector need \"%v\" tool", toolName)
 		}
 	}
 	return nil
@@ -124,7 +124,7 @@ func handleClientConnection(config *Config, connection net.Conn) {
 			log.Debugln("Connection closed")
 		} else {
 			log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorCantStartConnection).
-				Errorln("Proxy error")
+				Errorln("Connector error")
 		}
 		return
 	}
@@ -153,18 +153,18 @@ func main() {
 	acraPort := flag.Int("acra_port", cmd.DEFAULT_ACRA_PORT, "Port of acra daemon")
 	acraId := flag.String("acra_id", "acra_server", "Expected id from acraserver for Secure Session")
 	verbose := flag.Bool("v", false, "Log to stderr")
-	port := flag.Int("port", cmd.DEFAULT_PROXY_PORT, "Port fo acraproxy")
-	commandsPort := flag.Int("command_port", cmd.DEFAULT_PROXY_API_PORT, "Port for acraproxy http api")
+	port := flag.Int("port", cmd.DEFAULT_CONNECTOR_PORT, "Port fo acra-connector")
+	commandsPort := flag.Int("command_port", cmd.DEFAULT_CONNECTOR_API_PORT, "Port for acra-connector http api")
 	enableHTTPApi := flag.Bool("enable_http_api", false, "Enable HTTP API")
 	disableUserCheck := flag.Bool("disable_user_check", false, "Disable checking that connections from app running from another user")
-	useTls := flag.Bool("tls", false, "Use tls to encrypt transport between acraserver and acraproxy/client")
+	useTls := flag.Bool("tls", false, "Use tls to encrypt transport between acraserver and acra-connector/client")
 	tlsCA := flag.String("tls_ca", "", "Path to root certificate")
 	tlsKey := flag.String("tls_key", "", "Path to tls client's key")
 	tlsCert := flag.String("tls_cert", "", "Path to tls client's certificate")
 	tlsSNI := flag.String("tls_sni", "", "Expected Server Name (SNI)")
-	noEncryption := flag.Bool("no_encryption", false, "Use raw transport (tcp/unix socket) between acraserver and acraproxy/client (don't use this flag if you not connect to database with ssl/tls")
-	connectionString := flag.String("connection_string", network.BuildConnectionString(cmd.DEFAULT_PROXY_CONNECTION_PROTOCOL, cmd.DEFAULT_PROXY_HOST, cmd.DEFAULT_PROXY_PORT, ""), "Connection string like tcp://x.x.x.x:yyyy or unix:///path/to/socket")
-	connectionAPIString := flag.String("connection_api_string", network.BuildConnectionString(cmd.DEFAULT_PROXY_CONNECTION_PROTOCOL, cmd.DEFAULT_PROXY_HOST, cmd.DEFAULT_PROXY_API_PORT, ""), "Connection string like tcp://x.x.x.x:yyyy or unix:///path/to/socket")
+	noEncryption := flag.Bool("no_encryption", false, "Use raw transport (tcp/unix socket) between acraserver and acra-connector/client (don't use this flag if you not connect to database with ssl/tls")
+	connectionString := flag.String("connection_string", network.BuildConnectionString(cmd.DEFAULT_CONNECTOR_CONNECTION_PROTOCOL, cmd.DEFAULT_CONNECTOR_HOST, cmd.DEFAULT_CONNECTOR_PORT, ""), "Connection string like tcp://x.x.x.x:yyyy or unix:///path/to/socket")
+	connectionAPIString := flag.String("connection_api_string", network.BuildConnectionString(cmd.DEFAULT_CONNECTOR_CONNECTION_PROTOCOL, cmd.DEFAULT_CONNECTOR_HOST, cmd.DEFAULT_CONNECTOR_API_PORT, ""), "Connection string like tcp://x.x.x.x:yyyy or unix:///path/to/socket")
 	acraConnectionString := flag.String("acra_connection_string", "", "Connection string to Acra server like tcp://x.x.x.x:yyyy or unix:///path/to/socket")
 	acraApiConnectionString := flag.String("acra_api_connection_string", "", "Connection string to Acra's API like tcp://x.x.x.x:yyyy or unix:///path/to/socket")
 
@@ -184,11 +184,11 @@ func main() {
 		os.Exit(1)
 	}
 
-	if *port != cmd.DEFAULT_PROXY_PORT {
-		*connectionString = network.BuildConnectionString(cmd.DEFAULT_PROXY_CONNECTION_PROTOCOL, cmd.DEFAULT_PROXY_HOST, *port, "")
+	if *port != cmd.DEFAULT_CONNECTOR_PORT {
+		*connectionString = network.BuildConnectionString(cmd.DEFAULT_CONNECTOR_CONNECTION_PROTOCOL, cmd.DEFAULT_CONNECTOR_HOST, *port, "")
 	}
-	if *commandsPort != cmd.DEFAULT_PROXY_API_PORT {
-		*connectionAPIString = network.BuildConnectionString(cmd.DEFAULT_PROXY_CONNECTION_PROTOCOL, cmd.DEFAULT_PROXY_HOST, *commandsPort, "")
+	if *commandsPort != cmd.DEFAULT_CONNECTOR_API_PORT {
+		*connectionAPIString = network.BuildConnectionString(cmd.DEFAULT_CONNECTOR_CONNECTION_PROTOCOL, cmd.DEFAULT_CONNECTOR_HOST, *commandsPort, "")
 	}
 
 	if *acraHost == "" && *acraConnectionString == "" {
@@ -218,12 +218,12 @@ func main() {
 	exists, err := utils.FileExists(clientPrivateKey)
 	if !exists {
 		log.WithField(logging.FieldKeyEventCode, logging.EventCodeErrorWrongConfiguration).
-			Errorf("Configuration error: acraproxy private key %s doesn't exists", clientPrivateKey)
+			Errorf("Configuration error: acra-connector private key %s doesn't exists", clientPrivateKey)
 		os.Exit(1)
 	}
 	if err != nil {
 		log.WithField(logging.FieldKeyEventCode, logging.EventCodeErrorWrongConfiguration).
-			Errorf("Configuration error: can't check is exists acraproxy private key %v, got error - %v", clientPrivateKey, err)
+			Errorf("Configuration error: can't check is exists acra-connector private key %v, got error - %v", clientPrivateKey, err)
 		os.Exit(1)
 	}
 	exists, err = utils.FileExists(serverPublicKey)
@@ -258,7 +258,7 @@ func main() {
 		log.WithError(err).Errorln("can't init scell encryptor")
 		os.Exit(1)
 	}
-	keyStore, err := keystore.NewProxyFileSystemKeyStore(*keysDir, []byte(*clientId), scellEncryptor)
+	keyStore, err := keystore.NewConnectorFileSystemKeyStore(*keysDir, []byte(*clientId), scellEncryptor)
 	if err != nil {
 		log.WithError(err).WithField(logging.FieldKeyEventCode, logging.EventCodeErrorCantInitKeyStore).
 			Errorln("Can't initialize keystore")
@@ -353,9 +353,9 @@ func main() {
 		}
 		// unix socket and value == '@'
 		if len(connection.RemoteAddr().String()) == 1 {
-			log.Infof("Got new connection to acraproxy: %v", connection.LocalAddr())
+			log.Infof("Got new connection to acra-connector: %v", connection.LocalAddr())
 		} else {
-			log.Infof("Got new connection to acraproxy: %v", connection.RemoteAddr())
+			log.Infof("Got new connection to acra-connector: %v", connection.RemoteAddr())
 		}
 		go handleClientConnection(config, connection)
 	}

diff --git a/cmd/acra_configui/acra_configui.go b/cmd/acra_configui/acra_configui.go
@@ -106,15 +106,15 @@ type configParamsYAML struct {
 var outConfigParams configParamsYAML
 
 type ConfigAcraServer struct {
-	ProxyHost         string `json:"host"`
-	ProxyPort         int    `json:"port"`
-	DbHost            string `json:"db_host"`
-	DbPort            int    `json:"db_port"`
-	ProxyCommandsPort int    `json:"commands_port"`
-	Debug             bool   `json:"debug"`
-	ScriptOnPoison    string `json:"poisonscript"`
-	StopOnPoison      bool   `json:"poisonshutdown"`
-	WithZone          bool   `json:"zonemode"`
+	ConnectorHost         string `json:"host"`
+	ConnectorPort         int    `json:"port"`
+	DbHost                string `json:"db_host"`
+	DbPort                int    `json:"db_port"`
+	ConnectorCommandsPort int    `json:"commands_port"`
+	Debug                 bool   `json:"debug"`
+	ScriptOnPoison        string `json:"poisonscript"`
+	StopOnPoison          bool   `json:"poisonshutdown"`
+	WithZone              bool   `json:"zonemode"`
 }
 
 func SubmitSettings(w http.ResponseWriter, r *http.Request) {
@@ -139,13 +139,13 @@ func SubmitSettings(w http.ResponseWriter, r *http.Request) {
 	var zonemode, _ = strconv.ParseBool(r.Form.Get("zonemode"))
 	var poisonshutdown, _ = strconv.ParseBool(r.Form.Get("poisonshutdown"))
 	config := ConfigAcraServer{
-		DbHost:            r.Form.Get("db_host"),
-		DbPort:            db_port,
-		ProxyCommandsPort: commands_port,
-		Debug:             debug,
-		ScriptOnPoison:    r.Form.Get("poisonscript"),
-		StopOnPoison:      poisonshutdown,
-		WithZone:          zonemode,
+		DbHost:                r.Form.Get("db_host"),
+		DbPort:                db_port,
+		ConnectorCommandsPort: commands_port,
+		Debug:                 debug,
+		ScriptOnPoison:        r.Form.Get("poisonscript"),
+		StopOnPoison:          poisonshutdown,
+		WithZone:              zonemode,
 	}
 	jsonToServer, err := json.Marshal(config)
 	if err != nil {
@@ -373,8 +373,8 @@ func main() {
 	loggingFormat := flag.String("logging_format", "plaintext", "Logging format: plaintext, json or CEF")
 	logging.CustomizeLogging(*loggingFormat, SERVICE_NAME)
 	log.Infof("Starting service")
-	acraHost = flag.String("acra_host", "localhost", "Host for Acraserver HTTP endpoint or proxy")
-	acraPort = flag.Int("acra_port", cmd.DEFAULT_PROXY_API_PORT, "Port for Acraserver HTTP endpoint or proxy")
+	acraHost = flag.String("acra_host", "localhost", "Host for Acraserver HTTP endpoint or AcraConnector")
+	acraPort = flag.Int("acra_port", cmd.DEFAULT_CONNECTOR_API_PORT, "Port for Acraserver HTTP endpoint or AcraConnector")
 	staticPath = flag.String("static_path", cmd.DEFAULT_ACRA_CONFIGUI_STATIC, "Path to static content")
 	debug = flag.Bool("d", false, "Turn on debug logging")
 	authMode = flag.String("auth_mode", cmd.DEFAULT_ACRA_CONFIGUI_AUTH_MODE, "Mode for basic auth. Possible values: auth_on|auth_off_local|auth_off")

diff --git a/cmd/acra_genkeys/acra_genkeys.go b/cmd/acra_genkeys/acra_genkeys.go
@@ -29,7 +29,7 @@ var DEFAULT_CONFIG_PATH = utils.GetConfigPathByName("acra_genkeys")
 
 func main() {
 	clientId := flag.String("client_id", "client", "Client id")
-	acraproxy := flag.Bool("acraproxy", false, "Create keypair for acraproxy only")
+	acraConnector := flag.Bool("acra-connector", false, "Create keypair for acra-connector only")
 	acraserver := flag.Bool("acraserver", false, "Create keypair for acraserver only")
 	dataKeys := flag.Bool("storage", false, "Create keypair for data encryption/decryption")
 	basicauth := flag.Bool("basicauth", false, "Create symmetric key for acra_configui's basic auth db")
@@ -82,8 +82,8 @@ func main() {
 		panic(err)
 	}
 
-	if *acraproxy {
-		err = store.GenerateProxyKeys([]byte(*clientId))
+	if *acraConnector {
+		err = store.GenerateConnectorKeys([]byte(*clientId))
 		if err != nil {
 			panic(err)
 		}
@@ -103,7 +103,7 @@ func main() {
 			panic(err)
 		}
 	} else {
-		err = store.GenerateProxyKeys([]byte(*clientId))
+		err = store.GenerateConnectorKeys([]byte(*clientId))
 		if err != nil {
 			panic(err)
 		}