Vasiliy Tolstov 2164b17721
Some checks failed
build / test (push) Failing after 1m23s
build / lint (push) Successful in 9m26s
codeql / analyze (go) (push) Failing after 14m40s
update deps
Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org>
2024-03-06 17:47:10 +03:00

266 lines
5.3 KiB
Go

package vault
import (
"context"
"encoding/json"
"fmt"
"net/http"
"time"
"dario.cat/mergo"
"github.com/hashicorp/vault/api"
"go.unistack.org/micro/v4/config"
"go.unistack.org/micro/v4/options"
rutil "go.unistack.org/micro/v4/util/reflect"
)
var DefaultStructTag = "vault"
type vaultConfig struct {
path string
cli *api.Client
opts config.Options
}
func (c *vaultConfig) Options() config.Options {
return c.opts
}
func (c *vaultConfig) Init(opts ...options.Option) error {
for _, o := range opts {
o(&c.opts)
}
if err := config.DefaultBeforeInit(c.opts.Context, c); err != nil && !c.opts.AllowFail {
return err
}
if c.opts.Codec == nil {
return config.ErrCodecMissing
}
cfg := api.DefaultConfig()
cfg.Timeout = 500 * time.Millisecond
cfg.MaxRetries = 2
path := ""
token := ""
roleID := ""
secretID := ""
if c.opts.Context != nil {
if v, ok := c.opts.Context.Value(configKey{}).(*api.Config); ok {
cfg = v
}
if v, ok := c.opts.Context.Value(httpClientKey{}).(*http.Client); ok {
cfg.HttpClient = v
}
if v, ok := c.opts.Context.Value(timeoutKey{}).(time.Duration); ok {
cfg.Timeout = v
}
if v, ok := c.opts.Context.Value(addrKey{}).(string); ok {
cfg.Address = v
}
if v, ok := c.opts.Context.Value(tokenKey{}).(string); ok {
token = v
}
if v, ok := c.opts.Context.Value(pathKey{}).(string); ok {
path = v
}
if v, ok := c.opts.Context.Value(roleIDKey{}).(string); ok {
roleID = v
}
if v, ok := c.opts.Context.Value(secretIDKey{}).(string); ok {
secretID = v
}
}
cli, err := api.NewClient(cfg)
if err != nil {
if !c.opts.AllowFail {
return err
}
if err = config.DefaultAfterInit(c.opts.Context, c); err != nil && !c.opts.AllowFail {
return err
}
return nil
}
c.cli = cli
c.path = path
if token != "" {
cli.SetToken(token)
if err := config.DefaultAfterInit(c.opts.Context, c); err != nil && !c.opts.AllowFail {
return err
}
return nil
} else if roleID == "" || secretID == "" {
if !c.opts.AllowFail {
return fmt.Errorf("missing Token or RoleID and SecretID")
}
if err := config.DefaultAfterInit(c.opts.Context, c); err != nil && !c.opts.AllowFail {
return err
}
return nil
}
rsp, err := cli.Logical().Write("auth/approle/login", map[string]interface{}{
"role_id": roleID,
"secret_id": secretID,
})
if err != nil {
if !c.opts.AllowFail {
return err
}
} else if err == nil {
cli.SetToken(rsp.Auth.ClientToken)
}
if err := config.DefaultAfterInit(c.opts.Context, c); err != nil && !c.opts.AllowFail {
return err
}
return nil
}
func (c *vaultConfig) Load(ctx context.Context, opts ...options.Option) error {
if err := config.DefaultBeforeLoad(ctx, c); err != nil {
return err
}
options := config.NewLoadOptions(opts...)
if c.cli == nil {
c.opts.Logger.Error(c.opts.Context, fmt.Sprintf("vault load err: %v", "vault client not created"))
if !c.opts.AllowFail {
return fmt.Errorf("vault client not created")
}
return config.DefaultAfterLoad(ctx, c)
}
pair, err := c.cli.Logical().Read(c.path)
if err != nil {
err = fmt.Errorf("vault load path %s err: %w", c.path, err)
if !c.opts.AllowFail {
return err
}
return config.DefaultAfterLoad(ctx, c)
}
if pair == nil || pair.Data == nil {
err = fmt.Errorf("vault load path %s err: %w", c.path, fmt.Errorf("not found"))
if !c.opts.AllowFail {
return err
}
return config.DefaultAfterLoad(ctx, c)
}
var data []byte
var src interface{}
data, err = json.Marshal(pair.Data["data"])
if err != nil {
err = fmt.Errorf("vault load path %s err: %w", c.path, err)
if !c.opts.AllowFail {
return err
}
return config.DefaultAfterLoad(ctx, c)
}
dst := c.opts.Struct
if options.Struct != nil {
dst = options.Struct
}
src, err = rutil.Zero(dst)
if err == nil {
err = c.opts.Codec.Unmarshal(data, src)
}
if err != nil {
c.opts.Logger.Error(c.opts.Context, fmt.Sprintf("vault load path %s err: %v", c.path, err))
if !c.opts.AllowFail {
return err
}
return config.DefaultAfterLoad(ctx, c)
}
mopts := []func(*mergo.Config){mergo.WithTypeCheck}
if options.Override {
mopts = append(mopts, mergo.WithOverride)
}
if options.Append {
mopts = append(mopts, mergo.WithAppendSlice)
}
err = mergo.Merge(dst, src, mopts...)
if err != nil {
err = fmt.Errorf("vault load path %s err: %w", c.path, err)
if !c.opts.AllowFail {
return err
}
}
if err := config.DefaultAfterLoad(ctx, c); err != nil {
return err
}
return nil
}
func (c *vaultConfig) Save(ctx context.Context, opts ...options.Option) error {
if err := config.DefaultBeforeSave(ctx, c); err != nil {
return err
}
if err := config.DefaultAfterSave(ctx, c); err != nil {
return err
}
return nil
}
func (c *vaultConfig) String() string {
return "vault"
}
func (c *vaultConfig) Name() string {
return c.opts.Name
}
func (c *vaultConfig) Watch(ctx context.Context, opts ...options.Option) (config.Watcher, error) {
w := &vaultWatcher{
cli: c.cli,
path: c.path,
opts: c.opts,
wopts: config.NewWatchOptions(opts...),
done: make(chan struct{}),
vchan: make(chan map[string]interface{}),
echan: make(chan error),
}
go w.run()
return w, nil
}
func NewConfig(opts ...options.Option) config.Config {
options := config.NewOptions(opts...)
if len(options.StructTag) == 0 {
options.StructTag = DefaultStructTag
}
return &vaultConfig{opts: options}
}