From b3928d4dd1972aab54b2f94f37d1165ed89ec565 Mon Sep 17 00:00:00 2001 From: andrey Date: Thu, 25 Jan 2024 18:31:14 +0300 Subject: [PATCH] remove vault provider --- client_example_test.go | 19 ------ provider/vault/secret.go | 119 ---------------------------------- provider/vault/secret_test.go | 26 -------- test/vault.go | 89 ------------------------- 4 files changed, 253 deletions(-) delete mode 100644 provider/vault/secret.go delete mode 100644 provider/vault/secret_test.go delete mode 100644 test/vault.go diff --git a/client_example_test.go b/client_example_test.go index 56de1aa..3fa6b52 100644 --- a/client_example_test.go +++ b/client_example_test.go @@ -13,7 +13,6 @@ import ( "gitoa.ru/go-4devs/config/provider/env" "gitoa.ru/go-4devs/config/provider/etcd" "gitoa.ru/go-4devs/config/provider/json" - "gitoa.ru/go-4devs/config/provider/vault" "gitoa.ru/go-4devs/config/provider/watcher" "gitoa.ru/go-4devs/config/provider/yaml" "gitoa.ru/go-4devs/config/test" @@ -45,14 +44,6 @@ func ExampleClient_Value() { return } - // configure vault client - vaultClient, err := test.NewVault() - if err != nil { - log.Print(err) - - return - } - // read json config jsonConfig := test.ReadFile("config.json") @@ -60,7 +51,6 @@ func ExampleClient_Value() { arg.New(), env.New(test.Namespace, test.AppName), etcd.NewProvider(namespace, appName, etcdClient), - vault.NewSecretKV2(namespace, appName, vaultClient), json.New(jsonConfig), ) if err != nil { @@ -69,13 +59,6 @@ func ExampleClient_Value() { return } - dsn, err := config.Value(ctx, "example", "dsn") - if err != nil { - log.Print("example:dsn", err) - - return - } - port, err := config.Value(ctx, "listen") if err != nil { log.Print("listen", err) @@ -114,14 +97,12 @@ func ExampleClient_Value() { cfg := test.Config{} _ = cfgValue.Unmarshal(&cfg) - fmt.Printf("dsn from vault: %s\n", dsn.String()) fmt.Printf("listen from env: %d\n", port.Int()) fmt.Printf("maintain from etcd: %v\n", enabled.Bool()) fmt.Printf("title from json: %v\n", title.String()) fmt.Printf("struct from json: %+v\n", cfg) fmt.Printf("replace env host by args: %v\n", hostValue.String()) // Output: - // dsn from vault: pgsql://user@pass:127.0.0.1:5432 // listen from env: 8080 // maintain from etcd: true // title from json: config title diff --git a/provider/vault/secret.go b/provider/vault/secret.go deleted file mode 100644 index 1d1a650..0000000 --- a/provider/vault/secret.go +++ /dev/null @@ -1,119 +0,0 @@ -package vault - -import ( - "context" - "encoding/json" - "fmt" - "log" - "strings" - - "github.com/hashicorp/vault/api" - "gitoa.ru/go-4devs/config" - "gitoa.ru/go-4devs/config/value" -) - -const ( - Name = "vault" - Separator = "/" - Prefix = "secret/data/" - ValueName = "value" -) - -var _ config.Provider = (*SecretKV2)(nil) - -type SecretOption func(*SecretKV2) - -func WithSecretResolve(f func(key []string) (string, string)) SecretOption { - return func(s *SecretKV2) { s.resolve = f } -} - -func NewSecretKV2(namespace, appName string, client *api.Client, opts ...SecretOption) *SecretKV2 { - prov := SecretKV2{ - client: client, - resolve: func(key []string) (string, string) { - keysLen := len(key) - if keysLen == 1 { - return "", key[0] - } - - return strings.Join(key[:keysLen-1], Separator), key[keysLen-1] - }, - name: Name, - prefix: Prefix + namespace + Separator + appName, - } - - for _, opt := range opts { - opt(&prov) - } - - return &prov -} - -type SecretKV2 struct { - client *api.Client - resolve func(key []string) (string, string) - name string - prefix string -} - -func (p *SecretKV2) Name() string { - return p.name -} -func (p *SecretKV2) Key(in []string) (string, string) { - path, val := p.resolve(in) - if path == "" { - return p.prefix, val - } - - return p.prefix + Separator + path, val -} -func (p *SecretKV2) read(path, key string) (*api.Secret, error) { - secret, err := p.client.Logical().Read(path) - if err != nil { - return nil, err - } - if secret == nil && key != ValueName { - return p.read(path+Separator+key, ValueName) - } - - return secret, err -} - -func (p *SecretKV2) Value(ctx context.Context, key ...string) (config.Value, error) { - path, field := p.Key(key) - - secret, err := p.read(path, field) - if err != nil { - return nil, fmt.Errorf("%w: path:%s, field:%s, provider:%s", err, path, field, p.Name()) - } - - if secret == nil || len(secret.Data) == 0 { - log.Println(secret == nil) - return nil, fmt.Errorf("%w: path:%s, field:%s, provider:%s", config.ErrValueNotFound, path, field, p.Name()) - } - - if len(secret.Warnings) > 0 { - return nil, - fmt.Errorf("%w: warn: %s, path:%s, field:%s, provider:%s", config.ErrValueNotFound, secret.Warnings, path, field, p.Name()) - } - - data, ok := secret.Data["data"].(map[string]interface{}) - if !ok { - return nil, fmt.Errorf("%w: path:%s, field:%s, provider:%s", config.ErrValueNotFound, path, field, p.Name()) - } - - if val, ok := data[field]; ok { - return value.JString(fmt.Sprint(val)), nil - } - - if val, ok := data[ValueName]; ok { - return value.JString(fmt.Sprint(val)), nil - } - - md, err := json.Marshal(data) - if err != nil { - return nil, fmt.Errorf("%w: %w", config.ErrInvalidValue, err) - } - - return value.JBytes(md), nil -} diff --git a/provider/vault/secret_test.go b/provider/vault/secret_test.go deleted file mode 100644 index 0501904..0000000 --- a/provider/vault/secret_test.go +++ /dev/null @@ -1,26 +0,0 @@ -package vault_test - -import ( - "testing" - "time" - - "github.com/stretchr/testify/require" - "gitoa.ru/go-4devs/config/provider/vault" - "gitoa.ru/go-4devs/config/test" -) - -func TestProvider(t *testing.T) { - t.Parallel() - - cl, err := test.NewVault() - require.NoError(t, err) - - provider := vault.NewSecretKV2("fdevs", "config", cl) - - read := []test.Read{ - test.NewReadConfig("database"), - test.NewRead(test.DSN, "db", "dsn"), - test.NewRead(time.Minute, "db", "timeout"), - } - test.Run(t, provider, read) -} diff --git a/test/vault.go b/test/vault.go deleted file mode 100644 index fd29a50..0000000 --- a/test/vault.go +++ /dev/null @@ -1,89 +0,0 @@ -package test - -import ( - "bytes" - "context" - "encoding/json" - "net/http" - "os" - - "github.com/hashicorp/vault/api" -) - -const token = "dev" - -func NewVault() (*api.Client, error) { - address, ok := os.LookupEnv("VAULT_DEV_LISTEN_ADDRESS") - if !ok { - address = "http://127.0.0.1:8200" - } - - tokenID, ok := os.LookupEnv("VAULT_DEV_ROOT_TOKEN_ID") - if !ok { - tokenID = token - } - - cl, err := api.NewClient(&api.Config{ - Address: address, - }) - if err != nil { - return nil, err - } - - cl.SetToken(tokenID) - - values := map[string]map[string]interface{}{ - "database": { - "duration": 1260000000000, - "enabled": true, - }, - "db": { - "dsn": DSN, - "timeout": "60s", - }, - "example": { - "dsn": DSN, - "timeout": "60s", - }, - } - - for name, val := range values { - if err := create(address, tokenID, name, val); err != nil { - return nil, err - } - } - - return cl, nil -} - -func create(host, token, path string, data map[string]interface{}) error { - type Req struct { - Data interface{} `json:"data"` - } - - b, err := json.Marshal(Req{Data: data}) - if err != nil { - return err - } - - body := bytes.NewBuffer(b) - - req, err := http.NewRequestWithContext( - context.Background(), - http.MethodPost, - host+"/v1/secret/data/fdevs/config/"+path, - body, - ) - if err != nil { - return err - } - - req.Header.Set("X-Vault-Token", token) - - res, err := http.DefaultClient.Do(req) - if err != nil { - return err - } - - return res.Body.Close() -}