bff for callbacks
This commit is contained in:
Stephan D
@@ -8,10 +8,12 @@ import (
|
||||
|
||||
// Config describes Vault KV v2 connection settings.
|
||||
type Config struct {
|
||||
Address string `mapstructure:"address" yaml:"address"`
|
||||
TokenEnv string `mapstructure:"token_env" yaml:"token_env"`
|
||||
Namespace string `mapstructure:"namespace" yaml:"namespace"`
|
||||
MountPath string `mapstructure:"mount_path" yaml:"mount_path"`
|
||||
Address string `mapstructure:"address" yaml:"address"`
|
||||
TokenEnv string `mapstructure:"token_env" yaml:"token_env"`
|
||||
TokenFileEnv string `mapstructure:"token_file_env" yaml:"token_file_env"`
|
||||
TokenFile string `mapstructure:"token_file" yaml:"token_file"`
|
||||
Namespace string `mapstructure:"namespace" yaml:"namespace"`
|
||||
MountPath string `mapstructure:"mount_path" yaml:"mount_path"`
|
||||
}
|
||||
|
||||
// Client defines KV operations used by services.
|
||||
|
||||
@@ -36,16 +36,14 @@ func newService(opts Options) (Client, error) {
|
||||
return nil, merrors.InvalidArgument(component + ": address is required")
|
||||
}
|
||||
|
||||
tokenEnv := strings.TrimSpace(opts.Config.TokenEnv)
|
||||
if tokenEnv == "" {
|
||||
logger.Error("Vault token env missing")
|
||||
return nil, merrors.InvalidArgument(component + ": token_env is required")
|
||||
token, tokenSource, err := resolveToken(opts.Config)
|
||||
if err != nil {
|
||||
logger.Error("Vault token configuration is invalid", zap.Error(err))
|
||||
return nil, err
|
||||
}
|
||||
|
||||
token := strings.TrimSpace(os.Getenv(tokenEnv))
|
||||
if token == "" {
|
||||
logger.Error("Vault token missing; expected Vault Agent to export token", zap.String("env", tokenEnv))
|
||||
return nil, merrors.InvalidArgument(component + ": token env " + tokenEnv + " is not set (expected Vault Agent sink to populate it)")
|
||||
logger.Error("Vault token missing", zap.String("source", tokenSource))
|
||||
return nil, merrors.InvalidArgument(component + ": vault token is empty")
|
||||
}
|
||||
|
||||
mountPath := strings.Trim(strings.TrimSpace(opts.Config.MountPath), "/")
|
||||
@@ -148,4 +146,36 @@ func normalizePath(secretPath string) (string, error) {
|
||||
return normalizedPath, nil
|
||||
}
|
||||
|
||||
func resolveToken(config Config) (string, string, error) {
|
||||
tokenEnv := strings.TrimSpace(config.TokenEnv)
|
||||
if tokenEnv != "" {
|
||||
if token := strings.TrimSpace(os.Getenv(tokenEnv)); token != "" {
|
||||
return token, "token_env:" + tokenEnv, nil
|
||||
}
|
||||
}
|
||||
|
||||
tokenFilePath := strings.TrimSpace(config.TokenFile)
|
||||
if tokenFileEnv := strings.TrimSpace(config.TokenFileEnv); tokenFileEnv != "" {
|
||||
if resolved := strings.TrimSpace(os.Getenv(tokenFileEnv)); resolved != "" {
|
||||
tokenFilePath = resolved
|
||||
}
|
||||
}
|
||||
if tokenFilePath != "" {
|
||||
raw, err := os.ReadFile(tokenFilePath)
|
||||
if err != nil {
|
||||
return "", "", merrors.Internal("vault kv: failed to read token file " + tokenFilePath + ": " + err.Error())
|
||||
}
|
||||
return strings.TrimSpace(string(raw)), "token_file:" + tokenFilePath, nil
|
||||
}
|
||||
|
||||
if tokenEnv != "" {
|
||||
return "", "token_env:" + tokenEnv, merrors.InvalidArgument("vault kv: token env " + tokenEnv + " is empty")
|
||||
}
|
||||
if strings.TrimSpace(config.TokenFileEnv) != "" {
|
||||
return "", "token_file_env:" + strings.TrimSpace(config.TokenFileEnv), merrors.InvalidArgument("vault kv: token file env is empty")
|
||||
}
|
||||
|
||||
return "", "", merrors.InvalidArgument("vault kv: either token_env or token_file/token_file_env must be configured")
|
||||
}
|
||||
|
||||
var _ Client = (*service)(nil)
|
||||
|
||||
Reference in New Issue
Block a user