added vaultKVUsePrefix on hashicorp vault secret (#929)
* added vaultKVUsePrefix on hashicorp vault secret * consolidate if, use ParseBool * added handling of empty string + test Co-authored-by: Phil Kedy <phil.kedy@gmail.com> Co-authored-by: Artur Souza <artursouza.ms@outlook.com> Co-authored-by: Dapr Bot <56698301+dapr-bot@users.noreply.github.com>
This commit is contained in:
Simone Banchieri
GitHub
parent
8e6b36ecdf
commit
79109c5fe3
|
|
@ -18,6 +18,7 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
"strconv"
|
||||||
|
|
||||||
"github.com/dapr/components-contrib/secretstores"
|
"github.com/dapr/components-contrib/secretstores"
|
||||||
"github.com/dapr/kit/logger"
|
"github.com/dapr/kit/logger"
|
||||||
|
|
@ -35,6 +36,7 @@ const (
|
||||||
componentVaultToken string = "vaultToken"
|
componentVaultToken string = "vaultToken"
|
||||||
componentVaultTokenMountPath string = "vaultTokenMountPath"
|
componentVaultTokenMountPath string = "vaultTokenMountPath"
|
||||||
componentVaultKVPrefix string = "vaultKVPrefix"
|
componentVaultKVPrefix string = "vaultKVPrefix"
|
||||||
|
componentVaultKVUsePrefix string = "vaultKVUsePrefix"
|
||||||
defaultVaultKVPrefix string = "dapr"
|
defaultVaultKVPrefix string = "dapr"
|
||||||
vaultHTTPHeader string = "X-Vault-Token"
|
vaultHTTPHeader string = "X-Vault-Token"
|
||||||
vaultHTTPRequestHeader string = "X-Vault-Request"
|
vaultHTTPRequestHeader string = "X-Vault-Request"
|
||||||
|
|
@ -107,8 +109,20 @@ func (v *vaultSecretStore) Init(metadata secretstores.Metadata) error {
|
||||||
return fmt.Errorf("token mount path and token both set")
|
return fmt.Errorf("token mount path and token both set")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
vaultKVUsePrefix := props[componentVaultKVUsePrefix]
|
||||||
vaultKVPrefix := props[componentVaultKVPrefix]
|
vaultKVPrefix := props[componentVaultKVPrefix]
|
||||||
if vaultKVPrefix == "" {
|
convertedVaultKVUsePrefix := true
|
||||||
|
if vaultKVUsePrefix != "" {
|
||||||
|
if v, err := strconv.ParseBool(vaultKVUsePrefix); err == nil {
|
||||||
|
convertedVaultKVUsePrefix = v
|
||||||
|
} else if err != nil {
|
||||||
|
return fmt.Errorf("unable to convert Use Prefix to boolean")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if !convertedVaultKVUsePrefix {
|
||||||
|
vaultKVPrefix = ""
|
||||||
|
} else if vaultKVPrefix == "" {
|
||||||
vaultKVPrefix = defaultVaultKVPrefix
|
vaultKVPrefix = defaultVaultKVPrefix
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -97,6 +97,81 @@ func TestVaultTLSConfig(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestVaultTokenPrefix(t *testing.T) {
|
||||||
|
t.Run("default value of vaultKVUsePrefix is true to emulate previous behaviour", func(t *testing.T) {
|
||||||
|
properties := map[string]string{
|
||||||
|
"vaultTokenMountPath": expectedTokMountPath,
|
||||||
|
}
|
||||||
|
|
||||||
|
m := secretstores.Metadata{
|
||||||
|
Properties: properties,
|
||||||
|
}
|
||||||
|
|
||||||
|
target := &vaultSecretStore{
|
||||||
|
client: nil,
|
||||||
|
logger: nil,
|
||||||
|
}
|
||||||
|
|
||||||
|
// This call will throw an error on Windows systems because of the of
|
||||||
|
// the call x509.SystemCertPool() because system root pool is not
|
||||||
|
// available on Windows so ignore the error for when the tests are run
|
||||||
|
// on the Windows platform during CI
|
||||||
|
_ = target.Init(m)
|
||||||
|
|
||||||
|
assert.Equal(t, defaultVaultKVPrefix, target.vaultKVPrefix)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("if vaultKVUsePrefix is false ignore vaultKVPrefix", func(t *testing.T) {
|
||||||
|
properties := map[string]string{
|
||||||
|
"vaultKVPrefix": "myCustomString",
|
||||||
|
"vaultKVUsePrefix": "false",
|
||||||
|
"vaultTokenMountPath": expectedTokMountPath,
|
||||||
|
}
|
||||||
|
|
||||||
|
m := secretstores.Metadata{
|
||||||
|
Properties: properties,
|
||||||
|
}
|
||||||
|
|
||||||
|
target := &vaultSecretStore{
|
||||||
|
client: nil,
|
||||||
|
logger: nil,
|
||||||
|
}
|
||||||
|
|
||||||
|
// This call will throw an error on Windows systems because of the of
|
||||||
|
// the call x509.SystemCertPool() because system root pool is not
|
||||||
|
// available on Windows so ignore the error for when the tests are run
|
||||||
|
// on the Windows platform during CI
|
||||||
|
_ = target.Init(m)
|
||||||
|
|
||||||
|
assert.Equal(t, "", target.vaultKVPrefix)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("if vaultKVUsePrefix is not castable to bool return error", func(t *testing.T) {
|
||||||
|
properties := map[string]string{
|
||||||
|
"vaultKVPrefix": "myCustomString",
|
||||||
|
"vaultKVUsePrefix": "invalidSetting",
|
||||||
|
"vaultTokenMountPath": expectedTokMountPath,
|
||||||
|
}
|
||||||
|
|
||||||
|
m := secretstores.Metadata{
|
||||||
|
Properties: properties,
|
||||||
|
}
|
||||||
|
|
||||||
|
target := &vaultSecretStore{
|
||||||
|
client: nil,
|
||||||
|
logger: nil,
|
||||||
|
}
|
||||||
|
|
||||||
|
// This call will throw an error on Windows systems because of the of
|
||||||
|
// the call x509.SystemCertPool() because system root pool is not
|
||||||
|
// available on Windows so ignore the error for when the tests are run
|
||||||
|
// on the Windows platform during CI
|
||||||
|
err := target.Init(m)
|
||||||
|
|
||||||
|
assert.NotNil(t, err)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func TestVaultTokenMountPathOrVaultTokenRequired(t *testing.T) {
|
func TestVaultTokenMountPathOrVaultTokenRequired(t *testing.T) {
|
||||||
t.Run("without vaultTokenMount or vaultToken", func(t *testing.T) {
|
t.Run("without vaultTokenMount or vaultToken", func(t *testing.T) {
|
||||||
properties := map[string]string{}
|
properties := map[string]string{}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue