added vaultKVUsePrefix on hashicorp vault secret (#929)

* added vaultKVUsePrefix on hashicorp vault secret * consolidate if, use ParseBool * added handling of empty string + test Co-authored-by: Phil Kedy <phil.kedy@gmail.com> Co-authored-by: Artur Souza <artursouza.ms@outlook.com> Co-authored-by: Dapr Bot <56698301+dapr-bot@users.noreply.github.com>
2021-06-22 19:16:22 +02:00 · 2021-06-22 19:16:22 +02:00 · 79109c5fe3
parent 8e6b36ecdf
commit 79109c5fe3
2 changed files with 90 additions and 1 deletions
--- a/secretstores/hashicorp/vault/vault.go
+++ b/secretstores/hashicorp/vault/vault.go
@ -18,6 +18,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"strconv"

 	"github.com/dapr/components-contrib/secretstores"
 	"github.com/dapr/kit/logger"
@ -35,6 +36,7 @@ const (
 	componentVaultToken          string = "vaultToken"
 	componentVaultTokenMountPath string = "vaultTokenMountPath"
 	componentVaultKVPrefix       string = "vaultKVPrefix"
+	componentVaultKVUsePrefix    string = "vaultKVUsePrefix"
 	defaultVaultKVPrefix         string = "dapr"
 	vaultHTTPHeader              string = "X-Vault-Token"
 	vaultHTTPRequestHeader       string = "X-Vault-Request"
@ -107,8 +109,20 @@ func (v *vaultSecretStore) Init(metadata secretstores.Metadata) error {
 		return fmt.Errorf("token mount path and token both set")
 	}

+	vaultKVUsePrefix := props[componentVaultKVUsePrefix]
 	vaultKVPrefix := props[componentVaultKVPrefix]
-	if vaultKVPrefix == "" {
+	convertedVaultKVUsePrefix := true
+	if vaultKVUsePrefix != "" {
+		if v, err := strconv.ParseBool(vaultKVUsePrefix); err == nil {
+			convertedVaultKVUsePrefix = v
+		} else if err != nil {
+			return fmt.Errorf("unable to convert Use Prefix to boolean")
+		}
+	}
+
+	if !convertedVaultKVUsePrefix {
+		vaultKVPrefix = ""
+	} else if vaultKVPrefix == "" {
 		vaultKVPrefix = defaultVaultKVPrefix
 	}

--- a/secretstores/hashicorp/vault/vault_test.go
+++ b/secretstores/hashicorp/vault/vault_test.go
@ -97,6 +97,81 @@ func TestVaultTLSConfig(t *testing.T) {
 	})
 }

+func TestVaultTokenPrefix(t *testing.T) {
+	t.Run("default value of vaultKVUsePrefix is true to emulate previous behaviour", func(t *testing.T) {
+		properties := map[string]string{
+			"vaultTokenMountPath": expectedTokMountPath,
+		}
+
+		m := secretstores.Metadata{
+			Properties: properties,
+		}
+
+		target := &vaultSecretStore{
+			client: nil,
+			logger: nil,
+		}
+
+		// This call will throw an error on Windows systems because of the of
+		// the call x509.SystemCertPool() because system root pool is not
+		// available on Windows so ignore the error for when the tests are run
+		// on the Windows platform during CI
+		_ = target.Init(m)
+
+		assert.Equal(t, defaultVaultKVPrefix, target.vaultKVPrefix)
+	})
+
+	t.Run("if vaultKVUsePrefix is false ignore vaultKVPrefix", func(t *testing.T) {
+		properties := map[string]string{
+			"vaultKVPrefix":       "myCustomString",
+			"vaultKVUsePrefix":    "false",
+			"vaultTokenMountPath": expectedTokMountPath,
+		}
+
+		m := secretstores.Metadata{
+			Properties: properties,
+		}
+
+		target := &vaultSecretStore{
+			client: nil,
+			logger: nil,
+		}
+
+		// This call will throw an error on Windows systems because of the of
+		// the call x509.SystemCertPool() because system root pool is not
+		// available on Windows so ignore the error for when the tests are run
+		// on the Windows platform during CI
+		_ = target.Init(m)
+
+		assert.Equal(t, "", target.vaultKVPrefix)
+	})
+
+	t.Run("if vaultKVUsePrefix is not castable to bool return error", func(t *testing.T) {
+		properties := map[string]string{
+			"vaultKVPrefix":       "myCustomString",
+			"vaultKVUsePrefix":    "invalidSetting",
+			"vaultTokenMountPath": expectedTokMountPath,
+		}
+
+		m := secretstores.Metadata{
+			Properties: properties,
+		}
+
+		target := &vaultSecretStore{
+			client: nil,
+			logger: nil,
+		}
+
+		// This call will throw an error on Windows systems because of the of
+		// the call x509.SystemCertPool() because system root pool is not
+		// available on Windows so ignore the error for when the tests are run
+		// on the Windows platform during CI
+		err := target.Init(m)
+
+		assert.NotNil(t, err)
+	})
+}
+
 func TestVaultTokenMountPathOrVaultTokenRequired(t *testing.T) {
 	t.Run("without vaultTokenMount or vaultToken", func(t *testing.T) {
 		properties := map[string]string{}