Skip to content
This repository has been archived by the owner on Jul 5, 2021. It is now read-only.

Commit

Permalink
review notes
Browse files Browse the repository at this point in the history
  • Loading branch information
@knelasevero
knelasevero committed Jan 13, 2021
1 parent e1b42a2 commit 2c1196f
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 11 deletions.
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ require (
github.com/onsi/gomega v1.10.2
github.com/prometheus/common v0.13.0
github.com/smartystreets/goconvey v1.6.4
github.com/versent/unicreds v1.5.0
github.com/versent/unicreds v1.5.1-0.20180327234242-7135c859e003
github.com/xanzy/go-gitlab v0.39.0
golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43
google.golang.org/api v0.32.0
Expand Down
2 changes: 2 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -599,6 +599,8 @@ github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtX
github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw=
github.com/versent/unicreds v1.5.0 h1:ad9QWGahpc/Ra0gjTtxhPD/2zZ6Ly4k48owUxWz2qqs=
github.com/versent/unicreds v1.5.0/go.mod h1:WGxBysez8YlQVyZy3+p7JpgFnNEQVasqcHRVH8ICG/8=
github.com/versent/unicreds v1.5.1-0.20180327234242-7135c859e003 h1:RPAOPj8OLmwZEPeggLPXkp9chvfroheXnzLRjPKEfgI=
github.com/versent/unicreds v1.5.1-0.20180327234242-7135c859e003/go.mod h1:WGxBysez8YlQVyZy3+p7JpgFnNEQVasqcHRVH8ICG/8=
github.com/xanzy/go-gitlab v0.39.0 h1:7aiZ03fJfCdqoHFhsZq/SoVYp2lR91hfYWmiXLOU5Qo=
github.com/xanzy/go-gitlab v0.39.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
Expand Down
20 changes: 10 additions & 10 deletions pkg/credstash/backend.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,41 +26,41 @@ var (
configEncryptionContext = make(map[string]string)
)

// SecretManagerClient will be our unicreds client
type SecretManagerClient interface {
// SecretManagerClientProvider will be our unicreds client
type SecretManagerClientProvider interface {
SetKMSConfig(config *aws.Config)
SetDynamoDBConfig(config *aws.Config)
GetHighestVersionSecret(tableName *string, name string, encContext *unicreds.EncryptionContextValue) (*unicreds.DecryptedCredential, error)
GetSecret(tableName *string, name string, version string, encContext *unicreds.EncryptionContextValue) (*unicreds.DecryptedCredential, error)
}

// SecretManagerClientStruct defining this struct to write methods for it
type SecretManagerClientStruct struct {
// SecretManagerClient defining this struct to write methods for it
type SecretManagerClient struct {
}

// SetKMSConfig sets configuration for KMS access
func (s SecretManagerClientStruct) SetKMSConfig(config *aws.Config) {
func (s SecretManagerClient) SetKMSConfig(config *aws.Config) {
unicreds.SetKMSConfig(config)
}

// SetDynamoDBConfig sets configuration for DynamoDB access
func (s SecretManagerClientStruct) SetDynamoDBConfig(config *aws.Config) {
func (s SecretManagerClient) SetDynamoDBConfig(config *aws.Config) {
unicreds.SetDynamoDBConfig(config)
}

// GetHighestVersionSecret gets a secret with latest version from credstash
func (s SecretManagerClientStruct) GetHighestVersionSecret(tableName *string, name string, encContext *unicreds.EncryptionContextValue) (*unicreds.DecryptedCredential, error) {
func (s SecretManagerClient) GetHighestVersionSecret(tableName *string, name string, encContext *unicreds.EncryptionContextValue) (*unicreds.DecryptedCredential, error) {
return unicreds.GetHighestVersionSecret(tableName, name, encContext)
}

// GetSecret gets a secret with specific version from credstash
func (s SecretManagerClientStruct) GetSecret(tableName *string, name string, version string, encContext *unicreds.EncryptionContextValue) (*unicreds.DecryptedCredential, error) {
func (s SecretManagerClient) GetSecret(tableName *string, name string, version string, encContext *unicreds.EncryptionContextValue) (*unicreds.DecryptedCredential, error) {
return unicreds.GetSecret(tableName, name, version, encContext)
}

// Backend represents a backend for Credstash
type Backend struct {
SecretsManager SecretManagerClient
SecretsManager SecretManagerClientProvider
session *session.Session
}

Expand All @@ -76,6 +76,7 @@ func NewBackend() backend.Backend {
// Init initializes the Backend for Credstash
func (s *Backend) Init(parameters map[string]interface{}, credentials []byte) error {
var err error
s.SecretsManager = SecretManagerClient{}

s.session, err = utils.GetAWSSession(parameters, credentials, defaultRegion)
if err != nil {
Expand All @@ -93,7 +94,6 @@ func (s *Backend) Init(parameters map[string]interface{}, credentials []byte) er
log.Info("Not using security encryption context. Consider using it")
}

s.SecretsManager = SecretManagerClientStruct{}
s.SecretsManager.SetKMSConfig(s.session.Config)
s.SecretsManager.SetDynamoDBConfig(s.session.Config)
return nil
Expand Down

0 comments on commit 2c1196f

Please sign in to comment.