-
Notifications
You must be signed in to change notification settings - Fork 78
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add azure keyvault based secret store (#652)
- Loading branch information
Showing
7 changed files
with
537 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
package fake | ||
|
||
import ( | ||
"context" | ||
"encoding/json" | ||
"os" | ||
|
||
"github.com/Azure/azure-sdk-for-go/profiles/latest/keyvault/keyvault" | ||
) | ||
|
||
type ( | ||
GetSecretFn func(ctx context.Context, vaultBaseURL string, secretName string, secretVersion string) (keyvault.SecretBundle, error) | ||
GetKeyFn func(ctx context.Context, vaultBaseURL string, keyName string, keyVersion string) (keyvault.KeyBundle, error) | ||
GetCertificateFn func(ctx context.Context, vaultBaseURL string, certificateName string, certificateVersion string) (keyvault.CertificateBundle, error) | ||
SecretClient struct { | ||
GetSecretFn GetSecretFn | ||
GetKeyFn GetKeyFn | ||
GetCertificateFn GetCertificateFn | ||
} | ||
) | ||
|
||
func NewGetSecretFn(secretString string) GetSecretFn { | ||
return func(ctx context.Context, vaultBaseURL string, secretName string, secretVersion string) (keyvault.SecretBundle, error) { | ||
return keyvault.SecretBundle{ | ||
Value: &secretString, | ||
}, nil | ||
} | ||
} | ||
|
||
func NewGetKeyFn(key string) GetKeyFn { | ||
return func(ctx context.Context, vaultBaseURL string, keyName string, keyVersion string) (keyvault.KeyBundle, error) { | ||
return keyvault.KeyBundle{ | ||
Key: newJSONWebKey([]byte(key)), | ||
}, nil | ||
} | ||
} | ||
|
||
func NewGetCertificateFn(certificate string) GetCertificateFn { | ||
return func(ctx context.Context, vaultBaseURL string, certificateName string, certificateVersion string) (keyvault.CertificateBundle, error) { | ||
byteStr := []byte(certificate) | ||
return keyvault.CertificateBundle{ | ||
Cer: &byteStr, | ||
}, nil | ||
} | ||
} | ||
|
||
func (sc *SecretClient) GetSecret(ctx context.Context, vaultBaseURL string, secretName string, secretVersion string) (keyvault.SecretBundle, error) { | ||
return sc.GetSecretFn(ctx, vaultBaseURL, secretName, secretVersion) | ||
} | ||
|
||
func (sc *SecretClient) GetKey(ctx context.Context, vaultBaseURL string, keyName string, keyVersion string) (keyvault.KeyBundle, error) { | ||
return sc.GetKeyFn(ctx, vaultBaseURL, keyName, keyVersion) | ||
} | ||
|
||
func (sc *SecretClient) GetCertificate(ctx context.Context, vaultBaseURL string, certificateName string, certificateVersion string) (keyvault.CertificateBundle, error) { | ||
return sc.GetCertificateFn(ctx, vaultBaseURL, certificateName, certificateVersion) | ||
} | ||
|
||
func SetClientIDSecretInEnv() func() { | ||
oldClientID := os.Getenv("AZURE_CLIENT_ID") | ||
os.Setenv("AZURE_CLIENT_ID", "fake_client_id") | ||
oldClientSecret := os.Getenv("AZURE_CLIENT_SECRET") | ||
os.Setenv("AZURE_CLIENT_SECRET", "fake_client_secret") | ||
return func() { | ||
os.Setenv("AZURE_CLIENT_ID", oldClientID) | ||
os.Setenv("AZURE_CLIENT_SECRET", oldClientSecret) | ||
} | ||
} | ||
|
||
func newJSONWebKey(b []byte) *keyvault.JSONWebKey { | ||
var key keyvault.JSONWebKey | ||
err := json.Unmarshal(b, &key) | ||
if err != nil { | ||
panic(err) | ||
} | ||
return &key | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
package keyvault | ||
|
||
import ( | ||
"context" | ||
|
||
"github.com/Azure/azure-sdk-for-go/profiles/latest/keyvault/keyvault" | ||
) | ||
|
||
// SecretClient is a testable interface for making operations call for Azure KeyVault. | ||
type SecretClient interface { | ||
GetSecret(ctx context.Context, vaultBaseURL string, secretName string, secretVersion string) (result keyvault.SecretBundle, err error) | ||
GetKey(ctx context.Context, vaultBaseURL string, keyName string, keyVersion string) (result keyvault.KeyBundle, err error) | ||
GetCertificate(ctx context.Context, vaultBaseURL string, certificateName string, certificateVersion string) (result keyvault.CertificateBundle, err error) | ||
} |
Oops, something went wrong.