Merge pull request #2 from seeflood/wrap_component

wrap the existing component to restrict secretFile path
MichaelDeSteven · Jul 5, 2022 · ec4afdb · ec4afdb
2 parents 965ff5b + c31d897
commit ec4afdb
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 14 deletions.
diff --git a/cmd/layotto/main.go b/cmd/layotto/main.go
@@ -42,10 +42,10 @@ import (
 	"mosn.io/mosn/pkg/trace/skywalking"
 
 	component_actuators "mosn.io/layotto/components/pkg/actuators"
-	"mosn.io/layotto/components/secret"
 	"mosn.io/layotto/diagnostics"
 	"mosn.io/layotto/pkg/grpc/default_api"
 	secretstores_loader "mosn.io/layotto/pkg/runtime/secretstores"
+	secretstores_local "mosn.io/layotto/pkg/runtime/secretstores/local"
 
 	"mosn.io/layotto/components/file/local"
 	"mosn.io/layotto/components/file/s3/alicloud"
@@ -427,17 +427,13 @@ func NewRuntimeGrpcServer(data json.RawMessage, opts ...grpc.ServerOption) (mgrp
 				return gcp_secretmanager.NewSecreteManager(loggerForDaprComp)
 			}),
 			secretstores_loader.NewFactory("local.file", func() secretstores.SecretStore {
-				return secretstore_file.NewLocalSecretStore(loggerForDaprComp)
+				return secretstores_local.Wrap(secretstore_file.NewLocalSecretStore(loggerForDaprComp))
 			}),
 			secretstores_loader.NewFactory("local.env", func() secretstores.SecretStore {
 				return secretstore_env.NewEnvSecretStore(loggerForDaprComp)
 			}),
 		),
-		runtime.WithSecretWrapperFactory(
-			secret.NewWrapperFactory("local.file", func() secret.Wrapper {
-				return secret.NewLocalFileWrapper()
-			}),
-		))
+	)
 	return server, err
 }
 

diff --git a/cmd/layotto_multiple_api/main.go b/cmd/layotto_multiple_api/main.go
@@ -18,6 +18,7 @@ package main
 
 import (
 	"encoding/json"
+	secretstores_local "mosn.io/layotto/pkg/runtime/secretstores/local"
 	"os"
 	"strconv"
 	"time"
@@ -45,7 +46,6 @@ import (
 	"mosn.io/layotto/cmd/layotto_multiple_api/helloworld/component"
 	"mosn.io/layotto/components/custom"
 	component_actuators "mosn.io/layotto/components/pkg/actuators"
-	"mosn.io/layotto/components/secret"
 	l8_grpc "mosn.io/layotto/pkg/grpc"
 	"mosn.io/layotto/pkg/grpc/dapr"
 	"mosn.io/layotto/pkg/grpc/default_api"
@@ -430,7 +430,7 @@ func NewRuntimeGrpcServer(data json.RawMessage, opts ...grpc.ServerOption) (mgrp
 				return gcp_secretmanager.NewSecreteManager(loggerForDaprComp)
 			}),
 			secretstores_loader.NewFactory("local.file", func() secretstores.SecretStore {
-				return secretstore_file.NewLocalSecretStore(loggerForDaprComp)
+				return secretstores_local.Wrap(secretstore_file.NewLocalSecretStore(loggerForDaprComp))
 			}),
 			secretstores_loader.NewFactory("local.env", func() secretstores.SecretStore {
 				return secretstore_env.NewEnvSecretStore(loggerForDaprComp)
@@ -441,11 +441,6 @@ func NewRuntimeGrpcServer(data json.RawMessage, opts ...grpc.ServerOption) (mgrp
 			custom.NewComponentFactory("in-memory", component.NewInMemoryHelloWorld),
 			custom.NewComponentFactory("goodbye", component.NewSayGoodbyeHelloWorld),
 		),
-		runtime.WithSecretWrapperFactory(
-			secret.NewWrapperFactory("local.file", func() secret.Wrapper {
-				return secret.NewLocalFileWrapper()
-			}),
-		),
 	)
 	return server, err
 }

diff --git a/pkg/runtime/secretstores/local/wrapper.go b/pkg/runtime/secretstores/local/wrapper.go
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2021 Layotto Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package secret
+
+import (
+	"github.com/dapr/components-contrib/secretstores"
+	"os"
+	"strings"
+)
+
+type wrapper struct {
+	prefix string
+	comp   secretstores.SecretStore
+}
+
+func (w *wrapper) Init(metadata secretstores.Metadata) error {
+	if metadata.Properties != nil {
+		metadata.Properties["secretsFile"] = w.prefix + metadata.Properties["secretsFile"]
+	}
+	return w.comp.Init(metadata)
+}
+
+func (w *wrapper) GetSecret(req secretstores.GetSecretRequest) (secretstores.GetSecretResponse, error) {
+	return w.comp.GetSecret(req)
+}
+
+func (w *wrapper) BulkGetSecret(req secretstores.BulkGetSecretRequest) (secretstores.BulkGetSecretResponse, error) {
+	return w.comp.BulkGetSecret(req)
+}
+
+func Wrap(component secretstores.SecretStore) secretstores.SecretStore {
+	return &wrapper{
+		comp:   component,
+		prefix: getPrefixConfigFilePath(),
+	}
+}
+
+func getPrefixConfigFilePath() string {
+	prefix := ""
+	for i, str := range os.Args {
+		// FIXME: we should get the configuration path in main.go and then store it in memory.
+		// Matching "-c" here is not enough, since the startup parameter might be "--config"
+		if str == "-c" {
+			strs := strings.Split(os.Args[i+1], "/")
+			for _, s := range strs[:len(strs)-1] {
+				// FIXME: we should use `os.PathSeparator` instead of `/`.
+				// See https://stackoverflow.com/questions/9371031/how-do-i-create-crossplatform-file-paths-in-go
+				prefix = prefix + s + "/"
+			}
+			break
+		}
+	}
+	return prefix
+}