Skip to content

Commit

Permalink
Refactoring code and tests.
Browse files Browse the repository at this point in the history
  • Loading branch information
Otávio Fernandes committed Apr 6, 2019
1 parent d01b020 commit 4fcfae2
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 142 deletions.
122 changes: 14 additions & 108 deletions pkg/vault-handler/handler.go
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
package vaulthandler

import (
"path"

log "github.com/sirupsen/logrus"
)

Expand Down Expand Up @@ -38,80 +36,29 @@ func (h *Handler) Authenticate() error {
func (h *Handler) Upload(manifest *Manifest) error {
var err error

uploadPerPath := make(map[string]map[string]interface{})
logger := h.logger.WithField("action", "upload")

fn := func(logger *log.Entry, group, vaultPath string, data SecretData) error {
var err error

logger.Info("Handling file")
file := NewFile(group, &data, []byte{})

if err = file.Read(h.config.InputDir); err != nil {
logger.Error("error on reading file", err)
return err
}
if data.Zip {
if err = file.Zip(); err != nil {
logger.Error("error on zipping payload", err)
return err
}
}

// preparing map of data for the same vault path, dealing with payload as string
vaultPath = h.composeVaultPath(data, vaultPath)
if _, exists := uploadPerPath[vaultPath]; !exists {
uploadPerPath[vaultPath] = make(map[string]interface{})
}
uploadPerPath[vaultPath][data.Name] = string(file.Payload())

return nil
}

if err = h.loop(logger, manifest, fn); err != nil {
u := NewUpload(h.vault, manifest, h.config.InputDir)
if err = h.loop(h.logger.WithField("action", "upload"), manifest, u.Prepare); err != nil {
return err
}

for vaultPath, data := range uploadPerPath {
if err = h.dispense(vaultPath, data); err != nil {
h.logger.Error("error on writing data to vault", err)
return err
}
}

return nil
return u.Execute(h.config.DryRun)
}

// Download files from vault based on manifest.
func (h *Handler) Download(manifest *Manifest) error {
logger := h.logger.WithField("action", "download")

fn := func(logger *log.Entry, group, vaultPath string, data SecretData) error {
var payload []byte
var err error

vaultPath = h.composeVaultPath(data, vaultPath)
logger = logger.WithField("vaultPath", vaultPath)

logger.Info("Reading data from Vault")
if payload, err = h.vault.Read(vaultPath, data.Name); err != nil {
return err
}

logger.Info("Creating a file instance")
file := NewFile(group, &data, payload)

if data.Zip {
if err = file.Unzip(); err != nil {
return err
}
}
var err error

logger.Info("Persisting in file-system")
return h.persist(file)
d := NewDownload(h.vault, manifest, h.config.OutputDir)
if err = h.loop(h.logger.WithField("action", "download"), manifest, d.Prepare); err != nil {
return err
}

return h.loop(logger, manifest, fn)
return d.Execute(h.config.DryRun)
}

// Copy secrets from Vault into Kubernetes.
func (h *Handler) Copy(manifest *Manifest) error {
return nil
}

// loop execute the primary manifest item loop, yielding informed method.
Expand All @@ -133,52 +80,11 @@ func (h *Handler) loop(logger *log.Entry, manifest *Manifest, fn actOnSecret) er
return nil
}

// persist a slice of bytes to file-system.
func (h *Handler) persist(file *File) error {
if h.config.DryRun {
log.WithField("path", file.FilePath(h.config.OutputDir)).
Info("[DRY-RUN] File is not written to file-system!")
}

return file.Write(h.config.OutputDir)
}

// dispense a data map to a given vault path.
func (h *Handler) dispense(vaultPath string, data map[string]interface{}) error {
logger := log.WithField("vaultPath", vaultPath)
logger.Info("Uploading secrets to Vault path")

for name, payload := range data {
logger = logger.WithField("key", name)
logger.Info("Uploading key")
logger.Tracef("Payload: '%s'", payload)
}

if h.config.DryRun {
logger.Infof("[DRY-RUN] File is not uploaded to Vault!")
return nil
}

return h.vault.Write(vaultPath, data)
}

// composeVaultPath based in the current SecretData.
func (h *Handler) composeVaultPath(data SecretData, vaultPath string) string {
if !data.NameAsSubPath {
return vaultPath
}
return path.Join(vaultPath, data.Name)
}

// NewHandler instantiates a new application.
func NewHandler(config *Config) (*Handler, error) {
var err error

handler := &Handler{
config: config,
logger: log.WithFields(log.Fields{"type": "Handler"}),
}

handler := &Handler{config: config, logger: log.WithField("type", "Handler")}
if handler.vault, err = NewVault(config.VaultAddr); err != nil {
return nil, err
}
Expand Down
34 changes: 0 additions & 34 deletions pkg/vault-handler/handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,37 +109,3 @@ func TestHandlerDownload(t *testing.T) {
assert.FileExists(t, plainPath)
assert.Equal(t, []byte("plain"), readFile(plainPath))
}

func TestHandlerPersist(t *testing.T) {
var err error

payload := []byte("persist")
data := &SecretData{Name: "name", Extension: "ext"}
file := NewFile("persist", data, payload)
_ = os.Remove(file.FilePath(outputDir))

err = handler.persist(file)

assert.Nil(t, err)
assert.Equal(t, payload, readFile(file.FilePath(outputDir)))
}

func TestHandlerDispense(t *testing.T) {
var err error

err = handler.dispense("secret/data/test/handler/dispense",
map[string]interface{}{"name": []byte("dispense")})

assert.Nil(t, err)
}

func TestHandlerComposeVaultPath(t *testing.T) {
path := handler.composeVaultPath(SecretData{Name: "name", Extension: "ext"},
handlerManifest.Secrets[groupName].Path)
assert.Equal(t, handlerManifest.Secrets[groupName].Path, path)

data := SecretData{Name: "name", Extension: "ext", NameAsSubPath: true}
path = handler.composeVaultPath(data, handlerManifest.Secrets[groupName].Path)
expect := fmt.Sprintf("%s/%s", handlerManifest.Secrets[groupName].Path, data.Name)
assert.Equal(t, expect, path)
}
9 changes: 9 additions & 0 deletions pkg/vault-handler/vault.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package vaulthandler
import (
"errors"
"fmt"
"path"
"strings"

vaultapi "github.com/hashicorp/vault/api"
Expand Down Expand Up @@ -107,6 +108,14 @@ func (v *Vault) extractKey(payload map[string]interface{}, key string) ([]byte,
return []byte(data), nil
}

// composeVaultPath based in the current SecretData.
func (v *Vault) composePath(data SecretData, vaultPath string) string {
if !data.NameAsSubPath {
return vaultPath
}
return path.Join(vaultPath, data.Name)
}

// NewVault creates a Vault instance, by bootstrapping it's API client.
func NewVault(addr string) (*Vault, error) {
var err error
Expand Down
12 changes: 12 additions & 0 deletions pkg/vault-handler/vault_test.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package vaulthandler

import (
"fmt"
"os"
"testing"

Expand Down Expand Up @@ -48,3 +49,14 @@ func TestVaultRead(t *testing.T) {
assert.Nil(t, err)
assert.Equal(t, string(out), foo)
}

func TestVaultComposePath(t *testing.T) {
path := vault.composePath(SecretData{Name: "name", Extension: "ext"},
handlerManifest.Secrets[groupName].Path)
assert.Equal(t, handlerManifest.Secrets[groupName].Path, path)

data := SecretData{Name: "name", Extension: "ext", NameAsSubPath: true}
path = vault.composePath(data, handlerManifest.Secrets[groupName].Path)
expect := fmt.Sprintf("%s/%s", handlerManifest.Secrets[groupName].Path, data.Name)
assert.Equal(t, expect, path)
}

0 comments on commit 4fcfae2

Please sign in to comment.