Skip to content

Commit

Permalink
Using DotEnv on main loop.
Browse files Browse the repository at this point in the history
  • Loading branch information
Otávio Fernandes committed Apr 24, 2019
1 parent c88cd3d commit 8c15354
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 11 deletions.
34 changes: 23 additions & 11 deletions pkg/vault-handler/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import (
// Handler application primary runtime object.
type Handler struct {
logger *log.Entry // logger
config *Config // configuration instance
cfg *Config // configuration instance
vault *Vault // vault api instance
}

Expand All @@ -19,12 +19,12 @@ type actOnSecret func(logger *log.Entry, group, secretType, vaultPath string, da
func (h *Handler) Authenticate() error {
var err error

if h.config.VaultToken != "" {
if h.cfg.VaultToken != "" {
h.logger.Info("Using token based authentication")
h.vault.TokenAuth(h.config.VaultToken)
h.vault.TokenAuth(h.cfg.VaultToken)
} else {
h.logger.Info("Using AppRole based authentication")
if err = h.vault.AppRoleAuth(h.config.VaultRoleID, h.config.VaultSecretID); err != nil {
if err = h.vault.AppRoleAuth(h.cfg.VaultRoleID, h.cfg.VaultSecretID); err != nil {
return err
}
}
Expand All @@ -36,24 +36,36 @@ func (h *Handler) Authenticate() error {
func (h *Handler) Upload(manifest *Manifest) error {
var err error

u := NewUpload(h.vault, h.config.InputDir)
u := NewUpload(h.vault, h.cfg.InputDir)
if err = h.loop(h.logger.WithField("action", "upload"), manifest, u.Prepare); err != nil {
return err
}

return u.Execute(h.config.DryRun)
return u.Execute(h.cfg.DryRun)
}

// Download files from vault based on manifest.
func (h *Handler) Download(manifest *Manifest) error {
var err error

d := NewDownload(h.vault, h.config.OutputDir)
d := NewDownload(h.vault, h.cfg.OutputDir)
if err = h.loop(h.logger.WithField("action", "download"), manifest, d.Prepare); err != nil {
return err
}
if err = d.Execute(h.cfg.DryRun); err != nil {
return err
}

if !h.cfg.DotEnv {
return nil
}

return d.Execute(h.config.DryRun)
h.logger.Info("Creating dot-env representation of downloaded secrets...")
dotEnv := NewDotEnv(h.cfg.OutputDir, d.Files)
if err = dotEnv.Prepare(); err != nil {
return err
}
return dotEnv.Write(h.cfg.DryRun)
}

// Copy secrets from Vault into Kubernetes.
Expand All @@ -62,7 +74,7 @@ func (h *Handler) Copy(manifest *Manifest) error {
var err error

if k, err = NewKubernetes(
h.config.KubeConfig, h.config.Context, h.config.Namespace, h.config.InCluster,
h.cfg.KubeConfig, h.cfg.Context, h.cfg.Namespace, h.cfg.InCluster,
); err != nil {
return err
}
Expand All @@ -78,7 +90,7 @@ func (h *Handler) Copy(manifest *Manifest) error {
if err = c.Prepare(); err != nil {
return err
}
return c.Execute(h.config.DryRun)
return c.Execute(h.cfg.DryRun)
}

// loop execute the primary manifest item loop, yielding informed method.
Expand All @@ -105,7 +117,7 @@ func (h *Handler) loop(logger *log.Entry, manifest *Manifest, fn actOnSecret) er
func NewHandler(config *Config) (*Handler, error) {
var err error

handler := &Handler{config: config, logger: log.WithField("type", "Handler")}
handler := &Handler{cfg: config, logger: log.WithField("type", "Handler")}
if handler.vault, err = NewVault(config.VaultAddr); err != nil {
return nil, err
}
Expand Down
19 changes: 19 additions & 0 deletions test/e2e/vault_handler_test.go
Original file line number Diff line number Diff line change
@@ -1,14 +1,17 @@
package e2e

import (
"context"
"fmt"
"io/ioutil"
"os"
"path"
"strings"
"testing"

log "github.com/sirupsen/logrus"
"github.com/stretchr/testify/assert"
"mvdan.cc/sh/shell"

vh "github.com/otaviof/vault-handler/pkg/vault-handler"
)
Expand Down Expand Up @@ -159,6 +162,7 @@ func runCopy(t *testing.T, handler *vh.Handler) {

func compareSecrets(t *testing.T) {
vaultSecrets := make(map[string]map[string][]byte)
dotEnvSecrets := make(map[string]string)

loopOverManifests(t, func(t *testing.T, manifest *vh.Manifest) {
loopOverGroupSecrets(t, manifest, func(t *testing.T, group string, data *vh.SecretData) {
Expand All @@ -170,6 +174,10 @@ func compareSecrets(t *testing.T) {
vaultSecrets[group] = make(map[string][]byte)
}
vaultSecrets[group][file.Properties.Name] = file.Payload

v := strings.ToUpper(fmt.Sprintf("%s_%s_%s",
group, file.Properties.Name, file.Properties.Extension))
dotEnvSecrets[v] = string(file.Payload)
})
})

Expand All @@ -186,4 +194,15 @@ func compareSecrets(t *testing.T) {
assert.Equal(t, string(payload), fmt.Sprintf("%s\n", string(kubeSecrets[name])))
}
}

t.Log("Comparing with dot-env secrets...")
dotEnvData, err := shell.SourceFile(context.TODO(), path.Join(config.OutputDir, ".env"))
assert.Nil(t, err)

for k, v := range dotEnvSecrets {
t.Logf("Looking for expected dot-env variable '%s', value '%s'", k, v)
expected, found := dotEnvData[k]
assert.True(t, found)
assert.Equal(t, expected.String(), v)
}
}

0 comments on commit 8c15354

Please sign in to comment.