Skip to content

Commit

Permalink
Vault write.
Browse files Browse the repository at this point in the history
  • Loading branch information
Otávio Fernandes committed Mar 29, 2019
1 parent a756dd6 commit c1979a8
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 6 deletions.
31 changes: 28 additions & 3 deletions pkg/vault-handler/vault.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"errors"
"fmt"
"log"
"strings"

vaultapi "github.com/hashicorp/vault/api"
)
Expand Down Expand Up @@ -40,9 +41,6 @@ func (v *Vault) Read(path, key string) ([]byte, error) {
var err error

log.Printf("[Vault] Reading data from path '%s', looking for key '%s'", path, key)
headers := map[string][]string{"X-Vault-Token": []string{v.token}}
v.client.SetHeaders(headers)
v.client.SetToken(v.token)

if secret, err = v.client.Logical().Read(path); err != nil {
return nil, err
Expand All @@ -54,6 +52,31 @@ func (v *Vault) Read(path, key string) ([]byte, error) {
return v.extractKey(secret.Data, key)
}

// Write data to a vault path. Wrapper around Logical Write function in Vault API.
func (v *Vault) Write(path string, data map[string]interface{}) error {
var err error

log.Printf("[Vault] Writting data on path '%s'", path)

// wrapping up data for kv-v2
if strings.HasPrefix(path, "secret/data") {
log.Print("[Vault] Using V2 API style, adding 'data' as key.")
data = map[string]interface{}{"data": data}
}
if _, err = v.client.Logical().Write(path, data); err != nil {
return err
}

return nil
}

// setHeaders prepare http request headers to inform token.
func (v *Vault) setHeaders() {
headers := map[string][]string{"X-Vault-Token": []string{v.token}}
v.client.SetHeaders(headers)
v.client.SetToken(v.token)
}

// AppRoleAuth execute approle authentication.
func (v *Vault) AppRoleAuth(roleID, secretID string) error {
var secret *vaultapi.Secret
Expand All @@ -71,13 +94,15 @@ func (v *Vault) AppRoleAuth(roleID, secretID string) error {
log.Printf("[Vault] Obtained a token via AppRole.")
// saving token for next API calls.
v.token = secret.Auth.ClientToken
v.setHeaders()

return nil
}

// TokenAuth execute token based authentication.
func (v *Vault) TokenAuth(token string) {
v.token = token
v.setHeaders()
}

// NewVault creates a Vault instance, by bootstrapping it's API client.
Expand Down
19 changes: 16 additions & 3 deletions pkg/vault-handler/vault_test.go
Original file line number Diff line number Diff line change
@@ -1,13 +1,16 @@
package vaulthandler

import (
"log"
"os"
"testing"

"github.com/stretchr/testify/assert"
)

const (
foo = "bar"
)

var vault *Vault

func TestVaultNewVault(t *testing.T) {
Expand All @@ -23,15 +26,25 @@ func TestVaultAppRoleAuth(t *testing.T) {
roleID := os.Getenv("VAULT_HANDLER_VAULT_ROLE_ID")
secretID := os.Getenv("VAULT_HANDLER_VAULT_SECRET_ID")

log.Printf("Role-ID: '%s', Secret-ID: '%s'", roleID, secretID)
t.Logf("Role-ID: '%s', Secret-ID: '%s'", roleID, secretID)
if roleID == "" || secretID == "" {
t.Fatalf("Can't find role-id ('%s'), secret-id ('%s') in the environment", roleID, secretID)
}

err := vault.AppRoleAuth(roleID, secretID)

assert.Nil(t, err)
}

func TestVaultWrite(t *testing.T) {
err := vault.Write("secret/data/foo/bar/baz", map[string]interface{}{"foo": foo})

assert.Nil(t, err)
}

func TestVaultRead(t *testing.T) {
out, err := vault.Read("secret/data/foo/bar/baz", "foo")

assert.Nil(t, err)
log.Printf("out: '%#v'", out)
assert.Equal(t, string(out), foo)
}

0 comments on commit c1979a8

Please sign in to comment.