refactor: update secret store providers implementation (#677)

KusionStack · Dec 18, 2023 · b65129f · b65129f
1 parent 20386e9
commit b65129f
Show file tree

Hide file tree

Showing 6 changed files with 41 additions and 16 deletions.
diff --git a/pkg/secrets/providers.go b/pkg/secrets/providers.go
@@ -11,20 +11,37 @@ import (
 	"kusionstack.io/kusion/pkg/log"
 )
 
-var SecretStoreProviders = NewProviders()
+var (
+	secretStoreProviders *Providers
+	createOnce           sync.Once
+)
+
+func init() {
+	createOnce.Do(func() {
+		secretStoreProviders = &Providers{
+			registry: make(map[string]SecretStoreFactory),
+		}
+	})
+}
+
+// Register a secret store provider with target spec.
+func Register(ssf SecretStoreFactory, spec *secrets.ProviderSpec) {
+	secretStoreProviders.register(ssf, spec)
+}
+
+// GetProviderByName returns registered provider by name.
+func GetProviderByName(providerName string) (SecretStoreFactory, bool) {
+	return secretStoreProviders.getProviderByName(providerName)
+}
 
 type Providers struct {
 	lock     sync.RWMutex
 	registry map[string]SecretStoreFactory
 }
 
-func NewProviders() *Providers {
-	return &Providers{}
-}
-
-// Register registers a provider with associated spec. This
+// register registers a provider with associated spec. This
 // is expected to happen during app startup.
-func (ps *Providers) Register(ssf SecretStoreFactory, spec *secrets.ProviderSpec) {
+func (ps *Providers) register(ssf SecretStoreFactory, spec *secrets.ProviderSpec) {
 	providerName, err := getProviderName(spec)
 	if err != nil {
 		panic(fmt.Sprintf("provider registery failed to parse spec: %s", err.Error()))
@@ -45,8 +62,8 @@ func (ps *Providers) Register(ssf SecretStoreFactory, spec *secrets.ProviderSpec
 	ps.registry[providerName] = ssf
 }
 
-// GetProviderByName returns registered provider by name.
-func (ps *Providers) GetProviderByName(providerName string) (SecretStoreFactory, bool) {
+// getProviderByName returns registered provider by name.
+func (ps *Providers) getProviderByName(providerName string) (SecretStoreFactory, bool) {
 	ps.lock.RLock()
 	defer ps.lock.RUnlock()
 	provider, found := ps.registry[providerName]

diff --git a/pkg/secrets/providers/alicloud/secretsmanager/secretsmanager.go b/pkg/secrets/providers/alicloud/secretsmanager/secretsmanager.go
@@ -115,7 +115,7 @@ func (s *smSecretStore) convertSecretToGjson(secretInfo *models.SecretInfo, refP
 }
 
 func init() {
-	secrets.SecretStoreProviders.Register(&DefaultFactory{}, &secretsapi.ProviderSpec{
+	secrets.Register(&DefaultFactory{}, &secretsapi.ProviderSpec{
 		Alicloud: &secretsapi.AlicloudProvider{},
 	})
 }
diff --git a/pkg/secrets/providers/aws/secretsmanager/secretsmanager.go b/pkg/secrets/providers/aws/secretsmanager/secretsmanager.go
@@ -126,7 +126,7 @@ func (s *smSecretStore) convertSecretToGjson(secretValueOutput *secretsmanager.G
 }
 
 func init() {
-	secrets.SecretStoreProviders.Register(&DefaultFactory{}, &secretsapi.ProviderSpec{
+	secrets.Register(&DefaultFactory{}, &secretsapi.ProviderSpec{
 		AWS: &secretsapi.AWSProvider{},
 	})
 }
diff --git a/pkg/secrets/providers/hashivault/vault.go b/pkg/secrets/providers/hashivault/vault.go
@@ -226,7 +226,7 @@ func getTypedKey(data map[string]interface{}, key string) ([]byte, error) {
 }
 
 func init() {
-	secrets.SecretStoreProviders.Register(&DefaultFactory{}, &secretsapi.ProviderSpec{
+	secrets.Register(&DefaultFactory{}, &secretsapi.ProviderSpec{
 		Vault: &secretsapi.VaultProvider{},
 	})
 }
diff --git a/pkg/secrets/providers/register/register.go b/pkg/secrets/providers/register/register.go
@@ -0,0 +1,9 @@
+package register
+
+// packages imported here are registered to the secret store provider registry.
+
+import (
+	_ "kusionstack.io/kusion/pkg/secrets/providers/alicloud/secretsmanager"
+	_ "kusionstack.io/kusion/pkg/secrets/providers/aws/secretsmanager"
+	_ "kusionstack.io/kusion/pkg/secrets/providers/hashivault"
+)
diff --git a/pkg/secrets/providers_test.go b/pkg/secrets/providers_test.go
@@ -49,20 +49,19 @@ func TestRegister(t *testing.T) {
 		},
 	}
 
-	providers := NewProviders()
 	fsp := &FakeSecretStoreFactory{}
 	for _, tc := range testcases {
 		t.Run(tc.name, func(t *testing.T) {
 			if tc.shouldPanic {
 				defer func() {
 					if r := recover(); r == nil {
-						t.Errorf("Register should panic")
+						t.Errorf("register should panic")
 					}
 				}()
 			}
 
-			providers.Register(fsp, tc.spec)
-			_, ok := providers.GetProviderByName(tc.providerName)
+			Register(fsp, tc.spec)
+			_, ok := GetProviderByName(tc.providerName)
 			assert.Equal(t, tc.expExists, ok, "provider should be registered")
 		})
 	}