/
SecretPersistence.java
71 lines (61 loc) · 2.57 KB
/
SecretPersistence.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
/*
* Copyright (c) 2022 Airbyte, Inc., all rights reserved.
*/
package io.airbyte.config.persistence.split_secrets;
import io.airbyte.config.Configs;
import io.airbyte.db.Database;
import java.util.Optional;
import javax.annotation.Nullable;
import org.jooq.DSLContext;
/**
* Provides the ability to read and write secrets to a backing store. Assumes that secret payloads
* are always strings. See {@link SecretCoordinate} for more information on how secrets are
* identified.
*/
@SuppressWarnings("PMD.MissingOverride")
public interface SecretPersistence extends ReadOnlySecretPersistence {
Optional<String> read(final SecretCoordinate coordinate);
void write(final SecretCoordinate coordinate, final String payload);
static Optional<SecretPersistence> getLongLived(final @Nullable DSLContext dslContext, final Configs configs) {
switch (configs.getSecretPersistenceType()) {
case TESTING_CONFIG_DB_TABLE -> {
final Database configDatabase = new Database(dslContext);
return Optional.of(new LocalTestingSecretPersistence(configDatabase));
}
case GOOGLE_SECRET_MANAGER -> {
return Optional.of(GoogleSecretManagerPersistence.getLongLived(configs.getSecretStoreGcpProjectId(), configs.getSecretStoreGcpCredentials()));
}
case VAULT -> {
return Optional.of(new VaultSecretPersistence(configs.getVaultAddress(), configs.getVaultPrefix(), configs.getVaultToken()));
}
default -> {
return Optional.empty();
}
}
}
static SecretsHydrator getSecretsHydrator(final @Nullable DSLContext dslContext, final Configs configs) {
final var persistence = getLongLived(dslContext, configs);
if (persistence.isPresent()) {
return new RealSecretsHydrator(persistence.get());
} else {
return new NoOpSecretsHydrator();
}
}
static Optional<SecretPersistence> getEphemeral(final DSLContext dslContext, final Configs configs) {
switch (configs.getSecretPersistenceType()) {
case TESTING_CONFIG_DB_TABLE -> {
final Database configDatabase = new Database(dslContext);
return Optional.of(new LocalTestingSecretPersistence(configDatabase));
}
case GOOGLE_SECRET_MANAGER -> {
return Optional.of(GoogleSecretManagerPersistence.getEphemeral(configs.getSecretStoreGcpProjectId(), configs.getSecretStoreGcpCredentials()));
}
case VAULT -> {
return Optional.of(new VaultSecretPersistence(configs.getVaultAddress(), configs.getVaultPrefix(), configs.getVaultToken()));
}
default -> {
return Optional.empty();
}
}
}
}