/
vault.go
108 lines (92 loc) · 2.12 KB
/
vault.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
package testutil
import (
"testing"
"time"
bigcache "github.com/allegro/bigcache/v3"
"github.com/aserto-dev/mage-loot/deps"
"github.com/tidwall/gjson"
)
var (
vaultCache *bigcache.BigCache
)
func init() {
var err error
vaultCache, err = bigcache.NewBigCache(bigcache.DefaultConfig(10 * time.Minute))
if err != nil {
panic(err)
}
}
func VaultTokenRefresh() {
vault := deps.BinDepOut("vault")
_, err := vault("token", "renew")
if err != nil {
panic(err)
}
}
// VaultValue returns a value from the vault service
// If query has 1 element, the secret is assumed to be named "integration-testing".
// Otherwise, there should be 2 elements, the first a secret, and
// the second a query passed to gjson, to get a value from the json object returned
// from Vault.
// The first parameter can also be a testing.T. In this case, the function won't panic, but use t.Fail.
func VaultValue(params ...interface{}) string {
var (
ok bool
t *testing.T
secret string
query string
)
fail := func(msg string) {
if t != nil {
t.Log(msg)
t.Fail()
} else {
panic(msg)
}
}
if len(params) > 0 {
t, ok = params[0].(*testing.T)
if ok {
params = params[1:]
}
}
if len(params) == 0 {
fail("must provide at least one value")
} else if len(params) == 1 {
secret = "integration-testing"
query, ok = params[0].(string)
if !ok {
fail("expected first query param to be a string")
}
} else if len(params) == 2 {
secret, ok = params[0].(string)
if !ok {
fail("expected first query param to be a string")
}
query, ok = params[1].(string)
if !ok {
fail("expected second query param to be a string")
}
}
entry, err := vaultCache.Get(secret + "#" + query)
if err == nil {
return string(entry)
}
if err != bigcache.ErrEntryNotFound {
panic(err)
}
vault := deps.BinDepOut("vault")
out, err := vault("kv", "get", "--format=json", "kv/"+secret)
if err != nil {
panic(err)
}
result := gjson.Get(out, "data.data."+query)
if err != nil {
panic(err)
}
err = vaultCache.Set(secret+"#"+query, []byte(result.String()))
if err != nil {
panic(err)
}
return result.String()
}