diff --git a/README.md b/README.md index 59a3957..bb0e3a9 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,7 @@ A list of secret stores currently supported: package main import ( + "context" "os" "github.com/wingocard/serum" @@ -46,7 +47,7 @@ import ( func main() { //create a new secret provider - gsm, err := gsmanager.New() + gsm, err := gsmanager.New(context.Background()) if err != nil { //... } @@ -65,7 +66,7 @@ func main() { } //Inject the serum... - if err := ij.Inject(); err != nil { + if err := ij.Inject(context.Background()); err != nil { //... } @@ -77,4 +78,4 @@ func main() { ## Running Tests Run all tests using the Makefile: -`make tests` \ No newline at end of file +`make tests` diff --git a/secretprovider/gsmanager/gsmanager.go b/secretprovider/gsmanager/gsmanager.go index fb48c4b..52a5aa7 100644 --- a/secretprovider/gsmanager/gsmanager.go +++ b/secretprovider/gsmanager/gsmanager.go @@ -22,8 +22,8 @@ type GSManager struct { } // New return's an initialized GSManager using a new secret manager client. -func New() (*GSManager, error) { - c, err := secretmanager.NewClient(context.Background()) +func New(ctx context.Context) (*GSManager, error) { + c, err := secretmanager.NewClient(ctx) if err != nil { return nil, fmt.Errorf("gsmanager: failed to initialize client: %w", err) } @@ -32,12 +32,12 @@ func New() (*GSManager, error) { } // Decrypt will access the secret on GCP Secret Manager and return the plain text string. -func (g *GSManager) Decrypt(secret string) (string, error) { +func (g *GSManager) Decrypt(ctx context.Context, secret string) (string, error) { req := &secretmanagerpb.AccessSecretVersionRequest{ Name: secret, } - result, err := g.smClient.AccessSecretVersion(context.Background(), req) + result, err := g.smClient.AccessSecretVersion(ctx, req) if err != nil { return "", fmt.Errorf("gsmanager: failed to access secret version: %w", err) } diff --git a/secretprovider/gsmanager/gsmanager_test.go b/secretprovider/gsmanager/gsmanager_test.go index 9c79a83..6586385 100644 --- a/secretprovider/gsmanager/gsmanager_test.go +++ b/secretprovider/gsmanager/gsmanager_test.go @@ -48,7 +48,7 @@ func TestDecrypt(t *testing.T) { smClient: tc, } - dec, err := gsm.Decrypt(secretIdentifier) + dec, err := gsm.Decrypt(context.Background(), secretIdentifier) g.Expect(err).To(BeNil()) g.Expect(tc.accessSecretVersionCalled).To(BeTrue()) g.Expect(dec).To(Equal(string(decrypted))) diff --git a/secretprovider/secretprovider.go b/secretprovider/secretprovider.go index de46550..6ba9fe8 100644 --- a/secretprovider/secretprovider.go +++ b/secretprovider/secretprovider.go @@ -1,9 +1,11 @@ package secretprovider +import "context" + //SecretProvider is an interface that wraps the decrypt and close methods. //Close should be called when the secret provier is no longer needed. //It may be a no-op in cases where there's no underlying connection to be closed. type SecretProvider interface { - Decrypt(secret string) (string, error) + Decrypt(ctx context.Context, secret string) (string, error) Close() error } diff --git a/serum.go b/serum.go index 9d90d71..11b71b0 100644 --- a/serum.go +++ b/serum.go @@ -1,6 +1,7 @@ package serum import ( + "context" "fmt" "os" @@ -16,16 +17,16 @@ type Injector struct { } // Inject will inject the loaded environment variables into the current running process' environment. -// Any secret values found will attempt to be decrypted using the provided secret provider. +// Any secret values found will attempt to be decrypted using the provided SecretProvider. // The presence of secrets with a nil SecretProvider will return an error. -func (in *Injector) Inject() error { +func (in *Injector) Inject(ctx context.Context) error { if len(in.envVars.Secrets) > 0 && in.SecretProvider == nil { return fmt.Errorf("serum: error injecting env vars: secrets were loaded but the SecretProvider is nil") } // inject secrets for k, v := range in.envVars.Secrets { - decrypted, err := in.SecretProvider.Decrypt(v) + decrypted, err := in.SecretProvider.Decrypt(ctx, v) if err != nil { return fmt.Errorf("serum: error decrypting secret %s: %s", v, err) } diff --git a/serum_test.go b/serum_test.go index 0369411..fb5037f 100644 --- a/serum_test.go +++ b/serum_test.go @@ -1,6 +1,7 @@ package serum import ( + "context" "errors" "os" "testing" @@ -30,7 +31,7 @@ type testSecretProvider struct { returnErr error } -func (ts *testSecretProvider) Decrypt(secret string) (string, error) { +func (ts *testSecretProvider) Decrypt(ctx context.Context, secret string) (string, error) { if ts.returnErr != nil { return "", ts.returnErr } @@ -68,7 +69,7 @@ func TestInject(t *testing.T) { }, } - err := ij.Inject() + err := ij.Inject(context.Background()) g.Expect(err).To(BeNil()) for k, v := range envVars.Plain { @@ -113,7 +114,7 @@ func TestInjectEnvError(t *testing.T) { }, } - err := ij.Inject() + err := ij.Inject(context.Background()) g.Expect(err).ToNot(BeNil()) g.Expect(err.Error()).To(ContainSubstring("serum: error setting env var")) }) @@ -133,7 +134,7 @@ func TestInjectNilSecretProviderError(t *testing.T) { envVars: envVars, } - err := ij.Inject() + err := ij.Inject(context.Background()) g.Expect(err).ToNot(BeNil()) g.Expect(err.Error()). To(ContainSubstring("serum: error injecting env vars: secrets were loaded but the SecretProvider is nil")) @@ -155,7 +156,7 @@ func TestInjectDecryptError(t *testing.T) { }, } - err := ij.Inject() + err := ij.Inject(context.Background()) g.Expect(err).ToNot(BeNil()) g.Expect(err.Error()).To(ContainSubstring("serum: error decrypting secret")) }