refactor: finished

Signed-off-by: Bence Csati <[email protected]>
bank-vaults · Mar 26, 2024 · 7a9a1f9 · 7a9a1f9
1 parent fc8d4b1
commit 7a9a1f9
Show file tree

Hide file tree

Showing 9 changed files with 1,350 additions and 571 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -61,6 +61,15 @@ jobs:
           VAULT_DEV_ROOT_TOKEN_ID: 227e1cce-6bf7-30bb-2d2a-acc854318caf
         ports:
           - 8200:8200
+      bao:
+        image: csatib02/openbao:dev
+        env:
+          SKIP_SETCAP: "true"
+          BAO_ADDR: http://127.0.0.1:8200
+          BAO_TOKEN: 227e1cce-6bf7-30bb-2d2a-acc854318caf
+          BAO_DEV_ROOT_TOKEN_ID: 227e1cce-6bf7-30bb-2d2a-acc854318caf
+        ports:
+          - 8300:8200
 
     steps:
       - name: Checkout repository
@@ -260,7 +269,7 @@ jobs:
         # run: nix develop --impure .#ci -c make test-e2e
         run: nix develop --impure .#ci -c make test-e2e-local
         env:
-          KIND_K8S_VERSION: ${{ matrix.k8s_version }
+          KIND_K8S_VERSION: ${{ matrix.k8s_version }}
           LOAD_IMAGE_ARCHIVE: ${{ github.workspace }}/docker.tar
           # VAULT_VERSION: ${{ matrix.vault_version }}
           WEBHOOK_VERSION: ${{ needs.artifacts.outputs.container-image-tag }}

diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -2,9 +2,23 @@ version: "3.9"
 
 services:
   vault:
-    image: hashicorp/vault:1.14.8
+    container_name: secrets-webhook-vault
+    image: hashicorp/vault:1.14.1
     ports:
       - 127.0.0.1:8200:8200
     environment:
-      SKIP_SETCAP: true
+      SKIP_SETCAP: "true"
+      VAULT_ADDR: http://127.0.0.1:8200
+      VAULT_TOKEN: 227e1cce-6bf7-30bb-2d2a-acc854318caf
       VAULT_DEV_ROOT_TOKEN_ID: 227e1cce-6bf7-30bb-2d2a-acc854318caf
+
+  bao:
+    container_name: secrets-webhook-bao
+    image: csatib02/openbao:dev
+    ports:
+      - 127.0.0.1:8300:8200
+    environment:
+      SKIP_SETCAP: "true"
+      BAO_ADDR: http://127.0.0.1:8200
+      BAO_TOKEN: 227e1cce-6bf7-30bb-2d2a-acc854318caf
+      BAO_DEV_ROOT_TOKEN_ID: 227e1cce-6bf7-30bb-2d2a-acc854318caf
diff --git a/pkg/webhook/vault_client_logger.go → pkg/provider/bao/client_logger.go b/pkg/webhook/vault_client_logger.go → pkg/provider/bao/client_logger.go
@@ -12,41 +12,41 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package webhook
+package bao
 
 import (
 	"log/slog"
 
-	"github.com/bank-vaults/vault-sdk/vault"
+	baosdk "github.com/bank-vaults/vault-sdk/vault"
 )
 
-var _ vault.Logger = &clientLogger{}
+var _ baosdk.Logger = &ClientLogger{}
 
-type clientLogger struct {
-	logger *slog.Logger
+type ClientLogger struct {
+	Logger *slog.Logger
 }
 
-func (l clientLogger) Trace(msg string, args ...map[string]interface{}) {
+func (l ClientLogger) Trace(msg string, args ...map[string]interface{}) {
 	l.Debug(msg, args...)
 }
 
-func (l clientLogger) Debug(msg string, args ...map[string]interface{}) {
-	l.logger.Debug(msg, l.argsToAttrs(args...)...)
+func (l ClientLogger) Debug(msg string, args ...map[string]interface{}) {
+	l.Logger.Debug(msg, l.argsToAttrs(args...)...)
 }
 
-func (l clientLogger) Info(msg string, args ...map[string]interface{}) {
-	l.logger.Info(msg, l.argsToAttrs(args...)...)
+func (l ClientLogger) Info(msg string, args ...map[string]interface{}) {
+	l.Logger.Info(msg, l.argsToAttrs(args...)...)
 }
 
-func (l clientLogger) Warn(msg string, args ...map[string]interface{}) {
-	l.logger.Warn(msg, l.argsToAttrs(args...)...)
+func (l ClientLogger) Warn(msg string, args ...map[string]interface{}) {
+	l.Logger.Warn(msg, l.argsToAttrs(args...)...)
 }
 
-func (l clientLogger) Error(msg string, args ...map[string]interface{}) {
-	l.logger.Error(msg, l.argsToAttrs(args...)...)
+func (l ClientLogger) Error(msg string, args ...map[string]interface{}) {
+	l.Logger.Error(msg, l.argsToAttrs(args...)...)
 }
 
-func (clientLogger) argsToAttrs(args ...map[string]interface{}) []any {
+func (ClientLogger) argsToAttrs(args ...map[string]interface{}) []any {
 	var attrs []any
 
 	for _, arg := range args {

diff --git a/pkg/provider/bao/config.go b/pkg/provider/bao/config.go
@@ -19,7 +19,6 @@ import (
 	"html/template"
 	"log/slog"
 	"strconv"
-
 	"strings"
 	"time"
 
@@ -33,7 +32,27 @@ import (
 	"github.com/bank-vaults/secrets-webhook/pkg/common"
 )
 
-const ProviderName = "bao"
+const (
+	AgentConfig = `
+pid_file = "/tmp/pidfile"
+
+auto_auth {
+        method "kubernetes" {
+                namespace = "%s"
+                mount_path = "auth/%s"
+                config = {
+                        role = "%s"
+                }
+        }
+
+        sink "file" {
+                config = {
+                        path = "/bao/.bao-token"
+                }
+        }
+}`
+	ProviderName = "bao"
+)
 
 type Config struct {
 	ObjectNamespace               string

diff --git a/pkg/provider/vault/client_logger.go b/pkg/provider/vault/client_logger.go
@@ -0,0 +1,59 @@
+// Copyright © 2023 Bank-Vaults Maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package vault
+
+import (
+	"log/slog"
+
+	vaultsdk "github.com/bank-vaults/vault-sdk/vault"
+)
+
+var _ vaultsdk.Logger = &ClientLogger{}
+
+type ClientLogger struct {
+	Logger *slog.Logger
+}
+
+func (l ClientLogger) Trace(msg string, args ...map[string]interface{}) {
+	l.Debug(msg, args...)
+}
+
+func (l ClientLogger) Debug(msg string, args ...map[string]interface{}) {
+	l.Logger.Debug(msg, l.argsToAttrs(args...)...)
+}
+
+func (l ClientLogger) Info(msg string, args ...map[string]interface{}) {
+	l.Logger.Info(msg, l.argsToAttrs(args...)...)
+}
+
+func (l ClientLogger) Warn(msg string, args ...map[string]interface{}) {
+	l.Logger.Warn(msg, l.argsToAttrs(args...)...)
+}
+
+func (l ClientLogger) Error(msg string, args ...map[string]interface{}) {
+	l.Logger.Error(msg, l.argsToAttrs(args...)...)
+}
+
+func (ClientLogger) argsToAttrs(args ...map[string]interface{}) []any {
+	var attrs []any
+
+	for _, arg := range args {
+		for key, value := range arg {
+			attrs = append(attrs, slog.Any(key, value))
+		}
+	}
+
+	return attrs
+}
diff --git a/pkg/provider/vault/config.go b/pkg/provider/vault/config.go
@@ -32,7 +32,27 @@ import (
 	"github.com/bank-vaults/secrets-webhook/pkg/common"
 )
 
-const ProviderName = "vault"
+const (
+	AgentConfig = `
+pid_file = "/tmp/pidfile"
+
+auto_auth {
+        method "kubernetes" {
+                namespace = "%s"
+                mount_path = "auth/%s"
+                config = {
+                        role = "%s"
+                }
+        }
+
+        sink "file" {
+                config = {
+                        path = "/vault/.vault-token"
+                }
+        }
+}`
+	ProviderName = "vault"
+)
 
 type Config struct {
 	ObjectNamespace               string