github/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2025-08-17 14:32:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

add vault driver_opts support

Browse Source
This commit is contained in:
Brad Rydzewski 2018-03-08 12:46:39 -08:00
parent 5e557bb2d8
commit a1d1d49852
2 changed files with 33 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
plugins/secrets/vault/vault.go
View File

@ -27,9 +27,16 @@ import (
// //
type vaultConfig struct { type vaultConfig struct {
Secrets map[string]struct { Secrets map[string]struct {
Driver string
DriverOpts struct {
Path string
Key string
} `yaml:"driver_opts"`
// deprecated. do not use.
Vault string
Path string Path string
File string File string
Vault string
} }
} }
@ -78,7 +85,7 @@ func (v *vault) list(repo *model.Repo, build *model.Build) ([]*model.Secret, err
return nil, err return nil, err
} }
for key, val := range out.Secrets { for key, val := range out.Secrets {
var path string var path, field string
switch { switch {
case val.Path != "": case val.Path != "":
path = val.Path path = val.Path
@ -86,6 +93,12 @@ func (v *vault) list(repo *model.Repo, build *model.Build) ([]*model.Secret, err
path = val.File path = val.File
case val.Vault != "": case val.Vault != "":
path = val.Vault path = val.Vault
case val.DriverOpts.Path != "":
path = val.DriverOpts.Path
field = val.DriverOpts.Key
}
if field == "" {
field = "value"
} }
if path == "" { if path == "" {
@ -94,7 +107,7 @@ func (v *vault) list(repo *model.Repo, build *model.Build) ([]*model.Secret, err
logrus.Debugf("vault: read secret: %s", path) logrus.Debugf("vault: read secret: %s", path)
vaultSecret, err := v.get(path) vaultSecret, err := v.get(path, field)
if err != nil { if err != nil {
logrus.Debugf("vault: read secret failed: %s: %s", path, err) logrus.Debugf("vault: read secret failed: %s: %s", path, err)
return nil, err return nil, err
@ -120,7 +133,7 @@ func (v *vault) list(repo *model.Repo, build *model.Build) ([]*model.Secret, err
return secrets, nil return secrets, nil
} }
func (v *vault) get(path string) (*vaultSecret, error) { func (v *vault) get(path, key string) (*vaultSecret, error) {
secret, err := v.client.Logical().Read(path) secret, err := v.client.Logical().Read(path)
if err != nil { if err != nil {
return nil, err return nil, err
@ -128,7 +141,7 @@ func (v *vault) get(path string) (*vaultSecret, error) {
if secret == nil || secret.Data == nil { if secret == nil || secret.Data == nil {
return nil, nil return nil, nil
} }
return parseVaultSecret(secret.Data), nil return parseVaultSecret(secret.Data, key), nil
} }
// start starts the renewal loop. // start starts the renewal loop.
@ -178,10 +191,10 @@ type vaultSecret struct {
Repo []string Repo []string
} }
func parseVaultSecret(data map[string]interface{}) *vaultSecret { func parseVaultSecret(data map[string]interface{}, key string) *vaultSecret {
secret := new(vaultSecret) secret := new(vaultSecret)
if vvalue, ok := data["value"]; ok { if vvalue, ok := data[key]; ok {
if svalue, ok := vvalue.(string); ok { if svalue, ok := vvalue.(string); ok {
secret.Value = svalue secret.Value = svalue
} }

17
plugins/secrets/vault/vault_test.go
View File

@ -34,6 +34,7 @@ func TestVaultGet(t *testing.T) {
_, err = client.Logical().Write("secret/testing/drone/a", map[string]interface{}{ _, err = client.Logical().Write("secret/testing/drone/a", map[string]interface{}{
"value": "hello", "value": "hello",
"fr": "bonjour",
"image": "golang", "image": "golang",
"event": "push,pull_request", "event": "push,pull_request",
"repo": "octocat/hello-world,github/*", "repo": "octocat/hello-world,github/*",
@ -44,17 +45,25 @@ func TestVaultGet(t *testing.T) {
} }
plugin := vault{client: client} plugin := vault{client: client}
secret, err := plugin.get("secret/testing/drone/a") secret, err := plugin.get("secret/testing/drone/a", "value")
if err != nil { if err != nil {
t.Error(err) t.Error(err)
return return
} }
if got, want := secret.Value, "hello"; got != want { if got, want := secret.Value, "hello"; got != want {
t.Errorf("Expect secret value %s, got %s", want, got) t.Errorf("Expect secret value %s, got %s", want, got)
} }
secret, err = plugin.get("secret/testing/drone/404") secret, err = plugin.get("secret/testing/drone/a", "fr")
if err != nil {
t.Error(err)
return
}
if got, want := secret.Value, "bonjour"; got != want {
t.Errorf("Expect secret value %s, got %s", want, got)
}
secret, err = plugin.get("secret/testing/drone/404", "value")
if err != nil { if err != nil {
t.Errorf("Expect silent failure when secret does not exist, got %s", err) t.Errorf("Expect silent failure when secret does not exist, got %s", err)
} }
@ -76,7 +85,7 @@ func TestVaultSecretParse(t *testing.T) {
Image: []string{"plugins/s3", "plugins/ec2"}, Image: []string{"plugins/s3", "plugins/ec2"},
Repo: []string{"octocat/hello-world", "github/*"}, Repo: []string{"octocat/hello-world", "github/*"},
} }
got := parseVaultSecret(data) got := parseVaultSecret(data, "value")
if !reflect.DeepEqual(want, *got) { if !reflect.DeepEqual(want, *got) {
t.Errorf("Failed read Secret.Data") t.Errorf("Failed read Secret.Data")
pretty.Fdiff(os.Stderr, want, got) pretty.Fdiff(os.Stderr, want, got)