Basic http server, started working on vault
This commit is contained in:
Sebastien Laithier
parent
3fcfa79273
commit
a6e66b316f
61
Vault/configuration.go
Normal file
61
Vault/configuration.go
Normal file
@ -0,0 +1,61 @@
|
|||||||
|
package Vault
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
"os"
|
||||||
|
vault "github.com/hashicorp/vault/api"
|
||||||
|
auth "github.com/hashicorp/vault/api/auth/approle"
|
||||||
|
)
|
||||||
|
|
||||||
|
// getVarnishList retrieve the list of varnish servers to send PURGE to.
|
||||||
|
// It uses the AppRole authentication method.
|
||||||
|
func getVarnishList() (string, error) {
|
||||||
|
config := vault.DefaultConfig() // modify for more granular configuration
|
||||||
|
|
||||||
|
client, err := vault.NewClient(config)
|
||||||
|
if err != nil {
|
||||||
|
return "", fmt.Errorf("unable to initialize Vault client: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get roleID and secretID from ENV vars
|
||||||
|
roleID := os.Getenv("APPROLE_ROLE_ID")
|
||||||
|
if roleID == "" {
|
||||||
|
return "", fmt.Errorf("no role ID was provided in APPROLE_ROLE_ID env var")
|
||||||
|
}
|
||||||
|
secretID := os.Getenv("APPROLE_SECRET_ID")
|
||||||
|
if secretID == "" {
|
||||||
|
return "", fmt.Errorf("no secret ID was provided in APPROLE_SECRET_ID env var")
|
||||||
|
}
|
||||||
|
|
||||||
|
appRoleAuth, err := auth.NewAppRoleAuth(
|
||||||
|
roleID,
|
||||||
|
secretID,
|
||||||
|
auth.WithWrappingToken(), // Only required if the secret ID is response-wrapped.
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return "", fmt.Errorf("unable to initialize AppRole auth method: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
authInfo, err := client.Auth().Login(context.Background(), appRoleAuth)
|
||||||
|
if err != nil {
|
||||||
|
return "", fmt.Errorf("unable to login to AppRole auth method: %w", err)
|
||||||
|
}
|
||||||
|
if authInfo == nil {
|
||||||
|
return "", fmt.Errorf("no auth info was returned after login")
|
||||||
|
}
|
||||||
|
|
||||||
|
// get secret from the default mount path for KV v2 in dev mode, "secret"
|
||||||
|
secret, err := client.KVv2("app").Get(context.Background(), "http-broadcaster/stg/varnish_list")
|
||||||
|
if err != nil {
|
||||||
|
return "", fmt.Errorf("unable to read secret: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// data map can contain more than one key-value pair,
|
||||||
|
// in this case we're just grabbing one of them
|
||||||
|
value, ok := secret.Data["list"].(string)
|
||||||
|
if !ok {
|
||||||
|
return "", fmt.Errorf("value type assertion failed: %T %#v", secret.Data["list"], secret.Data["list"])
|
||||||
|
}
|
||||||
|
|
||||||
|
return value, nil
|
||||||
|
}
|
||||||
25
main.go
Normal file
25
main.go
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"io"
|
||||||
|
"log"
|
||||||
|
"net/http"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Declaring non-existing HTTP method
|
||||||
|
const (
|
||||||
|
MethodPurge = "PURGE"
|
||||||
|
VaultStgRoleId = ""
|
||||||
|
VaultStgSecretId = ""
|
||||||
|
)
|
||||||
|
|
||||||
|
// PurgeHandler handles PURGE request to broadcast it to all varnish instances
|
||||||
|
func PurgeHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
|
url := r.URL.String()
|
||||||
|
io.WriteString(w, url)
|
||||||
|
}
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
http.HandleFunc("/", PurgeHandler)
|
||||||
|
log.Fatal(http.ListenAndServe(":6081",nil))
|
||||||
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user