Basic http server, started working on vault

2023-05-09 17:33:13 +02:00 · 2023-05-09 17:33:13 +02:00 · a6e66b316f
commit a6e66b316f
parent 3fcfa79273
3 changed files with 89 additions and 0 deletions
--- a/Vault/configuration.go
+++ b/Vault/configuration.go
@ -0,0 +1,61 @@
+package Vault
+
+import (
+    "fmt"
+    "os"
+    vault "github.com/hashicorp/vault/api"
+    auth "github.com/hashicorp/vault/api/auth/approle"
+)
+
+// getVarnishList retrieve the list of varnish servers to send PURGE to.
+// It uses the AppRole authentication method.
+func getVarnishList() (string, error) {
+	config := vault.DefaultConfig() // modify for more granular configuration
+
+	client, err := vault.NewClient(config)
+	if err != nil {
+		return "", fmt.Errorf("unable to initialize Vault client: %w", err)
+	}
+
+        // Get roleID and secretID from ENV vars
+	roleID := os.Getenv("APPROLE_ROLE_ID")
+	if roleID == "" {
+		return "", fmt.Errorf("no role ID was provided in APPROLE_ROLE_ID env var")
+	}
+	secretID := os.Getenv("APPROLE_SECRET_ID")
+	if secretID == "" {
+		return "", fmt.Errorf("no secret ID was provided in APPROLE_SECRET_ID env var")
+	}
+
+	appRoleAuth, err := auth.NewAppRoleAuth(
+		roleID,
+		secretID,
+		auth.WithWrappingToken(), // Only required if the secret ID is response-wrapped.
+	)
+	if err != nil {
+		return "", fmt.Errorf("unable to initialize AppRole auth method: %w", err)
+	}
+
+	authInfo, err := client.Auth().Login(context.Background(), appRoleAuth)
+	if err != nil {
+		return "", fmt.Errorf("unable to login to AppRole auth method: %w", err)
+	}
+	if authInfo == nil {
+		return "", fmt.Errorf("no auth info was returned after login")
+	}
+
+	// get secret from the default mount path for KV v2 in dev mode, "secret"
+	secret, err := client.KVv2("app").Get(context.Background(), "http-broadcaster/stg/varnish_list")
+	if err != nil {
+		return "", fmt.Errorf("unable to read secret: %w", err)
+	}
+
+	// data map can contain more than one key-value pair,
+	// in this case we're just grabbing one of them
+	value, ok := secret.Data["list"].(string)
+	if !ok {
+		return "", fmt.Errorf("value type assertion failed: %T %#v", secret.Data["list"], secret.Data["list"])
+	}
+
+	return value, nil
+}
--- a/go.mod
+++ b/go.mod
@ -0,0 +1,3 @@
+module http-broadcaster
+
+go 1.13
--- a/main.go
+++ b/main.go
@ -0,0 +1,25 @@
+package main
+
+import (
+    "io"
+    "log"
+    "net/http"
+)
+
+// Declaring non-existing HTTP method
+const (
+    MethodPurge         = "PURGE"
+    VaultStgRoleId      = ""
+    VaultStgSecretId    = ""
+)
+
+// PurgeHandler handles PURGE request to broadcast it to all varnish instances
+func PurgeHandler(w http.ResponseWriter, r *http.Request) {
+    url := r.URL.String()
+    io.WriteString(w, url)
+}
+
+func main() {
+    http.HandleFunc("/", PurgeHandler)
+    log.Fatal(http.ListenAndServe(":6081",nil))
+}