Refactoring project, adding BAN handling with X-Cache-Tags
This commit is contained in:
@@ -1,61 +1,48 @@
|
||||
package Vault
|
||||
// Package vault provides functions to retrieve info from Hashicorp Vault
|
||||
package vault
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
vault "github.com/hashicorp/vault/api"
|
||||
auth "github.com/hashicorp/vault/api/auth/approle"
|
||||
"context"
|
||||
"log"
|
||||
"os"
|
||||
|
||||
vault "github.com/hashicorp/vault/api"
|
||||
auth "github.com/hashicorp/vault/api/auth/approle"
|
||||
)
|
||||
|
||||
// getVarnishList retrieve the list of varnish servers to send PURGE to.
|
||||
// InitVaultConnection builds a client connection to vault and return it.
|
||||
// It uses the AppRole authentication method.
|
||||
func getVarnishList() (string, error) {
|
||||
config := vault.DefaultConfig() // modify for more granular configuration
|
||||
|
||||
// APPROLE_ROLEID and APPROLE_SECRETID are fed from environment variables.
|
||||
func InitVaultConnection() *vault.Client {
|
||||
config := vault.DefaultConfig()
|
||||
client, err := vault.NewClient(config)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("unable to initialize Vault client: %w", err)
|
||||
log.Fatal("unable to initialize Vault client: %w", err)
|
||||
return client
|
||||
}
|
||||
|
||||
// Get roleID and secretID from ENV vars
|
||||
roleID := os.Getenv("APPROLE_ROLE_ID")
|
||||
roleID := os.Getenv("APPROLE_ROLEID")
|
||||
if roleID == "" {
|
||||
return "", fmt.Errorf("no role ID was provided in APPROLE_ROLE_ID env var")
|
||||
}
|
||||
secretID := os.Getenv("APPROLE_SECRET_ID")
|
||||
if secretID == "" {
|
||||
return "", fmt.Errorf("no secret ID was provided in APPROLE_SECRET_ID env var")
|
||||
log.Fatal("no role ID was provided in APPROLE_ROLEID env var")
|
||||
return client
|
||||
}
|
||||
secretID := &auth.SecretID{FromEnv: "APPROLE_SECRETID"}
|
||||
|
||||
appRoleAuth, err := auth.NewAppRoleAuth(
|
||||
roleID,
|
||||
secretID,
|
||||
auth.WithWrappingToken(), // Only required if the secret ID is response-wrapped.
|
||||
)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("unable to initialize AppRole auth method: %w", err)
|
||||
log.Fatal("unable to initialize AppRole auth method: %w", err)
|
||||
return client
|
||||
}
|
||||
|
||||
authInfo, err := client.Auth().Login(context.Background(), appRoleAuth)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("unable to login to AppRole auth method: %w", err)
|
||||
log.Fatal("unable to login to AppRole auth method: %w", err)
|
||||
return client
|
||||
}
|
||||
if authInfo == nil {
|
||||
return "", fmt.Errorf("no auth info was returned after login")
|
||||
log.Fatal("no auth info returned after login")
|
||||
return client
|
||||
}
|
||||
|
||||
// get secret from the default mount path for KV v2 in dev mode, "secret"
|
||||
secret, err := client.KVv2("app").Get(context.Background(), "http-broadcaster/stg/varnish_list")
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("unable to read secret: %w", err)
|
||||
}
|
||||
|
||||
// data map can contain more than one key-value pair,
|
||||
// in this case we're just grabbing one of them
|
||||
value, ok := secret.Data["list"].(string)
|
||||
if !ok {
|
||||
return "", fmt.Errorf("value type assertion failed: %T %#v", secret.Data["list"], secret.Data["list"])
|
||||
}
|
||||
|
||||
return value, nil
|
||||
return client
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user