Skip to content

Commit

Permalink
Merge pull request #82 from intelops/extsecret
Browse files Browse the repository at this point in the history
Fixing the ext secret issue
  • Loading branch information
vramk23 authored Jun 15, 2024
2 parents 7828cc0 + c18044e commit 7de7422
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 28 deletions.
82 changes: 56 additions & 26 deletions internal/api/vault_secret_api.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,79 +3,109 @@ package api
import (
"context"
"fmt"
"sync"

"sort"

"github.com/intelops/vault-cred/internal/client"
"github.com/intelops/vault-cred/proto/pb/vaultcredpb"
v1 "k8s.io/api/core/v1"
)

var (
kadAppRolePrefix = "capten-approle-"
vaultAddress = "http://vault.%s"
)

type SecretPathProperty struct {
SecretKey string
SecretPath string
Property string
}

func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vaultcredpb.ConfigureVaultSecretRequest) (*vaultcredpb.ConfigureVaultSecretResponse, error) {
v.log.Infof("Configure Vault Secret Request received for secret %s", request.SecretName)

var secretPathProperties []SecretPathProperty

for _, secretPathData := range request.SecretPathData {
secretPathProperties = append(secretPathProperties, SecretPathProperty{
SecretKey: secretPathData.SecretKey,
SecretPath: secretPathData.SecretPath,
Property: secretPathData.Property,
})
}

sort.SliceStable(secretPathProperties, func(i, j int) bool {
if secretPathProperties[i].SecretKey != secretPathProperties[j].SecretKey {
return secretPathProperties[i].SecretKey < secretPathProperties[j].SecretKey
}
if secretPathProperties[i].SecretPath != secretPathProperties[j].SecretPath {
return secretPathProperties[i].SecretPath < secretPathProperties[j].SecretPath
}
return secretPathProperties[i].Property < secretPathProperties[j].Property
})

secretPaths := []string{}
secretPathsData := map[string][]string{}
propertiesData := map[string][]string{}
secretPaths := []string{}

// Populate the secretPathsData and propertiesData maps
for _, secretPathData := range request.SecretPathData {
secretPathsData[secretPathData.SecretKey] = append(secretPathsData[secretPathData.SecretKey], secretPathData.SecretPath)
secretPaths = append(secretPaths, secretPathData.SecretPath)
if secretPathData.Property != "" {
propertiesData[secretPathData.SecretKey] = append(propertiesData[secretPathData.SecretKey], secretPathData.Property)
var mu sync.Mutex
mu.Lock()

for _, spp := range secretPathProperties {
secretPathsData[spp.SecretKey] = append(secretPathsData[spp.SecretKey], spp.SecretPath)
secretPaths = append(secretPaths, spp.SecretPath)
if spp.Property != "" {
propertiesData[spp.SecretKey] = append(propertiesData[spp.SecretKey], spp.Property)
} else {
propertiesData[secretPathData.SecretKey] = append(propertiesData[secretPathData.SecretKey], secretPathData.SecretKey)
propertiesData[spp.SecretKey] = append(propertiesData[spp.SecretKey], spp.SecretKey)
}
}

// Sort the paths and properties to ensure consistent ordering
for key := range secretPathsData {
sort.Strings(secretPathsData[key])
sort.Strings(propertiesData[key])
}
mu.Unlock()

v.log.Infof("Secret Paths Data after sorting and population: %v", secretPathsData)

// Log the sorted maps for debugging purposes
v.log.Debug("Sorted Secret Paths Data", secretPathsData)
v.log.Debug("Sorted Properties Data", propertiesData)
appRoleName := "kad-" + request.SecretName

appRoleName := kadAppRolePrefix + request.SecretName
token, err := v.createAppRoleToken(context.Background(), appRoleName, secretPaths)
if err != nil {
v.log.Errorf("Error creating AppRole token: %v", err)
return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err
}

k8sclient, err := client.NewK8SClient(v.log)
k8sClient, err := client.NewK8SClient(v.log)
if err != nil {
v.log.Errorf("failed to initialize k8s client, %v", err)
v.log.Errorf("Failed to initialize k8s client: %v", err)
return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err
}

cred := map[string][]byte{"token": []byte(token)}

vaultTokenSecretName := "vault-token-" + request.SecretName
err = k8sclient.CreateOrUpdateSecret(ctx, request.Namespace, vaultTokenSecretName, v1.SecretTypeOpaque, cred, nil)

err = k8sClient.CreateOrUpdateSecret(ctx, request.Namespace, vaultTokenSecretName, "Opaque", cred, nil)
if err != nil {
v.log.Errorf("failed to create cluster vault token secret, %v", err)
v.log.Errorf("Failed to create cluster vault token secret: %v", err)
return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err
}

vaultAddressStr := fmt.Sprintf(vaultAddress, request.DomainName)
v.log.Infof("Vault Address string: %s", vaultAddressStr)

secretStoreName := "ext-store-" + request.SecretName
err = k8sclient.CreateOrUpdateSecretStore(ctx, secretStoreName, request.Namespace, vaultAddressStr, vaultTokenSecretName, "token")

err = k8sClient.CreateOrUpdateSecretStore(ctx, secretStoreName, request.Namespace, vaultAddressStr, vaultTokenSecretName, "token")
if err != nil {
v.log.Errorf("failed to create secret store, %v", err)
v.log.Errorf("Failed to create secret store: %v", err)
return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err
}

externalSecretName := "ext-secret-" + request.SecretName
err = k8sclient.CreateOrUpdateExternalSecret(ctx, externalSecretName, request.Namespace, secretStoreName, request.SecretName, "", secretPathsData, propertiesData)

err = k8sClient.CreateOrUpdateExternalSecret(ctx, externalSecretName, request.Namespace, secretStoreName, request.SecretName, "", secretPathsData, propertiesData)
if err != nil {
v.log.Errorf("failed to create vault external secret, %v", err)
v.log.Errorf("Failed to create vault external secret: %v", err)
return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err
}

Expand Down
2 changes: 0 additions & 2 deletions internal/client/external_secret.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,6 @@ import (
"context"
"fmt"



"gopkg.in/yaml.v2"
)

Expand Down

0 comments on commit 7de7422

Please sign in to comment.