From a0eadbf6fe320a6afb23634755d90b90fcebd213 Mon Sep 17 00:00:00 2001 From: ShifnaZarnaz Date: Sat, 8 Jun 2024 16:03:40 +0530 Subject: [PATCH 01/12] Fixing the ext secret issue --- internal/api/vault_secret_api.go | 117 ++++++++++++++++++++++++----- internal/client/external_secret.go | 4 +- 2 files changed, 99 insertions(+), 22 deletions(-) diff --git a/internal/api/vault_secret_api.go b/internal/api/vault_secret_api.go index b9cfc78..f9e9301 100644 --- a/internal/api/vault_secret_api.go +++ b/internal/api/vault_secret_api.go @@ -8,7 +8,6 @@ import ( "github.com/intelops/vault-cred/internal/client" "github.com/intelops/vault-cred/proto/pb/vaultcredpb" - v1 "k8s.io/api/core/v1" ) var ( @@ -16,41 +15,117 @@ var ( vaultAddress = "http://vault.%s" ) +type SecretPathProperty struct { + SecretKey string + SecretPath string + Property string +} + +// func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vaultcredpb.ConfigureVaultSecretRequest) (*vaultcredpb.ConfigureVaultSecretResponse, error) { +// v.log.Infof("Configure Vault Secret Request received for secret %s", request.SecretName) + +// secretPathsData := map[string][]string{} +// propertiesData := map[string][]string{} +// secretPaths := []string{} + +// // Populate the secretPathsData and propertiesData maps +// for _, secretPathData := range request.SecretPathData { +// secretPathsData[secretPathData.SecretKey] = append(secretPathsData[secretPathData.SecretKey], secretPathData.SecretPath) +// secretPaths = append(secretPaths, secretPathData.SecretPath) +// if secretPathData.Property != "" { +// propertiesData[secretPathData.SecretKey] = append(propertiesData[secretPathData.SecretKey], secretPathData.Property) +// } else { +// propertiesData[secretPathData.SecretKey] = append(propertiesData[secretPathData.SecretKey], secretPathData.SecretKey) +// } +// } + +// // Sort the paths and properties to ensure consistent ordering +// for key := range secretPathsData { +// sort.Strings(secretPathsData[key]) +// sort.Strings(propertiesData[key]) +// } + +// // Log the sorted maps for debugging purposes +// v.log.Info("Sorted Secret Paths Data", secretPathsData) +// v.log.Info("Sorted Properties Data", propertiesData) + +// appRoleName := kadAppRolePrefix + request.SecretName +// token, err := v.createAppRoleToken(context.Background(), appRoleName, secretPaths) +// if err != nil { +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err +// } + +// k8sclient, err := client.NewK8SClient(v.log) +// if err != nil { +// v.log.Errorf("failed to initialize k8s client, %v", err) +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err +// } + +// cred := map[string][]byte{"token": []byte(token)} +// vaultTokenSecretName := "vault-token-" + request.SecretName +// err = k8sclient.CreateOrUpdateSecret(ctx, request.Namespace, vaultTokenSecretName, v1.SecretTypeOpaque, cred, nil) +// if err != nil { +// v.log.Errorf("failed to create cluster vault token secret, %v", err) +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err +// } + +// vaultAddressStr := fmt.Sprintf(vaultAddress, request.DomainName) +// secretStoreName := "ext-store-" + request.SecretName +// err = k8sclient.CreateOrUpdateSecretStore(ctx, secretStoreName, request.Namespace, vaultAddressStr, vaultTokenSecretName, "token") +// if err != nil { +// v.log.Errorf("failed to create secret store, %v", err) +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err +// } + +// externalSecretName := "ext-secret-" + request.SecretName +// err = k8sclient.CreateOrUpdateExternalSecret(ctx, externalSecretName, request.Namespace, secretStoreName, request.SecretName, "", secretPathsData, propertiesData) +// if err != nil { +// v.log.Errorf("failed to create vault external secret, %v", err) +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err +// } + +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_OK}, nil +// } + func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vaultcredpb.ConfigureVaultSecretRequest) (*vaultcredpb.ConfigureVaultSecretResponse, error) { v.log.Infof("Configure Vault Secret Request received for secret %s", request.SecretName) + secretPathProperties := []SecretPathProperty{} + + for _, secretPathData := range request.SecretPathData { + secretPathProperties = append(secretPathProperties, SecretPathProperty{ + SecretKey: secretPathData.SecretKey, + SecretPath: secretPathData.SecretPath, + Property: secretPathData.Property, + }) + } + + secretPaths := []string{} secretPathsData := map[string][]string{} propertiesData := map[string][]string{} - secretPaths := []string{} - // Populate the secretPathsData and propertiesData maps - for _, secretPathData := range request.SecretPathData { - secretPathsData[secretPathData.SecretKey] = append(secretPathsData[secretPathData.SecretKey], secretPathData.SecretPath) - secretPaths = append(secretPaths, secretPathData.SecretPath) - if secretPathData.Property != "" { - propertiesData[secretPathData.SecretKey] = append(propertiesData[secretPathData.SecretKey], secretPathData.Property) + for _, spp := range secretPathProperties { + secretPathsData[spp.SecretKey] = append(secretPathsData[spp.SecretKey], spp.SecretPath) + secretPaths = append(secretPaths, spp.SecretPath) + if spp.Property != "" { + propertiesData[spp.SecretKey] = append(propertiesData[spp.SecretKey], spp.Property) } else { - propertiesData[secretPathData.SecretKey] = append(propertiesData[secretPathData.SecretKey], secretPathData.SecretKey) + propertiesData[spp.SecretKey] = append(propertiesData[spp.SecretKey], spp.SecretKey) } } - // Sort the paths and properties to ensure consistent ordering for key := range secretPathsData { sort.Strings(secretPathsData[key]) sort.Strings(propertiesData[key]) } - // Log the sorted maps for debugging purposes - v.log.Debug("Sorted Secret Paths Data", secretPathsData) - v.log.Debug("Sorted Properties Data", propertiesData) - - appRoleName := kadAppRolePrefix + request.SecretName + appRoleName := "kad-" + request.SecretName token, err := v.createAppRoleToken(context.Background(), appRoleName, secretPaths) if err != nil { return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } - k8sclient, err := client.NewK8SClient(v.log) + k8sClient, err := client.NewK8SClient(v.log) if err != nil { v.log.Errorf("failed to initialize k8s client, %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err @@ -58,22 +133,24 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault cred := map[string][]byte{"token": []byte(token)} vaultTokenSecretName := "vault-token-" + request.SecretName - err = k8sclient.CreateOrUpdateSecret(ctx, request.Namespace, vaultTokenSecretName, v1.SecretTypeOpaque, cred, nil) + err = k8sClient.CreateOrUpdateSecret(ctx, request.Namespace, vaultTokenSecretName, "Opaque", cred, nil) if err != nil { v.log.Errorf("failed to create cluster vault token secret, %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } - vaultAddressStr := fmt.Sprintf(vaultAddress, request.DomainName) + vaultAddressStr := fmt.Sprintf("http://%s", request.DomainName) secretStoreName := "ext-store-" + request.SecretName - err = k8sclient.CreateOrUpdateSecretStore(ctx, secretStoreName, request.Namespace, vaultAddressStr, vaultTokenSecretName, "token") + err = k8sClient.CreateOrUpdateSecretStore(ctx, secretStoreName, request.Namespace, vaultAddressStr, vaultTokenSecretName, "token") if err != nil { v.log.Errorf("failed to create secret store, %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } externalSecretName := "ext-secret-" + request.SecretName - err = k8sclient.CreateOrUpdateExternalSecret(ctx, externalSecretName, request.Namespace, secretStoreName, request.SecretName, "", secretPathsData, propertiesData) + v.log.Infof("Sorted Secret Paths Data: %v", secretPathsData) + v.log.Infof("Properties Data: %v", propertiesData) + err = k8sClient.CreateOrUpdateExternalSecret(ctx, externalSecretName, request.Namespace, secretStoreName, request.SecretName, "", secretPathsData, propertiesData) if err != nil { v.log.Errorf("failed to create vault external secret, %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err diff --git a/internal/client/external_secret.go b/internal/client/external_secret.go index 11472f9..8d3129d 100644 --- a/internal/client/external_secret.go +++ b/internal/client/external_secret.go @@ -3,8 +3,7 @@ package client import ( "context" "fmt" - - + "log" "gopkg.in/yaml.v2" ) @@ -166,6 +165,7 @@ func (k *K8SClient) CreateOrUpdateExternalSecret(ctx context.Context, externalSe Data: secretKeysData, }, } + log.Println("Secret Keys Data", secretKeysData) externalSecretData, err := yaml.Marshal(&externalSecret) if err != nil { return From b760d0b765899ae07f8d88da0f88a4bd5ae0df20 Mon Sep 17 00:00:00 2001 From: ShifnaZarnaz Date: Sat, 8 Jun 2024 16:18:38 +0530 Subject: [PATCH 02/12] Fixing the ext secret issue --- internal/api/vault_secret_api.go | 66 ------------------------------ internal/client/external_secret.go | 2 - 2 files changed, 68 deletions(-) diff --git a/internal/api/vault_secret_api.go b/internal/api/vault_secret_api.go index f9e9301..b25378c 100644 --- a/internal/api/vault_secret_api.go +++ b/internal/api/vault_secret_api.go @@ -21,72 +21,6 @@ type SecretPathProperty struct { Property string } -// func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vaultcredpb.ConfigureVaultSecretRequest) (*vaultcredpb.ConfigureVaultSecretResponse, error) { -// v.log.Infof("Configure Vault Secret Request received for secret %s", request.SecretName) - -// secretPathsData := map[string][]string{} -// propertiesData := map[string][]string{} -// secretPaths := []string{} - -// // Populate the secretPathsData and propertiesData maps -// for _, secretPathData := range request.SecretPathData { -// secretPathsData[secretPathData.SecretKey] = append(secretPathsData[secretPathData.SecretKey], secretPathData.SecretPath) -// secretPaths = append(secretPaths, secretPathData.SecretPath) -// if secretPathData.Property != "" { -// propertiesData[secretPathData.SecretKey] = append(propertiesData[secretPathData.SecretKey], secretPathData.Property) -// } else { -// propertiesData[secretPathData.SecretKey] = append(propertiesData[secretPathData.SecretKey], secretPathData.SecretKey) -// } -// } - -// // Sort the paths and properties to ensure consistent ordering -// for key := range secretPathsData { -// sort.Strings(secretPathsData[key]) -// sort.Strings(propertiesData[key]) -// } - -// // Log the sorted maps for debugging purposes -// v.log.Info("Sorted Secret Paths Data", secretPathsData) -// v.log.Info("Sorted Properties Data", propertiesData) - -// appRoleName := kadAppRolePrefix + request.SecretName -// token, err := v.createAppRoleToken(context.Background(), appRoleName, secretPaths) -// if err != nil { -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err -// } - -// k8sclient, err := client.NewK8SClient(v.log) -// if err != nil { -// v.log.Errorf("failed to initialize k8s client, %v", err) -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err -// } - -// cred := map[string][]byte{"token": []byte(token)} -// vaultTokenSecretName := "vault-token-" + request.SecretName -// err = k8sclient.CreateOrUpdateSecret(ctx, request.Namespace, vaultTokenSecretName, v1.SecretTypeOpaque, cred, nil) -// if err != nil { -// v.log.Errorf("failed to create cluster vault token secret, %v", err) -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err -// } - -// vaultAddressStr := fmt.Sprintf(vaultAddress, request.DomainName) -// secretStoreName := "ext-store-" + request.SecretName -// err = k8sclient.CreateOrUpdateSecretStore(ctx, secretStoreName, request.Namespace, vaultAddressStr, vaultTokenSecretName, "token") -// if err != nil { -// v.log.Errorf("failed to create secret store, %v", err) -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err -// } - -// externalSecretName := "ext-secret-" + request.SecretName -// err = k8sclient.CreateOrUpdateExternalSecret(ctx, externalSecretName, request.Namespace, secretStoreName, request.SecretName, "", secretPathsData, propertiesData) -// if err != nil { -// v.log.Errorf("failed to create vault external secret, %v", err) -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err -// } - -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_OK}, nil -// } - func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vaultcredpb.ConfigureVaultSecretRequest) (*vaultcredpb.ConfigureVaultSecretResponse, error) { v.log.Infof("Configure Vault Secret Request received for secret %s", request.SecretName) diff --git a/internal/client/external_secret.go b/internal/client/external_secret.go index 8d3129d..af25229 100644 --- a/internal/client/external_secret.go +++ b/internal/client/external_secret.go @@ -3,7 +3,6 @@ package client import ( "context" "fmt" - "log" "gopkg.in/yaml.v2" ) @@ -165,7 +164,6 @@ func (k *K8SClient) CreateOrUpdateExternalSecret(ctx context.Context, externalSe Data: secretKeysData, }, } - log.Println("Secret Keys Data", secretKeysData) externalSecretData, err := yaml.Marshal(&externalSecret) if err != nil { return From 7e4f7ee54adb5254fcd1f3cf299e5346211c5fe5 Mon Sep 17 00:00:00 2001 From: ShifnaZarnaz Date: Mon, 10 Jun 2024 19:17:30 +0530 Subject: [PATCH 03/12] Debugging to fix secretstore address --- internal/api/vault_secret_api.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/internal/api/vault_secret_api.go b/internal/api/vault_secret_api.go index b25378c..3a77dcf 100644 --- a/internal/api/vault_secret_api.go +++ b/internal/api/vault_secret_api.go @@ -3,6 +3,7 @@ package api import ( "context" "fmt" + "log" "sort" @@ -74,6 +75,7 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault } vaultAddressStr := fmt.Sprintf("http://%s", request.DomainName) + log.Println("Vault Address string", vaultAddressStr) secretStoreName := "ext-store-" + request.SecretName err = k8sClient.CreateOrUpdateSecretStore(ctx, secretStoreName, request.Namespace, vaultAddressStr, vaultTokenSecretName, "token") if err != nil { From 1b85237fe786f96479c8cea49f150483ca9b4b1d Mon Sep 17 00:00:00 2001 From: ShifnaZarnaz Date: Mon, 10 Jun 2024 19:32:24 +0530 Subject: [PATCH 04/12] Solved the url issue --- internal/api/vault_secret_api.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/internal/api/vault_secret_api.go b/internal/api/vault_secret_api.go index 3a77dcf..44b3bc1 100644 --- a/internal/api/vault_secret_api.go +++ b/internal/api/vault_secret_api.go @@ -74,7 +74,8 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } - vaultAddressStr := fmt.Sprintf("http://%s", request.DomainName) + // vaultAddressStr := fmt.Sprintf("http://%s", request.DomainName) + vaultAddressStr := fmt.Sprintf(vaultAddress, request.DomainName) log.Println("Vault Address string", vaultAddressStr) secretStoreName := "ext-store-" + request.SecretName err = k8sClient.CreateOrUpdateSecretStore(ctx, secretStoreName, request.Namespace, vaultAddressStr, vaultTokenSecretName, "token") From b890b84c5d38a6f03891ead7b3d0d74c255b0054 Mon Sep 17 00:00:00 2001 From: ShifnaZarnaz Date: Tue, 11 Jun 2024 13:34:31 +0530 Subject: [PATCH 05/12] Interchange issue fixed --- internal/api/vault_secret_api.go | 115 +++++++++++++++++++++++++++++-- 1 file changed, 109 insertions(+), 6 deletions(-) diff --git a/internal/api/vault_secret_api.go b/internal/api/vault_secret_api.go index 44b3bc1..8db7aba 100644 --- a/internal/api/vault_secret_api.go +++ b/internal/api/vault_secret_api.go @@ -22,11 +22,87 @@ type SecretPathProperty struct { Property string } +// func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vaultcredpb.ConfigureVaultSecretRequest) (*vaultcredpb.ConfigureVaultSecretResponse, error) { +// v.log.Infof("Configure Vault Secret Request received for secret %s", request.SecretName) + +// secretPathProperties := []SecretPathProperty{} + +// for _, secretPathData := range request.SecretPathData { +// secretPathProperties = append(secretPathProperties, SecretPathProperty{ +// SecretKey: secretPathData.SecretKey, +// SecretPath: secretPathData.SecretPath, +// Property: secretPathData.Property, +// }) +// } + +// secretPaths := []string{} +// secretPathsData := map[string][]string{} +// propertiesData := map[string][]string{} + +// for _, spp := range secretPathProperties { +// secretPathsData[spp.SecretKey] = append(secretPathsData[spp.SecretKey], spp.SecretPath) +// secretPaths = append(secretPaths, spp.SecretPath) +// if spp.Property != "" { +// propertiesData[spp.SecretKey] = append(propertiesData[spp.SecretKey], spp.Property) +// } else { +// propertiesData[spp.SecretKey] = append(propertiesData[spp.SecretKey], spp.SecretKey) +// } +// } + +// for key := range secretPathsData { +// sort.Strings(secretPathsData[key]) +// sort.Strings(propertiesData[key]) +// } + +// appRoleName := "kad-" + request.SecretName +// token, err := v.createAppRoleToken(context.Background(), appRoleName, secretPaths) +// if err != nil { +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err +// } + +// k8sClient, err := client.NewK8SClient(v.log) +// if err != nil { +// v.log.Errorf("failed to initialize k8s client, %v", err) +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err +// } + +// cred := map[string][]byte{"token": []byte(token)} +// vaultTokenSecretName := "vault-token-" + request.SecretName +// err = k8sClient.CreateOrUpdateSecret(ctx, request.Namespace, vaultTokenSecretName, "Opaque", cred, nil) +// if err != nil { +// v.log.Errorf("failed to create cluster vault token secret, %v", err) +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err +// } + +// // vaultAddressStr := fmt.Sprintf("http://%s", request.DomainName) +// vaultAddressStr := fmt.Sprintf(vaultAddress, request.DomainName) +// log.Println("Vault Address string", vaultAddressStr) +// secretStoreName := "ext-store-" + request.SecretName +// err = k8sClient.CreateOrUpdateSecretStore(ctx, secretStoreName, request.Namespace, vaultAddressStr, vaultTokenSecretName, "token") +// if err != nil { +// v.log.Errorf("failed to create secret store, %v", err) +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err +// } + +// externalSecretName := "ext-secret-" + request.SecretName +// v.log.Infof("Sorted Secret Paths Data: %v", secretPathsData) +// v.log.Infof("Properties Data: %v", propertiesData) +// err = k8sClient.CreateOrUpdateExternalSecret(ctx, externalSecretName, request.Namespace, secretStoreName, request.SecretName, "", secretPathsData, propertiesData) +// if err != nil { +// v.log.Errorf("failed to create vault external secret, %v", err) +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err +// } + +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_OK}, nil +// } + func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vaultcredpb.ConfigureVaultSecretRequest) (*vaultcredpb.ConfigureVaultSecretResponse, error) { v.log.Infof("Configure Vault Secret Request received for secret %s", request.SecretName) + // Initialize a slice to hold SecretPathProperty structs secretPathProperties := []SecretPathProperty{} + // Populate the secretPathProperties slice with data from the request for _, secretPathData := range request.SecretPathData { secretPathProperties = append(secretPathProperties, SecretPathProperty{ SecretKey: secretPathData.SecretKey, @@ -35,10 +111,23 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault }) } + // Sort the secretPathProperties slice by SecretKey, then by SecretPath, and then by Property + sort.SliceStable(secretPathProperties, func(i, j int) bool { + if secretPathProperties[i].SecretKey != secretPathProperties[j].SecretKey { + return secretPathProperties[i].SecretKey < secretPathProperties[j].SecretKey + } + if secretPathProperties[i].SecretPath != secretPathProperties[j].SecretPath { + return secretPathProperties[i].SecretPath < secretPathProperties[j].SecretPath + } + return secretPathProperties[i].Property < secretPathProperties[j].Property + }) + + // Initialize slices and maps to hold secret paths and properties secretPaths := []string{} secretPathsData := map[string][]string{} propertiesData := map[string][]string{} + // Populate the maps and slice with data from sorted secretPathProperties for _, spp := range secretPathProperties { secretPathsData[spp.SecretKey] = append(secretPathsData[spp.SecretKey], spp.SecretPath) secretPaths = append(secretPaths, spp.SecretPath) @@ -49,49 +138,63 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault } } - for key := range secretPathsData { - sort.Strings(secretPathsData[key]) - sort.Strings(propertiesData[key]) - } - + // Generate an AppRole name using the secret name appRoleName := "kad-" + request.SecretName + + // Create an AppRole token using the secret paths token, err := v.createAppRoleToken(context.Background(), appRoleName, secretPaths) if err != nil { return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } + // Initialize a Kubernetes client k8sClient, err := client.NewK8SClient(v.log) if err != nil { v.log.Errorf("failed to initialize k8s client, %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } + // Create a map to hold the token data cred := map[string][]byte{"token": []byte(token)} + + // Generate a name for the Kubernetes secret to store the Vault token vaultTokenSecretName := "vault-token-" + request.SecretName + + // Create or update the Kubernetes secret with the Vault token err = k8sClient.CreateOrUpdateSecret(ctx, request.Namespace, vaultTokenSecretName, "Opaque", cred, nil) if err != nil { v.log.Errorf("failed to create cluster vault token secret, %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } - // vaultAddressStr := fmt.Sprintf("http://%s", request.DomainName) + // Format the Vault address string using the domain name from the request vaultAddressStr := fmt.Sprintf(vaultAddress, request.DomainName) log.Println("Vault Address string", vaultAddressStr) + + // Generate a name for the SecretStore secretStoreName := "ext-store-" + request.SecretName + + // Create or update the SecretStore in Kubernetes err = k8sClient.CreateOrUpdateSecretStore(ctx, secretStoreName, request.Namespace, vaultAddressStr, vaultTokenSecretName, "token") if err != nil { v.log.Errorf("failed to create secret store, %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } + // Generate a name for the ExternalSecret externalSecretName := "ext-secret-" + request.SecretName + + // Log the sorted secret paths and properties for debugging v.log.Infof("Sorted Secret Paths Data: %v", secretPathsData) v.log.Infof("Properties Data: %v", propertiesData) + + // Create or update the ExternalSecret in Kubernetes using the sorted data err = k8sClient.CreateOrUpdateExternalSecret(ctx, externalSecretName, request.Namespace, secretStoreName, request.SecretName, "", secretPathsData, propertiesData) if err != nil { v.log.Errorf("failed to create vault external secret, %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } + // Return a successful response return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_OK}, nil } From 2e331dd0abcccd5633cb61a045285f87f17d701f Mon Sep 17 00:00:00 2001 From: ShifnaZarnaz Date: Tue, 11 Jun 2024 17:36:07 +0530 Subject: [PATCH 06/12] Interchange issue is fixed --- internal/api/vault_secret_api.go | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/internal/api/vault_secret_api.go b/internal/api/vault_secret_api.go index 8db7aba..2fcb6e8 100644 --- a/internal/api/vault_secret_api.go +++ b/internal/api/vault_secret_api.go @@ -3,7 +3,6 @@ package api import ( "context" "fmt" - "log" "sort" @@ -111,6 +110,9 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault }) } + // Log initial secret path properties + v.log.Infof("Initial Secret Path Properties: %v", secretPathProperties) + // Sort the secretPathProperties slice by SecretKey, then by SecretPath, and then by Property sort.SliceStable(secretPathProperties, func(i, j int) bool { if secretPathProperties[i].SecretKey != secretPathProperties[j].SecretKey { @@ -122,6 +124,9 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault return secretPathProperties[i].Property < secretPathProperties[j].Property }) + // Log sorted secret path properties + v.log.Infof("Sorted Secret Path Properties: %v", secretPathProperties) + // Initialize slices and maps to hold secret paths and properties secretPaths := []string{} secretPathsData := map[string][]string{} @@ -138,19 +143,24 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault } } + // Log secret paths data and properties data after sorting and population + v.log.Infof("Secret Paths Data after sorting and population: %v", secretPathsData) + v.log.Infof("Properties Data after sorting and population: %v", propertiesData) + // Generate an AppRole name using the secret name appRoleName := "kad-" + request.SecretName // Create an AppRole token using the secret paths token, err := v.createAppRoleToken(context.Background(), appRoleName, secretPaths) if err != nil { + v.log.Errorf("Error creating AppRole token: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } // Initialize a Kubernetes client k8sClient, err := client.NewK8SClient(v.log) if err != nil { - v.log.Errorf("failed to initialize k8s client, %v", err) + v.log.Errorf("Failed to initialize k8s client: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } @@ -163,13 +173,13 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault // Create or update the Kubernetes secret with the Vault token err = k8sClient.CreateOrUpdateSecret(ctx, request.Namespace, vaultTokenSecretName, "Opaque", cred, nil) if err != nil { - v.log.Errorf("failed to create cluster vault token secret, %v", err) + v.log.Errorf("Failed to create cluster vault token secret: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } // Format the Vault address string using the domain name from the request vaultAddressStr := fmt.Sprintf(vaultAddress, request.DomainName) - log.Println("Vault Address string", vaultAddressStr) + v.log.Infof("Vault Address string: %s", vaultAddressStr) // Generate a name for the SecretStore secretStoreName := "ext-store-" + request.SecretName @@ -177,7 +187,7 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault // Create or update the SecretStore in Kubernetes err = k8sClient.CreateOrUpdateSecretStore(ctx, secretStoreName, request.Namespace, vaultAddressStr, vaultTokenSecretName, "token") if err != nil { - v.log.Errorf("failed to create secret store, %v", err) + v.log.Errorf("Failed to create secret store: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } @@ -185,13 +195,13 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault externalSecretName := "ext-secret-" + request.SecretName // Log the sorted secret paths and properties for debugging - v.log.Infof("Sorted Secret Paths Data: %v", secretPathsData) - v.log.Infof("Properties Data: %v", propertiesData) + v.log.Infof("Final Secret Paths Data: %v", secretPathsData) + v.log.Infof("Final Properties Data: %v", propertiesData) // Create or update the ExternalSecret in Kubernetes using the sorted data err = k8sClient.CreateOrUpdateExternalSecret(ctx, externalSecretName, request.Namespace, secretStoreName, request.SecretName, "", secretPathsData, propertiesData) if err != nil { - v.log.Errorf("failed to create vault external secret, %v", err) + v.log.Errorf("Failed to create vault external secret: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } From ba5688a8245572e8fe87eacbaa7a50bfd7d74146 Mon Sep 17 00:00:00 2001 From: ShifnaZarnaz Date: Tue, 11 Jun 2024 19:58:05 +0530 Subject: [PATCH 07/12] Interchange issue fixed --- internal/api/vault_secret_api.go | 106 +------------------------------ 1 file changed, 1 insertion(+), 105 deletions(-) diff --git a/internal/api/vault_secret_api.go b/internal/api/vault_secret_api.go index 2fcb6e8..42ce78b 100644 --- a/internal/api/vault_secret_api.go +++ b/internal/api/vault_secret_api.go @@ -21,87 +21,11 @@ type SecretPathProperty struct { Property string } -// func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vaultcredpb.ConfigureVaultSecretRequest) (*vaultcredpb.ConfigureVaultSecretResponse, error) { -// v.log.Infof("Configure Vault Secret Request received for secret %s", request.SecretName) - -// secretPathProperties := []SecretPathProperty{} - -// for _, secretPathData := range request.SecretPathData { -// secretPathProperties = append(secretPathProperties, SecretPathProperty{ -// SecretKey: secretPathData.SecretKey, -// SecretPath: secretPathData.SecretPath, -// Property: secretPathData.Property, -// }) -// } - -// secretPaths := []string{} -// secretPathsData := map[string][]string{} -// propertiesData := map[string][]string{} - -// for _, spp := range secretPathProperties { -// secretPathsData[spp.SecretKey] = append(secretPathsData[spp.SecretKey], spp.SecretPath) -// secretPaths = append(secretPaths, spp.SecretPath) -// if spp.Property != "" { -// propertiesData[spp.SecretKey] = append(propertiesData[spp.SecretKey], spp.Property) -// } else { -// propertiesData[spp.SecretKey] = append(propertiesData[spp.SecretKey], spp.SecretKey) -// } -// } - -// for key := range secretPathsData { -// sort.Strings(secretPathsData[key]) -// sort.Strings(propertiesData[key]) -// } - -// appRoleName := "kad-" + request.SecretName -// token, err := v.createAppRoleToken(context.Background(), appRoleName, secretPaths) -// if err != nil { -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err -// } - -// k8sClient, err := client.NewK8SClient(v.log) -// if err != nil { -// v.log.Errorf("failed to initialize k8s client, %v", err) -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err -// } - -// cred := map[string][]byte{"token": []byte(token)} -// vaultTokenSecretName := "vault-token-" + request.SecretName -// err = k8sClient.CreateOrUpdateSecret(ctx, request.Namespace, vaultTokenSecretName, "Opaque", cred, nil) -// if err != nil { -// v.log.Errorf("failed to create cluster vault token secret, %v", err) -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err -// } - -// // vaultAddressStr := fmt.Sprintf("http://%s", request.DomainName) -// vaultAddressStr := fmt.Sprintf(vaultAddress, request.DomainName) -// log.Println("Vault Address string", vaultAddressStr) -// secretStoreName := "ext-store-" + request.SecretName -// err = k8sClient.CreateOrUpdateSecretStore(ctx, secretStoreName, request.Namespace, vaultAddressStr, vaultTokenSecretName, "token") -// if err != nil { -// v.log.Errorf("failed to create secret store, %v", err) -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err -// } - -// externalSecretName := "ext-secret-" + request.SecretName -// v.log.Infof("Sorted Secret Paths Data: %v", secretPathsData) -// v.log.Infof("Properties Data: %v", propertiesData) -// err = k8sClient.CreateOrUpdateExternalSecret(ctx, externalSecretName, request.Namespace, secretStoreName, request.SecretName, "", secretPathsData, propertiesData) -// if err != nil { -// v.log.Errorf("failed to create vault external secret, %v", err) -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err -// } - -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_OK}, nil -// } - func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vaultcredpb.ConfigureVaultSecretRequest) (*vaultcredpb.ConfigureVaultSecretResponse, error) { v.log.Infof("Configure Vault Secret Request received for secret %s", request.SecretName) - // Initialize a slice to hold SecretPathProperty structs secretPathProperties := []SecretPathProperty{} - // Populate the secretPathProperties slice with data from the request for _, secretPathData := range request.SecretPathData { secretPathProperties = append(secretPathProperties, SecretPathProperty{ SecretKey: secretPathData.SecretKey, @@ -110,10 +34,6 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault }) } - // Log initial secret path properties - v.log.Infof("Initial Secret Path Properties: %v", secretPathProperties) - - // Sort the secretPathProperties slice by SecretKey, then by SecretPath, and then by Property sort.SliceStable(secretPathProperties, func(i, j int) bool { if secretPathProperties[i].SecretKey != secretPathProperties[j].SecretKey { return secretPathProperties[i].SecretKey < secretPathProperties[j].SecretKey @@ -124,15 +44,10 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault return secretPathProperties[i].Property < secretPathProperties[j].Property }) - // Log sorted secret path properties - v.log.Infof("Sorted Secret Path Properties: %v", secretPathProperties) - - // Initialize slices and maps to hold secret paths and properties secretPaths := []string{} secretPathsData := map[string][]string{} propertiesData := map[string][]string{} - // Populate the maps and slice with data from sorted secretPathProperties for _, spp := range secretPathProperties { secretPathsData[spp.SecretKey] = append(secretPathsData[spp.SecretKey], spp.SecretPath) secretPaths = append(secretPaths, spp.SecretPath) @@ -143,68 +58,49 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault } } - // Log secret paths data and properties data after sorting and population - v.log.Infof("Secret Paths Data after sorting and population: %v", secretPathsData) - v.log.Infof("Properties Data after sorting and population: %v", propertiesData) - - // Generate an AppRole name using the secret name appRoleName := "kad-" + request.SecretName - // Create an AppRole token using the secret paths token, err := v.createAppRoleToken(context.Background(), appRoleName, secretPaths) if err != nil { v.log.Errorf("Error creating AppRole token: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } - // Initialize a Kubernetes client k8sClient, err := client.NewK8SClient(v.log) if err != nil { v.log.Errorf("Failed to initialize k8s client: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } - // Create a map to hold the token data cred := map[string][]byte{"token": []byte(token)} - // Generate a name for the Kubernetes secret to store the Vault token vaultTokenSecretName := "vault-token-" + request.SecretName - // Create or update the Kubernetes secret with the Vault token err = k8sClient.CreateOrUpdateSecret(ctx, request.Namespace, vaultTokenSecretName, "Opaque", cred, nil) if err != nil { v.log.Errorf("Failed to create cluster vault token secret: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } - // Format the Vault address string using the domain name from the request vaultAddressStr := fmt.Sprintf(vaultAddress, request.DomainName) - v.log.Infof("Vault Address string: %s", vaultAddressStr) - // Generate a name for the SecretStore secretStoreName := "ext-store-" + request.SecretName - // Create or update the SecretStore in Kubernetes err = k8sClient.CreateOrUpdateSecretStore(ctx, secretStoreName, request.Namespace, vaultAddressStr, vaultTokenSecretName, "token") if err != nil { v.log.Errorf("Failed to create secret store: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } - // Generate a name for the ExternalSecret externalSecretName := "ext-secret-" + request.SecretName - // Log the sorted secret paths and properties for debugging - v.log.Infof("Final Secret Paths Data: %v", secretPathsData) - v.log.Infof("Final Properties Data: %v", propertiesData) + v.log.Infof("Secret Paths Data: %v", secretPathsData) - // Create or update the ExternalSecret in Kubernetes using the sorted data err = k8sClient.CreateOrUpdateExternalSecret(ctx, externalSecretName, request.Namespace, secretStoreName, request.SecretName, "", secretPathsData, propertiesData) if err != nil { v.log.Errorf("Failed to create vault external secret: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } - // Return a successful response return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_OK}, nil } From d2447fc3bc2318616d655addb81362877d26dcd3 Mon Sep 17 00:00:00 2001 From: ShifnaZarnaz Date: Wed, 12 Jun 2024 20:29:01 +0530 Subject: [PATCH 08/12] Fixing the interchange issue --- internal/api/vault_secret_api.go | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/internal/api/vault_secret_api.go b/internal/api/vault_secret_api.go index 42ce78b..73a2d8a 100644 --- a/internal/api/vault_secret_api.go +++ b/internal/api/vault_secret_api.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - "sort" + // "sort" "github.com/intelops/vault-cred/internal/client" "github.com/intelops/vault-cred/proto/pb/vaultcredpb" @@ -34,15 +34,15 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault }) } - sort.SliceStable(secretPathProperties, func(i, j int) bool { - if secretPathProperties[i].SecretKey != secretPathProperties[j].SecretKey { - return secretPathProperties[i].SecretKey < secretPathProperties[j].SecretKey - } - if secretPathProperties[i].SecretPath != secretPathProperties[j].SecretPath { - return secretPathProperties[i].SecretPath < secretPathProperties[j].SecretPath - } - return secretPathProperties[i].Property < secretPathProperties[j].Property - }) + // sort.SliceStable(secretPathProperties, func(i, j int) bool { + // if secretPathProperties[i].SecretKey != secretPathProperties[j].SecretKey { + // return secretPathProperties[i].SecretKey < secretPathProperties[j].SecretKey + // } + // if secretPathProperties[i].SecretPath != secretPathProperties[j].SecretPath { + // return secretPathProperties[i].SecretPath < secretPathProperties[j].SecretPath + // } + // return secretPathProperties[i].Property < secretPathProperties[j].Property + // }) secretPaths := []string{} secretPathsData := map[string][]string{} @@ -57,6 +57,8 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault propertiesData[spp.SecretKey] = append(propertiesData[spp.SecretKey], spp.SecretKey) } } + v.log.Info("Properties Data", propertiesData) + v.log.Infof("Secret Paths Data: %v", secretPathsData) appRoleName := "kad-" + request.SecretName @@ -94,8 +96,6 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault externalSecretName := "ext-secret-" + request.SecretName - v.log.Infof("Secret Paths Data: %v", secretPathsData) - err = k8sClient.CreateOrUpdateExternalSecret(ctx, externalSecretName, request.Namespace, secretStoreName, request.SecretName, "", secretPathsData, propertiesData) if err != nil { v.log.Errorf("Failed to create vault external secret: %v", err) From 542caa2e5b9f94b63baa373644d5088302e8a156 Mon Sep 17 00:00:00 2001 From: ShifnaZarnaz Date: Wed, 12 Jun 2024 20:47:06 +0530 Subject: [PATCH 09/12] Fixing the interchange issue --- internal/api/vault_secret_api.go | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/internal/api/vault_secret_api.go b/internal/api/vault_secret_api.go index 73a2d8a..2faf54c 100644 --- a/internal/api/vault_secret_api.go +++ b/internal/api/vault_secret_api.go @@ -24,9 +24,13 @@ type SecretPathProperty struct { func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vaultcredpb.ConfigureVaultSecretRequest) (*vaultcredpb.ConfigureVaultSecretResponse, error) { v.log.Infof("Configure Vault Secret Request received for secret %s", request.SecretName) + // Copy the request.SecretPathData to an immutable slice + immutableSecretPathData := make([]*vaultcredpb.SecretPathRef, len(request.SecretPathData)) + copy(immutableSecretPathData, request.SecretPathData) + secretPathProperties := []SecretPathProperty{} - for _, secretPathData := range request.SecretPathData { + for _, secretPathData := range immutableSecretPathData { secretPathProperties = append(secretPathProperties, SecretPathProperty{ SecretKey: secretPathData.SecretKey, SecretPath: secretPathData.SecretPath, @@ -34,16 +38,6 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault }) } - // sort.SliceStable(secretPathProperties, func(i, j int) bool { - // if secretPathProperties[i].SecretKey != secretPathProperties[j].SecretKey { - // return secretPathProperties[i].SecretKey < secretPathProperties[j].SecretKey - // } - // if secretPathProperties[i].SecretPath != secretPathProperties[j].SecretPath { - // return secretPathProperties[i].SecretPath < secretPathProperties[j].SecretPath - // } - // return secretPathProperties[i].Property < secretPathProperties[j].Property - // }) - secretPaths := []string{} secretPathsData := map[string][]string{} propertiesData := map[string][]string{} @@ -57,7 +51,7 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault propertiesData[spp.SecretKey] = append(propertiesData[spp.SecretKey], spp.SecretKey) } } - v.log.Info("Properties Data", propertiesData) + v.log.Infof("Properties Data: %v", propertiesData) v.log.Infof("Secret Paths Data: %v", secretPathsData) appRoleName := "kad-" + request.SecretName From bf0c6b9e78a890f44ebfdd65ca30050e429131d6 Mon Sep 17 00:00:00 2001 From: ShifnaZarnaz Date: Wed, 12 Jun 2024 21:01:52 +0530 Subject: [PATCH 10/12] Fixing the interchange issue --- internal/api/vault_secret_api.go | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/internal/api/vault_secret_api.go b/internal/api/vault_secret_api.go index 2faf54c..86c0bb6 100644 --- a/internal/api/vault_secret_api.go +++ b/internal/api/vault_secret_api.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - // "sort" + "sort" "github.com/intelops/vault-cred/internal/client" "github.com/intelops/vault-cred/proto/pb/vaultcredpb" @@ -24,13 +24,9 @@ type SecretPathProperty struct { func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vaultcredpb.ConfigureVaultSecretRequest) (*vaultcredpb.ConfigureVaultSecretResponse, error) { v.log.Infof("Configure Vault Secret Request received for secret %s", request.SecretName) - // Copy the request.SecretPathData to an immutable slice - immutableSecretPathData := make([]*vaultcredpb.SecretPathRef, len(request.SecretPathData)) - copy(immutableSecretPathData, request.SecretPathData) - secretPathProperties := []SecretPathProperty{} - for _, secretPathData := range immutableSecretPathData { + for _, secretPathData := range request.SecretPathData { secretPathProperties = append(secretPathProperties, SecretPathProperty{ SecretKey: secretPathData.SecretKey, SecretPath: secretPathData.SecretPath, @@ -38,10 +34,22 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault }) } + sort.SliceStable(secretPathProperties, func(i, j int) bool { + if secretPathProperties[i].SecretKey != secretPathProperties[j].SecretKey { + return secretPathProperties[i].SecretKey < secretPathProperties[j].SecretKey + } + if secretPathProperties[i].SecretPath != secretPathProperties[j].SecretPath { + return secretPathProperties[i].SecretPath < secretPathProperties[j].SecretPath + } + return secretPathProperties[i].Property < secretPathProperties[j].Property + }) + secretPaths := []string{} secretPathsData := map[string][]string{} propertiesData := map[string][]string{} + v.log.Info("Secret Path Properties", secretPathProperties) + for _, spp := range secretPathProperties { secretPathsData[spp.SecretKey] = append(secretPathsData[spp.SecretKey], spp.SecretPath) secretPaths = append(secretPaths, spp.SecretPath) @@ -51,7 +59,7 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault propertiesData[spp.SecretKey] = append(propertiesData[spp.SecretKey], spp.SecretKey) } } - v.log.Infof("Properties Data: %v", propertiesData) + v.log.Info("Properties Data", propertiesData) v.log.Infof("Secret Paths Data: %v", secretPathsData) appRoleName := "kad-" + request.SecretName From f8261f63dc60de4c45d8c3b74cc117ad05f4f0c4 Mon Sep 17 00:00:00 2001 From: ShifnaZarnaz Date: Wed, 12 Jun 2024 21:17:17 +0530 Subject: [PATCH 11/12] Fixing the interchange issue --- internal/api/vault_secret_api.go | 130 ++++++++++++++++++++++++++++++- 1 file changed, 126 insertions(+), 4 deletions(-) diff --git a/internal/api/vault_secret_api.go b/internal/api/vault_secret_api.go index 86c0bb6..7ff024a 100644 --- a/internal/api/vault_secret_api.go +++ b/internal/api/vault_secret_api.go @@ -3,6 +3,7 @@ package api import ( "context" "fmt" + "sync" "sort" @@ -21,11 +22,99 @@ type SecretPathProperty struct { Property string } +// func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vaultcredpb.ConfigureVaultSecretRequest) (*vaultcredpb.ConfigureVaultSecretResponse, error) { +// v.log.Infof("Configure Vault Secret Request received for secret %s", request.SecretName) + +// secretPathProperties := []SecretPathProperty{} + +// for _, secretPathData := range request.SecretPathData { +// secretPathProperties = append(secretPathProperties, SecretPathProperty{ +// SecretKey: secretPathData.SecretKey, +// SecretPath: secretPathData.SecretPath, +// Property: secretPathData.Property, +// }) +// } + +// sort.SliceStable(secretPathProperties, func(i, j int) bool { +// if secretPathProperties[i].SecretKey != secretPathProperties[j].SecretKey { +// return secretPathProperties[i].SecretKey < secretPathProperties[j].SecretKey +// } +// if secretPathProperties[i].SecretPath != secretPathProperties[j].SecretPath { +// return secretPathProperties[i].SecretPath < secretPathProperties[j].SecretPath +// } +// return secretPathProperties[i].Property < secretPathProperties[j].Property +// }) + +// secretPaths := []string{} +// secretPathsData := map[string][]string{} +// propertiesData := map[string][]string{} + +// v.log.Info("Secret Path Properties", secretPathProperties) + +// for _, spp := range secretPathProperties { +// secretPathsData[spp.SecretKey] = append(secretPathsData[spp.SecretKey], spp.SecretPath) +// secretPaths = append(secretPaths, spp.SecretPath) +// if spp.Property != "" { +// propertiesData[spp.SecretKey] = append(propertiesData[spp.SecretKey], spp.Property) +// } else { +// propertiesData[spp.SecretKey] = append(propertiesData[spp.SecretKey], spp.SecretKey) +// } +// } +// v.log.Info("Properties Data", propertiesData) +// v.log.Infof("Secret Paths Data: %v", secretPathsData) + +// appRoleName := "kad-" + request.SecretName + +// token, err := v.createAppRoleToken(context.Background(), appRoleName, secretPaths) +// if err != nil { +// v.log.Errorf("Error creating AppRole token: %v", err) +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err +// } + +// k8sClient, err := client.NewK8SClient(v.log) +// if err != nil { +// v.log.Errorf("Failed to initialize k8s client: %v", err) +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err +// } + +// cred := map[string][]byte{"token": []byte(token)} + +// vaultTokenSecretName := "vault-token-" + request.SecretName + +// err = k8sClient.CreateOrUpdateSecret(ctx, request.Namespace, vaultTokenSecretName, "Opaque", cred, nil) +// if err != nil { +// v.log.Errorf("Failed to create cluster vault token secret: %v", err) +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err +// } + +// vaultAddressStr := fmt.Sprintf(vaultAddress, request.DomainName) + +// secretStoreName := "ext-store-" + request.SecretName + +// err = k8sClient.CreateOrUpdateSecretStore(ctx, secretStoreName, request.Namespace, vaultAddressStr, vaultTokenSecretName, "token") +// if err != nil { +// v.log.Errorf("Failed to create secret store: %v", err) +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err +// } + +// externalSecretName := "ext-secret-" + request.SecretName + +// err = k8sClient.CreateOrUpdateExternalSecret(ctx, externalSecretName, request.Namespace, secretStoreName, request.SecretName, "", secretPathsData, propertiesData) +// if err != nil { +// v.log.Errorf("Failed to create vault external secret: %v", err) +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err +// } + +// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_OK}, nil +// } + func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vaultcredpb.ConfigureVaultSecretRequest) (*vaultcredpb.ConfigureVaultSecretResponse, error) { v.log.Infof("Configure Vault Secret Request received for secret %s", request.SecretName) - secretPathProperties := []SecretPathProperty{} + // Initialize a slice to hold SecretPathProperty structs + var secretPathProperties []SecretPathProperty + // Deep copy request.SecretPathData to avoid any unintended changes for _, secretPathData := range request.SecretPathData { secretPathProperties = append(secretPathProperties, SecretPathProperty{ SecretKey: secretPathData.SecretKey, @@ -34,6 +123,10 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault }) } + // Log initial secret path properties + v.log.Infof("Initial Secret Path Properties: %v", secretPathProperties) + + // Sort the secretPathProperties slice by SecretKey, then by SecretPath, and then by Property sort.SliceStable(secretPathProperties, func(i, j int) bool { if secretPathProperties[i].SecretKey != secretPathProperties[j].SecretKey { return secretPathProperties[i].SecretKey < secretPathProperties[j].SecretKey @@ -44,12 +137,19 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault return secretPathProperties[i].Property < secretPathProperties[j].Property }) + // Log sorted secret path properties + v.log.Infof("Sorted Secret Path Properties: %v", secretPathProperties) + + // Initialize slices and maps to hold secret paths and properties secretPaths := []string{} secretPathsData := map[string][]string{} propertiesData := map[string][]string{} - v.log.Info("Secret Path Properties", secretPathProperties) + // Use a mutex to ensure thread safety + var mu sync.Mutex + mu.Lock() + // Populate the maps and slice with data from sorted secretPathProperties for _, spp := range secretPathProperties { secretPathsData[spp.SecretKey] = append(secretPathsData[spp.SecretKey], spp.SecretPath) secretPaths = append(secretPaths, spp.SecretPath) @@ -59,50 +159,72 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault propertiesData[spp.SecretKey] = append(propertiesData[spp.SecretKey], spp.SecretKey) } } - v.log.Info("Properties Data", propertiesData) - v.log.Infof("Secret Paths Data: %v", secretPathsData) + // Unlock the mutex + mu.Unlock() + + // Log secret paths data and properties data after sorting and population + v.log.Infof("Secret Paths Data after sorting and population: %v", secretPathsData) + v.log.Infof("Properties Data after sorting and population: %v", propertiesData) + + // Generate an AppRole name using the secret name appRoleName := "kad-" + request.SecretName + // Create an AppRole token using the secret paths token, err := v.createAppRoleToken(context.Background(), appRoleName, secretPaths) if err != nil { v.log.Errorf("Error creating AppRole token: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } + // Initialize a Kubernetes client k8sClient, err := client.NewK8SClient(v.log) if err != nil { v.log.Errorf("Failed to initialize k8s client: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } + // Create a map to hold the token data cred := map[string][]byte{"token": []byte(token)} + // Generate a name for the Kubernetes secret to store the Vault token vaultTokenSecretName := "vault-token-" + request.SecretName + // Create or update the Kubernetes secret with the Vault token err = k8sClient.CreateOrUpdateSecret(ctx, request.Namespace, vaultTokenSecretName, "Opaque", cred, nil) if err != nil { v.log.Errorf("Failed to create cluster vault token secret: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } + // Format the Vault address string using the domain name from the request vaultAddressStr := fmt.Sprintf(vaultAddress, request.DomainName) + v.log.Infof("Vault Address string: %s", vaultAddressStr) + // Generate a name for the SecretStore secretStoreName := "ext-store-" + request.SecretName + // Create or update the SecretStore in Kubernetes err = k8sClient.CreateOrUpdateSecretStore(ctx, secretStoreName, request.Namespace, vaultAddressStr, vaultTokenSecretName, "token") if err != nil { v.log.Errorf("Failed to create secret store: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } + // Generate a name for the ExternalSecret externalSecretName := "ext-secret-" + request.SecretName + // Log the sorted secret paths and properties for debugging + v.log.Infof("Final Secret Paths Data: %v", secretPathsData) + v.log.Infof("Final Properties Data: %v", propertiesData) + + // Create or update the ExternalSecret in Kubernetes using the sorted data err = k8sClient.CreateOrUpdateExternalSecret(ctx, externalSecretName, request.Namespace, secretStoreName, request.SecretName, "", secretPathsData, propertiesData) if err != nil { v.log.Errorf("Failed to create vault external secret: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } + // Return a successful response return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_OK}, nil } From c18044e7a95c20b8164773ae32727440d77497f4 Mon Sep 17 00:00:00 2001 From: ShifnaZarnaz Date: Thu, 13 Jun 2024 20:22:46 +0530 Subject: [PATCH 12/12] Fixing the postgres interchange issue --- internal/api/vault_secret_api.go | 117 ------------------------------- 1 file changed, 117 deletions(-) diff --git a/internal/api/vault_secret_api.go b/internal/api/vault_secret_api.go index 7ff024a..45106ff 100644 --- a/internal/api/vault_secret_api.go +++ b/internal/api/vault_secret_api.go @@ -22,99 +22,11 @@ type SecretPathProperty struct { Property string } -// func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vaultcredpb.ConfigureVaultSecretRequest) (*vaultcredpb.ConfigureVaultSecretResponse, error) { -// v.log.Infof("Configure Vault Secret Request received for secret %s", request.SecretName) - -// secretPathProperties := []SecretPathProperty{} - -// for _, secretPathData := range request.SecretPathData { -// secretPathProperties = append(secretPathProperties, SecretPathProperty{ -// SecretKey: secretPathData.SecretKey, -// SecretPath: secretPathData.SecretPath, -// Property: secretPathData.Property, -// }) -// } - -// sort.SliceStable(secretPathProperties, func(i, j int) bool { -// if secretPathProperties[i].SecretKey != secretPathProperties[j].SecretKey { -// return secretPathProperties[i].SecretKey < secretPathProperties[j].SecretKey -// } -// if secretPathProperties[i].SecretPath != secretPathProperties[j].SecretPath { -// return secretPathProperties[i].SecretPath < secretPathProperties[j].SecretPath -// } -// return secretPathProperties[i].Property < secretPathProperties[j].Property -// }) - -// secretPaths := []string{} -// secretPathsData := map[string][]string{} -// propertiesData := map[string][]string{} - -// v.log.Info("Secret Path Properties", secretPathProperties) - -// for _, spp := range secretPathProperties { -// secretPathsData[spp.SecretKey] = append(secretPathsData[spp.SecretKey], spp.SecretPath) -// secretPaths = append(secretPaths, spp.SecretPath) -// if spp.Property != "" { -// propertiesData[spp.SecretKey] = append(propertiesData[spp.SecretKey], spp.Property) -// } else { -// propertiesData[spp.SecretKey] = append(propertiesData[spp.SecretKey], spp.SecretKey) -// } -// } -// v.log.Info("Properties Data", propertiesData) -// v.log.Infof("Secret Paths Data: %v", secretPathsData) - -// appRoleName := "kad-" + request.SecretName - -// token, err := v.createAppRoleToken(context.Background(), appRoleName, secretPaths) -// if err != nil { -// v.log.Errorf("Error creating AppRole token: %v", err) -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err -// } - -// k8sClient, err := client.NewK8SClient(v.log) -// if err != nil { -// v.log.Errorf("Failed to initialize k8s client: %v", err) -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err -// } - -// cred := map[string][]byte{"token": []byte(token)} - -// vaultTokenSecretName := "vault-token-" + request.SecretName - -// err = k8sClient.CreateOrUpdateSecret(ctx, request.Namespace, vaultTokenSecretName, "Opaque", cred, nil) -// if err != nil { -// v.log.Errorf("Failed to create cluster vault token secret: %v", err) -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err -// } - -// vaultAddressStr := fmt.Sprintf(vaultAddress, request.DomainName) - -// secretStoreName := "ext-store-" + request.SecretName - -// err = k8sClient.CreateOrUpdateSecretStore(ctx, secretStoreName, request.Namespace, vaultAddressStr, vaultTokenSecretName, "token") -// if err != nil { -// v.log.Errorf("Failed to create secret store: %v", err) -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err -// } - -// externalSecretName := "ext-secret-" + request.SecretName - -// err = k8sClient.CreateOrUpdateExternalSecret(ctx, externalSecretName, request.Namespace, secretStoreName, request.SecretName, "", secretPathsData, propertiesData) -// if err != nil { -// v.log.Errorf("Failed to create vault external secret: %v", err) -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err -// } - -// return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_OK}, nil -// } - func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vaultcredpb.ConfigureVaultSecretRequest) (*vaultcredpb.ConfigureVaultSecretResponse, error) { v.log.Infof("Configure Vault Secret Request received for secret %s", request.SecretName) - // Initialize a slice to hold SecretPathProperty structs var secretPathProperties []SecretPathProperty - // Deep copy request.SecretPathData to avoid any unintended changes for _, secretPathData := range request.SecretPathData { secretPathProperties = append(secretPathProperties, SecretPathProperty{ SecretKey: secretPathData.SecretKey, @@ -123,10 +35,6 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault }) } - // Log initial secret path properties - v.log.Infof("Initial Secret Path Properties: %v", secretPathProperties) - - // Sort the secretPathProperties slice by SecretKey, then by SecretPath, and then by Property sort.SliceStable(secretPathProperties, func(i, j int) bool { if secretPathProperties[i].SecretKey != secretPathProperties[j].SecretKey { return secretPathProperties[i].SecretKey < secretPathProperties[j].SecretKey @@ -137,19 +45,13 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault return secretPathProperties[i].Property < secretPathProperties[j].Property }) - // Log sorted secret path properties - v.log.Infof("Sorted Secret Path Properties: %v", secretPathProperties) - - // Initialize slices and maps to hold secret paths and properties secretPaths := []string{} secretPathsData := map[string][]string{} propertiesData := map[string][]string{} - // Use a mutex to ensure thread safety var mu sync.Mutex mu.Lock() - // Populate the maps and slice with data from sorted secretPathProperties for _, spp := range secretPathProperties { secretPathsData[spp.SecretKey] = append(secretPathsData[spp.SecretKey], spp.SecretPath) secretPaths = append(secretPaths, spp.SecretPath) @@ -160,71 +62,52 @@ func (v *VaultCredServ) ConfigureVaultSecret(ctx context.Context, request *vault } } - // Unlock the mutex mu.Unlock() - // Log secret paths data and properties data after sorting and population v.log.Infof("Secret Paths Data after sorting and population: %v", secretPathsData) - v.log.Infof("Properties Data after sorting and population: %v", propertiesData) - // Generate an AppRole name using the secret name appRoleName := "kad-" + request.SecretName - // Create an AppRole token using the secret paths token, err := v.createAppRoleToken(context.Background(), appRoleName, secretPaths) if err != nil { v.log.Errorf("Error creating AppRole token: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } - // Initialize a Kubernetes client k8sClient, err := client.NewK8SClient(v.log) if err != nil { v.log.Errorf("Failed to initialize k8s client: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } - // Create a map to hold the token data cred := map[string][]byte{"token": []byte(token)} - // Generate a name for the Kubernetes secret to store the Vault token vaultTokenSecretName := "vault-token-" + request.SecretName - // Create or update the Kubernetes secret with the Vault token err = k8sClient.CreateOrUpdateSecret(ctx, request.Namespace, vaultTokenSecretName, "Opaque", cred, nil) if err != nil { v.log.Errorf("Failed to create cluster vault token secret: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } - // Format the Vault address string using the domain name from the request vaultAddressStr := fmt.Sprintf(vaultAddress, request.DomainName) v.log.Infof("Vault Address string: %s", vaultAddressStr) - // Generate a name for the SecretStore secretStoreName := "ext-store-" + request.SecretName - // Create or update the SecretStore in Kubernetes err = k8sClient.CreateOrUpdateSecretStore(ctx, secretStoreName, request.Namespace, vaultAddressStr, vaultTokenSecretName, "token") if err != nil { v.log.Errorf("Failed to create secret store: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } - // Generate a name for the ExternalSecret externalSecretName := "ext-secret-" + request.SecretName - // Log the sorted secret paths and properties for debugging - v.log.Infof("Final Secret Paths Data: %v", secretPathsData) - v.log.Infof("Final Properties Data: %v", propertiesData) - - // Create or update the ExternalSecret in Kubernetes using the sorted data err = k8sClient.CreateOrUpdateExternalSecret(ctx, externalSecretName, request.Namespace, secretStoreName, request.SecretName, "", secretPathsData, propertiesData) if err != nil { v.log.Errorf("Failed to create vault external secret: %v", err) return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_INTERNRAL_ERROR}, err } - // Return a successful response return &vaultcredpb.ConfigureVaultSecretResponse{Status: vaultcredpb.StatusCode_OK}, nil }