Skip to content

Commit

Permalink
Merge pull request #74 from keejon/feat/support-vault-prefix-path-depth
Browse files Browse the repository at this point in the history
Support vault prefix depth config (#73)
  • Loading branch information
stheppi authored Jul 19, 2024
2 parents 6557a6e + d45e27e commit a36e8b8
Show file tree
Hide file tree
Showing 4 changed files with 60 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ object VaultProviderConfig {
val VAULT_CLIENT_PEM: String = "vault.client.pem"
val VAULT_PEM: String = "vault.pem"
val VAULT_ENGINE_VERSION = "vault.engine.version"
val VAULT_PREFIX_DEPTH = "vault.prefix.depth"
val AUTH_METHOD: String = "vault.auth.method"

val VAULT_TRUSTSTORE_LOC: String =
Expand Down Expand Up @@ -147,6 +148,18 @@ object VaultProviderConfig {
Importance.HIGH,
"KV Secrets Engine version of the Vault server instance. Defaults to 2",
)
.define(
VAULT_PREFIX_DEPTH,
Type.INT,
1,
Importance.HIGH,
"""
|Set the path depth of the KV Secrets Engine prefix path.
|Normally this is just 1, to correspond to one path element in the prefix path.
|To use a longer prefix path, set this value
|
|""".stripMargin,
)
// auth mode
.define(
AUTH_METHOD,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ case class VaultSettings(
pem: String,
clientPem: String,
engineVersion: Int = 2,
prefixDepth: Int = 1,
appRole: Option[AppRole],
awsIam: Option[AwsIam],
gcp: Option[Gcp],
Expand Down Expand Up @@ -77,6 +78,7 @@ object VaultSettings extends StrictLogging {
val pem = config.getString(VaultProviderConfig.VAULT_PEM)
val clientPem = config.getString(VaultProviderConfig.VAULT_CLIENT_PEM)
val engineVersion = config.getInt(VaultProviderConfig.VAULT_ENGINE_VERSION)
val prefixDepth = config.getInt(VaultProviderConfig.VAULT_PREFIX_DEPTH)

val authMode = VaultAuthMethod.withNameOpt(
config.getString(VaultProviderConfig.AUTH_METHOD).toUpperCase,
Expand Down Expand Up @@ -124,6 +126,7 @@ object VaultSettings extends StrictLogging {
pem = pem,
clientPem = clientPem,
engineVersion = engineVersion,
prefixDepth = prefixDepth,
appRole = appRole,
awsIam = awsIam,
gcp = gcp,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,9 @@ object VaultHelper extends StrictLogging {
logger.info(s"Setting engine version to ${settings.engineVersion}")
config.engineVersion(settings.engineVersion)

logger.info(s"Setting prefix path depth to ${settings.prefixDepth}")
config.prefixPathDepth(settings.prefixDepth)

val vault = new Vault(config.build())

logger.info(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -324,6 +324,47 @@ class VaultSecretProviderTest extends AnyWordSpec with Matchers with BeforeAndAf
response.getData.asScala("value") shouldBe "mock"
}

"should be configured for vault engine prefix depth" in {

val props = Map(
VaultProviderConfig.VAULT_ADDR -> "https://127.0.0.1:9998",
VaultProviderConfig.VAULT_TOKEN -> "mock_token",
VaultProviderConfig.AUTH_METHOD -> VaultAuthMethod.TOKEN.toString(),
VaultProviderConfig.VAULT_PEM -> pemFile,
VaultProviderConfig.VAULT_CLIENT_PEM -> pemFile,
VaultProviderConfig.VAULT_PREFIX_DEPTH -> 2,
).asJava

val config = VaultProviderConfig(props)
val settings = VaultSettings(config)

settings.prefixDepth shouldBe 2
val provider = new VaultSecretProvider()
provider.configure(props)
val response = provider.getClient.get.logical.read("secret/hello")
response.getData.asScala("value") shouldBe "mock"
}

"should be configured for default vault engine prefix depth" in {

val props = Map(
VaultProviderConfig.VAULT_ADDR -> "https://127.0.0.1:9998",
VaultProviderConfig.VAULT_TOKEN -> "mock_token",
VaultProviderConfig.AUTH_METHOD -> VaultAuthMethod.TOKEN.toString(),
VaultProviderConfig.VAULT_PEM -> pemFile,
VaultProviderConfig.VAULT_CLIENT_PEM -> pemFile,
).asJava

val config = VaultProviderConfig(props)
val settings = VaultSettings(config)

settings.prefixDepth shouldBe 1
val provider = new VaultSecretProvider()
provider.configure(props)
val response = provider.getClient.get.logical.read("secret/hello")
response.getData.asScala("value") shouldBe "mock"
}

"should get values at a path" in {

val props = Map(
Expand Down

0 comments on commit a36e8b8

Please sign in to comment.