From 5bbab25a9f620fe39403437af399fe4073274e9f Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Wed, 2 Dec 2020 08:53:17 +0100 Subject: [PATCH] util: move Secrets to vaultConnection The Secrets is the main object to connect to Vault. This should be part of the vaultConnection type. Signed-off-by: Niels de Vos --- internal/util/vault.go | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/internal/util/vault.go b/internal/util/vault.go index 62aede41e..fd43c88c8 100644 --- a/internal/util/vault.go +++ b/internal/util/vault.go @@ -70,6 +70,7 @@ Example JSON structure in the KMS config is, type vaultConnection struct { EncryptionKMSID string + secrets loss.Secrets vaultConfig map[string]interface{} keyContext map[string]string } @@ -80,8 +81,6 @@ type VaultKMS struct { // vaultPassphrasePath (VPP) used to be added before the "key" of the // secret (like /v1/secret/data//key) vaultPassphrasePath string - - secrets loss.Secrets } // setConfigString fetches a value from a configuration map and converts it to @@ -148,7 +147,6 @@ func (vc *vaultConnection) initConnection(kmsID string, config map[string]interf return fmt.Errorf("missing vault CA in secret %s", vaultCAFromSecret) } - var err error vaultConfig[api.EnvVaultCACert], err = createTempFile("vault-ca-cert", []byte(caPEM)) if err != nil { return fmt.Errorf("failed to create temporary file for Vault CA: %w", err) @@ -164,6 +162,18 @@ func (vc *vaultConnection) initConnection(kmsID string, config map[string]interf return nil } +// connectVault creates a new connection to Vault. This should be called after +// filling vc.vaultConfig. +func (vc *vaultConnection) connectVault() error { + v, err := vault.New(vc.vaultConfig) + if err != nil { + return fmt.Errorf("failed creating new Vault Secrets: %w", err) + } + vc.secrets = v + + return nil +} + // InitVaultKMS returns an interface to HashiCorp Vault KMS. func InitVaultKMS(kmsID string, config map[string]interface{}, secrets map[string]string) (EncryptionKMS, error) { kms := &VaultKMS{} @@ -214,11 +224,10 @@ func InitVaultKMS(kmsID string, config map[string]interface{}, secrets map[strin kms.vaultConfig[vault.AuthMethod] = vault.AuthMethodKubernetes kms.vaultConfig[vault.AuthKubernetesTokenPath] = serviceAccountTokenPath - v, err := vault.New(kms.vaultConfig) + err = kms.connectVault() if err != nil { - return nil, fmt.Errorf("failed creating new Vault Secrets: %w", err) + return nil, err } - kms.secrets = v return kms, nil }