-
Notifications
You must be signed in to change notification settings - Fork 29
/
Copy pathlist.go
126 lines (104 loc) · 3.37 KB
/
list.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
// SPDX-License-Identifier: Apache-2.0
package vault
import (
"context"
"fmt"
"strings"
"github.com/sirupsen/logrus"
"github.com/go-vela/types/constants"
"github.com/go-vela/types/library"
"github.com/hashicorp/vault/api"
)
// List captures a list of secrets.
// TODO: Implement fake pagination?
// We drop page and perPage as we are always returning all results.
// Vault API doesn't seem to support pagination. Might result in undesired
// behavior for fetching Vault secrets in paginated manner.
func (c *client) List(ctx context.Context, sType, org, name string, _, _ int, _ []string) ([]*library.Secret, error) {
// create log fields from secret metadata
fields := logrus.Fields{
"org": org,
"repo": name,
"type": sType,
}
// check if secret is a shared secret
if strings.EqualFold(sType, constants.SecretShared) {
// update log fields from secret metadata
fields = logrus.Fields{
"org": org,
"team": name,
"type": sType,
}
}
c.Logger.WithFields(fields).Tracef("listing vault %s secrets for %s/%s", sType, org, name)
var err error
s := []*library.Secret{}
//nolint:staticcheck // ignore false positive
vault := new(api.Secret)
// capture the list of secrets from the Vault service
switch sType {
case constants.SecretOrg:
vault, err = c.listOrg(org)
case constants.SecretRepo:
vault, err = c.listRepo(org, name)
case constants.SecretShared:
vault, err = c.listShared(org, name)
default:
return nil, fmt.Errorf("invalid secret type: %v", sType)
}
if err != nil {
return nil, err
}
// cast the list of secrets to the expected type
keys, ok := vault.Data["keys"].([]interface{})
if !ok {
return nil, fmt.Errorf("not a valid list of secrets from Vault")
}
// iterate through each element in the list of secrets
for _, element := range keys {
// cast the secret to the expected type
key, ok := element.(string)
if !ok {
return nil, fmt.Errorf("not a valid list of secrets from Vault")
}
// capture the secret from the Vault service
sec, err := c.Get(ctx, sType, org, name, key)
if err != nil {
return nil, err
}
s = append(s, sec)
}
return s, nil
}
// listOrg is a helper function to capture the
// list of org secrets for the provided path.
func (c *client) listOrg(org string) (*api.Secret, error) {
return c.list(fmt.Sprintf("%s/%s/%s", c.config.Prefix, constants.SecretOrg, org))
}
// listRepo is a helper function to capture the
// list of repo secrets for the provided path.
func (c *client) listRepo(org, repo string) (*api.Secret, error) {
return c.list(fmt.Sprintf("%s/%s/%s/%s", c.config.Prefix, constants.SecretRepo, org, repo))
}
// listShared is a helper function to capture the
// list of shared secrets for the provided path.
func (c *client) listShared(org, team string) (*api.Secret, error) {
return c.list(fmt.Sprintf("%s/%s/%s/%s", c.config.Prefix, constants.SecretShared, org, team))
}
// list is a helper function to capture the
// list of secrets for the provided path.
func (c *client) list(path string) (*api.Secret, error) {
// handle k/v v2
if strings.HasPrefix(path, "secret/data/") {
// remove secret/data/ prefix
path = strings.TrimPrefix(path, "secret/data/")
// add secret/metadata/ prefix
path = fmt.Sprintf("secret/metadata/%s", path)
}
// send API call to capture the list of secrets
vault, err := c.Vault.Logical().List(path)
if err != nil {
return nil, err
}
return vault, nil
}