feat: Vault environment vars

author: vnugent <public@vaughnnugent.com> 2024-05-22 00:57:34 -0400
committer: vnugent <public@vaughnnugent.com> 2024-05-22 00:57:34 -0400
commit: 27fb5382d80d9bcfb4c65974bbae20c5e7b8ccbc (patch)
tree: 7c6f1815d9a01bec4a97c2f53c3ec0f608222b45
parent: 69f13e43dfdd8069459800ccc3039f45fc884814 (diff)
4 files changed, 37 insertions, 14 deletions
diff --git a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/HCVaultClient.cs b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/HCVaultClient.cs
index 35530c0..885f22f 100644
--- a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/HCVaultClient.cs
+++ b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/HCVaultClient.cs
@@ -124,6 +124,28 @@ namespace VNLib.Plugins.Extensions.Loading
             return new HCVaultClient(serverAddress, token, kvVersion, trustCert, heap);
         }
 
+        /// <summary>
+        /// Creates a new Hashicorp vault client from the default Vault environment 
+        /// variables VAULT_ADDR and VAULT_TOKEN. From client documentation
+        /// </summary>
+        /// <param name="kvVersion">The hc vault Key value store version (must be 1 or 2)</param>
+        /// <param name="trustCert">A value that tells the HTTP client to trust the Vault server's certificate even if it's not valid</param>
+        /// <param name="heap">Heap instance to allocate internal buffers from</param>
+        /// <returns>The new client instance</returns>
+        /// <exception cref="ArgumentException"></exception>
+        /// <exception cref="ArgumentNullException"></exception>
+        /// <exception cref="KeyNotFoundException"></exception>
+        public static HCVaultClient CreateFromEnv(int kvVersion, bool trustCert, IUnmangedHeap heap)
+        {
+            string address = Environment.GetEnvironmentVariable("VAULT_ADDR")
+                ?? throw new KeyNotFoundException("VAULT_ADDR environment variable not found");
+
+            string token = Environment.GetEnvironmentVariable("VAULT_TOKEN") 
+                ?? throw new KeyNotFoundException("VAULT_TOKEN environment variable not found");
+
+            return Create(address, token, kvVersion, trustCert, heap);        
+        }
+
         ///<inheritdoc/>
         protected override void Free()
         {
@@ -164,6 +186,7 @@ namespace VNLib.Plugins.Extensions.Loading
         }
 
         ///<inheritdoc/>
+        ///<exception cref="TimeoutException"></exception>
         public ISecretResult? ReadSecret(string path, string mountPoint, string secretName)
         {
             /*
@@ -174,7 +197,10 @@ namespace VNLib.Plugins.Extensions.Loading
 
             Task<ISecretResult?> asAsync = Task.Run(() => ReadSecretAsync(path, mountPoint, secretName));
            
-            asAsync.Wait(ClientDefaultTimeout);
+            if(!asAsync.Wait(ClientDefaultTimeout))
+            {
+                throw new TimeoutException("Failed to retreive the secret from the vault in the configured timeout period");
+            }
 
             return asAsync.Result;
         }
diff --git a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/IKvVaultClient.cs b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/IKvVaultClient.cs
index 876d8b6..77579ef 100644
--- a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/IKvVaultClient.cs
+++ b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/IKvVaultClient.cs
@@ -3,9 +3,9 @@
 * 
 * Library: VNLib
 * Package: VNLib.Plugins.Extensions.Loading
-* File: ISecretVaultClient.cs 
+* File: IKvVaultClient.cs 
 *
-* ISecretVaultClient.cs is part of VNLib.Plugins.Extensions.Loading which is
+* IKvVaultClient.cs is part of VNLib.Plugins.Extensions.Loading which is
 * part of the larger VNLib collection of libraries and utilities.
 *
 * VNLib.Plugins.Extensions.Loading is free software: you can redistribute it and/or modify 
diff --git a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretConstants.cs b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretConstants.cs
index 5c5a644..54bfa17 100644
--- a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretConstants.cs
+++ b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretConstants.cs
@@ -33,7 +33,7 @@ namespace VNLib.Plugins.Extensions.Loading
         public const string VAULT_TOKEN_KEY = "token";
         public const string VAULT_ROLE_KEY = "role";
         public const string VAULT_SECRET_KEY = "secret";
-        public const string VAULT_TOKNE_ENV_NAME = "VNLIB_PLUGINS_VAULT_TOKEN";
+        public const string VAULT_TOKEN_ENV_NAME = "VAULT_TOKEN";
         public const string VAULT_KV_VERSION_KEY = "kv_version";
 
         public const string VAULT_URL_KEY = "url";
diff --git a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretStore.cs b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretStore.cs
index 759bd12..ec3871f 100644
--- a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretStore.cs
+++ b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretStore.cs
@@ -40,6 +40,8 @@ namespace VNLib.Plugins.Extensions.Loading
     /// <param name="plugin">The plugin instance to get secrets from</param>
     public readonly struct PluginSecretStore(PluginBase plugin) : IEquatable<PluginSecretStore>
     {
+        const int HCVaultDefaultKvVersion = 2;
+
         private readonly PluginBase _plugin = plugin;
 
         /// <summary>
@@ -63,21 +65,19 @@ namespace VNLib.Plugins.Extensions.Loading
 
             //try get server address creds from config
             string serverAddress = conf.GetRequiredProperty(VAULT_URL_KEY, p => p.GetString()!);
-            bool trustCert = conf.TryGetValue(VAULT_TRUST_CERT_KEY, out JsonElement trustCertEl) && trustCertEl.GetBoolean();
+            bool trustCert = conf.GetValueOrDefault(VAULT_TRUST_CERT_KEY, el => el.GetBoolean(), false);
 
-            int version = 2;    //Default to version 2 now
             string? authToken;
-
-            //Get authentication method from config
+            
             if (conf.TryGetValue(VAULT_TOKEN_KEY, out JsonElement tokenEl))
             {
                 //Init token
                 authToken = tokenEl.GetString();
             }
             //Try to get the token as an environment variable
-            else if (Environment.GetEnvironmentVariable(VAULT_TOKNE_ENV_NAME) != null)
+            else if (Environment.GetEnvironmentVariable(VAULT_TOKEN_ENV_NAME) != null)
             {
-                authToken = Environment.GetEnvironmentVariable(VAULT_TOKNE_ENV_NAME)!;
+                authToken = Environment.GetEnvironmentVariable(VAULT_TOKEN_ENV_NAME)!;
             }
             else
             {
@@ -87,10 +87,7 @@ namespace VNLib.Plugins.Extensions.Loading
             _ = authToken ?? throw new KeyNotFoundException($"Failed to load the vault authentication method from {VAULT_OBJECT_NAME}");
 
             //Check for vault kv version, otherwise use the default
-            if (conf.TryGetValue(VAULT_KV_VERSION_KEY, out JsonElement kvVersionEl))
-            {
-                version = kvVersionEl.GetInt32();
-            }
+            int version = conf.GetValueOrDefault(VAULT_KV_VERSION_KEY, el => el.GetInt32(), HCVaultDefaultKvVersion);
 
             //create vault client, invalid or nulls will raise exceptions here
             return HCVaultClient.Create(serverAddress, authToken, version, trustCert, MemoryUtil.Shared);
author	vnugent <public@vaughnnugent.com>	2024-05-22 00:57:34 -0400
committer	vnugent <public@vaughnnugent.com>	2024-05-22 00:57:34 -0400
commit	27fb5382d80d9bcfb4c65974bbae20c5e7b8ccbc (patch)
tree	7c6f1815d9a01bec4a97c2f53c3ec0f608222b45
parent	69f13e43dfdd8069459800ccc3039f45fc884814 (diff)