diff options
Diffstat (limited to 'lib/VNLib.Plugins.Extensions.Loading')
4 files changed, 37 insertions, 14 deletions
diff --git a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/HCVaultClient.cs b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/HCVaultClient.cs index 35530c0..885f22f 100644 --- a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/HCVaultClient.cs +++ b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/HCVaultClient.cs @@ -124,6 +124,28 @@ namespace VNLib.Plugins.Extensions.Loading return new HCVaultClient(serverAddress, token, kvVersion, trustCert, heap); } + /// <summary> + /// Creates a new Hashicorp vault client from the default Vault environment + /// variables VAULT_ADDR and VAULT_TOKEN. From client documentation + /// </summary> + /// <param name="kvVersion">The hc vault Key value store version (must be 1 or 2)</param> + /// <param name="trustCert">A value that tells the HTTP client to trust the Vault server's certificate even if it's not valid</param> + /// <param name="heap">Heap instance to allocate internal buffers from</param> + /// <returns>The new client instance</returns> + /// <exception cref="ArgumentException"></exception> + /// <exception cref="ArgumentNullException"></exception> + /// <exception cref="KeyNotFoundException"></exception> + public static HCVaultClient CreateFromEnv(int kvVersion, bool trustCert, IUnmangedHeap heap) + { + string address = Environment.GetEnvironmentVariable("VAULT_ADDR") + ?? throw new KeyNotFoundException("VAULT_ADDR environment variable not found"); + + string token = Environment.GetEnvironmentVariable("VAULT_TOKEN") + ?? throw new KeyNotFoundException("VAULT_TOKEN environment variable not found"); + + return Create(address, token, kvVersion, trustCert, heap); + } + ///<inheritdoc/> protected override void Free() { @@ -164,6 +186,7 @@ namespace VNLib.Plugins.Extensions.Loading } ///<inheritdoc/> + ///<exception cref="TimeoutException"></exception> public ISecretResult? ReadSecret(string path, string mountPoint, string secretName) { /* @@ -174,7 +197,10 @@ namespace VNLib.Plugins.Extensions.Loading Task<ISecretResult?> asAsync = Task.Run(() => ReadSecretAsync(path, mountPoint, secretName)); - asAsync.Wait(ClientDefaultTimeout); + if(!asAsync.Wait(ClientDefaultTimeout)) + { + throw new TimeoutException("Failed to retreive the secret from the vault in the configured timeout period"); + } return asAsync.Result; } diff --git a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/IKvVaultClient.cs b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/IKvVaultClient.cs index 876d8b6..77579ef 100644 --- a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/IKvVaultClient.cs +++ b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/IKvVaultClient.cs @@ -3,9 +3,9 @@ * * Library: VNLib * Package: VNLib.Plugins.Extensions.Loading -* File: ISecretVaultClient.cs +* File: IKvVaultClient.cs * -* ISecretVaultClient.cs is part of VNLib.Plugins.Extensions.Loading which is +* IKvVaultClient.cs is part of VNLib.Plugins.Extensions.Loading which is * part of the larger VNLib collection of libraries and utilities. * * VNLib.Plugins.Extensions.Loading is free software: you can redistribute it and/or modify diff --git a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretConstants.cs b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretConstants.cs index 5c5a644..54bfa17 100644 --- a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretConstants.cs +++ b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretConstants.cs @@ -33,7 +33,7 @@ namespace VNLib.Plugins.Extensions.Loading public const string VAULT_TOKEN_KEY = "token"; public const string VAULT_ROLE_KEY = "role"; public const string VAULT_SECRET_KEY = "secret"; - public const string VAULT_TOKNE_ENV_NAME = "VNLIB_PLUGINS_VAULT_TOKEN"; + public const string VAULT_TOKEN_ENV_NAME = "VAULT_TOKEN"; public const string VAULT_KV_VERSION_KEY = "kv_version"; public const string VAULT_URL_KEY = "url"; diff --git a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretStore.cs b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretStore.cs index 759bd12..ec3871f 100644 --- a/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretStore.cs +++ b/lib/VNLib.Plugins.Extensions.Loading/src/Secrets/PluginSecretStore.cs @@ -40,6 +40,8 @@ namespace VNLib.Plugins.Extensions.Loading /// <param name="plugin">The plugin instance to get secrets from</param> public readonly struct PluginSecretStore(PluginBase plugin) : IEquatable<PluginSecretStore> { + const int HCVaultDefaultKvVersion = 2; + private readonly PluginBase _plugin = plugin; /// <summary> @@ -63,21 +65,19 @@ namespace VNLib.Plugins.Extensions.Loading //try get server address creds from config string serverAddress = conf.GetRequiredProperty(VAULT_URL_KEY, p => p.GetString()!); - bool trustCert = conf.TryGetValue(VAULT_TRUST_CERT_KEY, out JsonElement trustCertEl) && trustCertEl.GetBoolean(); + bool trustCert = conf.GetValueOrDefault(VAULT_TRUST_CERT_KEY, el => el.GetBoolean(), false); - int version = 2; //Default to version 2 now string? authToken; - - //Get authentication method from config + if (conf.TryGetValue(VAULT_TOKEN_KEY, out JsonElement tokenEl)) { //Init token authToken = tokenEl.GetString(); } //Try to get the token as an environment variable - else if (Environment.GetEnvironmentVariable(VAULT_TOKNE_ENV_NAME) != null) + else if (Environment.GetEnvironmentVariable(VAULT_TOKEN_ENV_NAME) != null) { - authToken = Environment.GetEnvironmentVariable(VAULT_TOKNE_ENV_NAME)!; + authToken = Environment.GetEnvironmentVariable(VAULT_TOKEN_ENV_NAME)!; } else { @@ -87,10 +87,7 @@ namespace VNLib.Plugins.Extensions.Loading _ = authToken ?? throw new KeyNotFoundException($"Failed to load the vault authentication method from {VAULT_OBJECT_NAME}"); //Check for vault kv version, otherwise use the default - if (conf.TryGetValue(VAULT_KV_VERSION_KEY, out JsonElement kvVersionEl)) - { - version = kvVersionEl.GetInt32(); - } + int version = conf.GetValueOrDefault(VAULT_KV_VERSION_KEY, el => el.GetInt32(), HCVaultDefaultKvVersion); //create vault client, invalid or nulls will raise exceptions here return HCVaultClient.Create(serverAddress, authToken, version, trustCert, MemoryUtil.Shared); |