Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Squashed public code drop of the repository
Talebearer is no longer in use at Starling, and the original repository has been archived, but I want to preserve the code for my own record. Initial commit STAR-9351: Implement read_properties, start writer STAR-9351: Add input and output file cli args STAR-9351: Implement WritePropertiesFile STAR-9351: Start adding vault substitutor STAR-9351: Initial implementation of vault value replacement Hard-coded dev token in test.... STAR-9351: Use ! as separator between path and key STAR-9351: Abstract vault client with interface for testing STAR-9351: Read vault params from env, fix test STAR-9351: Fix panic on missing key in Vault STAR-9351: Add usage to readme STAR-9351: Add dockerfile, makefile and ssl certs STAR-9351: Don't specify defaults for file names STAR-9351: Add help text, build for Linux in makefile STAR-9351: Add publish to Makefile STAR-9351: Add tests for substituteValues STAR-9351: Add more test cases STAR-9351: Support partial string substitutions STAR-9351: [readme] s/secrets/secret/g STAR-9351: [lint] fix missing f STAR-9351: Sort properties file output STAR-9351: Implement vault aws auth STAR-9351: Allow arch to be changed; namespace vault api STAR-9351: Use new FlagSet for arguments STAR-9351: Add -inplace option Also makes writes atomic by writing to a tempfile and renaming STAR-9351: Fix arguments, improve arg error handling STAR-9351: Fix make install STAR-9351: Empty commit to trigger build STAR-9351: Empty commit to trigger build STAR-9351: Commit dummy file to trigger build STAR-9351: Remove -v parameter As it is not valid for the talebearer app, it causes an error, as testing is imported without flag.Parse being called. It's complicated 😞 STAR-9351: Testing go get importpath change STAR-9351: Update build task STAR-9351: Create symlinks for libc - alpine uses musl STAR-9351: new dockerfile WIP STAR-9351: Build statically linked binary inside container STAR-9351: Go back to previous minimal container STAR-9351: Detect GOOS using uname STAR-9351: Can't do interactive with no tty on teamcity STAR-9351: Move ssl certs to /usr/local/share/ca-certificates NO-JIRA: Remove dummy file STAR-9351: Add some more useful logging And remove the readProperties output as it could (but should not) contain secrets STAR-9351: Fix missing token in client STAR-9351: Copy file STAR-9351: Fix STAR-9351: Accept default password STAR-9351: Default password Catch-all STAR-9351: Don't exit on sealed vault Tidy propertiesFile.go Create tempfile in same directory as destination This should guarantee that os.Rename will work! STAR-10093: Refactor talebearer to handle generic files STAR-10093: Add verbose get mode STAR-10039: Remove password logging Fix segv in secret.go when err is nil (#7) * Fix segv when err is nil * Break out error logging in secret.go STAR-9526: Fix empty strings (#9) * STAR-9351: Return errors from getClient and catch in main() I think this is a bit tidier, as it properly returns errors from getClient rather than just logging the error but otherwise indicating success. Also fixed a log line not formatting correctly * STAR-9351: Continue on vault client error * Fix subsitution of empty strings when secret fetch fails * Fix pointer dereference in VaultSecret * Also dereference VaultSecret in Retrieve() * Fix accidentally added test/log lines * Reinstate fallback log (used in grafana to detect fallbacks) * Remove extra log message STAR-11384: Refactoring and integration testing (#11) Lock dependencies and convert to multi-stage Docker build (#10) * Locked dependencies with `dep init` * Add vendor dir to gitignore * Add application build to Dockerfile No need to call Makefile any more * Docker build no longer depends on a separate step STAR-14881: Alpine, Golang and Vault upgrade (#13) * NOJIRA: formatting * STAR-14881: Bump alpine * NOJIRA: Don't try to parse -test flags * NOJIRA: Re-initialise dep * NOJIRA: Don't manually install testify Should remove its use really, and is installed by dep * NOJIRA: Add go module files Don't crash when VAULT_SKIP_VERIFY is set (#14) STAR-17402: Build toolchain update (#15) * STAR-17402: Fix linting problems in talebearer.go * STAR-17402: Add dockerignore * STAR-17402: Update gitignore * STAR-17402: Add gometalinter to docker build * STAR-17402: Fix go lint errors * STAR-17402: Add gometalinter to make test * STAR-17402: Go mod init && go mod tidy * STAR-17402: Remove dep metadata * STAR-17402: Remove Vagrantfile * STAR-17402: Refresh go module * STAR-17402: Update makefile after move to go module * STAR-17402: Handle errors when closing/removing tempfile * STAR-17402: Don't remove temp properties file It gets renamed, so would normally fail * STAR-17402: Remove unused propertiesFile.go * STAR-17402: Bump image version in make build * STAR-17402: Fix build, temporarily disable gometalinter * STAR-17402: Fix make test * STAR-17402: Remove GOPATH from Dockerfile STAR-17402: Import vault client from vaultsmith (#16) * STAR-17402: Add vault client from vaultsmith Copy-paste job for now, but could be made separate module in future * STAR-17402: Update tests for new mock vault client * STAR-17402: Add TestRunCallsAuthenticate * STAR-17402: Add Docstrings to vault/mock * STAR-17402: Use vault's own DefaultConfig() function for vault config * STAR-17402: Add apiVersion to BaseClient * STAR-17402: Setup logrus STAR-17402: Support -continue-on-error flag (#17) * STAR-17402: Replace prints with log * STAR-17402: Continue when secrets fail to resolve * STAR-17402: Continue on error in RenderSecrets Panicing was a problem here * STAR-17402: Tidy error strings in Retrieve Use single line for logging purposes (likely to appear out of order in Kibana) * STAR-17402: Add example with fallback value STAR-17402: Handle auth failure properly - Cleanup some error messages - Export main run function STAR-17402: KV v2 support (#18) * STAR-17402: Re-enabled KV v2 * STAR-17402: Add mock for Hashicorp's vault client * STAR-17402: Fix and enable gometalinter in builds * STAR-17402: Shorten the mockVaultClient code * STAR-17402: Handle auth failure properly * STAR-17402: Cleanup some error messages * STAR-17402: Add test for trimBrackets Linter surfaced this. It looks like trimBrackets assumes that only groups of two curly braces would be trimmed, but in actual fact it will remove all of them. * STAR-17402: Add sort=path to make lint * STAR-17402: Fix Lint issues from gometalinter * STAR-17402: Finish/implement secretResolver_test * STAR-17402: Upgrade gometalinter * STAR-17402: Disable cache for prod image apk commands * STAR-17402: Disable gotype lint check See: alecthomas/gometalinter#91 Compiler would fail to build any code that failed this linter, so it's not actually very useful at build time. Developers should rely on their IDE for this, or hook gotype up to their text editor. * STAR-17402: Regenerate go module See testcontainers/testcontainers-go#47 * STAR-17402: Use int for kvApiVersion, add GetSecret * STAR-17402: Update test names in base_test.go * STAR-17402: Fixup base_test and client mocking * STAR-17402: Add test for GetSecret * STAR-17402: Rename BaseClient.handler to authHandler * STAR-17402: Add WriteSecret, test for GetSecret * STAR-17402: Add test for WriteSecret * STAR-17402: Lint fixes * STAR-17402: Remove mock of hashicorp vault client As a general approach I've chosen to go with injecting a dummy http client. * STAR-17402: Rename GetSecret to ReadSecret; add WriteSecret to mock * STAR-17402: go get -u * STAR-17402: Don't exit on metalinter fail For some reason, the following errors occur when building in the Docker container, but not locally: ``` vault/base.go:100:17:warning: unused variable or constant cannot use &(credAws.CLIHandler literal) (value of type *github.com/hashicorp/vault/builtin/credential/aws.CLIHandler) as authHandler value in struct literal: wrong type for method Auth (varcheck, varcheck) vault/base.go:100:17:warning: unused struct field cannot use &(credAws.CLIHandler literal) (value of type *github.com/hashicorp/vault/builtin/credential/aws.CLIHandler) as authHandler value in struct literal: wrong type for method Auth (structcheck, structcheck) vault/base.go:100:17:warning: cannot use &(credAws.CLIHandler literal) (value of type *github.com/hashicorp/vault/builtin/credential/aws.CLIHandler) as authHandler value in struct literal: wrong type for method Auth (interfacer, interfacer, maligned, maligned, unconvert, unconvert) ``` All looks like the same thing, but the Auth method signature looks functionally identical. * STAR-17402: Fix dummy roundTripper to generate own response Reusing this object resulted in reading a buffer from the end * STAR-17402: Remove test prints * STAR-17402: Add test for vault write * STAR-17402: Add tests, return error if KV API version unknown * STAR-17402: Remove kvAPIVersion parameter from client * STAR-17402: Rename response to secret * STAR-17402: Support KV v2 in secret * STAR-17402: Rename tests * STAR-17402: Add test.properties to gitignore * STAR-17402: Add test for KV API v2 retrieve * STAR-17402: Reverse order of api v1 vs v2 A KV API v1 secret called "data" could screw things up here. The way I see it, better to fail on a KV v1 secret called "data" than v2. * STAR-17402: Add warning for secret called data * STAR-17402: Reflect actual v2 secret structure in test * STAR-17402: Failed attempt to predetermine secret version Only the mount response has options, secrets do not * Revert "STAR-17402: Failed attempt to predetermine secret version" This reverts commit 244290a15829797c2eda3e43292f8a2751948744. * STAR-17402: Remove unused mock methods
- Loading branch information
0 parents
commit 7b1a514