Change GetSecret method

jamiewhitney · Nov 22, 2023 · d4cf998 · d4cf998
1 parent 88b8b68
commit d4cf998
Show file tree

Hide file tree

Showing 3 changed files with 129 additions and 342 deletions.
diff --git a/client.go b/client.go
@@ -36,9 +36,9 @@ type DatabaseCredentials struct {
 }
 
 type AWSCredentials struct {
-	Access_key string
-	Secret_key string
-	Secret     *vault.Secret
+	AccessKey string
+	SecretKey string
+	Secret    *vault.Secret
 }
 
 type GCPCredentials struct {
@@ -67,10 +67,10 @@ func NewClient(config *Vault) (*Client, error) {
 			client.SetToken(token)
 			break
 		} else {
-			return nil, errors.New("Could not get Vault token.")
+			return nil, errors.New("could not get Vault token")
 		}
 	case "approle":
-		log.Println("Using approle authentication")
+		log.Println("using approle authentication")
 
 		if len(config.Credential.RoleID) == 0 {
 			return nil, errors.New("Role ID not found.")
@@ -91,7 +91,7 @@ func NewClient(config *Vault) (*Client, error) {
 		client.SetToken(token)
 
 	default:
-		return nil, fmt.Errorf("Auth method %s is not supported", config.Authentication)
+		return nil, fmt.Errorf("auth method %s is not supported", config.Authentication)
 	}
 
 	return &Client{client}, nil
@@ -108,7 +108,7 @@ func (c *Client) GetTLSConfig(path string, data map[string]interface{}) (*tls.Co
 		return nil, err
 	}
 
-	tlsConfig, err := ParsedCertBundle.GetTLSConfig(certutil.TLSClient)
+	tlsConfig, err := parsedCertBundle.GetTLSConfig(certutil.TLSClient)
 	if err != nil {
 		return nil, err
 	}
@@ -141,11 +141,15 @@ func (c *Client) RenewSecret(secret *vault.Secret) error {
 	}
 }
 
-func (c *Client) GetSecret(path string) (*vault.Secret, error) {
-	log.Printf("Getting secret: %s", path)
-	secret, err := c.Logical().Read(path)
+func (c *Client) GetSecret(mountPath string, secretPath string) (*vault.KVSecret, error) {
+	log.Printf("Getting secret: %s/data/%s", mountPath, secretPath)
+	secret, err := c.KVv2(mountPath).Get(context.Background(), secretPath)
 	if err != nil {
-		return secret, nil
+		return nil, err
+	}
+
+	if secret == nil || secret.Data == nil {
+		return nil, errors.New(fmt.Sprintf("secret not found at path: %s/data/%s", mountPath, secretPath))
 	}
 	return secret, nil
 }
@@ -203,9 +207,9 @@ func (c *Client) GetAWSCredentials(path string) (*AWSCredentials, error) {
 	go c.RenewSecret(credentials)
 
 	return &AWSCredentials{
-		Access_key: credentials.Data["access_key"].(string),
-		Secret_key: credentials.Data["secret_key"].(string),
-		Secret:     credentials,
+		AccessKey: credentials.Data["access_key"].(string),
+		SecretKey: credentials.Data["secret_key"].(string),
+		Secret:    credentials,
 	}, nil
 }
 
@@ -215,12 +219,12 @@ func (c *Client) GetGCPServiceAccount(path string) (*GCPCredentials, error) {
 		return nil, err
 	}
 
-	secret_data, err := base64.StdEncoding.DecodeString(secret.Data["private_key_data"].(string))
+	secretData, err := base64.StdEncoding.DecodeString(secret.Data["private_key_data"].(string))
 	if err != nil {
 		return nil, err
 	}
 
-	credentials, err := google.CredentialsFromJSON(context.Background(), secret_data, "https://www.googleapis.com/auth/cloud-platform")
+	credentials, err := google.CredentialsFromJSON(context.Background(), secretData, "https://www.googleapis.com/auth/cloud-platform")
 	if err != nil {
 		return nil, err
 	}

diff --git a/go.mod b/go.mod
@@ -1,57 +1,40 @@
 module github.com/jamiewhitney/safe
 
-go 1.17
+go 1.21
 
 require (
-	github.com/hashicorp/vault/api v1.5.0
-	github.com/hashicorp/vault/sdk v0.4.1
-	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
+	github.com/hashicorp/vault/api v1.10.0
+	github.com/hashicorp/vault/sdk v0.10.2
+	golang.org/x/oauth2 v0.14.0
 )
 
 require (
-	cloud.google.com/go v0.34.0 // indirect
-	github.com/armon/go-metrics v0.3.9 // indirect
-	github.com/armon/go-radix v1.0.0 // indirect
-	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
-	github.com/fatih/color v1.7.0 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
+	cloud.google.com/go/compute v1.23.3 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
+	github.com/fatih/color v1.16.0 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-hclog v0.16.2 // indirect
-	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-plugin v1.4.3 // indirect
-	github.com/hashicorp/go-retryablehttp v0.6.6 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
-	github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 // indirect
-	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1 // indirect
-	github.com/hashicorp/go-secure-stdlib/strutil v0.1.1 // indirect
-	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
-	github.com/hashicorp/go-uuid v1.0.2 // indirect
-	github.com/hashicorp/go-version v1.2.0 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb // indirect
-	github.com/mattn/go-colorable v0.1.6 // indirect
-	github.com/mattn/go-isatty v0.0.12 // indirect
-	github.com/mitchellh/copystructure v1.0.0 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect
+	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
+	github.com/hashicorp/go-sockaddr v1.0.6 // indirect
+	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
+	github.com/kr/pretty v0.1.0 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
-	github.com/mitchellh/go-testing-interface v1.0.0 // indirect
-	github.com/mitchellh/mapstructure v1.4.2 // indirect
-	github.com/mitchellh/reflectwalk v1.0.0 // indirect
-	github.com/oklog/run v1.0.0 // indirect
-	github.com/pierrec/lz4 v2.5.2+incompatible // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
-	go.uber.org/atomic v1.9.0 // indirect
-	golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 // indirect
-	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 // indirect
-	golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c // indirect
-	golang.org/x/text v0.3.3 // indirect
-	golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1 // indirect
-	google.golang.org/appengine v1.4.0 // indirect
-	google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 // indirect
-	google.golang.org/grpc v1.41.0 // indirect
-	google.golang.org/protobuf v1.26.0 // indirect
-	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
+	golang.org/x/crypto v0.15.0 // indirect
+	golang.org/x/net v0.18.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/time v0.4.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 )