-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathclient_opts.go
141 lines (118 loc) · 3.09 KB
/
client_opts.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
package vaulty
import (
"context"
"fmt"
"log/slog"
"os"
hashiVault "github.com/hashicorp/vault/api"
kubernetesAuth "github.com/hashicorp/vault/api/auth/kubernetes"
)
type ClientOption func(c *client)
// WithContext sets the context for the client.
func WithContext(ctx context.Context) ClientOption {
return func(c *client) {
c.ctx = ctx
}
}
// WithLogger sets the logger for the client.
func WithLogger(l *slog.Logger) ClientOption {
return func(c *client) {
c.l = l
}
}
// WithGeneratedVaultClient creates a vault client with the given address.
//
// Deprecated: Use WithAddr instead for the same effect.
func WithGeneratedVaultClient(vaultAddress string) ClientOption {
return WithAddr(vaultAddress)
}
func WithAddr(addr string) ClientOption {
return func(c *client) {
c.config.Address = addr
}
}
func WithConfig(config *hashiVault.Config) ClientOption {
return func(c *client) {
c.config = config
}
}
func WithTokenAuth(token string) ClientOption {
return func(c *client) {
c.auth = func(v *hashiVault.Client) (*hashiVault.Secret, error) {
return tokenLogin(v, token)
}
}
}
func WithAppRoleAuth(roleID, secretID string) ClientOption {
return func(c *client) {
c.auth = func(v *hashiVault.Client) (*hashiVault.Secret, error) {
sec, err := appRoleLogin(v, roleID, secretID)
if err != nil {
return nil, err
}
go c.renewAuthInfo()
return sec, nil
}
}
}
func WithUserPassAuth(username, password string) ClientOption {
return func(c *client) {
c.auth = func(v *hashiVault.Client) (*hashiVault.Secret, error) {
sec, err := userPassLogin(v, username, password)
if err != nil {
return nil, err
}
go c.renewAuthInfo()
return sec, nil
}
}
}
func WithKvv2Mount(mount string) ClientOption {
return func(c *client) {
c.kvv2Mount = mount
}
}
func WithKubernetesAuthDefault() ClientOption {
return func(c *client) {
c.auth = func(v *hashiVault.Client) (*hashiVault.Secret, error) {
role := os.Getenv(envKubernetesRole)
if role == "" {
return nil, fmt.Errorf("%s environment variable not set", envKubernetesRole)
}
sec, err := kubernetesLogin(v, role, kubernetesAuth.WithServiceAccountTokenPath(kubernetesServiceAccountTokenPath))
if err != nil {
return nil, err
}
go c.renewAuthInfo()
return sec, nil
}
}
}
func WithKubernetesAuthFromEnv() ClientOption {
return func(c *client) {
c.auth = func(v *hashiVault.Client) (*hashiVault.Secret, error) {
role := os.Getenv(envKubernetesRole)
if role == "" {
return nil, fmt.Errorf("%s environment variable not set", envKubernetesRole)
}
sec, err := kubernetesLogin(v, role, kubernetesAuth.WithServiceAccountTokenEnv(envKubernetesToken))
if err != nil {
return nil, err
}
go c.renewAuthInfo()
return sec, nil
}
}
}
func WithKubernetesAuth(role, token string) ClientOption {
return func(c *client) {
c.auth = func(v *hashiVault.Client) (*hashiVault.Secret, error) {
sec, err := kubernetesLogin(v, role, kubernetesAuth.WithServiceAccountToken(token))
if err != nil {
return nil, err
}
go c.renewAuthInfo()
return sec, nil
}
}
}