influxdb/secret.go

package influxdb

import (
	"context"
	"encoding/json"
	"strings"

	"github.com/influxdata/influxdb/v2/kit/platform"
)

// ErrSecretNotFound is the error msg for a missing secret.
const ErrSecretNotFound = "secret not found"

// SecretService a service for storing and retrieving secrets.
type SecretService interface {
	// LoadSecret retrieves the secret value v found at key k for organization orgID.
	LoadSecret(ctx context.Context, orgID platform.ID, k string) (string, error)

	// GetSecretKeys retrieves all secret keys that are stored for the organization orgID.
	GetSecretKeys(ctx context.Context, orgID platform.ID) ([]string, error)

	// PutSecret stores the secret pair (k,v) for the organization orgID.
	PutSecret(ctx context.Context, orgID platform.ID, k string, v string) error

	// PutSecrets puts all provided secrets and overwrites any previous values.
	PutSecrets(ctx context.Context, orgID platform.ID, m map[string]string) error

	// PatchSecrets patches all provided secrets and updates any previous values.
	PatchSecrets(ctx context.Context, orgID platform.ID, m map[string]string) error

	// DeleteSecret removes a single secret from the secret store.
	DeleteSecret(ctx context.Context, orgID platform.ID, ks ...string) error
}

// SecretField contains a key string, and value pointer.
type SecretField struct {
	Key   string  `json:"key"`
	Value *string `json:"value,omitempty"`
}

// String returns the key of the secret.
func (s SecretField) String() string {
	if s.Key == "" {
		return ""
	}
	return "secret: " + s.Key
}

// MarshalJSON implement the json marshaler interface.
func (s SecretField) MarshalJSON() ([]byte, error) {
	return json.Marshal(s.String())
}

// UnmarshalJSON implement the json unmarshaler interface.
func (s *SecretField) UnmarshalJSON(b []byte) error {
	var ss string
	if err := json.Unmarshal(b, &ss); err != nil {
		return err
	}
	if ss == "" {
		s.Key = ""
		return nil
	}
	if strings.HasPrefix(ss, "secret: ") {
		s.Key = ss[len("secret: "):]
	} else {
		s.Value = strPtr(ss)
	}
	return nil
}

func strPtr(s string) *string {
	ss := new(string)
	*ss = s
	return ss
}
chore: rename imports from platform to influxdb I did this with a dumb editor macro, so some comments changed too. Also rename root package from platform to influxdb. In interest of minimizing risk, anyone importing the root package has now aliased it to "platform" so that no changes beyond imports were necessary in those files. Lastly, replace the old platform module to local path /dev/null so that nobody can accidentally reintroduce a platform dependency while migrating platform code to influxdb. 2019-01-08 00:37:16 +00:00			`package influxdb`
feat(platform): add secret service interface for managing use secrets 2018-11-13 20:20:37 +00:00
feat(notification/endpoint): add endpoint struct Co-authored-by: Jade McGough <jade@thezets.com> 2019-07-26 19:38:30 +00:00			`import (`
			`"context"`
			`"encoding/json"`
			`"strings"`
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com> 2021-03-30 18:10:02 +00:00
			`"github.com/influxdata/influxdb/v2/kit/platform"`
feat(notification/endpoint): add endpoint struct Co-authored-by: Jade McGough <jade@thezets.com> 2019-07-26 19:38:30 +00:00			`)`
feat(platform): add secret service interface for managing use secrets 2018-11-13 20:20:37 +00:00
chore(influxdb): secret not found error 2019-01-21 16:57:47 +00:00			`// ErrSecretNotFound is the error msg for a missing secret.`
			`const ErrSecretNotFound = "secret not found"`

feat(platform): add secret service interface for managing use secrets 2018-11-13 20:20:37 +00:00			`// SecretService a service for storing and retrieving secrets.`
			`type SecretService interface {`
			`// LoadSecret retrieves the secret value v found at key k for organization orgID.`
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com> 2021-03-30 18:10:02 +00:00			`LoadSecret(ctx context.Context, orgID platform.ID, k string) (string, error)`
feat(platform): add secret service interface for managing use secrets 2018-11-13 20:20:37 +00:00
			`// GetSecretKeys retrieves all secret keys that are stored for the organization orgID.`
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com> 2021-03-30 18:10:02 +00:00			`GetSecretKeys(ctx context.Context, orgID platform.ID) ([]string, error)`
feat(platform): add secret service interface for managing use secrets 2018-11-13 20:20:37 +00:00
			`// PutSecret stores the secret pair (k,v) for the organization orgID.`
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com> 2021-03-30 18:10:02 +00:00			`PutSecret(ctx context.Context, orgID platform.ID, k string, v string) error`
feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): remove explicit logrus dependency chore(platform): run go mod tidy chore(platform): replace github.com/Sirupsen/logrus with github.com/sirupsen/logrus chore(platform): update docker dependency feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): run go mod tidy feat(vault): add vault implementation of secret service chore(platform): make go modules tidy feat(platform): add Put/Patch/Delete methods on secret service feat(vault): add Put/Patch/Delete methods on vault secret service feat(http): add http handler methods for secret service feat(bolt): add Put/Delete/Patch methods to bolt secret service feat(testing): add tests for Put/Patch/Delete methods in secret service feat(mock): add mock secret service feat(http): add tests for secrets endpoints feat(http): update swagger for secrets endpoints chore: run go mod tidy 2018-11-16 16:45:00 +00:00
			`// PutSecrets puts all provided secrets and overwrites any previous values.`
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com> 2021-03-30 18:10:02 +00:00			`PutSecrets(ctx context.Context, orgID platform.ID, m map[string]string) error`
feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): remove explicit logrus dependency chore(platform): run go mod tidy chore(platform): replace github.com/Sirupsen/logrus with github.com/sirupsen/logrus chore(platform): update docker dependency feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): run go mod tidy feat(vault): add vault implementation of secret service chore(platform): make go modules tidy feat(platform): add Put/Patch/Delete methods on secret service feat(vault): add Put/Patch/Delete methods on vault secret service feat(http): add http handler methods for secret service feat(bolt): add Put/Delete/Patch methods to bolt secret service feat(testing): add tests for Put/Patch/Delete methods in secret service feat(mock): add mock secret service feat(http): add tests for secrets endpoints feat(http): update swagger for secrets endpoints chore: run go mod tidy 2018-11-16 16:45:00 +00:00
			`// PatchSecrets patches all provided secrets and updates any previous values.`
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com> 2021-03-30 18:10:02 +00:00			`PatchSecrets(ctx context.Context, orgID platform.ID, m map[string]string) error`
feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): remove explicit logrus dependency chore(platform): run go mod tidy chore(platform): replace github.com/Sirupsen/logrus with github.com/sirupsen/logrus chore(platform): update docker dependency feat(vault): add vault implementation of secret service test(platform): run testcontainer integration tests for nightly release Integration tests for the vault secret service using testcontiners should not run along with unit tests, however, they should run on some regular schedule. This commit introduces `make test-integration` which runs integration tests for vault using testcontainers. The command introduced relies on docker being available on the host it is executed on. chore(platform): make go modules tidy chore: try to fix go mod chore(platform): run go mod tidy feat(vault): add vault implementation of secret service chore(platform): make go modules tidy feat(platform): add Put/Patch/Delete methods on secret service feat(vault): add Put/Patch/Delete methods on vault secret service feat(http): add http handler methods for secret service feat(bolt): add Put/Delete/Patch methods to bolt secret service feat(testing): add tests for Put/Patch/Delete methods in secret service feat(mock): add mock secret service feat(http): add tests for secrets endpoints feat(http): update swagger for secrets endpoints chore: run go mod tidy 2018-11-16 16:45:00 +00:00
			`// DeleteSecret removes a single secret from the secret store.`
refactor: automated move of errors and id from root to kit (#21101) Co-authored-by: Sam Arnold <sarnold@influxdata.com> 2021-03-30 18:10:02 +00:00			`DeleteSecret(ctx context.Context, orgID platform.ID, ks ...string) error`
feat(platform): add secret service interface for managing use secrets 2018-11-13 20:20:37 +00:00			`}`
feat(notification/endpoint): add endpoint struct Co-authored-by: Jade McGough <jade@thezets.com> 2019-07-26 19:38:30 +00:00
			`// SecretField contains a key string, and value pointer.`
			`type SecretField struct {`
			Key string `json:"key"`
			Value *string `json:"value,omitempty"`
			`}`

			`// String returns the key of the secret.`
			`func (s SecretField) String() string {`
			`if s.Key == "" {`
			`return ""`
			`}`
feat(http): add notification endpoint service note: tests are seriously borked here. Cannot reuse any existing testing as the setup is very particular and the http layer doesn't suppport everyting. that being said, there are goign to be implicit testing in the `launcher/pkger_test.go` file. This feels broken, and probably needs to be readdressed before we GA a 2.0 influxdb.... 2019-12-10 19:27:48 +00:00			`return "secret: " + s.Key`
feat(notification/endpoint): add endpoint struct Co-authored-by: Jade McGough <jade@thezets.com> 2019-07-26 19:38:30 +00:00			`}`

			`// MarshalJSON implement the json marshaler interface.`
			`func (s SecretField) MarshalJSON() ([]byte, error) {`
			`return json.Marshal(s.String())`
			`}`

			`// UnmarshalJSON implement the json unmarshaler interface.`
			`func (s *SecretField) UnmarshalJSON(b []byte) error {`
			`var ss string`
			`if err := json.Unmarshal(b, &ss); err != nil {`
			`return err`
			`}`
			`if ss == "" {`
			`s.Key = ""`
			`return nil`
			`}`
			`if strings.HasPrefix(ss, "secret: ") {`
			`s.Key = ss[len("secret: "):]`
			`} else {`
			`s.Value = strPtr(ss)`
			`}`
			`return nil`
			`}`

			`func strPtr(s string) *string {`
			`ss := new(string)`
			`*ss = s`
			`return ss`
			`}`