forked from open-horizon/vault-exchange-auth
-
Notifications
You must be signed in to change notification settings - Fork 1
/
config.go
145 lines (113 loc) · 4.74 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
package openhorizon
import (
"context"
"errors"
"fmt"
"strconv"
"github.com/openbao/openbao/sdk/v2/framework"
"github.com/openbao/openbao/sdk/v2/logical"
)
const EXCHANGE_URL_STORAGE_KEY = "exchange-url"
const VAULT_TOKEN_STORAGE_KEY = "agbot-vault-token"
const AGBOT_RENEWAL_KEY = "agbot-renewal"
const VAULT_APIURL_STORAGE_KEY = "vault-url"
const DEFAULT_RENEWAL_RATE = 300
const DEFAULT_APIURL = "http://localhost:8200"
func (o *backend) pathConfig(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
// Validate that the exchange URL is reachable.
if o.Logger().IsInfo() {
o.Logger().Info(ohlog("processing config update"))
}
url := d.Get(CONFIG_EXCHANGE_URL_KEY).(string)
if url == "" {
return nil, errors.New(ohlog(fmt.Sprintf("%s is a required parameter", CONFIG_EXCHANGE_URL_KEY)))
}
// Attempt to verify that the exchange URL is good by hitting the version API. This is the only unauthenticated API.
fullURL := fmt.Sprintf("%v/admin/version", url)
resp, err := o.InvokeExchangeWithRetry(fullURL, "", "")
// If there was an error invoking the HTTP API, return it.
if err != nil {
return nil, OtherError{Msg: fmt.Sprintf("unable to verify exchange URL (%s), error: %v", url, err)}
}
// Make sure the response reader is closed if we exit quickly.
defer resp.Body.Close()
// If the response code was not expected, then return the error.
if resp.StatusCode != 200 {
return nil, OtherError{Msg: fmt.Sprintf("unable to verify exchange URL (%s), HTTP code %v", url, resp.StatusCode)}
}
if err = req.Storage.Put(ctx, &logical.StorageEntry{Key: EXCHANGE_URL_STORAGE_KEY, Value: []byte(url)}); err != nil {
return nil, errors.New(ohlog(fmt.Sprintf("failed to write secret (%s), error: %v", EXCHANGE_URL_STORAGE_KEY, err)))
}
// Store the bao token used to setup the bao.
token := d.Get(CONFIG_TOKEN_KEY).(string)
if token == "" {
return nil, errors.New(ohlog(fmt.Sprintf("%s is a required parameter", CONFIG_TOKEN_KEY)))
}
if err = req.Storage.Put(ctx, &logical.StorageEntry{Key: VAULT_TOKEN_STORAGE_KEY, Value: []byte(token)}); err != nil {
return nil, errors.New(ohlog(fmt.Sprintf("failed to write secret (%s), error: %v", VAULT_TOKEN_STORAGE_KEY, err)))
}
// Store the agbot login renewal rate.
renewal := d.Get(CONFIG_AGBOT_RENEWAL_KEY).(int)
if renewal == 0 {
renewal = DEFAULT_RENEWAL_RATE
}
if err = req.Storage.Put(ctx, &logical.StorageEntry{Key: AGBOT_RENEWAL_KEY, Value: []byte(strconv.Itoa(renewal))}); err != nil {
return nil, errors.New(ohlog(fmt.Sprintf("failed to write secret (%s), error: %v", AGBOT_RENEWAL_KEY, err)))
}
// Store the bao API URL used by the plugin to invoke bao APIs.
vaultAPIURL := d.Get(CONFIG_VAULT_API_KEY).(string)
if vaultAPIURL == "" {
vaultAPIURL = DEFAULT_APIURL
}
if err = req.Storage.Put(ctx, &logical.StorageEntry{Key: VAULT_APIURL_STORAGE_KEY, Value: []byte(token)}); err != nil {
return nil, errors.New(ohlog(fmt.Sprintf("failed to write secret (%s), error: %v", VAULT_APIURL_STORAGE_KEY, err)))
}
// Set the URL into the bao client object.
if err = o.vc.SetAddress(vaultAPIURL); err != nil {
return nil, errors.New(ohlog(fmt.Sprintf("failed to set vault URL in the client, error: %v", err)))
}
// Log the config
if o.Logger().IsInfo() {
o.Logger().Info(ohlog(fmt.Sprintf("config is set, exchange url: %v, token: ********, renewal: %v, vault API URL: %v", url, renewal, vaultAPIURL)))
}
return nil, nil
}
// Extract the exchange URL and bao token from plugin storage.
func (o *backend) getConfig(ctx context.Context, req *logical.Request) (exURL string, token string, renewalRate int, err error) {
var url *logical.StorageEntry
url, err = req.Storage.Get(ctx, EXCHANGE_URL_STORAGE_KEY)
if err != nil {
return
}
if url == nil || len(url.Value) == 0 {
err = errors.New(fmt.Sprintf("%s is not set. Use the /config API to configure the plugin.", CONFIG_EXCHANGE_URL_KEY))
return
}
exURL = string(url.Value)
var tok *logical.StorageEntry
// Extract the agbot bao token from plugin storage.
tok, err = req.Storage.Get(ctx, VAULT_TOKEN_STORAGE_KEY)
if err != nil {
return
}
if tok == nil || len(tok.Value) == 0 {
err = errors.New(fmt.Sprintf("%s is not set. Use the /config API to configure the plugin.", CONFIG_TOKEN_KEY))
}
token = string(tok.Value)
var renewal *logical.StorageEntry
// Extract the agbot renewal rate from plugin storage.
renewal, err = req.Storage.Get(ctx, AGBOT_RENEWAL_KEY)
if err != nil {
return
}
if renewal == nil || len(tok.Value) == 0 {
err = errors.New(fmt.Sprintf("%s is not set. Use the /config API to configure the plugin.", AGBOT_RENEWAL_KEY))
}
rr, err := strconv.Atoi(string(renewal.Value))
if err != nil {
renewalRate = DEFAULT_RENEWAL_RATE
} else {
renewalRate = rr
}
return
}