1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
package echo
import (
"context"
"sync"
"code.crute.us/mcrute/golib/secrets"
"code.crute.us/mcrute/golib/service"
"code.crute.us/mcrute/golib/vault"
"github.com/labstack/echo/v4"
)
// MakeVaultClient creates a VaultClient with default configuration and
// adds it to the service runner with a logger.
//
// Deprecated: Use MakeVaultSecretsClient and AttachSecretsClient instead.
func MakeVaultClient(ctx context.Context, runner *service.AppRunner, log echo.Logger) (vault.VaultClient, error) {
certRenewal := make(chan *vault.Renewal, 10)
c, err := vault.NewClientEnv(certRenewal)
if err != nil {
return nil, err
}
runner.AddJob(vault.MakeRenewalLogger(certRenewal, log))
runner.AddJobRunNow(c.Run)
if err = c.LoginApproleEnv(ctx); err != nil {
return nil, err
}
return c, nil
}
// MakeVaultSecretsClient creates a secrets.ClientManager connected to
// Vault and authenticates it.
func MakeVaultSecretsClient(ctx context.Context) (secrets.ClientManager, error) {
vc, err := secrets.NewVaultClient(&secrets.VaultClientConfig{})
if err != nil {
return nil, err
}
if err = vc.Authenticate(ctx); err != nil {
return nil, err
}
return vc, nil
}
// AttachSecretsClient attaches a secrets client to a runner and
// configures logger and failure handler to run asynchronously. The
// failure handler will terminate the application if a critical
// credential renewal failure occurs.
func AttachSecretsClient(c secrets.ClientManager, cancel func(), run *service.AppRunner, log echo.Logger) {
run.AddJob(func(ctx context.Context, wg *sync.WaitGroup) error {
log.Info("Starting credential renewal handler")
err := c.Run(ctx, wg)
log.Info("Shutting down credential renewal handler")
return err
})
run.AddJob(func(ctx context.Context, wg *sync.WaitGroup) error {
log.Info("Starting credential renewal logger")
err := secrets.MakeRenewalLogger(c, log, cancel)(ctx, wg)
log.Info("Shutting down credential renewal logger")
return err
})
}
|