feat: add secrets from file and prepare a release

promhippie · Oct 26, 2023 · 0385fee · 0385fee
1 parent 4e01b70
commit 0385fee
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 2 deletions.
diff --git a/changelog/1.3.0_2023-10-26/file-secrets.md b/changelog/1.3.0_2023-10-26/file-secrets.md
@@ -0,0 +1,7 @@
+Change: Read secrets form files
+
+We have added proper support to load secrets like tokens from files or from
+base64-encoded strings. Just provide the flags or environment variables with a
+DSN formatted string like `file://path/to/file` or `base64://Zm9vYmFy`.
+
+https://github.com/promhippie/prometheus-scw-sd/pulls/
diff --git a/changelog/1.3.0_2023-10-26/update-deps.md b/changelog/1.3.0_2023-10-26/update-deps.md
@@ -0,0 +1,6 @@
+Enhancement: Update all releated dependencies
+
+We've updated all dependencies to the latest available versions, including more
+current versions of build tools and used Go version to build the binaries.
+
+https://github.com/promhippie/prometheus-scw-sd/pulls/
diff --git a/pkg/action/server.go b/pkg/action/server.go
@@ -41,6 +41,30 @@ func Server(cfg *config.Config, logger log.Logger) error {
 		clients := make(map[string]*scw.Client, len(cfg.Target.Credentials))
 
 		for _, credential := range cfg.Target.Credentials {
+			accessKey, err := config.Value(credential.AccessKey)
+
+			if err != nil {
+				level.Error(logger).Log(
+					"msg", "Failed to read access key secret",
+					"project", credential.Project,
+					"err", err,
+				)
+
+				return fmt.Errorf("failed to read access key secret for %s", credential.Project)
+			}
+
+			secretKey, err := config.Value(credential.SecretKey)
+
+			if err != nil {
+				level.Error(logger).Log(
+					"msg", "Failed to read secret key secret",
+					"project", credential.Project,
+					"err", err,
+				)
+
+				return fmt.Errorf("failed to read secret key secret for %s", credential.Project)
+			}
+
 			opts := make([]scw.ClientOption, 0)
 
 			opts = append(opts, scw.WithUserAgent(
@@ -54,8 +78,8 @@ func Server(cfg *config.Config, logger log.Logger) error {
 			))
 
 			opts = append(opts, scw.WithAuth(
-				credential.AccessKey,
-				credential.SecretKey,
+				accessKey,
+				secretKey,
 			))
 
 			if credential.Org != "" {

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -1,5 +1,12 @@
 package config
 
+import (
+	"encoding/base64"
+	"fmt"
+	"os"
+	"strings"
+)
+
 // Credential defines a single project credential.
 type Credential struct {
 	Project   string `json:"project" yaml:"project"`
@@ -54,3 +61,32 @@ func Load() *Config {
 		},
 	}
 }
+
+// Value returns the config value based on a DSN.
+func Value(val string) (string, error) {
+	if strings.HasPrefix(val, "file://") {
+		content, err := os.ReadFile(
+			strings.TrimPrefix(val, "file://"),
+		)
+
+		if err != nil {
+			return "", fmt.Errorf("failed to parse secret file: %w", err)
+		}
+
+		return string(content), nil
+	}
+
+	if strings.HasPrefix(val, "base64://") {
+		content, err := base64.StdEncoding.DecodeString(
+			strings.TrimPrefix(val, "base64://"),
+		)
+
+		if err != nil {
+			return "", fmt.Errorf("failed to parse base64 value: %w", err)
+		}
+
+		return string(content), nil
+	}
+
+	return val, nil
+}