From 6c5f43e537c3d210080b51d5bec46fce14045b10 Mon Sep 17 00:00:00 2001 From: Thomas Boerger Date: Thu, 26 Oct 2023 16:32:13 +0200 Subject: [PATCH] feat: add secrets from file and prepare a release --- changelog/1.0.0_2023-10-26/file-secrets.md | 7 +++++ changelog/1.0.0_2023-10-26/update-deps.md | 7 +++++ pkg/action/server.go | 29 +++++++++++++++-- pkg/config/config.go | 36 ++++++++++++++++++++++ 4 files changed, 77 insertions(+), 2 deletions(-) create mode 100644 changelog/1.0.0_2023-10-26/file-secrets.md create mode 100644 changelog/1.0.0_2023-10-26/update-deps.md diff --git a/changelog/1.0.0_2023-10-26/file-secrets.md b/changelog/1.0.0_2023-10-26/file-secrets.md new file mode 100644 index 0000000..55a9ea3 --- /dev/null +++ b/changelog/1.0.0_2023-10-26/file-secrets.md @@ -0,0 +1,7 @@ +Change: Read secrets form files + +We have added proper support to load secrets like passwords from files or from +base64-encoded strings. Just provide the flags or environment variables with a +DSN formatted string like `file://path/to/file` or `base64://Zm9vYmFy`. + +https://github.com/promhippie/prometheus-vcd-sd/pulls/ diff --git a/changelog/1.0.0_2023-10-26/update-deps.md b/changelog/1.0.0_2023-10-26/update-deps.md new file mode 100644 index 0000000..3031b03 --- /dev/null +++ b/changelog/1.0.0_2023-10-26/update-deps.md @@ -0,0 +1,7 @@ +Enhancement: Update all releated dependencies + +We've updated all dependencies to the latest available versions, including more +current versions of build tools and used Go version to build the binaries. It's +time to mark a stable release. + +https://github.com/promhippie/prometheus-vcd-sd/pulls/ diff --git a/pkg/action/server.go b/pkg/action/server.go index 74df2fd..4fce264 100644 --- a/pkg/action/server.go +++ b/pkg/action/server.go @@ -2,6 +2,7 @@ package action import ( "context" + "fmt" "io" "net/http" "net/url" @@ -40,6 +41,30 @@ func Server(cfg *config.Config, logger log.Logger) error { configs := make(map[string]*client.Client, len(cfg.Target.Credentials)) for _, credential := range cfg.Target.Credentials { + username, err := config.Value(credential.Username) + + if err != nil { + level.Error(logger).Log( + "msg", "Failed to read username secret", + "project", credential.Project, + "err", err, + ) + + return fmt.Errorf("failed to read username secret for %s", credential.Project) + } + + password, err := config.Value(credential.Password) + + if err != nil { + level.Error(logger).Log( + "msg", "Failed to read password secret", + "project", credential.Project, + "err", err, + ) + + return fmt.Errorf("failed to read password secret for %s", credential.Project) + } + parsed, err := url.ParseRequestURI(credential.URL) if err != nil { @@ -54,8 +79,8 @@ func Server(cfg *config.Config, logger log.Logger) error { configs[credential.Project] = client.New( parsed, credential.Insecure, - credential.Username, - credential.Password, + username, + password, credential.Org, credential.Vdc, ) diff --git a/pkg/config/config.go b/pkg/config/config.go index 59b0a85..a406575 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -1,5 +1,12 @@ package config +import ( + "encoding/base64" + "fmt" + "os" + "strings" +) + // Credential defines a single project credential. type Credential struct { Project string `json:"project" yaml:"project"` @@ -47,3 +54,32 @@ func Load() *Config { }, } } + +// Value returns the config value based on a DSN. +func Value(val string) (string, error) { + if strings.HasPrefix(val, "file://") { + content, err := os.ReadFile( + strings.TrimPrefix(val, "file://"), + ) + + if err != nil { + return "", fmt.Errorf("failed to parse secret file: %w", err) + } + + return string(content), nil + } + + if strings.HasPrefix(val, "base64://") { + content, err := base64.StdEncoding.DecodeString( + strings.TrimPrefix(val, "base64://"), + ) + + if err != nil { + return "", fmt.Errorf("failed to parse base64 value: %w", err) + } + + return string(content), nil + } + + return val, nil +}