From a3717a44359ee72da0f7457cd4632460477212d6 Mon Sep 17 00:00:00 2001 From: Jayme Howard Date: Sat, 15 May 2021 12:41:37 -0500 Subject: [PATCH 1/5] Add flags to change default Vault adddress and Kubernetes mount --- internal/config/config.go | 11 +++-------- internal/config/config_test.go | 10 ++++++---- internal/server/server.go | 6 ++++-- main.go | 6 +++++- 4 files changed, 18 insertions(+), 15 deletions(-) diff --git a/internal/config/config.go b/internal/config/config.go index 88190e0..5530d2a 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -11,11 +11,6 @@ import ( "k8s.io/apimachinery/pkg/types" ) -const ( - defaultVaultAddress string = "https://127.0.0.1:8200" - defaultVaultKubernetesMountPath string = "kubernetes" -) - // Config represents all of the provider's configurable behaviour from the MountRequest proto message: // * Parameters from the `Attributes` field. // * Plus the rest of the proto fields we consume. @@ -69,13 +64,13 @@ type Secret struct { SecretArgs map[string]interface{} `yaml:"secretArgs,omitempty"` } -func Parse(logger hclog.Logger, parametersStr, targetPath, permissionStr string) (Config, error) { +func Parse(logger hclog.Logger, parametersStr, targetPath, permissionStr string, defaultVaultAddr string, defaultVaultKubernetesMountPath string) (Config, error) { config := Config{ TargetPath: targetPath, } var err error - config.Parameters, err = parseParameters(logger, parametersStr) + config.Parameters, err = parseParameters(logger, parametersStr, defaultVaultAddr, defaultVaultKubernetesMountPath) if err != nil { return Config{}, err } @@ -93,7 +88,7 @@ func Parse(logger hclog.Logger, parametersStr, targetPath, permissionStr string) return config, nil } -func parseParameters(logger hclog.Logger, parametersStr string) (Parameters, error) { +func parseParameters(logger hclog.Logger, parametersStr string, defaultVaultAddress string, defaultVaultKubernetesMountPath string) (Parameters, error) { var params map[string]string err := json.Unmarshal([]byte(parametersStr), ¶ms) if err != nil { diff --git a/internal/config/config_test.go b/internal/config/config_test.go index 07e8fed..2ba61bb 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -35,6 +35,8 @@ spec: common_name: "internal.example.com" method: "PUT" ` + defaultVaultAddress = "http://127.0.0.1:8200" + defaultVaultKubernetesMountPath = "kubernetes" ) func TestParseParametersFromYaml(t *testing.T) { @@ -50,7 +52,7 @@ func TestParseParametersFromYaml(t *testing.T) { paramsBytes, err := json.Marshal(secretProviderClass.Spec.Parameters) // This is now the form the provider receives the data in. - params, err := parseParameters(hclog.NewNullLogger(), string(paramsBytes)) + params, err := parseParameters(hclog.NewNullLogger(), string(paramsBytes), defaultVaultAddress, defaultVaultKubernetesMountPath) require.NoError(t, err) require.Equal(t, Parameters{ @@ -84,7 +86,7 @@ func TestParseParameters(t *testing.T) { // This file's contents are copied directly from a driver mount request. parametersStr, err := ioutil.ReadFile(filepath.Join("testdata", "example-parameters-string.txt")) require.NoError(t, err) - actual, err := parseParameters(hclog.NewNullLogger(), string(parametersStr)) + actual, err := parseParameters(hclog.NewNullLogger(), string(parametersStr), defaultVaultAddress, defaultVaultKubernetesMountPath) require.NoError(t, err) expected := Parameters{ VaultRoleName: "example-role", @@ -175,7 +177,7 @@ func TestParseConfig(t *testing.T) { } { parametersStr, err := json.Marshal(tc.parameters) require.NoError(t, err) - cfg, err := Parse(hclog.NewNullLogger(), string(parametersStr), tc.targetPath, "420") + cfg, err := Parse(hclog.NewNullLogger(), string(parametersStr), tc.targetPath, "420", defaultVaultAddress, defaultVaultKubernetesMountPath) require.NoError(t, err, tc.name) require.Equal(t, tc.expected, cfg) } @@ -205,7 +207,7 @@ func TestParseConfig_Errors(t *testing.T) { } { parametersStr, err := json.Marshal(tc.parameters) require.NoError(t, err) - _, err = Parse(hclog.NewNullLogger(), string(parametersStr), "/some/path", "420") + _, err = Parse(hclog.NewNullLogger(), string(parametersStr), "/some/path", "420", defaultVaultAddress, defaultVaultKubernetesMountPath) require.Error(t, err, tc.name) } } diff --git a/internal/server/server.go b/internal/server/server.go index e880e5b..ff03c2b 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -17,7 +17,9 @@ var ( // Server implements the secrets-store-csi-driver provider gRPC service interface. type Server struct { - Logger hclog.Logger + Logger hclog.Logger + VaultAddr string + VaultMount string } func (p *Server) Version(context.Context, *pb.VersionRequest) (*pb.VersionResponse, error) { @@ -43,7 +45,7 @@ func (p *Server) Mount(ctx context.Context, req *pb.MountRequest) (*pb.MountResp } func (p *Server) handleMountRequest(ctx context.Context, parametersStr, targetPath, permissionStr string) (map[string]string, error) { - cfg, err := config.Parse(p.Logger.Named("config"), parametersStr, targetPath, permissionStr) + cfg, err := config.Parse(p.Logger.Named("config"), parametersStr, targetPath, permissionStr, p.VaultAddr, p.VaultMount) if err != nil { return nil, err } diff --git a/main.go b/main.go index 4587be8..7e14a2a 100644 --- a/main.go +++ b/main.go @@ -24,6 +24,8 @@ var ( debug = flag.Bool("debug", false, "sets log to debug level") healthAddr = flag.String("health_addr", ":8080", "configure http listener for reporting health") selfVersion = flag.Bool("version", false, "prints the version information") + vaultAddr = flag.String("vault_addr", "https://127.0.0.1:8200", "default address for connecting to Vault") + vaultMount = flag.String("vault_mount", "kubernetes", "default Vault mount path for Kubernetes authentication") ) func main() { @@ -83,7 +85,9 @@ func realMain(logger hclog.Logger) error { logger.Info(fmt.Sprintf("Listening on %s", *endpoint)) s := &providerserver.Server{ - Logger: serverLogger, + Logger: serverLogger, + VaultAddr: *vaultAddr, + VaultMount: *vaultMount, } pb.RegisterCSIDriverProviderServer(server, s) From 1765536f93f795e6e46c345eb6fe1acaed16db06 Mon Sep 17 00:00:00 2001 From: Jayme Howard Date: Sat, 15 May 2021 12:45:00 -0500 Subject: [PATCH 2/5] Fix tabs vs spaces --- internal/server/server.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/server/server.go b/internal/server/server.go index ff03c2b..6524285 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -18,8 +18,8 @@ var ( // Server implements the secrets-store-csi-driver provider gRPC service interface. type Server struct { Logger hclog.Logger - VaultAddr string - VaultMount string + VaultAddr string + VaultMount string } func (p *Server) Version(context.Context, *pb.VersionRequest) (*pb.VersionResponse, error) { From 281db5bbe5582bd73bb0d893a406b0e488f48455 Mon Sep 17 00:00:00 2001 From: Jayme Howard Date: Sat, 15 May 2021 12:53:44 -0500 Subject: [PATCH 3/5] Fix whitespace for linter --- internal/config/config_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/config/config_test.go b/internal/config/config_test.go index 2ba61bb..ab1ad29 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -35,8 +35,8 @@ spec: common_name: "internal.example.com" method: "PUT" ` - defaultVaultAddress = "http://127.0.0.1:8200" - defaultVaultKubernetesMountPath = "kubernetes" + defaultVaultAddress = "http://127.0.0.1:8200" + defaultVaultKubernetesMountPath = "kubernetes" ) func TestParseParametersFromYaml(t *testing.T) { From 98282039222553d3be50a6586ddb691a25be05b9 Mon Sep 17 00:00:00 2001 From: Jayme Howard Date: Mon, 24 May 2021 11:52:52 -0500 Subject: [PATCH 4/5] Update changelog with unreleased feature, reformat flag to have hyphen instead of underscore --- CHANGELOG.md | 4 ++++ main.go | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c26d4fe..334907f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ## Unreleased +FEATURES: + +* Support for changing the default Vault address and Kubernetes mount path via CLI flag to the vault-csi-provider binary + ## 0.2.0 (April 14th, 2021) FEATURES: diff --git a/main.go b/main.go index 7e14a2a..78cf845 100644 --- a/main.go +++ b/main.go @@ -24,8 +24,8 @@ var ( debug = flag.Bool("debug", false, "sets log to debug level") healthAddr = flag.String("health_addr", ":8080", "configure http listener for reporting health") selfVersion = flag.Bool("version", false, "prints the version information") - vaultAddr = flag.String("vault_addr", "https://127.0.0.1:8200", "default address for connecting to Vault") - vaultMount = flag.String("vault_mount", "kubernetes", "default Vault mount path for Kubernetes authentication") + vaultAddr = flag.String("vault-addr", "https://127.0.0.1:8200", "default address for connecting to Vault") + vaultMount = flag.String("vault-mount", "kubernetes", "default Vault mount path for Kubernetes authentication") ) func main() { From 2f806e6d575e841c415d4ddb62b356f32a5c6de0 Mon Sep 17 00:00:00 2001 From: Tom Proctor Date: Tue, 1 Jun 2021 16:21:53 +0100 Subject: [PATCH 5/5] Fix bad whitespace from resolving conflicts --- main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.go b/main.go index 539a68c..6457bc9 100644 --- a/main.go +++ b/main.go @@ -24,7 +24,7 @@ var ( debug = flag.Bool("debug", false, "sets log to debug level") healthAddr = flag.String("health_addr", ":8080", "configure http listener for reporting health") selfVersion = flag.Bool("version", false, "prints the version information") - vaultAddr = flag.String("vault-addr", "https://127.0.0.1:8200", "default address for connecting to Vault") + vaultAddr = flag.String("vault-addr", "https://127.0.0.1:8200", "default address for connecting to Vault") vaultMount = flag.String("vault-mount", "kubernetes", "default Vault mount path for Kubernetes authentication") writeSecrets = flag.Bool("write_secrets", true, "write secrets directly to filesystem (true), or send secrets to CSI driver in gRPC response (false)") )