Skip to content

Commit

Permalink
chore: change approach to authenticate with Vault
Browse files Browse the repository at this point in the history
  • Loading branch information
martinsaporiti committed Dec 1, 2023
1 parent 04efadb commit 8d2cbb7
Show file tree
Hide file tree
Showing 10 changed files with 24 additions and 31 deletions.
5 changes: 0 additions & 5 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,6 @@ build-ui-arm:

.PHONY: down
down:
rm -R infrastructure/local/.vault/data/init.out
$(DOCKER_COMPOSE_INFRA_CMD) down --remove-orphans
$(DOCKER_COMPOSE_CMD) down --remove-orphans

Expand All @@ -116,10 +115,6 @@ stop:
up-test:
$(DOCKER_COMPOSE_INFRA_CMD) up -d test_postgres vault test_local_files_apache

.PHONY: clean-vault
clean-vault:
rm -R infrastructure/local/.vault/data/init.out

$(BIN)/platformid-migrate:
$(BUILD_CMD) ./cmd/migrate

Expand Down
4 changes: 4 additions & 0 deletions infrastructure/local/.vault/config/policies.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@ path "iden3/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}

path "secret/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}

path "kv/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
Expand Down
1 change: 1 addition & 0 deletions infrastructure/local/.vault/scripts/init.sh
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ sleep 5
FILE=/vault/data/init.out
if [ ! -e "$FILE" ]; then
echo -e "===== Initialize the Vault ====="
mkdir /vault/data/
vault operator init > /vault/data/init.out
fi

Expand Down
2 changes: 0 additions & 2 deletions infrastructure/local/docker-compose-infra.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,6 @@ services:
volumes:
- ./.vault/config:/vault/config
- ./.vault/policies:/vault/policies
- ./.vault/data:/vault/data
# - ./.vault/file:/vault/file:rw
- ./.vault/scripts:/vault/scripts
- ./.vault/plugins:/vault/plugins
ports:
Expand Down
5 changes: 3 additions & 2 deletions internal/api/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,8 +63,9 @@ func TestMain(m *testing.M) {
cachex = cache.NewMemoryCache()

vaultCli, err = providers.VaultClient(ctx, providers.Config{
Address: cfgForTesting.KeyStore.Address,
Token: cfgForTesting.KeyStore.Token,
Address: cfgForTesting.KeyStore.Address,
UserPassAuthEnabled: cfgForTesting.KeyStore.UserPassEnabled,
Pass: cfgForTesting.KeyStore.UserPassPassword,
})
if err != nil {
log.Error(ctx, "failed to acquire vault client", "err", err)
Expand Down
6 changes: 3 additions & 3 deletions internal/api_ui/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,10 +61,10 @@ func TestMain(m *testing.M) {
storage = s

cachex = cache.NewMemoryCache()

vaultCli, err = providers.VaultClient(context.Background(), providers.Config{
Address: cfgForTesting.KeyStore.Address,
Token: cfgForTesting.KeyStore.Token,
Address: cfgForTesting.KeyStore.Address,
UserPassAuthEnabled: cfgForTesting.KeyStore.UserPassEnabled,
Pass: cfgForTesting.KeyStore.UserPassPassword,
})
if err != nil {
log.Error(ctx, "failed to acquire vault client", "err", err)
Expand Down
17 changes: 4 additions & 13 deletions internal/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,8 @@ type KeyStore struct {
Address string `tip:"Keystore address"`
Token string `tip:"Token"`
PluginIden3MountPath string `tip:"PluginIden3MountPath"`
UserPassEnabled bool `tip:"UserPassEnabled"`
UserPassPassword string `tip:"UserPassPassword"`
}

// Log holds runtime configurations
Expand Down Expand Up @@ -353,23 +355,12 @@ func Load(fileName string) (*Configuration, error) {
func VaultTest() KeyStore {
return KeyStore{
Address: "http://localhost:8200",
Token: lookupVaultTestToken(),
PluginIden3MountPath: "iden3",
UserPassEnabled: true,
UserPassPassword: "issuernodepwd",
}
}

func lookupVaultTestToken() string {
var err error
token, ok := os.LookupEnv("VAULT_TEST_TOKEN")
if !ok {
token, err = lookupVaultTokenFromFile("infrastructure/local/.vault/data/init.out")
if err != nil {
return ""
}
}
return token
}

// lookupVaultTokenFromFile parses the vault config file looking for the hvs token and returns it
// pathVaultConfig MUST be a relative path starting from the root project folder
// like "infrastructure/local/.vault/data/init.out"
Expand Down
5 changes: 3 additions & 2 deletions internal/core/services/tests/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,9 @@ func TestMain(m *testing.M) {
storage = s

vaultCli, err = providers.VaultClient(ctx, providers.Config{
Address: cfgForTesting.KeyStore.Address,
Token: cfgForTesting.KeyStore.Token,
Address: cfgForTesting.KeyStore.Address,
UserPassAuthEnabled: cfgForTesting.KeyStore.UserPassEnabled,
Pass: cfgForTesting.KeyStore.UserPassPassword,
})
if err != nil {
log.Error(ctx, "failed to acquire vault client", "err", err)
Expand Down
5 changes: 3 additions & 2 deletions internal/kms/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,9 @@ func testKMSSetup(t testing.TB) TestKMS {
var err error

k.VaultCli, err = providers.VaultClient(context.Background(), providers.Config{
Address: cfg.Address,
Token: cfg.Token,
Address: cfg.Address,
UserPassAuthEnabled: cfg.UserPassEnabled,
Pass: cfg.UserPassPassword,
})
require.NoError(t, err)

Expand Down
5 changes: 3 additions & 2 deletions internal/kms/vaultPluginIden3KeyProvider_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,8 +127,9 @@ func setupPluginBJJProvider(t *testing.T) (vaultCli *api.Client, mountPath strin
t.Helper()
var err error
vaultCli, err = providers.VaultClient(context.Background(), providers.Config{
Address: cfg.Address,
Token: cfg.Token,
Address: cfg.Address,
UserPassAuthEnabled: cfg.UserPassEnabled,
Pass: cfg.UserPassPassword,
})
require.NoError(t, err)
mountPath = cfg.PluginIden3MountPath
Expand Down

0 comments on commit 8d2cbb7

Please sign in to comment.