From c24f0b04da9cc995ff793230e1c5d9cde03f29b2 Mon Sep 17 00:00:00 2001 From: Tom Parker Date: Fri, 9 Aug 2024 12:56:05 -0400 Subject: [PATCH 01/12] Move client open/close logic --- internal/pkg/api/api.go | 14 ++------- internal/pkg/client/client.go | 59 +++++++++++++++++------------------ 2 files changed, 31 insertions(+), 42 deletions(-) diff --git a/internal/pkg/api/api.go b/internal/pkg/api/api.go index 548cbda..12d2b4c 100644 --- a/internal/pkg/api/api.go +++ b/internal/pkg/api/api.go @@ -65,13 +65,8 @@ func (api *API) getSecretByID(w http.ResponseWriter, r *http.Request) { } id := chi.URLParam(r, "secret_id") - slog.Debug("Connecting to bitwarden service") - api.Client.Connect(token) - defer api.Client.Close() - slog.Debug("Connected to bitwarden service") - slog.Debug(fmt.Sprintf("Getting secret by ID: %s", id)) - res, err := api.Client.GetByID(id) + res, err := api.Client.GetByID(id, token) if err != nil { slog.Error(fmt.Sprintf("%+v", err)) http.Error(w, err.Error(), http.StatusInternalServerError) @@ -91,13 +86,8 @@ func (api *API) getSecretByKey(w http.ResponseWriter, r *http.Request) { } key := chi.URLParam(r, "secret_key") - slog.Debug("Connecting to bitwarden service") - api.Client.Connect(token) - defer api.Client.Close() - slog.Debug("Connected to bitwarden service") - slog.Debug(fmt.Sprintf("Searching for key: %s", key)) - res, err := api.Client.GetByKey(key, api.OrgID) + res, err := api.Client.GetByKey(key, api.OrgID, token) if err != nil { slog.Error(fmt.Sprintf("%+v", err)) http.Error(w, err.Error(), http.StatusInternalServerError) diff --git a/internal/pkg/client/client.go b/internal/pkg/client/client.go index 9a054fa..6e6acd4 100644 --- a/internal/pkg/client/client.go +++ b/internal/pkg/client/client.go @@ -14,11 +14,10 @@ import ( ) type Bitwarden struct { - Client sdk.BitwardenClientInterface - Cache *cache.Cache - clientsInUse int - tokenPath string - mu sync.Mutex + Client sdk.BitwardenClientInterface + Cache *cache.Cache + tokenPath string + mu sync.Mutex } func New(ttl time.Duration) *Bitwarden { @@ -28,20 +27,13 @@ func New(ttl time.Duration) *Bitwarden { return &bw } -func (b *Bitwarden) Connect(token string) error { - b.mu.Lock() +func (b *Bitwarden) connect(token string) error { var err error - if b.clientsInUse == 0 { - slog.Debug("Creating new bitwarden client connection") - b.Client, err = b.newClient(token) - if err != nil { - return err - } - } else { - slog.Debug("Client already open/created") + slog.Debug("Creating new bitwarden client connection") + b.Client, err = b.newClient(token) + if err != nil { + return err } - b.clientsInUse++ - b.mu.Unlock() return nil } @@ -57,20 +49,12 @@ func (b *Bitwarden) newClient(token string) (sdk.BitwardenClientInterface, error return bitwardenClient, nil } -func (b *Bitwarden) Close() { - b.mu.Lock() - b.clientsInUse-- - if b.clientsInUse == 0 { - slog.Debug("Closing bitwarden client connection") - b.Client.Close() - b.mu.Unlock() - return - } - slog.Debug("Client still in use not closing") - b.mu.Unlock() +func (b *Bitwarden) close() { + slog.Debug("Closing bitwarden client connection") + b.Client.Close() } -func (b *Bitwarden) GetByID(id string) (string, error) { +func (b *Bitwarden) GetByID(id string, clientToken string) (string, error) { slog.Debug(fmt.Sprintf("Getting secret by ID: %s", id)) value := b.Cache.GetSecret(id) if value != "" { @@ -80,6 +64,14 @@ func (b *Bitwarden) GetByID(id string) (string, error) { secretIDs := make([]string, 1) secretIDs[0] = id slog.Debug(fmt.Sprintf("%s not found in cache, populating", id)) + slog.Debug("Locking client") + b.mu.Lock() + slog.Debug("Client locked") + defer b.mu.Unlock() + slog.Debug("Connecting to bitwarden service") + b.connect(clientToken) + defer b.close() + secret, err := b.Client.Secrets().GetByIDS(secretIDs) if secret == nil { return "", fmt.Errorf("unable to find secret: %s", id) @@ -89,11 +81,18 @@ func (b *Bitwarden) GetByID(id string) (string, error) { return string(secretJson), err } -func (b *Bitwarden) GetByKey(key string, orgID string) (string, error) { +func (b *Bitwarden) GetByKey(key string, orgID string, clientToken string) (string, error) { secret := "" id := b.Cache.GetID(key) if id == "" { slog.Debug(fmt.Sprintf("%s not found in cache, populating", key)) + slog.Debug("Locking client") + b.mu.Lock() + slog.Debug("Client locked") + defer b.mu.Unlock() + b.connect(clientToken) + defer b.close() + keyList, err := b.Client.Secrets().List(orgID) if err != nil { return "", err From 7ba68017fe7bd29e9a439c368c79eaa881dc155c Mon Sep 17 00:00:00 2001 From: Tom Parker Date: Fri, 9 Aug 2024 13:57:03 -0400 Subject: [PATCH 02/12] Hardening client interaction --- internal/pkg/client/client.go | 64 +++++++++++++++++++++++------------ 1 file changed, 42 insertions(+), 22 deletions(-) diff --git a/internal/pkg/client/client.go b/internal/pkg/client/client.go index 6e6acd4..40a4835 100644 --- a/internal/pkg/client/client.go +++ b/internal/pkg/client/client.go @@ -61,18 +61,10 @@ func (b *Bitwarden) GetByID(id string, clientToken string) (string, error) { slog.Debug(fmt.Sprintf("%s ID found in cache", id)) return value, nil } - secretIDs := make([]string, 1) - secretIDs[0] = id + slog.Debug(fmt.Sprintf("%s not found in cache, populating", id)) - slog.Debug("Locking client") - b.mu.Lock() - slog.Debug("Client locked") - defer b.mu.Unlock() - slog.Debug("Connecting to bitwarden service") - b.connect(clientToken) - defer b.close() - secret, err := b.Client.Secrets().GetByIDS(secretIDs) + secret, err := b.getSecretByIDs(id, clientToken) if secret == nil { return "", fmt.Errorf("unable to find secret: %s", id) } @@ -86,14 +78,8 @@ func (b *Bitwarden) GetByKey(key string, orgID string, clientToken string) (stri id := b.Cache.GetID(key) if id == "" { slog.Debug(fmt.Sprintf("%s not found in cache, populating", key)) - slog.Debug("Locking client") - b.mu.Lock() - slog.Debug("Client locked") - defer b.mu.Unlock() - b.connect(clientToken) - defer b.close() - - keyList, err := b.Client.Secrets().List(orgID) + + keyList, err := b.getSecretList(orgID, clientToken) if err != nil { return "", err } @@ -107,11 +93,12 @@ func (b *Bitwarden) GetByKey(key string, orgID string, clientToken string) (stri // query, but it returns all of them with a single query anyway if keyPair.Key == key { found = true - BwsSecret, err := b.Client.Secrets().Get(keyPair.ID) + + bwsSecret, err := b.getSecret(keyPair.ID, clientToken) if err != nil { return "", err } - storedSecret, _ := json.Marshal(BwsSecret) + storedSecret, _ := json.Marshal(bwsSecret) b.Cache.SetSecret(keyPair.ID, string(storedSecret)) } } @@ -124,13 +111,46 @@ func (b *Bitwarden) GetByKey(key string, orgID string, clientToken string) (stri secret = b.Cache.GetSecret(id) if secret == "" { slog.Debug(fmt.Sprintf("%s not found in cache, populating", key)) - BwsSecret, err := b.Client.Secrets().Get(id) + bwsSecret, err := b.getSecret(id, clientToken) if err != nil { return "", err } - storedSecret, _ := json.Marshal(BwsSecret) + storedSecret, _ := json.Marshal(bwsSecret) b.Cache.SetSecret(id, string(storedSecret)) secret = string(storedSecret) } return secret, nil } + +func (b *Bitwarden) getSecretList(orgID string, clientToken string) (*sdk.SecretIdentifiersResponse, error) { + slog.Debug("Locking client") + b.mu.Lock() + defer b.mu.Unlock() + slog.Debug("Client locked") + b.connect(clientToken) + defer b.close() + + return b.Client.Secrets().List(orgID) +} + +func (b *Bitwarden) getSecret(id string, clientToken string) (*sdk.SecretResponse, error) { + slog.Debug("Locking client") + b.mu.Lock() + defer b.mu.Unlock() + slog.Debug("Client locked") + b.connect(clientToken) + defer b.close() + return b.Client.Secrets().Get(id) +} + +func (b *Bitwarden) getSecretByIDs(id string, clientToken string) (*sdk.SecretsResponse, error) { + slog.Debug("Locking client") + b.mu.Lock() + defer b.mu.Unlock() + slog.Debug("Client locked") + b.connect(clientToken) + defer b.close() + secretIDs := make([]string, 1) + secretIDs[0] = id + return b.Client.Secrets().GetByIDS(secretIDs) +} From a5b5ecc4ddfefa3af9936651173c71cca9cf20a9 Mon Sep 17 00:00:00 2001 From: Tom Parker Date: Fri, 9 Aug 2024 14:14:43 -0400 Subject: [PATCH 03/12] Additional logging, remove client defers --- internal/pkg/client/client.go | 51 ++++++++++++++++++++++++----------- 1 file changed, 36 insertions(+), 15 deletions(-) diff --git a/internal/pkg/client/client.go b/internal/pkg/client/client.go index 40a4835..3aa6264 100644 --- a/internal/pkg/client/client.go +++ b/internal/pkg/client/client.go @@ -123,34 +123,55 @@ func (b *Bitwarden) GetByKey(key string, orgID string, clientToken string) (stri } func (b *Bitwarden) getSecretList(orgID string, clientToken string) (*sdk.SecretIdentifiersResponse, error) { - slog.Debug("Locking client") + slog.Debug("getSecretList: Locking client") b.mu.Lock() - defer b.mu.Unlock() - slog.Debug("Client locked") + + slog.Debug("getSecretList: Opening client") b.connect(clientToken) - defer b.close() - return b.Client.Secrets().List(orgID) + res, err := b.Client.Secrets().List(orgID) + slog.Debug("getSecretList: Closing client") + b.close() + + slog.Debug("getSecretList: Unlocking client") + b.mu.Unlock() + + return res, err } func (b *Bitwarden) getSecret(id string, clientToken string) (*sdk.SecretResponse, error) { - slog.Debug("Locking client") + slog.Debug("getSecret: Locking client") b.mu.Lock() - defer b.mu.Unlock() - slog.Debug("Client locked") + + slog.Debug("getSecret: Opening client") b.connect(clientToken) - defer b.close() - return b.Client.Secrets().Get(id) + + res, err := b.Client.Secrets().Get(id) + slog.Debug("getSecret: Closing Client") + b.close() + + slog.Debug("getSecret: Unlocking cliient") + b.mu.Unlock() + + return res, err } func (b *Bitwarden) getSecretByIDs(id string, clientToken string) (*sdk.SecretsResponse, error) { - slog.Debug("Locking client") + slog.Debug("getSecretByIDs: Locking client") b.mu.Lock() - defer b.mu.Unlock() - slog.Debug("Client locked") + + slog.Debug("getSecretByIDs: Opening client") b.connect(clientToken) - defer b.close() + secretIDs := make([]string, 1) secretIDs[0] = id - return b.Client.Secrets().GetByIDS(secretIDs) + res, err := b.Client.Secrets().GetByIDS(secretIDs) + + slog.Debug("getSecretByIDs: Closing client") + b.close() + + slog.Debug("getSecretByIDs: Unlocking client") + b.mu.Unlock() + + return res, err } From cf9b0fd91a6c63e7f4fbadbe053384c6c5e2fda0 Mon Sep 17 00:00:00 2001 From: Tom Parker Date: Fri, 9 Aug 2024 15:51:06 -0400 Subject: [PATCH 04/12] Add context logging --- internal/pkg/api/api.go | 31 +++++++++++++----------- internal/pkg/client/client.go | 45 ++++++++++++++++++----------------- 2 files changed, 40 insertions(+), 36 deletions(-) diff --git a/internal/pkg/api/api.go b/internal/pkg/api/api.go index 12d2b4c..b11772c 100644 --- a/internal/pkg/api/api.go +++ b/internal/pkg/api/api.go @@ -55,9 +55,10 @@ func New(config *config.Config) http.Handler { } func (api *API) getSecretByID(w http.ResponseWriter, r *http.Request) { - slog.Debug("Getting secret by ID") + ctx := r.Context() + slog.DebugContext(ctx, "Getting secret by ID") token, err := getAuthToken(r) - slog.Debug("Got auth token") + slog.DebugContext(ctx, "Got auth token") if err != nil { slog.Error(fmt.Sprintf("%+v", err)) http.Error(w, err.Error(), http.StatusInternalServerError) @@ -65,43 +66,45 @@ func (api *API) getSecretByID(w http.ResponseWriter, r *http.Request) { } id := chi.URLParam(r, "secret_id") - slog.Debug(fmt.Sprintf("Getting secret by ID: %s", id)) - res, err := api.Client.GetByID(id, token) + slog.DebugContext(ctx, fmt.Sprintf("Getting secret by ID: %s", id)) + res, err := api.Client.GetByID(ctx, id, token) if err != nil { - slog.Error(fmt.Sprintf("%+v", err)) + slog.ErrorContext(ctx, fmt.Sprintf("%+v", err)) http.Error(w, err.Error(), http.StatusInternalServerError) return } - slog.Debug("Got secret") + slog.DebugContext(ctx, "Got secret") fmt.Fprint(w, res) } func (api *API) getSecretByKey(w http.ResponseWriter, r *http.Request) { - slog.Debug("Getting secret by key") + ctx := r.Context() + slog.DebugContext(ctx, "Getting secret by key") token, err := getAuthToken(r) if err != nil { - slog.Error(fmt.Sprintf("%+v", err)) + slog.ErrorContext(ctx, fmt.Sprintf("%+v", err)) http.Error(w, err.Error(), http.StatusInternalServerError) return } key := chi.URLParam(r, "secret_key") - slog.Debug(fmt.Sprintf("Searching for key: %s", key)) - res, err := api.Client.GetByKey(key, api.OrgID, token) + slog.DebugContext(ctx, fmt.Sprintf("Searching for key: %s", key)) + res, err := api.Client.GetByKey(ctx, key, api.OrgID, token) if err != nil { - slog.Error(fmt.Sprintf("%+v", err)) + slog.ErrorContext(ctx, fmt.Sprintf("%+v", err)) http.Error(w, err.Error(), http.StatusInternalServerError) return } - slog.Debug("Got key") + slog.DebugContext(ctx, "Got key") fmt.Fprint(w, res) } func (api *API) resetConnection(w http.ResponseWriter, r *http.Request) { - slog.Info("Resetting cache") + ctx := r.Context() + slog.InfoContext(ctx, "Resetting cache") api.Client.Cache.Reset() - slog.Info("Cache reset") + slog.InfoContext(ctx, "Cache reset") } func getAuthToken(r *http.Request) (string, error) { diff --git a/internal/pkg/client/client.go b/internal/pkg/client/client.go index 3aa6264..879e488 100644 --- a/internal/pkg/client/client.go +++ b/internal/pkg/client/client.go @@ -1,6 +1,7 @@ package client import ( + "context" "encoding/json" "fmt" "log/slog" @@ -54,7 +55,7 @@ func (b *Bitwarden) close() { b.Client.Close() } -func (b *Bitwarden) GetByID(id string, clientToken string) (string, error) { +func (b *Bitwarden) GetByID(ctx context.Context, id string, clientToken string) (string, error) { slog.Debug(fmt.Sprintf("Getting secret by ID: %s", id)) value := b.Cache.GetSecret(id) if value != "" { @@ -64,7 +65,7 @@ func (b *Bitwarden) GetByID(id string, clientToken string) (string, error) { slog.Debug(fmt.Sprintf("%s not found in cache, populating", id)) - secret, err := b.getSecretByIDs(id, clientToken) + secret, err := b.getSecretByIDs(ctx, id, clientToken) if secret == nil { return "", fmt.Errorf("unable to find secret: %s", id) } @@ -73,13 +74,13 @@ func (b *Bitwarden) GetByID(id string, clientToken string) (string, error) { return string(secretJson), err } -func (b *Bitwarden) GetByKey(key string, orgID string, clientToken string) (string, error) { +func (b *Bitwarden) GetByKey(ctx context.Context, key string, orgID string, clientToken string) (string, error) { secret := "" id := b.Cache.GetID(key) if id == "" { - slog.Debug(fmt.Sprintf("%s not found in cache, populating", key)) + slog.DebugContext(ctx, fmt.Sprintf("%s not found in cache, populating", key)) - keyList, err := b.getSecretList(orgID, clientToken) + keyList, err := b.getSecretList(ctx, orgID, clientToken) if err != nil { return "", err } @@ -94,7 +95,7 @@ func (b *Bitwarden) GetByKey(key string, orgID string, clientToken string) (stri if keyPair.Key == key { found = true - bwsSecret, err := b.getSecret(keyPair.ID, clientToken) + bwsSecret, err := b.getSecret(ctx, keyPair.ID, clientToken) if err != nil { return "", err } @@ -110,8 +111,8 @@ func (b *Bitwarden) GetByKey(key string, orgID string, clientToken string) (stri } secret = b.Cache.GetSecret(id) if secret == "" { - slog.Debug(fmt.Sprintf("%s not found in cache, populating", key)) - bwsSecret, err := b.getSecret(id, clientToken) + slog.DebugContext(ctx, fmt.Sprintf("%s not found in cache, populating", key)) + bwsSecret, err := b.getSecret(ctx, id, clientToken) if err != nil { return "", err } @@ -122,32 +123,32 @@ func (b *Bitwarden) GetByKey(key string, orgID string, clientToken string) (stri return secret, nil } -func (b *Bitwarden) getSecretList(orgID string, clientToken string) (*sdk.SecretIdentifiersResponse, error) { - slog.Debug("getSecretList: Locking client") +func (b *Bitwarden) getSecretList(ctx context.Context, orgID string, clientToken string) (*sdk.SecretIdentifiersResponse, error) { + slog.DebugContext(ctx, "getSecretList: Locking client") b.mu.Lock() - slog.Debug("getSecretList: Opening client") + slog.DebugContext(ctx, "getSecretList: Opening client") b.connect(clientToken) res, err := b.Client.Secrets().List(orgID) - slog.Debug("getSecretList: Closing client") + slog.DebugContext(ctx, "getSecretList: Closing client") b.close() - slog.Debug("getSecretList: Unlocking client") + slog.DebugContext(ctx, "getSecretList: Unlocking client") b.mu.Unlock() return res, err } -func (b *Bitwarden) getSecret(id string, clientToken string) (*sdk.SecretResponse, error) { - slog.Debug("getSecret: Locking client") +func (b *Bitwarden) getSecret(ctx context.Context, id string, clientToken string) (*sdk.SecretResponse, error) { + slog.DebugContext(ctx, "getSecret: Locking client") b.mu.Lock() - slog.Debug("getSecret: Opening client") + slog.DebugContext(ctx, "getSecret: Opening client") b.connect(clientToken) res, err := b.Client.Secrets().Get(id) - slog.Debug("getSecret: Closing Client") + slog.DebugContext(ctx, "getSecret: Closing Client") b.close() slog.Debug("getSecret: Unlocking cliient") @@ -156,21 +157,21 @@ func (b *Bitwarden) getSecret(id string, clientToken string) (*sdk.SecretRespons return res, err } -func (b *Bitwarden) getSecretByIDs(id string, clientToken string) (*sdk.SecretsResponse, error) { - slog.Debug("getSecretByIDs: Locking client") +func (b *Bitwarden) getSecretByIDs(ctx context.Context, id string, clientToken string) (*sdk.SecretsResponse, error) { + slog.DebugContext(ctx, "getSecretByIDs: Locking client") b.mu.Lock() - slog.Debug("getSecretByIDs: Opening client") + slog.DebugContext(ctx, "getSecretByIDs: Opening client") b.connect(clientToken) secretIDs := make([]string, 1) secretIDs[0] = id res, err := b.Client.Secrets().GetByIDS(secretIDs) - slog.Debug("getSecretByIDs: Closing client") + slog.DebugContext(ctx, "getSecretByIDs: Closing client") b.close() - slog.Debug("getSecretByIDs: Unlocking client") + slog.DebugContext(ctx, "getSecretByIDs: Unlocking client") b.mu.Unlock() return res, err From d579a77d5374887ee081acb32e8d46057bc7a426 Mon Sep 17 00:00:00 2001 From: Tom Parker Date: Fri, 9 Aug 2024 21:16:34 -0400 Subject: [PATCH 05/12] Add race detection --- Dockerfile | 2 +- internal/pkg/client/client.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 125ea46..521ed9f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ FROM golang:alpine AS builder WORKDIR /app RUN apk add --no-cache musl-dev gcc ca-certificates COPY . . -RUN cd cmd/bws-cache && go build -ldflags='-s -w' -trimpath -o /dist/bws-cache +RUN cd cmd/bws-cache && go build -race -ldflags='-s -w' -trimpath -o /dist/bws-cache RUN ldd /dist/bws-cache | tr -s [:blank:] '\n' | grep ^/ | xargs -I % install -D % /dist/% FROM scratch diff --git a/internal/pkg/client/client.go b/internal/pkg/client/client.go index 879e488..75d8a05 100644 --- a/internal/pkg/client/client.go +++ b/internal/pkg/client/client.go @@ -56,7 +56,7 @@ func (b *Bitwarden) close() { } func (b *Bitwarden) GetByID(ctx context.Context, id string, clientToken string) (string, error) { - slog.Debug(fmt.Sprintf("Getting secret by ID: %s", id)) + slog.DebugContext(ctx, fmt.Sprintf("Getting secret by ID: %s", id)) value := b.Cache.GetSecret(id) if value != "" { slog.Debug(fmt.Sprintf("%s ID found in cache", id)) @@ -151,7 +151,7 @@ func (b *Bitwarden) getSecret(ctx context.Context, id string, clientToken string slog.DebugContext(ctx, "getSecret: Closing Client") b.close() - slog.Debug("getSecret: Unlocking cliient") + slog.DebugContext(ctx, "getSecret: Unlocking client") b.mu.Unlock() return res, err From b98ae1ae7100f76ae5a51d544687f7fc9fcd5ffe Mon Sep 17 00:00:00 2001 From: Tom Parker Date: Sat, 10 Aug 2024 11:10:58 -0400 Subject: [PATCH 06/12] Enabling profiling --- internal/pkg/api/api.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/internal/pkg/api/api.go b/internal/pkg/api/api.go index b11772c..8f63a24 100644 --- a/internal/pkg/api/api.go +++ b/internal/pkg/api/api.go @@ -36,6 +36,9 @@ func New(config *config.Config) http.Handler { router.Use(middleware.Recoverer) router.Use(middleware.Timeout(config.WebTTL)) + // Enable profiler + router.Mount("/debug", middleware.Profiler()) + slog.Debug("Router middleware setup finished") slog.Debug("Creating new bitwarden client connection") From 201269bc089f4e344a0839a8cbfe413e0ddd6a52 Mon Sep 17 00:00:00 2001 From: Tom Parker Date: Mon, 12 Aug 2024 10:01:40 -0400 Subject: [PATCH 07/12] Simplify some funcs --- internal/pkg/client/client.go | 34 ++++++++++------------------------ 1 file changed, 10 insertions(+), 24 deletions(-) diff --git a/internal/pkg/client/client.go b/internal/pkg/client/client.go index 75d8a05..9478e87 100644 --- a/internal/pkg/client/client.go +++ b/internal/pkg/client/client.go @@ -25,29 +25,18 @@ func New(ttl time.Duration) *Bitwarden { bw := Bitwarden{} slog.Debug("Setting up cache") bw.Cache = cache.New(ttl) + bw.tokenPath = fmt.Sprintf("/tmp/%s", uuid.New()) return &bw } func (b *Bitwarden) connect(token string) error { - var err error slog.Debug("Creating new bitwarden client connection") - b.Client, err = b.newClient(token) - if err != nil { - return err - } - return nil + return b.newClient(token) } -func (b *Bitwarden) newClient(token string) (sdk.BitwardenClientInterface, error) { - bitwardenClient, _ := sdk.NewBitwardenClient(nil, nil) - if b.tokenPath == "" { - b.tokenPath = fmt.Sprintf("/tmp/%s", uuid.New()) - } - err := bitwardenClient.AccessTokenLogin(token, &b.tokenPath) - if err != nil { - return nil, err - } - return bitwardenClient, nil +func (b *Bitwarden) newClient(token string) error { + b.Client, _ = sdk.NewBitwardenClient(nil, nil) + return b.Client.AccessTokenLogin(token, &b.tokenPath) } func (b *Bitwarden) close() { @@ -69,9 +58,13 @@ func (b *Bitwarden) GetByID(ctx context.Context, id string, clientToken string) if secret == nil { return "", fmt.Errorf("unable to find secret: %s", id) } + if err != nil { + return "", err + } + secretJson, _ := json.Marshal(secret) b.Cache.SetSecret(id, string(secretJson)) - return string(secretJson), err + return string(secretJson), nil } func (b *Bitwarden) GetByKey(ctx context.Context, key string, orgID string, clientToken string) (string, error) { @@ -94,13 +87,6 @@ func (b *Bitwarden) GetByKey(ctx context.Context, key string, orgID string, clie // query, but it returns all of them with a single query anyway if keyPair.Key == key { found = true - - bwsSecret, err := b.getSecret(ctx, keyPair.ID, clientToken) - if err != nil { - return "", err - } - storedSecret, _ := json.Marshal(bwsSecret) - b.Cache.SetSecret(keyPair.ID, string(storedSecret)) } } if !found { From f4bc23f7c878d2b8e524ca165f5f3d774a67ccb0 Mon Sep 17 00:00:00 2001 From: Tom Parker Date: Mon, 12 Aug 2024 10:18:20 -0400 Subject: [PATCH 08/12] Add remote debugging --- Dockerfile | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 521ed9f..7f2a3bb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,10 +6,18 @@ COPY . . RUN cd cmd/bws-cache && go build -race -ldflags='-s -w' -trimpath -o /dist/bws-cache RUN ldd /dist/bws-cache | tr -s [:blank:] '\n' | grep ^/ | xargs -I % install -D % /dist/% +# Install Debugging env +RUN go install github.com/go-delve/delve/cmd/dlv@latest + FROM scratch COPY --from=builder /dist / COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +# Add debugger +COPY --from=builder /go/bin/dlv / + USER 65534 -CMD ["/bws-cache", "start"] +# CMD ["/bws-cache", "start"] +CMD ["/dlv", "--listen=:4000", "--headless=true", "--api-version=2", "--log", "exec", "/bws-cache", "start"] + From 7f6da7fb2530d84595d386ab31e3abc8dd17af89 Mon Sep 17 00:00:00 2001 From: Tom Parker Date: Mon, 12 Aug 2024 10:46:18 -0400 Subject: [PATCH 09/12] Update build args --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7f2a3bb..ca0bda7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,8 @@ FROM golang:alpine AS builder WORKDIR /app RUN apk add --no-cache musl-dev gcc ca-certificates COPY . . -RUN cd cmd/bws-cache && go build -race -ldflags='-s -w' -trimpath -o /dist/bws-cache +#RUN cd cmd/bws-cache && go build -race -ldflags='-s -w' -trimpath -o /dist/bws-cache +RUN cd cmd/bws-cache && go build -race -gcflags=all="-N -l" -trimpath -o /dist/bws-cache RUN ldd /dist/bws-cache | tr -s [:blank:] '\n' | grep ^/ | xargs -I % install -D % /dist/% # Install Debugging env From 1498498dec94d69c2a8b74a873a29b42cb27b81c Mon Sep 17 00:00:00 2001 From: Tom Parker Date: Mon, 12 Aug 2024 11:30:35 -0400 Subject: [PATCH 10/12] Remote debugging fixups --- Dockerfile | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index ca0bda7..075b197 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,21 +4,22 @@ WORKDIR /app RUN apk add --no-cache musl-dev gcc ca-certificates COPY . . #RUN cd cmd/bws-cache && go build -race -ldflags='-s -w' -trimpath -o /dist/bws-cache -RUN cd cmd/bws-cache && go build -race -gcflags=all="-N -l" -trimpath -o /dist/bws-cache -RUN ldd /dist/bws-cache | tr -s [:blank:] '\n' | grep ^/ | xargs -I % install -D % /dist/% +RUN cd cmd/bws-cache && go build -race -gcflags=all="-N -l" -o /dist/bws-cache +#RUN ldd /dist/bws-cache | tr -s [:blank:] '\n' | grep ^/ | xargs -I % install -D % /dist/% # Install Debugging env -RUN go install github.com/go-delve/delve/cmd/dlv@latest +RUN go install -ldflags "-s -w -extldflags '-static'" github.com/go-delve/delve/cmd/dlv@latest -FROM scratch -COPY --from=builder /dist / -COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ + +#FROM scratch +#COPY --from=builder /dist / +#COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ # Add debugger -COPY --from=builder /go/bin/dlv / +#COPY --from=builder /go/bin/dlv / -USER 65534 +#USER 65534 # CMD ["/bws-cache", "start"] -CMD ["/dlv", "--listen=:4000", "--headless=true", "--api-version=2", "--log", "exec", "/bws-cache", "start"] +CMD ["dlv", "--listen=:4000", "--headless=true", "--api-version=2", "--log", "exec", "/dist/bws-cache", "start"] From a58adfc3217ec3a5133814f2310fa9329521b1fc Mon Sep 17 00:00:00 2001 From: Tom Parker Date: Thu, 15 Aug 2024 08:34:18 -0400 Subject: [PATCH 11/12] Turn off debugger on start --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 075b197..2294dd2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ RUN cd cmd/bws-cache && go build -race -gcflags=all="-N -l" -o /dist/bws-cache #RUN ldd /dist/bws-cache | tr -s [:blank:] '\n' | grep ^/ | xargs -I % install -D % /dist/% # Install Debugging env -RUN go install -ldflags "-s -w -extldflags '-static'" github.com/go-delve/delve/cmd/dlv@latest +#RUN go install -ldflags "-s -w -extldflags '-static'" github.com/go-delve/delve/cmd/dlv@latest #FROM scratch @@ -18,8 +18,8 @@ RUN go install -ldflags "-s -w -extldflags '-static'" github.com/go-delve/delve/ # Add debugger #COPY --from=builder /go/bin/dlv / -#USER 65534 +USER 65534 -# CMD ["/bws-cache", "start"] -CMD ["dlv", "--listen=:4000", "--headless=true", "--api-version=2", "--log", "exec", "/dist/bws-cache", "start"] +CMD ["/dist/bws-cache", "start"] +#CMD ["dlv", "--listen=:4000", "--headless=true", "--api-version=2", "--log", "exec", "/dist/bws-cache", "start"] From 311e927bd911164c46cff307392df48e1b6f377a Mon Sep 17 00:00:00 2001 From: Tom Parker Date: Thu, 15 Aug 2024 12:34:30 -0400 Subject: [PATCH 12/12] Flip to base alpine image --- Dockerfile | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2294dd2..6f28745 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,25 +1,17 @@ FROM golang:alpine AS builder -WORKDIR /app -RUN apk add --no-cache musl-dev gcc ca-certificates +RUN apk add --no-cache musl-dev gcc COPY . . -#RUN cd cmd/bws-cache && go build -race -ldflags='-s -w' -trimpath -o /dist/bws-cache -RUN cd cmd/bws-cache && go build -race -gcflags=all="-N -l" -o /dist/bws-cache -#RUN ldd /dist/bws-cache | tr -s [:blank:] '\n' | grep ^/ | xargs -I % install -D % /dist/% -# Install Debugging env -#RUN go install -ldflags "-s -w -extldflags '-static'" github.com/go-delve/delve/cmd/dlv@latest +RUN cd cmd/bws-cache && go build -ldflags='-s -w' -trimpath -o /dist/bws-cache +RUN ldd /dist/bws-cache | tr -s [:blank:] '\n' | grep ^/ | xargs -I % install -D % /dist/% -#FROM scratch -#COPY --from=builder /dist / -#COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ - -# Add debugger -#COPY --from=builder /go/bin/dlv / +FROM alpine +COPY --from=builder /dist / +RUN apk add --no-cache ca-certificates USER 65534 -CMD ["/dist/bws-cache", "start"] -#CMD ["dlv", "--listen=:4000", "--headless=true", "--api-version=2", "--log", "exec", "/dist/bws-cache", "start"] +CMD ["/bws-cache", "start"]