forked from vmware-tanzu/secrets-manager
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
inclusivity(VSecM): update log message to use more inclusive language (…
…vmware-tanzu#555) Signed-off-by: Omer Kocaoglu <omergk28@gmail.com> 🌟 enhancement(VSecM): helm template changes (vmware-tanzu#558) Tested in the build server — everything appears to be in order. Landing this. * 🌟 enhancement(VSecM): helm template changes This PR introduces the ability for VSecM Safe to use a persistent volume if provided. There are also additional variable renames and refactorings to make the code clearer. In addition, certain missing environment variables have been added to Helm charts and certain environment variables that were not being used (*and appear to have been mistakenly injected*) to containers have been removed. Signed-off-by: Volkan Özçelik <ovolkan@vmware.com> * 💄 cosmetic(VSecM): code refactoring Signed-off-by: Volkan Özçelik <ovolkan@vmware.com> * test function rename Signed-off-by: Volkan Özçelik <ovolkan@vmware.com> * 💄 cosmetic(VSecM): method and var renames for clarity Signed-off-by: Volkan Özçelik <ovolkan@vmware.com> * minor Signed-off-by: Volkan Özçelik <ovolkan@vmware.com> --------- Signed-off-by: Volkan Özçelik <ovolkan@vmware.com> Signed-off-by: Omer Kocaoglu <omergk28@gmail.com>
- Loading branch information
Showing
98 changed files
with
1,346 additions
and
964 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
/* | ||
| Protect your secrets, protect your sensitive data. | ||
: Explore VMware Secrets Manager docs at https://vsecm.com/ | ||
</ | ||
<>/ keep your secrets… secret | ||
>/ | ||
<>/' Copyright 2023–present VMware Secrets Manager contributors. | ||
>/' SPDX-License-Identifier: BSD-2-Clause | ||
*/ | ||
|
||
package route | ||
|
||
import ( | ||
"net/http" | ||
|
||
"github.com/vmware-tanzu/secrets-manager/core/audit" | ||
event "github.com/vmware-tanzu/secrets-manager/core/audit/state" | ||
reqres "github.com/vmware-tanzu/secrets-manager/core/entity/reqres/safe/v1" | ||
) | ||
|
||
func createDefaultJournalEntry(cid, spiffeid string, | ||
r *http.Request) audit.JournalEntry { | ||
return audit.JournalEntry{ | ||
CorrelationId: cid, | ||
Entity: reqres.SecretFetchRequest{}, | ||
Method: r.Method, | ||
Url: r.RequestURI, | ||
SpiffeId: spiffeid, | ||
Event: event.Enter, | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
package route |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
/* | ||
| Protect your secrets, protect your sensitive data. | ||
: Explore VMware Secrets Manager docs at https://vsecm.com/ | ||
</ | ||
<>/ keep your secrets… secret | ||
>/ | ||
<>/' Copyright 2023–present VMware Secrets Manager contributors. | ||
>/' SPDX-License-Identifier: BSD-2-Clause | ||
*/ | ||
|
||
package route | ||
|
||
import ( | ||
"io" | ||
"net/http" | ||
|
||
"github.com/vmware-tanzu/secrets-manager/app/safe/internal/state" | ||
"github.com/vmware-tanzu/secrets-manager/core/audit" | ||
event "github.com/vmware-tanzu/secrets-manager/core/audit/state" | ||
log "github.com/vmware-tanzu/secrets-manager/core/log/std" | ||
) | ||
|
||
func encryptValue(cid string, value string, j audit.JournalEntry, | ||
w http.ResponseWriter) { | ||
if value == "" { | ||
j.Event = event.NoValue | ||
audit.Log(j) | ||
|
||
w.WriteHeader(http.StatusBadRequest) | ||
_, err := io.WriteString(w, "") | ||
|
||
if err != nil { | ||
log.InfoLn(&cid, "Secret: Problem sending response", err.Error()) | ||
} | ||
|
||
return | ||
} | ||
|
||
encrypted, err := state.EncryptValue(value) | ||
if err != nil { | ||
j.Event = event.EncryptionFailed | ||
audit.Log(j) | ||
|
||
w.WriteHeader(http.StatusInternalServerError) | ||
_, err2 := io.WriteString(w, "") | ||
if err2 != nil { | ||
log.InfoLn(&cid, "Secret: Problem sending response", err2.Error()) | ||
} | ||
|
||
return | ||
} | ||
|
||
_, err = io.WriteString(w, encrypted) | ||
if err != nil { | ||
log.InfoLn(&cid, "Secret: Problem sending response", err.Error()) | ||
} | ||
return | ||
} | ||
|
||
func decryptValue(cid string, value string, j audit.JournalEntry, | ||
w http.ResponseWriter) (string, bool) { | ||
decrypted, err := state.DecryptValue(value) | ||
if err != nil { | ||
j.Event = event.DecryptionFailed | ||
audit.Log(j) | ||
|
||
w.WriteHeader(http.StatusInternalServerError) | ||
_, err := io.WriteString(w, "") | ||
if err != nil { | ||
log.InfoLn(&cid, "Secret: Problem sending response", err.Error()) | ||
} | ||
|
||
return "", true | ||
} | ||
|
||
return decrypted, false | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
/* | ||
| Protect your secrets, protect your sensitive data. | ||
: Explore VMware Secrets Manager docs at https://vsecm.com/ | ||
</ | ||
<>/ keep your secrets… secret | ||
>/ | ||
<>/' Copyright 2023–present VMware Secrets Manager contributors. | ||
>/' SPDX-License-Identifier: BSD-2-Clause | ||
*/ | ||
|
||
package route |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
/* | ||
| Protect your secrets, protect your sensitive data. | ||
: Explore VMware Secrets Manager docs at https://vsecm.com/ | ||
</ | ||
<>/ keep your secrets… secret | ||
>/ | ||
<>/' Copyright 2023–present VMware Secrets Manager contributors. | ||
>/' SPDX-License-Identifier: BSD-2-Clause | ||
*/ | ||
|
||
package route | ||
|
||
import ( | ||
"encoding/json" | ||
"strings" | ||
|
||
entity "github.com/vmware-tanzu/secrets-manager/core/entity/data/v1" | ||
"github.com/vmware-tanzu/secrets-manager/core/env" | ||
log "github.com/vmware-tanzu/secrets-manager/core/log/std" | ||
) | ||
|
||
func getWorkloadIDAndParts(spiffeid string) (string, []string) { | ||
tmp := strings.Replace(spiffeid, env.WorkloadSpiffeIdPrefix(), "", 1) | ||
parts := strings.Split(tmp, "/") | ||
if len(parts) > 0 { | ||
return parts[0], parts | ||
} | ||
return "", nil | ||
} | ||
|
||
func getSecretValue(cid string, secret *entity.SecretStored) string { | ||
if secret.ValueTransformed != "" { | ||
log.TraceLn(&cid, "Fetch: using transformed value") | ||
return secret.ValueTransformed | ||
} | ||
|
||
// This part is for backwards compatibility. | ||
// It probably won’t execute because `secret.ValueTransformed` will | ||
// always be set. | ||
|
||
log.TraceLn(&cid, "Fetch: using raw value") | ||
|
||
if len(secret.Values) == 1 { | ||
return secret.Values[0] | ||
} | ||
|
||
jsonData, err := json.Marshal(secret.Values) | ||
if err != nil { | ||
log.WarnLn(&cid, "Fetch: Problem marshaling values", err.Error()) | ||
} else { | ||
return string(jsonData) | ||
} | ||
|
||
return "" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
/* | ||
| Protect your secrets, protect your sensitive data. | ||
: Explore VMware Secrets Manager docs at https://vsecm.com/ | ||
</ | ||
<>/ keep your secrets… secret | ||
>/ | ||
<>/' Copyright 2023–present VMware Secrets Manager contributors. | ||
>/' SPDX-License-Identifier: BSD-2-Clause | ||
*/ | ||
|
||
package route |
Oops, something went wrong.