lib

package module
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 6, 2020 License: MIT Imports: 5 Imported by: 0

README

HN Config Lib GO

GO-implementation of Hashicorp Vault, HID and additional related helper libraries for 3lvia

UNDER DEVELOPMENT

Examples

example_test.go

Examples:
Make sure environment variables are set before running.
See demo.go for a more comprehensive example

Vault example:
VAULT_ADDR: The address of the vault. If not set (or empty) it will default to localhost.
GITHUB_TOKEN: A github login token. If not set (or empty) it will default to use K8 to login.
VAULT_CACERT: If the Vault does not have a publicly signed Ca certificate, you may set VAULT_CACERT as the file location of the self-signed certificate for the vault server (.pem format).

import (
    "3lvia/hn-config-lib-go/vault"
    "log"
)

func main() {
    // Make reusable vault item
    myVault, err := vault.New()
    if err != nil {
        log.Fatal(err)
    }

    // Get a secret from the vault
    mySecret, err := myVault.GetSecret("path/to/secret")
    if err != nil {
        log.Fatal(err)
    }

    // Do something with the secret
    log.Println(mySecret)
}

License

This project is licensed under the MIT License - see the LICENSE.md file for details

Documentation

Overview

Example

Example executes examples of the three core usecases of this package.

package main

import (
	"github.com/3lvia/hn-config-lib-go/hid"
	"github.com/3lvia/hn-config-lib-go/vault"
	"log"
	"net/http"
)

// Example executes examples of the three core usecases of this package.
func main() {
	mySecret := vaultExample()

	myRequest := hidClientExample(mySecret)

	hidAPIexample(myRequest)
}

// vaultExample represents the simplest way to get a secret from Vault.
// Requires, at a minimum, that env vars VAULT_ADDR and either GITHUB_TOKEN or the K8 related ones are set. See readme for more information.
func vaultExample() *vault.Secret {
	// Make reusable vault item
	myVault, err := vault.New()
	if err != nil {
		log.Fatal(err)
	}

	// Get a secret from the vault
	mySecret, err := myVault.GetSecret("path/to/secret")
	if err != nil {
		log.Fatal(err)
	}

	// Do something with the secret
	return mySecret
}

// hidClientExample represents the client side of a request with HID authorization. User and secret for HID.GetToken may be from a wide variety of sources.
// Requires, at a minimum, that env var HID_ADDR is set.
func hidClientExample(mySecret *vault.Secret) *http.Request {
	// Make reusable HID item
	myHID, err := hid.New()
	if err != nil {
		log.Fatal(err)
	}

	// Get a bearer token from HID
	myToken, err := myHID.GetToken("username", mySecret.Data["key"])
	if err != nil {
		log.Fatal(err)
	}

	// Make http.Request as usual
	myRequest, err := http.NewRequest("POST", "api.url", nil)
	if err != nil {
		log.Fatal(err)
	}

	// Add bearer token to http request header
	myToken.AppendToRequest(myRequest)

	// Send token to API with requests
	return myRequest
}

// hidAPIexample represents the minimal way for an API to authorize an incoming request.
// Requires, at a minimum, that env var HID_ADDR is set.
func hidAPIexample(myRequest *http.Request) {
	// Make reusable HID item
	myHID, err := hid.New()
	if err != nil {
		log.Fatal(err)
	}

	// Verify if token is valid. Invalid token throws an error
	err = myHID.AuthorizeRequest(myRequest, "audience", "scope")
	if err != nil {
		log.Fatal("Token is invalid")
	}

	// Handle the request
	log.Println("The request was successfull")
}

//func Test_initialize(t *testing.T)  {
//
//	//os.Setenv("VAULT_ADDR", "https://vault.3lvia.io")
//	os.Setenv("VAULT_ADDR", "https://vault.elvia.io")
//
//	v, err := vault.New()
//	if err != nil {
//		t.Errorf("unexpected error: %v", err)
//	}
//
//	secret, err := v.GetSecret("realtimeunits/kv/application")
//
//	if err != nil {
//		t.Errorf("unexpected error: %v", err)
//	}
//
//	_ = secret
//}
Output:

Directories

Path Synopsis
testing

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL