Skip to content

Commit 1b0428a

Browse files
migmartrimigmartri
authored
fix(vault): healthcheck didn't take into account the prefix (#323)
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
1 parent 0174f0f commit 1b0428a

3 files changed

Lines changed: 26 additions & 10 deletions

File tree

internal/credentials/credentials.go

Lines changed: 20 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -43,13 +43,6 @@ type Reader interface {
4343
ReadCredentials(ctx context.Context, secretName string, credentials any) error
4444
}
4545

46-
type Role int64
47-
48-
const (
49-
RoleReader Role = iota
50-
RoleWriter
51-
)
52-
5346
var ErrNotFound = errors.New("credentials not found")
5447
var ErrValidation = errors.New("credentials validation error")
5548

@@ -78,3 +71,23 @@ func (a *APICreds) Validate() error {
7871
}
7972
return nil
8073
}
74+
75+
type Role int64
76+
77+
const (
78+
RoleUnknown Role = iota
79+
RoleReader
80+
RoleWriter
81+
)
82+
83+
// Implement string interface for Role
84+
func (r Role) String() string {
85+
switch r {
86+
case RoleReader:
87+
return "reader"
88+
case RoleWriter:
89+
return "writer"
90+
default:
91+
return "unknown"
92+
}
93+
}

internal/credentials/vault/keyval.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -111,7 +111,7 @@ func validateWriterClient(kv *vault.KVv2, pathPrefix string) error {
111111
return err
112112
}
113113

114-
if err := kv.DeleteMetadata(ctx, healthCheckSecret); err != nil {
114+
if err := kv.DeleteMetadata(ctx, keyPath); err != nil {
115115
return fmt.Errorf("deleting health check secret: %w", err)
116116
}
117117

internal/credentials/vault/keyval_test.go

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -42,21 +42,24 @@ func (s *testSuite) TestNewManager() {
4242
connection string
4343
token string
4444
path string
45+
prefix string
4546
expectedError bool
4647
role credentials.Role
4748
}{
4849
{name: "missing token", connection: s.connectionString, expectedError: true},
4950
{name: "missing address", token: defaultToken, expectedError: true},
5051
{name: "invalid address reader", token: defaultToken, connection: "http://non-existing:5000", expectedError: true, role: credentials.RoleReader},
5152
{name: "invalid address writer", token: defaultToken, connection: "http://non-existing:5000", expectedError: true},
52-
{name: "invalid mount path", token: defaultToken, connection: s.connectionString, path: "non-existing", expectedError: true, role: credentials.RoleWriter},
53+
{name: "invalid mount path", token: defaultToken, connection: s.connectionString, path: "non-existing", expectedError: true},
5354
{name: "valid connection reader", connection: s.connectionString, token: defaultToken, role: credentials.RoleReader},
55+
{name: "valid connection reader with prefix", connection: s.connectionString, token: defaultToken, role: credentials.RoleReader, prefix: "prefix"},
5456
{name: "valid connection", connection: s.connectionString, token: defaultToken},
57+
{name: "valid connection with prefix", connection: s.connectionString, token: defaultToken, prefix: "prefix"},
5558
}
5659

5760
for _, tc := range testCases {
5861
s.Run(tc.name, func() {
59-
opts := &vault.NewManagerOpts{AuthToken: tc.token, Address: tc.connection, MountPath: tc.path, Role: tc.role}
62+
opts := &vault.NewManagerOpts{AuthToken: tc.token, Address: tc.connection, MountPath: tc.path, Role: tc.role, SecretPrefix: tc.prefix}
6063
_, err := vault.NewManager(opts)
6164
if tc.expectedError {
6265
assert.Error(err)

0 commit comments

Comments
 (0)