diff --git a/cmd/plugin/vault-auth-spire.go b/cmd/plugin/vault-auth-spire.go index d7a4ed4..feb5f28 100644 --- a/cmd/plugin/vault-auth-spire.go +++ b/cmd/plugin/vault-auth-spire.go @@ -23,7 +23,7 @@ import ( "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/logical" "github.com/sirupsen/logrus" - "vault-auth-spire/internal/common" + "github.com/bloomberg/vault-auth-spire/internal/common" "log" "os" diff --git a/go.mod b/go.mod index d9b43b4..ad6e38f 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module vault-auth-spire +module github.com/bloomberg/vault-auth-spire go 1.12 diff --git a/internal/common/settings.go b/internal/common/settings.go index 0a7d7e8..10093d6 100644 --- a/internal/common/settings.go +++ b/internal/common/settings.go @@ -143,11 +143,12 @@ func readSpireSourceOfTrustSettings() (*SpireTrustSourceSettings, error) { return nil, errors.New("trustsource.spire.domains is required but not found") } - spireSettings := new(SpireTrustSourceSettings) - spireSettings.SpireEndpoints = viper.GetStringMapString("trustsource.spire.domains") viper.SetDefault("trustsource.spire.certLocation", "/tmp/vault-spire-certs.json") viper.SetDefault("trustsource.spire.storeEnabled", true) - spireSettings.CertStorePath = viper.GetString("trustsource.spire.certLocation") + spireSettings := &SpireTrustSourceSettings{ + SpireEndpoints: viper.GetStringMapString("trustsource.spire.domains"), + CertStorePath: viper.GetString("trustsource.spire.certLocation"), + } if !viper.GetBool("trustsource.spire.storeEnabled") { spireSettings.CertStorePath = "" } diff --git a/internal/common/spiretrustsource.go b/internal/common/spiretrustsource.go index e429095..582cb1e 100644 --- a/internal/common/spiretrustsource.go +++ b/internal/common/spiretrustsource.go @@ -74,10 +74,8 @@ func (s *SpireTrustSource) parseCertFile() error { if err != nil { return fmt.Errorf("could not read cert file: %v", err) } - fmt.Println(string(fileDat)) var certStruct certMap - err = json.Unmarshal(fileDat, &certStruct) - if err != nil { + if err = json.Unmarshal(fileDat, &certStruct); err != nil { logrus.Warnf("Error unmarshaling cert file: %v\n", err) } for domain, encCerts := range certStruct.Certs { diff --git a/internal/common/spiffetrustsource_test.go b/internal/common/spiretrustsource_test.go similarity index 88% rename from internal/common/spiffetrustsource_test.go rename to internal/common/spiretrustsource_test.go index 2b0a73c..17ac7e9 100644 --- a/internal/common/spiffetrustsource_test.go +++ b/internal/common/spiretrustsource_test.go @@ -21,8 +21,8 @@ var ( ) // makeX509SVIDResponse is a convenience function for generating X509 responses -func makeX509SVIDResponse(ca *spiffetest.CA, svid []*x509.Certificate, key crypto.Signer) *spiffetest.X509SVIDResponse { - return &spiffetest.X509SVIDResponse{ +func setX509SVIDResponse(api *spiffetest.WorkloadAPI, ca *spiffetest.CA, svid []*x509.Certificate, key crypto.Signer) { + response := &spiffetest.X509SVIDResponse{ Bundle: ca.Roots(), SVIDs: []spiffetest.X509SVID{ { @@ -31,6 +31,7 @@ func makeX509SVIDResponse(ca *spiffetest.CA, svid []*x509.Certificate, key crypt }, }, } + api.SetX509SVIDResponse(response) } func TestInitalLoad(t *testing.T) { @@ -59,7 +60,7 @@ func TestWriteCerts(t *testing.T) { ca := spiffetest.NewCA(t) svidFoo, keyFoo := ca.CreateX509SVID("spiffe://example.org/foo") - workloadAPI.SetX509SVIDResponse(makeX509SVIDResponse(ca, svidFoo, keyFoo)) + setX509SVIDResponse(workloadAPI, ca, svidFoo, keyFoo) source, err := NewSpireTrustSource(map[string]string{ "spiffe://example.org": workloadAPI.Addr(), @@ -84,7 +85,7 @@ func TestSpireOverwrite(t *testing.T) { ca := spiffetest.NewCA(t) svidFoo, keyFoo := ca.CreateX509SVID("spiffe://example.org/foo") - workloadAPI.SetX509SVIDResponse(makeX509SVIDResponse(ca, svidFoo, keyFoo)) + setX509SVIDResponse(workloadAPI, ca, svidFoo, keyFoo) source, err := NewSpireTrustSource(map[string]string{ "spiffe://example.org": workloadAPI.Addr(), @@ -104,7 +105,7 @@ func TestSpireReload(t *testing.T) { ca := spiffetest.NewCA(t) svidFoo, keyFoo := ca.CreateX509SVID("spiffe://example.org/foo") - workloadAPI.SetX509SVIDResponse(makeX509SVIDResponse(ca, svidFoo, keyFoo)) + setX509SVIDResponse(workloadAPI, ca, svidFoo, keyFoo) source, err := NewSpireTrustSource(map[string]string{ "spiffe://example.org": workloadAPI.Addr(), @@ -117,7 +118,7 @@ func TestSpireReload(t *testing.T) { caRot := spiffetest.NewCA(t) svidFooRot, keyFooRot := ca.CreateX509SVID("spiffe://example.org/foo") - workloadAPI.SetX509SVIDResponse(makeX509SVIDResponse(caRot, svidFooRot, keyFooRot)) + setX509SVIDResponse(workloadAPI, caRot, svidFooRot, keyFooRot) time.Sleep(1 * time.Second) // wait for watcher to get new certs assert.Equal(t, caRot.Roots(), source.TrustedCertificates()["spiffe://example.org"])