Skip to content

Commit ee536f1

Browse files
JEETDESAI25JEETDESAI25
authored
runtimevar/hashivault: add HashiVault runtimevar driver (#3649)
1 parent c53f427 commit ee536f1

File tree

13 files changed

+1812
-0
lines changed

13 files changed

+1812
-0
lines changed

allmodules

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,5 +18,6 @@ pubsub/kafkapubsub yes
1818
pubsub/natspubsub yes
1919
pubsub/rabbitpubsub yes
2020
runtimevar/etcdvar yes
21+
runtimevar/hashivault yes
2122
samples no
2223
secrets/hashivault yes

internal/testing/alldeps

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -187,6 +187,7 @@ gocloud.dev/pubsub/kafkapubsub
187187
gocloud.dev/pubsub/natspubsub
188188
gocloud.dev/pubsub/rabbitpubsub
189189
gocloud.dev/runtimevar/etcdvar
190+
gocloud.dev/runtimevar/hashivault
190191
gocloud.dev/samples
191192
gocloud.dev/secrets/hashivault
192193
golang.org/x/crypto

internal/website/content/howto/runtimevar/_index.md

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -250,6 +250,27 @@ and a URL.
250250

251251
[`httpvar.OpenVariable`]: https://godoc.org/gocloud.dev/runtimevar/httpvar#OpenVariable
252252

253+
### HashiCorp Vault {#hashivault}
254+
255+
`hashivault` supports watching a variable stored in [HashiCorp Vault's KV Secrets Engine][].
256+
Use `runtimevar.OpenVariable` with a URL starting with `hashivault://`.
257+
258+
The default URL opener will use the environment variables `VAULT_SERVER_URL` (or
259+
`VAULT_ADDR`) for the server address, and `VAULT_SERVER_TOKEN` (or `VAULT_TOKEN`)
260+
for authentication.
261+
262+
[HashiCorp Vault's KV Secrets Engine]: https://www.vaultproject.io/docs/secrets/kv
263+
264+
{{< goexample "gocloud.dev/runtimevar/hashivault.Example_openVariableFromURL" >}}
265+
266+
#### HashiCorp Vault Constructor {#hashivault-ctor}
267+
268+
The [`hashivault.OpenVariable`][] constructor opens a variable with a Vault client.
269+
270+
{{< goexample "gocloud.dev/runtimevar/hashivault.ExampleOpenVariable" >}}
271+
272+
[`hashivault.OpenVariable`]: https://godoc.org/gocloud.dev/runtimevar/hashivault#OpenVariable
273+
253274
### Blob {#blob}
254275

255276
`blobvar` supports watching a variable based on the contents of a

internal/website/content/runtimevar/hashivault/_index.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
title: gocloud.dev/runtimevar/hashivault
3+
type: pkg
4+
---

internal/website/data/examples.json

Lines changed: 8 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

runtimevar/hashivault/example_test.go

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
// Copyright 2019 The Go Cloud Development Kit Authors
2+
//
3+
// Licensed under the Apache License, Version 2.0 (the "License");
4+
// you may not use this file except in compliance with the License.
5+
// You may obtain a copy of the License at
6+
//
7+
// https://www.apache.org/licenses/LICENSE-2.0
8+
//
9+
// Unless required by applicable law or agreed to in writing, software
10+
// distributed under the License is distributed on an "AS IS" BASIS,
11+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
// See the License for the specific language governing permissions and
13+
// limitations under the License.
14+
15+
package hashivault_test
16+
17+
import (
18+
"context"
19+
"log"
20+
21+
"github.com/hashicorp/vault/api"
22+
"gocloud.dev/runtimevar"
23+
"gocloud.dev/runtimevar/hashivault"
24+
)
25+
26+
func ExampleOpenVariable() {
27+
// PRAGMA: This example is used on gocloud.dev; PRAGMA comments adjust how it is shown and can be ignored.
28+
// PRAGMA: On gocloud.dev, hide lines until the next blank line.
29+
ctx := context.Background()
30+
31+
// Get a client to use with the Vault API.
32+
client, err := hashivault.Dial(ctx, &hashivault.Config{
33+
Token: "CLIENT_TOKEN",
34+
APIConfig: api.Config{
35+
Address: "http://127.0.0.1:8200",
36+
},
37+
})
38+
if err != nil {
39+
log.Fatal(err)
40+
}
41+
42+
// Construct a *runtimevar.Variable that watches the secret.
43+
v, err := hashivault.OpenVariable(client, "myapp/config", runtimevar.StringDecoder, nil)
44+
if err != nil {
45+
log.Fatal(err)
46+
}
47+
defer v.Close()
48+
}
49+
50+
func Example_openVariableFromURL() {
51+
// PRAGMA: This example is used on gocloud.dev; PRAGMA comments adjust how it is shown and can be ignored.
52+
// PRAGMA: On gocloud.dev, add a blank import: _ "gocloud.dev/runtimevar/hashivault"
53+
// PRAGMA: On gocloud.dev, hide lines until the next blank line.
54+
ctx := context.Background()
55+
56+
// runtimevar.OpenVariable creates a *runtimevar.Variable from a URL.
57+
// The default opener connects to a Vault server based on the environment
58+
// variables VAULT_SERVER_URL/VAULT_ADDR and VAULT_SERVER_TOKEN/VAULT_TOKEN.
59+
v, err := runtimevar.OpenVariable(ctx, "hashivault://myapp/config?decoder=string")
60+
if err != nil {
61+
log.Fatal(err)
62+
}
63+
defer v.Close()
64+
}

runtimevar/hashivault/go.mod

Lines changed: 90 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,90 @@
1+
// Copyright 2018-2019 The Go Cloud Development Kit Authors
2+
//
3+
// Licensed under the Apache License, Version 2.0 (the "License");
4+
// you may not use this file except in compliance with the License.
5+
// You may obtain a copy of the License at
6+
//
7+
// https://www.apache.org/licenses/LICENSE-2.0
8+
//
9+
// Unless required by applicable law or agreed to in writing, software
10+
// distributed under the License is distributed on an "AS IS" BASIS,
11+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
// See the License for the specific language governing permissions and
13+
// limitations under the License.
14+
15+
module gocloud.dev/runtimevar/hashivault
16+
17+
go 1.24.0
18+
19+
toolchain go1.24.7
20+
21+
require (
22+
github.com/hashicorp/vault/api v1.22.0
23+
gocloud.dev v0.44.0
24+
)
25+
26+
require (
27+
cloud.google.com/go/auth v0.17.0 // indirect
28+
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
29+
cloud.google.com/go/compute/metadata v0.9.0 // indirect
30+
github.com/aws/aws-sdk-go-v2 v1.40.0 // indirect
31+
github.com/aws/aws-sdk-go-v2/config v1.32.2 // indirect
32+
github.com/aws/aws-sdk-go-v2/credentials v1.19.2 // indirect
33+
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.14 // indirect
34+
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.14 // indirect
35+
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.14 // indirect
36+
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect
37+
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 // indirect
38+
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.14 // indirect
39+
github.com/aws/aws-sdk-go-v2/service/signin v1.0.2 // indirect
40+
github.com/aws/aws-sdk-go-v2/service/sso v1.30.5 // indirect
41+
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.10 // indirect
42+
github.com/aws/aws-sdk-go-v2/service/sts v1.41.2 // indirect
43+
github.com/aws/smithy-go v1.24.0 // indirect
44+
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
45+
github.com/felixge/httpsnoop v1.0.4 // indirect
46+
github.com/go-jose/go-jose/v4 v4.1.3 // indirect
47+
github.com/go-logr/logr v1.4.3 // indirect
48+
github.com/go-logr/stdr v1.2.2 // indirect
49+
github.com/google/go-cmp v0.7.0 // indirect
50+
github.com/google/go-replayers/grpcreplay v1.3.0 // indirect
51+
github.com/google/go-replayers/httpreplay v1.2.0 // indirect
52+
github.com/google/martian/v3 v3.3.3 // indirect
53+
github.com/google/s2a-go v0.1.9 // indirect
54+
github.com/google/uuid v1.6.0 // indirect
55+
github.com/google/wire v0.7.0 // indirect
56+
github.com/googleapis/enterprise-certificate-proxy v0.3.7 // indirect
57+
github.com/googleapis/gax-go/v2 v2.15.0 // indirect
58+
github.com/hashicorp/errwrap v1.1.0 // indirect
59+
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
60+
github.com/hashicorp/go-multierror v1.1.1 // indirect
61+
github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
62+
github.com/hashicorp/go-rootcerts v1.0.2 // indirect
63+
github.com/hashicorp/go-secure-stdlib/parseutil v0.2.0 // indirect
64+
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
65+
github.com/hashicorp/go-sockaddr v1.0.7 // indirect
66+
github.com/hashicorp/hcl v1.0.1-vault-7 // indirect
67+
github.com/mitchellh/go-homedir v1.1.0 // indirect
68+
github.com/mitchellh/mapstructure v1.5.0 // indirect
69+
github.com/ryanuber/go-glob v1.0.0 // indirect
70+
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
71+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect
72+
go.opentelemetry.io/otel v1.38.0 // indirect
73+
go.opentelemetry.io/otel/metric v1.38.0 // indirect
74+
go.opentelemetry.io/otel/sdk v1.38.0 // indirect
75+
go.opentelemetry.io/otel/sdk/metric v1.38.0 // indirect
76+
go.opentelemetry.io/otel/trace v1.38.0 // indirect
77+
golang.org/x/crypto v0.45.0 // indirect
78+
golang.org/x/net v0.47.0 // indirect
79+
golang.org/x/oauth2 v0.33.0 // indirect
80+
golang.org/x/sys v0.38.0 // indirect
81+
golang.org/x/text v0.31.0 // indirect
82+
golang.org/x/time v0.14.0 // indirect
83+
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
84+
google.golang.org/api v0.256.0 // indirect
85+
google.golang.org/genproto/googleapis/rpc v0.0.0-20251124214823-79d6a2a48846 // indirect
86+
google.golang.org/grpc v1.77.0 // indirect
87+
google.golang.org/protobuf v1.36.10 // indirect
88+
)
89+
90+
replace gocloud.dev => ../../

0 commit comments

Comments
 (0)