-
Notifications
You must be signed in to change notification settings - Fork 1
/
clients.go
75 lines (72 loc) · 2.74 KB
/
clients.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
package main
import (
"errors"
"github.com/marmotherder/mimir/clients"
)
// loadClient is a helper function to load a live client for a configured secrets manager backend
func loadClient() (clients.SecretsManagerClient, clients.SecretsManager, error) {
switch opts.Backend {
case "hashicorpvault":
var hvOpts HashiCorpVaultOptions
parseArgs(&hvOpts)
switch hvOpts.Authentication {
case "k8s":
var hvK8SOpts HashicorpVaultK8SOptions
parseArgs(&hvK8SOpts)
smc, mgr := loadHashiCorpVaultClient(opts, hvOpts, clients.HashicorpVaultK8SAuth{IsPod: opts.IsPod, Role: hvK8SOpts.Role, ConfigPath: opts.KubeconfigPath})
return smc, mgr, nil
case "approle":
var hvAppRoleOpts HashicorpVaultAppRoleOptions
parseArgs(&hvAppRoleOpts)
smc, mgr := loadHashiCorpVaultClient(opts, hvOpts, clients.HashicorpVaultApproleAuth{RoleID: hvAppRoleOpts.RoleID, SecretID: hvAppRoleOpts.SecretID})
return smc, mgr, nil
case "token":
var hvTokenOpts HashicorpVaultTokenOptions
parseArgs(&hvTokenOpts)
smc, mgr := loadHashiCorpVaultClient(opts, hvOpts, clients.HashicorpVaultTokenAuth{Token: hvTokenOpts.Token})
return smc, mgr, nil
default:
return nil, "", errors.New("Unknown Hashicorp Vault authentication type")
}
case "aws":
var awsOpts AWSOptions
parseArgs(&awsOpts)
switch awsOpts.Authentication {
case "iam":
smc, mgr := loadAWSClient(opts, awsOpts, &clients.AWSIAMAuth{})
return smc, mgr, nil
case "static":
var staticAWSOpts AWSCredentialsOptions
parseArgs(&staticAWSOpts)
smc, mgr := loadAWSClient(opts, awsOpts, &clients.AWSStaticCredentialsAuth{AccessKeyID: staticAWSOpts.AccessKeyID, SecretAccessKey: staticAWSOpts.SecretAccessKey})
return smc, mgr, nil
case "env":
smc, mgr := loadAWSClient(opts, awsOpts, &clients.AWSEnvironmentAuth{})
return smc, mgr, nil
case "shared":
var awsSharedOpts AWSSharedOptions
parseArgs(&awsSharedOpts)
smc, mgr := loadAWSClient(opts, awsOpts, &clients.AWSSharedCredentialsAuth{Path: awsSharedOpts.Path, Profile: awsSharedOpts.Profile})
return smc, mgr, nil
default:
return nil, "", errors.New("Unknown AWS authentication type")
}
case "azure":
var azOpts AzureKeyVaultOptions
parseArgs(&azOpts)
switch azOpts.Authentication {
case "env":
smc, mgr := loadAzureKeyVaultClient(opts, azOpts, &clients.AzureKeyVaultEnvironmentAuth{})
return smc, mgr, nil
case "file":
var azFileOpts AzureKeyVaultFileOptions
parseArgs(&azFileOpts)
smc, mgr := loadAzureKeyVaultClient(opts, azOpts, &clients.AzureKeyVaultFileAuth{BaseURI: azFileOpts.FilePath})
return smc, mgr, nil
default:
return nil, "", errors.New("Unknown Azure authentication type")
}
default:
return nil, "", errors.New("Failed to load a configured secrets backend properly")
}
}