Skip to content

Commit

Permalink
fix: recursive vault list secret func
Browse files Browse the repository at this point in the history
  • Loading branch information
@fgouteroux
fgouteroux committed Jan 22, 2025
1 parent 00edc33 commit 7fc0734
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 11 deletions.
7 changes: 2 additions & 5 deletions certstore/startup.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,7 @@ func getVaultAllCertificate(logger log.Logger) []Certificate {
if len(vaultSecrets) > 0 {

var vaultCertCount int
for _, secretKey := range vaultSecrets {
secretKeyPath := config.GlobalConfig.Storage.Vault.CertPrefix + "/" + secretKey
for _, secretKeyPath := range vaultSecrets {
secret, err := vault.GlobalClient.GetSecretWithAppRole(secretKeyPath)
if err != nil {
_ = level.Error(logger).Log("err", err)
Expand Down Expand Up @@ -125,9 +124,7 @@ func getVaultAllToken(logger log.Logger) map[string]Token {
if len(vaultSecrets) > 0 {

var vaultTokenCount int
for _, secretKey := range vaultSecrets {
secretKeyPath := config.GlobalConfig.Storage.Vault.TokenPrefix + "/" + secretKey

for _, secretKeyPath := range vaultSecrets {
secretKeyPathArr := strings.Split(secretKeyPath, "/")
ID := secretKeyPathArr[len(secretKeyPathArr)-1]

Expand Down
12 changes: 6 additions & 6 deletions storage/vault/vault.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ func (client *Client) ListSecretWithAppRole(secretPath string) ([]string, error)
return []string{}, err
}
path := client.config.SecretEngine + "/metadata/" + secretPath
secrets, err := recursiveListSecret(client, path, "")
secrets, err := recursiveListSecret(client, path)
if err != nil {
return secrets, fmt.Errorf("unable to list secrets: %w", err)
}
Expand Down Expand Up @@ -139,7 +139,7 @@ func listSecret(client *Client, path string) (*vaultApi.Secret, error) {
}

// recursiveListSecret returns a list of secrets paths from Vault
func recursiveListSecret(client *Client, path, prefix string) ([]string, error) {
func recursiveListSecret(client *Client, path string) ([]string, error) {
var secretListPath []string
secretList, err := listSecret(client, path)
if err != nil {
Expand All @@ -150,14 +150,14 @@ func recursiveListSecret(client *Client, path, prefix string) ([]string, error)
for _, secret := range secretList.Data["keys"].([]interface{}) {
if strings.HasSuffix(secret.(string), "/") {
var err error
secretListPath, err = recursiveListSecret(client, path+secret.(string), secret.(string))
secretListPath, err = recursiveListSecret(client, path+secret.(string))
if err != nil {
return []string{}, err
}
} else if prefix != "" {
secretListPath = append([]string{prefix + secret.(string)}, secretListPath...)
} else {
secretListPath = append([]string{secret.(string)}, secretListPath...)
// remove secret engine + metadata path as it is implicit in GetSecretWithAppRole
secretPath := strings.Split(path, client.config.SecretEngine+"/metadata")[1] + secret.(string)
secretListPath = append(secretListPath, secretPath)
}
}
}
Expand Down

0 comments on commit 7fc0734

Please sign in to comment.