feat:Added support for listing secrets #348 (#369)

* feat: Add SecretProvider API to list secrets paths for the current service #348 Signed-off-by: Kyle Morton <[email protected]>
edgexfoundry · Sep 19, 2022 · 3935c8c · 3935c8c
1 parent 8193814
commit 3935c8c
Show file tree

Hide file tree

Showing 8 changed files with 148 additions and 3 deletions.
diff --git a/bootstrap/interfaces/mocks/SecretProvider.go b/bootstrap/interfaces/mocks/SecretProvider.go
diff --git a/bootstrap/interfaces/secret.go b/bootstrap/interfaces/secret.go
@@ -23,6 +23,9 @@ type SecretProvider interface {
 	// Service key is use as the access token role which must have be previously setup.
 	GetAccessToken(tokenType string, serviceKey string) (string, error)
 
+	// ListSecretPaths returns a list of paths for the current service from an insecure/secure secret store.
+	ListSecretPaths() ([]string, error)
+
 	// HasSecret returns true if the service's SecretStore contains a secret at the specified path.
 	HasSecret(path string) (bool, error)
 }
diff --git a/bootstrap/secret/insecure.go b/bootstrap/secret/insecure.go
@@ -129,3 +129,20 @@ func (p *InsecureProvider) HasSecret(path string) (bool, error) {
 
 	return false, nil
 }
+
+// ListSecretPaths returns a list of paths for the current service from an insecure/secure secret store.
+func (p *InsecureProvider) ListSecretPaths() ([]string, error) {
+	var results []string
+
+	insecureSecrets := p.configuration.GetInsecureSecrets()
+	if insecureSecrets == nil {
+		err := fmt.Errorf("InsecureSecrets missing from configuration")
+		return nil, err
+	}
+
+	for _, insecureSecret := range insecureSecrets {
+		results = append(results, insecureSecret.Path)
+	}
+
+	return results, nil
+}
diff --git a/bootstrap/secret/insecure_test.go b/bootstrap/secret/insecure_test.go
@@ -26,6 +26,8 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+var expectedSecretsKeys = []string{"redisdb", "kongdb"}
+
 func TestInsecureProvider_GetSecrets(t *testing.T) {
 	configAllSecrets := TestConfig{
 		InsecureSecrets: map[string]bootstrapConfig.InsecureSecretsInfo{
@@ -94,6 +96,53 @@ func TestInsecureProvider_GetAccessToken(t *testing.T) {
 	assert.Len(t, actualToken, 0)
 }
 
+func TestInsecureProvider_ListPaths(t *testing.T) {
+	configAllSecrets := TestConfig{
+		InsecureSecrets: map[string]bootstrapConfig.InsecureSecretsInfo{
+			"REDIS": {
+				Path:    "redisdb",
+				Secrets: expectedSecrets,
+			},
+			"KONG": {
+				Path:    "kongdb",
+				Secrets: expectedSecrets,
+			},
+		},
+	}
+
+	configMissingSecrets := TestConfig{
+		InsecureSecrets: map[string]bootstrapConfig.InsecureSecretsInfo{
+			"DB": {
+				Path: "redisdb",
+			},
+		},
+	}
+
+	tests := []struct {
+		Name         string
+		ExpectedKeys []string
+		Config       TestConfig
+		ExpectError  bool
+	}{
+		{"Valid", expectedSecretsKeys, configAllSecrets, false},
+		{"Invalid - No secrets", []string{"redisdb"}, configMissingSecrets, false},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.Name, func(t *testing.T) {
+			target := NewInsecureProvider(tc.Config, logger.MockLogger{})
+			actual, err := target.ListSecretPaths()
+			if tc.ExpectError {
+				require.Error(t, err)
+				return
+			}
+
+			require.NoError(t, err)
+			assert.Equal(t, tc.ExpectedKeys, actual)
+		})
+	}
+}
+
 func TestInsecureProvider_HasSecrets(t *testing.T) {
 	configAllSecrets := TestConfig{
 		InsecureSecrets: map[string]bootstrapConfig.InsecureSecretsInfo{

diff --git a/bootstrap/secret/secure.go b/bootstrap/secret/secure.go
@@ -366,3 +366,25 @@ func (p *SecureProvider) HasSecret(path string) (bool, error) {
 
 	return true, nil
 }
+
+// ListSecretPaths returns a list of paths for the current service from an insecure/secure secret store.
+func (p *SecureProvider) ListSecretPaths() ([]string, error) {
+
+	if p.secretClient == nil {
+		return nil, errors.New("can't get secret paths. Secure secret provider is not properly initialized")
+	}
+
+	secureSecrets, err := p.secretClient.GetKeys("")
+
+	retry, err := p.reloadTokenOnAuthError(err)
+	if retry {
+		// Retry with potential new token
+		secureSecrets, err = p.secretClient.GetKeys("")
+	}
+
+	if err != nil {
+		return nil, fmt.Errorf("unable to get secret paths: %v", err)
+	}
+
+	return secureSecrets, nil
+}
diff --git a/bootstrap/secret/secure_test.go b/bootstrap/secret/secure_test.go
@@ -388,3 +388,34 @@ func TestSecureProvider_HasSecrets(t *testing.T) {
 		})
 	}
 }
+
+func TestSecureProvider_ListSecretPathsSecrets(t *testing.T) {
+	expectedKeys := []string{"username", "password", "config"}
+	mock := &mocks.SecretClient{}
+	mock.On("GetKeys", "").Return(expectedKeys, nil)
+
+	tests := []struct {
+		Name        string
+		Config      TestConfig
+		Client      secrets.SecretClient
+		ExpectError bool
+	}{
+		{"Valid Secure", TestConfig{}, mock, false},
+		{"Invalid No Client", TestConfig{}, nil, true},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.Name, func(t *testing.T) {
+			target := NewSecureProvider(context.Background(), tc.Config, logger.MockLogger{}, nil, nil, "testService")
+			target.SetClient(tc.Client)
+			actual, err := target.ListSecretPaths()
+			if tc.ExpectError {
+				require.Error(t, err)
+				return
+			}
+
+			require.NoError(t, err)
+			assert.Equal(t, expectedKeys, actual)
+		})
+	}
+}
diff --git a/go.mod b/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/edgexfoundry/go-mod-core-contracts/v2 v2.2.0
 	github.com/edgexfoundry/go-mod-messaging/v2 v2.2.0
 	github.com/edgexfoundry/go-mod-registry/v2 v2.2.0
-	github.com/edgexfoundry/go-mod-secrets/v2 v2.3.0-dev.7
+	github.com/edgexfoundry/go-mod-secrets/v2 v2.3.0-dev.8
 	github.com/google/uuid v1.3.0
 	github.com/gorilla/mux v1.8.0
 	github.com/hashicorp/go-multierror v1.1.1

diff --git a/go.sum b/go.sum
@@ -38,8 +38,8 @@ github.com/edgexfoundry/go-mod-messaging/v2 v2.2.0 h1:FdnA7hLq0U8PeMAIuJXt4KcXLA
 github.com/edgexfoundry/go-mod-messaging/v2 v2.2.0/go.mod h1:+X6C0h8ZTJe+lLU2AGJfiAzCJK3zL+yM6cej9VC+79E=
 github.com/edgexfoundry/go-mod-registry/v2 v2.2.0 h1:dk9ul1t7INAiyZXeu/GrpinFE3qOekdy8uZOqEGgIiE=
 github.com/edgexfoundry/go-mod-registry/v2 v2.2.0/go.mod h1:DUQRnAd5fVzoROc5SI+PTFUD/vCNeZmZHBMrLElbmwI=
-github.com/edgexfoundry/go-mod-secrets/v2 v2.3.0-dev.7 h1:BFg7lzSVitQGvGY1mZucMXI5HNLgORDWde8a3L5dWsM=
-github.com/edgexfoundry/go-mod-secrets/v2 v2.3.0-dev.7/go.mod h1:h/FohFNY8xHalioLg1bhjAuEj0z+danSDtixirvaXmQ=
+github.com/edgexfoundry/go-mod-secrets/v2 v2.3.0-dev.8 h1:1YqPIpkMGPrpUDecpOEJeqtY7pBZe7EFvVhplZ2PIQA=
+github.com/edgexfoundry/go-mod-secrets/v2 v2.3.0-dev.8/go.mod h1:h/FohFNY8xHalioLg1bhjAuEj0z+danSDtixirvaXmQ=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=