diff --git a/CHANGELOG.md b/CHANGELOG.md index c979464..3b9bc59 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## [Unreleased] + +### Added + +- [TD-6433] Support for Vault functionality + ## [6.1.1] 2024-02-20 ### Added diff --git a/lib/td_core/application.ex b/lib/td_core/application.ex index d5ec968..9a53657 100644 --- a/lib/td_core/application.ex +++ b/lib/td_core/application.ex @@ -8,13 +8,14 @@ defmodule TdCore.Application do @impl true def start(_type, _args) do children = - [ - TdCore.Search.Cluster - ] ++ IndexWorker.get_index_workers() + :td_core + |> Application.get_env(TdCore.Search.Cluster) + |> workers() - # See https://hexdocs.pm/elixir/Supervisor.html - # for other strategies and supported options opts = [strategy: :one_for_one, name: TdCore.Supervisor] Supervisor.start_link(children, opts) end + + defp workers(nil), do: [] + defp workers(_), do: [TdCore.Search.Cluster] ++ IndexWorker.get_index_workers() end diff --git a/lib/td_core/vault.ex b/lib/td_core/vault.ex new file mode 100644 index 0000000..9ef34d1 --- /dev/null +++ b/lib/td_core/vault.ex @@ -0,0 +1,103 @@ +defmodule TdCore.Vault do + @moduledoc """ + Functions to use Vaultex API write, read, delete secrets + """ + + require Logger + + def write_secrets(secrets_key, secrets) do + vault_config = Application.get_env(:td_core, __MODULE__) + token = vault_config[:token] + secrets_path = vault_config[:secrets_path] + + response = + Vaultex.Client.write( + "#{secrets_path}#{secrets_key}", + %{"data" => %{"value" => secrets}}, + :token, + {token} + ) + + case response do + :ok -> + :ok + + {:ok, _r} -> + :ok + + {:error, [error]} -> + Logger.error(error) + {:vault_error, "Error storing secrets"} + + {:error, [error, error_code]} -> + Logger.error("#{error_code}: #{error}") + {:vault_error, "Error storing secrets"} + + _error -> + response + end + end + + def read_secrets(secrets_key) do + secrets_key + |> read() + |> case do + {:ok, %{"data" => %{"value" => value}}} -> + value + + {:ok, %{"data" => nil}} -> + %{} + + {:error, [error]} -> + Logger.error("Error reading secret. #{error}") + {:error, error} + end + end + + def maybe_read_secrets(secrets_key) do + secrets_key + |> read() + |> case do + {:ok, %{"data" => %{"value" => value}}} -> + value + + _ -> + nil + end + end + + defp read(secrets_key) do + vault_config = Application.get_env(:td_core, __MODULE__) + token = vault_config[:token] + secrets_path = vault_config[:secrets_path] + + Vaultex.Client.read("#{secrets_path}#{secrets_key}", :token, {token}) + end + + def delete_secrets(nil) do + :ok + end + + def delete_secrets(secrets_key) do + vault_config = Application.get_env(:td_core, __MODULE__) + token = vault_config[:token] + secrets_path = vault_config[:secrets_path] + + case Vaultex.Client.delete("#{secrets_path}#{secrets_key}", :token, {token}) do + :ok -> + :ok + + {:error, [error]} -> + Logger.error(error) + {:vault_error, "Error deleting secrets #{secrets_key}"} + + {:error, [error, error_code]} -> + Logger.error("#{error_code}: #{error}") + {:vault_error, "Error deleting secrets #{secrets_key}"} + + {:error, code} -> + Logger.error(code) + {:vault_error, "Error deleting secrets #{secrets_key}"} + end + end +end diff --git a/mix.exs b/mix.exs index 165d4ed..0a7b8d0 100644 --- a/mix.exs +++ b/mix.exs @@ -33,6 +33,8 @@ defmodule TdCore.MixProject do {:mox, "~> 1.0", only: :test}, {:ex_machina, "~> 2.7"}, {:elasticsearch, "~> 1.1"}, + {:httpoison, "~> 2.0", override: true}, + {:vaultex, "~> 1.0.1"}, {:credo, "~> 1.5", only: [:dev, :test], runtime: false}, {:td_cluster, git: "https://github.com/Bluetab/td-cluster.git", tag: "5.19.0"}, {:td_cache, git: "https://github.com/Bluetab/td-cache.git", tag: "5.20.0"},