[Feature][Add] Added Azure support to injector (#2)

* Added Azure support to injector

Signed-off-by: iamabhishek-dubey <[email protected]>

* Updated README and Makefile with latest information

Signed-off-by: iamabhishek-dubey <[email protected]>

* Changed version information

Signed-off-by: iamabhishek-dubey <[email protected]>

CHANGELOG.md

@@ -1,3 +1,10 @@
+### v3.0
+##### May 9, 2021
+
+#### :tada: [Features Added]
+
+- Added support for Azure Key Vault
+
 ### v2.0
 ##### May 8, 2021
 

Makefile

@@ -2,7 +2,7 @@
 REGISTRY ?= quay.io
 REPOSITORY ?= $(REGISTRY)/opstree
 ARTIFACT_NAME=k8s-secret-injector
-VERSION = 2.0
+VERSION = 3.0
 
 all: build-code build-image
 

README.md

@@ -10,10 +10,10 @@ The secret managers which are currently supported:-
 
 - **[Hashicorp Vault](https://www.vaultproject.io/)**
 - **[AWS Secret Manager](https://aws.amazon.com/secrets-manager/)**
+- **[Azure Key Vault](https://azure.microsoft.com/en-in/services/key-vault/)**
 
 There are some secret managers which are planned to be implemented in future.
 
-- **[Azure Key Vault](https://azure.microsoft.com/en-in/services/key-vault/)**
 - **[GCP Secret Manager](https://cloud.google.com/secret-manager)**
 
 ### Supported Features
@@ -38,7 +38,7 @@ We can simply clone the repo and compile the binary according to the OS architec
 make build-code
 ```
 
-In any case, if you don't want to compile the code. The binary can be installed by downloading from [Releases](https://gitlab.com/ot-container-kit/kubernetes/ot-kubernetes/k8s-secret-injector/-/releases) as well.
+In any case, if you don't want to compile the code. The binary can be installed by downloading from [Releases](https://github.com/OT-CONTAINER-KIT/k8s-secret-injector/releases) as well.
 
 ### Usage
 
@@ -55,6 +55,7 @@ Usage:
 
 Available Commands:
   aws         Fetch secrets from AWS Secret Manager
+  azure       Fetch secrets from Azure Key Vault
   help        Help about any command
   vault       Fetch and inject secrets from Vault to a given command
   version     Print the version of k8s secret injector
@@ -68,7 +69,6 @@ Flags:
 Use "k8s-secret-injector [command] --help" for more information about a command.
 ```
 
-
 ### Development
 
 If you like to contribute to this project, you are more than welcome. Please see our [DEVELOPMENT.md](./DEVELOPMENT.md) for details.

cmd/azure.go

@@ -0,0 +1,36 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"k8s-secret-injector/pkg/azure"
+)
+
+var (
+	azureVaultName string
+)
+
+// azureCmd represente the Azure commands
+var azureCmd = &cobra.Command{
+	Use:   "azure",
+	Short: "Fetch secrets from Azure Key Vault",
+	Long:  `Fetch secrets from Azure Key Vault`,
+	Run: func(cmd *cobra.Command, args []string) {
+
+		cfg := &azure.AzureConfig{
+			AzureVaultName: azureVaultName,
+		}
+
+		secretData := azure.RetrieveSecretFromAzure(*cfg)
+		processSecrets(secretData, args)
+	},
+}
+
+func init() {
+	RootCmd.AddCommand(azureCmd)
+
+	viper.SetDefault("azure_vault_name", "test-secret")
+	viper.AutomaticEnv()
+
+	azureCmd.Flags().StringVar(&azureVaultName, "azure-vault-name", viper.GetString("azure_vault_name"), "Name of the azure vault (default: test-secret)")
+}

go.mod

@@ -3,6 +3,8 @@ module k8s-secret-injector
 go 1.16
 
 require (
+	github.com/Azure-Samples/azure-sdk-for-go-samples v0.0.0-20210506191746-b49c4162aa1d // indirect
+	github.com/Azure/azure-sdk-for-go v48.0.0+incompatible
 	github.com/aws/aws-sdk-go v1.30.27
 	github.com/fatih/color v1.9.0 // indirect
 	github.com/go-test/deep v1.0.7 // indirect

pkg/azure/azure.go

@@ -0,0 +1,67 @@
+package azure
+
+import (
+	"context"
+	"github.com/Azure/azure-sdk-for-go/profiles/latest/keyvault/keyvault"
+	kvauth "github.com/Azure/azure-sdk-for-go/services/keyvault/auth"
+	log "github.com/sirupsen/logrus"
+	"os"
+	"path"
+	"strings"
+)
+
+type AzureConfig struct {
+	AzureVaultName string
+}
+
+// getAzureVaultsClient will return the azure client interface
+func getAzureVaultsClient() keyvault.BaseClient {
+	vaultsClient := keyvault.New()
+	authorizer, err := kvauth.NewAuthorizerFromEnvironment()
+	if err != nil {
+		log.Errorf("Failed to initialize azure auth %v", err)
+	}
+	vaultsClient.Authorizer = authorizer
+	return vaultsClient
+}
+
+// getSecret will get the value of secret
+func getSecret(secname string, cfg AzureConfig) string {
+	basicClient := getAzureVaultsClient()
+	secretResp, err := basicClient.GetSecret(context.Background(), "https://"+cfg.AzureVaultName+".vault.azure.net", secname, "")
+	if err != nil {
+		log.Errorf("unable to get list of secrets: %v", err)
+		os.Exit(1)
+	}
+	return *secretResp.Value
+}
+
+// getVault returns an existing vault
+func getVault(ctx context.Context, cfg AzureConfig) keyvault.SecretListResultPage {
+	vaultsClient := getAzureVaultsClient()
+	secretsList, err := vaultsClient.GetSecrets(ctx, "https://"+cfg.AzureVaultName+".vault.azure.net", nil)
+	if err != nil {
+		log.Errorf("unable to get list of secrets: %v", err)
+		os.Exit(1)
+	}
+	return secretsList
+}
+
+// RetrieveSecretFromAzure will retrieve the secret from Azure
+func RetrieveSecretFromAzure(cfg AzureConfig) map[string]interface{} {
+	secretData := make(map[string]interface{})
+	secretList := getVault(context.Background(), cfg)
+	for ; secretList.NotDone(); secretList.NextWithContext(context.Background()) {
+		secWithoutType := make([]string, 1)
+		for _, secret := range secretList.Values() {
+			secWithoutType = append(secWithoutType, path.Base(*secret.ID))
+		}
+		for _, wov := range secWithoutType {
+			if wov != "" {
+				tempValue := strings.ReplaceAll(wov, "-", "_")
+				secretData[strings.ToUpper(tempValue)] = getSecret(wov, cfg)
+			}
+		}
+	}
+	return secretData
+}

pkg/version/version.go

@@ -1,6 +1,6 @@
 package version
 
-var version = "2.0"
+var version = "3.0"
 
 // GetVersion will return the version of secret injector
 func GetVersion() string {