OSD-20175: Remove the vault address from the code

openshift · Apr 16, 2024 · f35939b · f35939b
1 parent dee885e
commit f35939b
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 26 deletions.
diff --git a/cmd/cluster/dynatrace/requests.go b/cmd/cluster/dynatrace/requests.go
@@ -14,7 +14,8 @@ import (
 
 const (
 	authURL     string = "https://sso.dynatrace.com/sso/oauth2/token"
-	clientIDKey string = "dt_client_id_key"
+	DTVaultPath string = "dt_vault_path"
+	VaultAddr   string = "vault_address"
 )
 
 type Requester struct {
@@ -65,22 +66,27 @@ func (rh *Requester) send() (string, error) {
 	return string(body), nil
 }
 
-func getClientID() (id string, error error) {
-	if !viper.IsSet(clientIDKey) {
-		return "", fmt.Errorf("key %s is not set in config file", clientIDKey)
+func getVaultPath() (addr, path string, error error) {
+	if !viper.IsSet(VaultAddr) {
+		return "", "", fmt.Errorf("key %s is not set in config file", VaultAddr)
 	}
-	clientID := viper.GetString(clientIDKey)
+	vaultAddr := viper.GetString(VaultAddr)
 
-	return clientID, nil
+	if !viper.IsSet(DTVaultPath) {
+		return "", "", fmt.Errorf("key %s is not set in config file", DTVaultPath)
+	}
+	vaultPath := viper.GetString(DTVaultPath)
+
+	return vaultAddr, vaultPath, nil
 }
 
 func getAccessToken() (string, error) {
-	clientID, err := getClientID()
+	vaultAddr, vaultPath, err := getVaultPath()
 	if err != nil {
 		return "", err
 	}
 
-	clientSecret, err := getSecretFromVault(clientID)
+	clientID, clientSecret, err := getSecretFromVault(vaultAddr, vaultPath)
 	if err != nil {
 		return "", err
 	}

diff --git a/cmd/cluster/dynatrace/vault.go b/cmd/cluster/dynatrace/vault.go
@@ -7,52 +7,50 @@ import (
 	"os/exec"
 )
 
-const (
-	path    string = "osd-sre/dynatrace/sd-sre-platform-oauth-client-grail"
-	address string = "https://vault.devshift.net"
-)
-
 type response struct {
 	Data struct {
 		Data map[string]interface{} `json:"data"`
 	} `json:"data"`
 }
 
-func getSecretFromVault(clientID string) (secret string, error error) {
-	err := os.Setenv("VAULT_ADDR", address)
+func getSecretFromVault(vaultAddr, vaultPath string) (id string, secret string, error error) {
+	err := os.Setenv("VAULT_ADDR", vaultAddr)
 	if err != nil {
 		fmt.Printf("Error setting environment variable: %v\n", err)
-		return "", err
+		return "", "", err
 	}
 	cmd := exec.Command("vault", "login", "-method=oidc", "-no-print")
 	cmd.Stdout = nil
 	cmd.Stderr = nil
 	if err = cmd.Run(); err != nil {
 		fmt.Println("Error running 'vault login':", err)
-		return "", nil
+		return "", "", nil
 	}
 
-	err = os.Setenv("VAULT_ADDR", address)
+	err = os.Setenv("VAULT_ADDR", vaultAddr)
 	if err != nil {
-		return "", fmt.Errorf("error setting environment variable: %v", err)
+		return "", "", fmt.Errorf("error setting environment variable: %v", err)
 	}
 
-	kvGetCommand := exec.Command("vault", "kv", "get", "-format=json", path)
+	kvGetCommand := exec.Command("vault", "kv", "get", "-format=json", vaultPath)
 	output, err := kvGetCommand.Output()
 	if err != nil {
 		fmt.Println("Error running 'vault kv get':", err)
-		return "", nil
+		return "", "", nil
 	}
 
 	var resp response
 	if err := json.Unmarshal(output, &resp); err != nil {
-		return "", fmt.Errorf("error unmarshaling JSON response: %v", err)
+		return "", "", fmt.Errorf("error unmarshaling JSON response: %v", err)
 	}
-
-	secretData, ok := resp.Data.Data[clientID].(string)
+	clientID, ok := resp.Data.Data["client_id"].(string)
+	if !ok {
+		return "", "", fmt.Errorf("error extracting secret data from JSON response")
+	}
+	clientSecret, ok := resp.Data.Data["client_secret"].(string)
 	if !ok {
-		return "", fmt.Errorf("error extracting secret data from JSON response")
+		return "", "", fmt.Errorf("error extracting secret data from JSON response")
 	}
 
-	return secretData, nil
+	return clientID, clientSecret, nil
 }