diff --git a/cmd/cluster/dynatrace/requests.go b/cmd/cluster/dynatrace/requests.go index 09ae09aa..2b1022f9 100644 --- a/cmd/cluster/dynatrace/requests.go +++ b/cmd/cluster/dynatrace/requests.go @@ -14,7 +14,8 @@ import ( const ( authURL string = "https://sso.dynatrace.com/sso/oauth2/token" - clientIDKey string = "dt_client_id_key" + DTVaultPath string = "dt_vault_path" + VaultAddr string = "vault_address" ) type Requester struct { @@ -65,22 +66,27 @@ func (rh *Requester) send() (string, error) { return string(body), nil } -func getClientID() (id string, error error) { - if !viper.IsSet(clientIDKey) { - return "", fmt.Errorf("key %s is not set in config file", clientIDKey) +func getVaultPath() (addr, path string, error error) { + if !viper.IsSet(VaultAddr) { + return "", "", fmt.Errorf("key %s is not set in config file", VaultAddr) } - clientID := viper.GetString(clientIDKey) + vaultAddr := viper.GetString(VaultAddr) - return clientID, nil + if !viper.IsSet(DTVaultPath) { + return "", "", fmt.Errorf("key %s is not set in config file", DTVaultPath) + } + vaultPath := viper.GetString(DTVaultPath) + + return vaultAddr, vaultPath, nil } func getAccessToken() (string, error) { - clientID, err := getClientID() + vaultAddr, vaultPath, err := getVaultPath() if err != nil { return "", err } - clientSecret, err := getSecretFromVault(clientID) + clientID, clientSecret, err := getSecretFromVault(vaultAddr, vaultPath) if err != nil { return "", err } diff --git a/cmd/cluster/dynatrace/vault.go b/cmd/cluster/dynatrace/vault.go index 81ae2ed6..9b0ce71b 100644 --- a/cmd/cluster/dynatrace/vault.go +++ b/cmd/cluster/dynatrace/vault.go @@ -7,52 +7,50 @@ import ( "os/exec" ) -const ( - path string = "osd-sre/dynatrace/sd-sre-platform-oauth-client-grail" - address string = "https://vault.devshift.net" -) - type response struct { Data struct { Data map[string]interface{} `json:"data"` } `json:"data"` } -func getSecretFromVault(clientID string) (secret string, error error) { - err := os.Setenv("VAULT_ADDR", address) +func getSecretFromVault(vaultAddr, vaultPath string) (id string, secret string, error error) { + err := os.Setenv("VAULT_ADDR", vaultAddr) if err != nil { fmt.Printf("Error setting environment variable: %v\n", err) - return "", err + return "", "", err } cmd := exec.Command("vault", "login", "-method=oidc", "-no-print") cmd.Stdout = nil cmd.Stderr = nil if err = cmd.Run(); err != nil { fmt.Println("Error running 'vault login':", err) - return "", nil + return "", "", nil } - err = os.Setenv("VAULT_ADDR", address) + err = os.Setenv("VAULT_ADDR", vaultAddr) if err != nil { - return "", fmt.Errorf("error setting environment variable: %v", err) + return "", "", fmt.Errorf("error setting environment variable: %v", err) } - kvGetCommand := exec.Command("vault", "kv", "get", "-format=json", path) + kvGetCommand := exec.Command("vault", "kv", "get", "-format=json", vaultPath) output, err := kvGetCommand.Output() if err != nil { fmt.Println("Error running 'vault kv get':", err) - return "", nil + return "", "", nil } var resp response if err := json.Unmarshal(output, &resp); err != nil { - return "", fmt.Errorf("error unmarshaling JSON response: %v", err) + return "", "", fmt.Errorf("error unmarshaling JSON response: %v", err) } - - secretData, ok := resp.Data.Data[clientID].(string) + clientID, ok := resp.Data.Data["client_id"].(string) + if !ok { + return "", "", fmt.Errorf("error extracting secret data from JSON response") + } + clientSecret, ok := resp.Data.Data["client_secret"].(string) if !ok { - return "", fmt.Errorf("error extracting secret data from JSON response") + return "", "", fmt.Errorf("error extracting secret data from JSON response") } - return secretData, nil + return clientID, clientSecret, nil }