Merge pull request #9 from rundeck-plugins/issue/8

fixing error with a non-default backend name (secret).

README.md

@@ -25,6 +25,20 @@ rundeck.storage.provider.1.config.address=$VAULT_URL
 rundeck.storage.provider.1.config.token=$VAULT_TOKEN
 ```
 
+For existing vault storage, probably you will need to remove the default `keys` path added by default for rundeck.
+You can use these settings for an existing vault storage:
+
+```
+rundeck.storage.provider.1.type=vault-storage
+rundeck.storage.provider.1.path=keys
+rundeck.storage.provider.1.removePathPrefix=true
+rundeck.storage.provider.1.config.prefix=someprefix
+rundeck.storage.provider.1.config.secretBackend=mybackend
+rundeck.storage.provider.1.config.address=$VAULT_URL
+rundeck.storage.provider.1.config.token=$VAULT_TOKEN
+rundeck.storage.provider.1.config.storageBehaviour=vault
+```
+
 ## Minimal version requirements
   * Java 1.8
   * Rundeck 2.10.0

src/main/java/io/github/valfadeev/rundeck/plugin/vault/KeyObjectBuilder.java

@@ -11,6 +11,7 @@ public class KeyObjectBuilder {
     Path            path;
     Logical         vault;
     String          vaultPrefix;
+    String          vaultSecretBackend;
 
     static KeyObjectBuilder builder() {
         return new KeyObjectBuilder();
@@ -31,15 +32,17 @@ KeyObjectBuilder vaultPrefix(String vaultPrefix){
         return this;
     }
 
-    private String getVaultPath(String rawPath) {
-        return String.format("secret/%s/%s", vaultPrefix, rawPath);
+    KeyObjectBuilder vaultSecretBackend(String vaultSecretBackend){
+        this.vaultSecretBackend = vaultSecretBackend;
+        return this;
     }
 
+
     KeyObject build(){
         LogicalResponse response;
         KeyObject object;
         try {
-            response = vault.read(getVaultPath(path.getPath()));
+            response = vault.read(VaultStoragePlugin.getVaultPath(path.getPath(),vaultSecretBackend,vaultPrefix));
             String data = response.getData().get(VaultStoragePlugin.VAULT_STORAGE_KEY);
 
             if(data !=null) {
@@ -83,7 +86,7 @@ public KeyObject getVaultParentObject(Path path){
 
         Path parentPath = PathUtil.parentPath(path);
         try {
-            response = vault.read(getVaultPath(parentPath.getPath()));
+            response = vault.read(VaultStoragePlugin.getVaultPath(parentPath.getPath(),vaultSecretBackend,vaultPrefix));
             parentObject=new VaultKey(response, parentPath);
         } catch (VaultException e) {
 

src/main/java/io/github/valfadeev/rundeck/plugin/vault/VaultStoragePlugin.java

@@ -76,7 +76,8 @@ public void configure(Properties configuration) throws ConfigurationException {
     }
 
     public static String getVaultPath(String rawPath, String vaultSecretBackend, String vaultPrefix) {
-        return String.format("%s/%s/%s", vaultSecretBackend, vaultPrefix, rawPath);
+        String path= String.format("%s/%s/%s", vaultSecretBackend, vaultPrefix, rawPath);
+        return path;
     }
 
     private boolean isDir(String key) {
@@ -181,6 +182,7 @@ private Set<Resource<ResourceMeta>> listResources(Path path, KeyType type) {
 
         try {
             response = vault.list(getVaultPath(path.getPath(),vaultSecretBackend,vaultPrefix));
+
         } catch (VaultException e) {
             throw StorageException.listException(
                     path,
@@ -211,12 +213,15 @@ private Set<Resource<ResourceMeta>> listResources(Path path, KeyType type) {
         }
 
         for (String item : filtered) {
+
             Path itemPath = PathUtil.appendPath(path, item);
+
             Resource<ResourceMeta> resource=null;
             if (isDir(item)) {
                 resource = loadDir(itemPath);
             } else {
                 KeyObject object = this.getVaultObject(itemPath);
+
                 if(rundeckObject){
                     //normal case with rundeck format
                     if(object.isRundeckObject()){
@@ -408,6 +413,7 @@ public KeyObject getVaultObject(Path path){
                                 .path(path)
                                 .vault(vault)
                                 .vaultPrefix(vaultPrefix)
+                                .vaultSecretBackend(vaultSecretBackend)
                                 .build();
 
         return value;

test/docker/docker-compose-existing-vault.yml

@@ -4,7 +4,7 @@ services:
   vault:
     build: dockers/vault
     ports:
-      - "8200:8200"
+      - "8200"
     cap_add:
       - IPC_LOCK
     environment:
@@ -25,7 +25,9 @@ services:
     - SETUP_TEST_PROJECT=vaulttest
     - RUNDECK_STORAGE_PROVIDER_1_TYPE=vault-storage
     - RUNDECK_STORAGE_PROVIDER_1_PATH=keys
-    - RUNDECK_STORAGE_PROVIDER_1_CONFIG_PREFIX=rundeck
+    - RUNDECK_STORAGE_PROVIDER_1_REMOVEPATHPREFIX=true
+    - RUNDECK_STORAGE_PROVIDER_1_CONFIG_SECRETBACKEND=rundeckbackend
+    - RUNDECK_STORAGE_PROVIDER_1_CONFIG_PREFIX=app
     - RUNDECK_STORAGE_PROVIDER_1_CONFIG_ADDRESS=http://vault:8200
     - RUNDECK_STORAGE_PROVIDER_1_CONFIG_TOKEN=${VAULT_TOKEN}
     - RUNDECK_STORAGE_PROVIDER_1_CONFIG_BEHAVIOUR=vault

test/docker/docker-compose-vault.yml

@@ -4,7 +4,7 @@ services:
   vault:
     build: dockers/vault
     ports:
-      - "8200:8200"
+      - "8200"
     cap_add:
       - IPC_LOCK
     environment:

test/docker/dockers/rundeckvault/remco/templates/rundeck-config-storage.properties

@@ -4,10 +4,13 @@
 {%- set index = provider | base %}
 rundeck.storage.provider.{{index}}.type={% set type = printf("%s/type", provider) %}{{ getv(type, "db")}}
 rundeck.storage.provider.{{index}}.path={% set path = printf("%s/path", provider) %}{{ getv(path, "keys")}}
+rundeck.storage.provider.{{index}}.removePathPrefix={% set removepathprefix = printf("%s/removepathprefix", provider) %}{{ getv(removepathprefix, "false")}}
+
 rundeck.storage.provider.{{index}}.config.prefix={% set prefix = printf("%s/config/prefix", provider) %}{{ getv(prefix, "")}}
 rundeck.storage.provider.{{index}}.config.address={% set address = printf("%s/config/address", provider) %}{{ getv(address, "")}}
 rundeck.storage.provider.{{index}}.config.token={% set token = printf("%s/config/token", provider) %}{{ getv(token, "")}}
 rundeck.storage.provider.{{index}}.config.storageBehaviour={% set behaviour = printf("%s/config/behaviour", provider) %}{{ getv(behaviour, "rundeck")}}
+rundeck.storage.provider.{{index}}.config.secretBackend={% set secretbackend = printf("%s/config/secretbackend", provider) %}{{ getv(secretbackend, "secret")}}
 
 rundeck.storage.provider.{{index}}.config.maxRetries={% set maxRetries = printf("%s/config/maxRetries", provider) %}{{ getv(maxRetries, "3")}}
 rundeck.storage.provider.{{index}}.config.retryIntervalMilliseconds={% set retryInterval = printf("%s/config/retryInterval", provider) %}{{ getv(retryInterval, "100")}}

test/docker/dockers/rundeckvault/tests/existing-vault/existing-vault-keys-test.sh

@@ -41,7 +41,7 @@ it_check_key_value_job() {
     bash -c "rd run -i $JOBID -p $RUNDECK_PROJECT"
 
     cmdout=($(bash -c "rd executions follow  -e 1 | grep -v '^#' "))
-    expout=($(curl -s -H "X-Vault-Token: $VAULT_TOKEN"  http://vault:8200/v1/secret/rundeck/keys/node/vault.password | jq .data.value))
+    expout=($(curl -s -H "X-Vault-Token: $VAULT_TOKEN"  http://vault:8200/v1/rundeckbackend/app/keys/node/vault.password | jq .data.value))
     echo "${cmdout[@]}"
     if ! test ${#expout[*]} = ${#cmdout[*]}
     then
@@ -112,7 +112,7 @@ END
         exit 1
     fi
 
-    cmdout=($(curl -s -H "X-Vault-Token: $VAULT_TOKEN"  http://vault:8200/v1/secret/rundeck/keys/node/vault.password > test.output))
+    cmdout=($(curl -s -H "X-Vault-Token: $VAULT_TOKEN"  http://vault:8200/v1/rundeckbackend/app/keys/node/vault.password > test.output))
     # diff with expected
     cat >expected.output <<END
 {"errors":[]}
@@ -190,7 +190,7 @@ it_check_multiple_key_value_job() {
     bash -c "rd run -i $JOBID -p $RUNDECK_PROJECT"
 
     cmdout=($(bash -c "rd executions follow  -e 2 | grep -v '^#' "))
-    expout=($(curl -s -H "X-Vault-Token: $VAULT_TOKEN"  http://vault:8200/v1/secret/rundeck/keys/multiples | jq .data.password))
+    expout=($(curl -s -H "X-Vault-Token: $VAULT_TOKEN"  http://vault:8200/v1/rundeckbackend/app/keys/multiples | jq .data.password))
     echo "${cmdout[@]}"
     if ! test ${#expout[*]} = ${#cmdout[*]}
     then

test/docker/dockers/vault/run.sh

@@ -6,7 +6,7 @@ vault server -config=/vault/config -dev & > log.out
 sleep 10
 
 #create files
-echo "************ creating test keys"
+echo "************ creating test keys (default)"
 vault write secret/rundeck/keys/simple.secret foo=world
 vault write secret/rundeck/keys/multiples name=admin password=admin server=rundeck
 vault write secret/rundeck/keys/folder/another.secret test=hello
@@ -15,5 +15,13 @@ vault write secret/rundeck/keys/folder/multiple2 name=admin password=admin serve
 
 echo "************ end"
 
+#create files
+echo "************ creating custom backend keys"
+vault secrets enable -path=rundeckbackend kv
+vault write rundeckbackend/app/simple.secret foo=world
+vault write rundeckbackend/app/multiples name=admin password=admin server=rundeck
+vault write rundeckbackend/app/folder/another.secret test=hello
+vault write rundeckbackend/app/folder/multiple2 name=admin password=admin server=rundeck
+echo "************ end"
 
 tail -f log.out