Skip to content

Commit

Permalink
feat: initial plugin (#1)
Browse files Browse the repository at this point in the history
  • Loading branch information
tenstad authored Sep 21, 2023
1 parent 589f8bd commit b18cfe0
Show file tree
Hide file tree
Showing 20 changed files with 1,454 additions and 0 deletions.
31 changes: 31 additions & 0 deletions .github/workflows/go-releaser.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
---
name: Go Releaser

on:
push:
tags:
- v*

jobs:
goreleaser:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Set up Go
uses: actions/setup-go@v4
with:
go-version-file: go.mod

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v4
with:
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
26 changes: 26 additions & 0 deletions .github/workflows/release-please.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
---
name: Release Please

on:
push:
branches:
- main

jobs:
release-please:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- id: token
uses: tibdex/github-app-token@v1
with:
app_id: ${{ secrets.STATNETT_BOT_APP_ID }}
private_key: ${{ secrets.STATNETT_BOT_PRIVATE_KEY }}

- uses: google-github-actions/release-please-action@v3
with:
bump-minor-pre-major: true
release-type: go
token: ${{ steps.token.outputs.token }}
34 changes: 34 additions & 0 deletions .github/workflows/snapshot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
---
name: Build Snapshot

on:
workflow_dispatch:

jobs:
snapshot:
name: Build Snapshot
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Set up Go
uses: actions/setup-go@v4
with:
go-version-file: go.mod

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v4
with:
version: latest
args: release --snapshot

- name: Publish Snapshots
uses: actions/upload-artifact@v3
if: ${{ github.event.inputs.publish == 'true' }}
with:
name: snapshots-${{ github.sha }}
path: |
dist/*checksums.txt
dist/*.tar.gz
retention-days: 7
41 changes: 41 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
---
name: Test

on:
push:
paths-ignore:
- README.md

jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Set up Go
uses: actions/setup-go@v4
with:
go-version-file: go.mod

- name: Test
run: make test

snapshot:
name: Test Snapshot Build
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Set up Go
uses: actions/setup-go@v4
with:
go-version-file: go.mod

- name: GoReleaser Build Snapshot
uses: goreleaser/goreleaser-action@v4
with:
version: latest
args: build --snapshot
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
bin/
build/
dist/
config.json
14 changes: 14 additions & 0 deletions .goreleaser.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
builds:
- main: ./cmd/vault-plugin-auth-jwt-auto-roles/
env:
- CGO_ENABLED=0
mod_timestamp: '{{ .CommitTimestamp }}'
flags:
- -trimpath
ldflags:
- '-s -w -X {{ .ModulePath }}/pkg/version.Version=v{{ .Version }}'
goos:
- linux
goarch:
- amd64
binary: '{{ .ProjectName }}_v{{ .Version }}'
21 changes: 21 additions & 0 deletions LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
MIT License

Copyright (c) 2023 Statnett

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
49 changes: 49 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
all: start

GOFUMPT_VERSION ?= v0.5.0
GORELEASER_VERSION ?= 1.20.0

.PHONY: fmt
fmt:
go fmt $$(go list ./...)
go run mvdan.cc/gofumpt@$(GOFUMPT_VERSION) -l -w .

.PHONY: test
test:
go test -v ./...

.PHONY: build
build:
mkdir -p build/plugins
go run github.com/goreleaser/goreleaser@v$(GORELEASER_VERSION) \
build --clean --snapshot --single-target \
--output build/plugins/vault-plugin-auth-jwt-auto-roles

.PHONY: start
start: build
vault server -dev -dev-root-token-id=root -dev-plugin-dir=./build/plugins

.PHONY: enable
enable:
vault auth enable -path=multirole-jwt vault-plugin-auth-jwt-auto-roles

.PHONY: disable
disable:
vault auth disable multirole-jwt
vault plugin deregister auth vault-plugin-auth-jwt-auto-roles

auth=jwt
config:
for role in $(shell vault list -format=json auth/$(auth)/role | jq -r .[]); \
do vault read -format json "auth/$(auth)/role/$${role}" | jq "{\"$${role}\":.data.bound_claims}"; done \
| jq -s add \
| jq '{jwt_auth_host:"${VAULT_ADDR}",jwt_auth_path:"$(auth)",roles:.}' \
> config.json

.PHONY: configure
configure:
vault write auth/multirole-jwt/config @config.json

.PHONY: clean
clean:
rm -rf ./bin ./build ./dist config.json
30 changes: 30 additions & 0 deletions cmd/vault-plugin-auth-jwt-auto-roles/main.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
package main

import (
"log"
"os"

"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/sdk/plugin"

"github.com/statnett/vault-plugin-auth-jwt-auto-roles/internal/jwtauth"
)

func main() {
apiClientMeta := &api.PluginAPIClientMeta{}
flags := apiClientMeta.FlagSet()

if err := flags.Parse(os.Args[1:]); err != nil {
log.Fatal(err)
}

tlsConfig := apiClientMeta.GetTLSConfig()
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)

if err := plugin.ServeMultiplex(&plugin.ServeOpts{
BackendFactoryFunc: jwtauth.Factory,
TLSProviderFunc: tlsProviderFunc,
}); err != nil {
log.Fatal(err)
}
}
66 changes: 66 additions & 0 deletions go.mod
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
module github.com/statnett/vault-plugin-auth-jwt-auto-roles

go 1.21

require (
github.com/go-test/deep v1.1.0
github.com/hashicorp/vault-client-go v0.3.3
github.com/hashicorp/vault/sdk v0.9.2
)

require (
github.com/cenkalti/backoff/v3 v3.2.2 // indirect
github.com/go-jose/go-jose/v3 v3.0.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
github.com/hashicorp/go-rootcerts v1.0.2 // indirect
github.com/hashicorp/go-version v1.6.0 // indirect
github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 // indirect
golang.org/x/time v0.0.0-20220922220347-f3bd1da661af // indirect
)

require (
github.com/armon/go-metrics v0.4.1 // indirect
github.com/armon/go-radix v1.0.0 // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
github.com/fatih/color v1.15.0 // indirect
github.com/golang-jwt/jwt/v5 v5.0.0
github.com/golang/protobuf v1.5.3 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/go-cmp v0.5.9
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-hclog v1.5.0
github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0 // indirect
github.com/hashicorp/go-kms-wrapping/v2 v2.0.12 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/go-plugin v1.5.0 // indirect
github.com/hashicorp/go-secure-stdlib/mlock v0.1.3 // indirect
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
github.com/hashicorp/go-sockaddr v1.0.4 // indirect
github.com/hashicorp/go-uuid v1.0.3 // indirect
github.com/hashicorp/golang-lru v1.0.2 // indirect
github.com/hashicorp/vault/api v1.9.2
github.com/hashicorp/yamux v0.1.1 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.19 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/go-testing-interface v1.14.1 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/oklog/run v1.1.0 // indirect
github.com/pierrec/lz4 v2.6.1+incompatible // indirect
github.com/pkg/errors v0.9.1
github.com/ryanuber/go-glob v1.0.0 // indirect
go.uber.org/atomic v1.11.0 // indirect
golang.org/x/crypto v0.12.0 // indirect
golang.org/x/net v0.14.0 // indirect
golang.org/x/sys v0.12.0 // indirect
golang.org/x/text v0.13.0 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
google.golang.org/grpc v1.57.0 // indirect
google.golang.org/protobuf v1.31.0 // indirect
)
Loading

0 comments on commit b18cfe0

Please sign in to comment.