Skip to content

Commit

Permalink
feat: ADD SECRET API (mosn#343)
Browse files Browse the repository at this point in the history
  • Loading branch information
@MentosL @seeflood
MentosL authored and seeflood committed Feb 10, 2022
1 parent 80c5716 commit d2f2915
Show file tree
Hide file tree
Showing 25 changed files with 1,934 additions and 601 deletions.
44 changes: 40 additions & 4 deletions cmd/layotto/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,22 @@ package main
import (
"encoding/json"
"fmt"
"os"
"strconv"
"time"

"github.com/dapr/components-contrib/secretstores"
"github.com/dapr/components-contrib/secretstores/aws/parameterstore"
"github.com/dapr/components-contrib/secretstores/aws/secretmanager"
"github.com/dapr/components-contrib/secretstores/azure/keyvault"
gcp_secretmanager "github.com/dapr/components-contrib/secretstores/gcp/secretmanager"
"github.com/dapr/components-contrib/secretstores/hashicorp/vault"
sercetstores_kubernetes "github.com/dapr/components-contrib/secretstores/kubernetes"
secretstore_env "github.com/dapr/components-contrib/secretstores/local/env"
secretstore_file "github.com/dapr/components-contrib/secretstores/local/file"
"mosn.io/api"
"mosn.io/layotto/diagnostics"
"mosn.io/layotto/pkg/grpc/default_api"
secretstores_loader "mosn.io/layotto/pkg/runtime/secretstores"
"os"
"strconv"
"time"

"mosn.io/layotto/components/file/local"
"mosn.io/layotto/components/file/s3/alicloud"
Expand Down Expand Up @@ -339,6 +348,33 @@ func NewRuntimeGrpcServer(data json.RawMessage, opts ...grpc.ServerOption) (mgrp
runtime_sequencer.NewFactory("mongo", func() sequencer.Store {
return sequencer_mongo.NewMongoSequencer(log.DefaultLogger)
}),
),
// secretstores
runtime.WithSecretStoresFactory(
secretstores_loader.NewFactory("kubernetes", func() secretstores.SecretStore {
return sercetstores_kubernetes.NewKubernetesSecretStore(loggerForDaprComp)
}),
secretstores_loader.NewFactory("azure.keyvault", func() secretstores.SecretStore {
return keyvault.NewAzureKeyvaultSecretStore(loggerForDaprComp)
}),
secretstores_loader.NewFactory("hashicorp.vault", func() secretstores.SecretStore {
return vault.NewHashiCorpVaultSecretStore(loggerForDaprComp)
}),
secretstores_loader.NewFactory("aws.secretmanager", func() secretstores.SecretStore {
return secretmanager.NewSecretManager(loggerForDaprComp)
}),
secretstores_loader.NewFactory("aws.parameterstore", func() secretstores.SecretStore {
return parameterstore.NewParameterStore(loggerForDaprComp)
}),
secretstores_loader.NewFactory("gcp.secretmanager", func() secretstores.SecretStore {
return gcp_secretmanager.NewSecreteManager(loggerForDaprComp)
}),
secretstores_loader.NewFactory("local.file", func() secretstores.SecretStore {
return secretstore_file.NewLocalSecretStore(loggerForDaprComp)
}),
secretstores_loader.NewFactory("local.env", func() secretstores.SecretStore {
return secretstore_env.NewEnvSecretStore(loggerForDaprComp)
}),
))
// 4. check if unhealthy
if err != nil {
Expand Down
3 changes: 2 additions & 1 deletion components/go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@ require (
github.com/hashicorp/consul/api v1.3.0
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
github.com/minio/minio-go/v7 v7.0.15
github.com/mitchellh/mapstructure v1.3.3 // indirect
github.com/mitchellh/mapstructure v1.4.1
github.com/pkg/errors v0.9.1
github.com/spf13/afero v1.2.2 // indirect
github.com/stretchr/testify v1.7.0
github.com/valyala/fasthttp v1.26.0
Expand Down
11 changes: 7 additions & 4 deletions components/go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -503,8 +503,11 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW
github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/klauspost/compress v1.13.1 h1:wXr2uRxZTJXHLly6qhJabee5JqIhTRoLBhDOA74hDEQ=
github.com/klauspost/compress v1.13.1/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
github.com/klauspost/compress v1.10.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/compress v1.12.2/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc=
github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
github.com/klauspost/cpuid v1.3.1 h1:5JNjFYYQrZeKRJ0734q51WCEEn2huer72Dc7K+R/b6s=
github.com/klauspost/cpuid v1.3.1/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd42rAQw4=
Expand Down Expand Up @@ -569,8 +572,8 @@ github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS4
github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.3.3 h1:SzB1nHZ2Xi+17FP0zVQBHIZqvwRN9408fJO8h+eeNA8=
github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag=
github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
Expand Down
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ require (
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/json-iterator/go v1.1.11
github.com/phayes/freeport v0.0.0-20171002181615-b8543db493a5
github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
github.com/pkg/errors v0.9.1
github.com/shirou/gopsutil v3.21.3+incompatible
github.com/stretchr/testify v1.7.0
Expand Down
16 changes: 14 additions & 2 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -471,6 +471,7 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V
github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
github.com/go-logr/logr v0.3.0 h1:q4c+kbcR0d5rSurhBR8dIgieOaYpXtsdTYfx22Cu6rs=
github.com/go-logr/logr v0.3.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM=
github.com/go-ole/go-ole v1.2.5 h1:t4MGB5xEDZvXI+0rMjjsfBsD7yAgp/s9ZDkL1JndXwY=
Expand Down Expand Up @@ -636,6 +637,7 @@ github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
Expand All @@ -660,6 +662,7 @@ github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+
github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
github.com/googleapis/gnostic v0.5.1 h1:A8Yhf6EtqTv9RMsU6MQTyrtV1TjWlR6xU9BsZIwuTCM=
github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
Expand Down Expand Up @@ -758,6 +761,7 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO
github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/imdario/mergo v0.3.10 h1:6q5mVkdH/vYmqngx7kZQTjJ5HRsx+ImorDIEQ+beJgc=
github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/imkira/go-interpol v1.1.0/go.mod h1:z0h2/2T3XF8kyEPpRgJ3kmNv+C43p+I/CoI+jC3w2iA=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
Expand Down Expand Up @@ -1133,8 +1137,8 @@ github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko
github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
github.com/peterh/liner v0.0.0-20170211195444-bf27d3ba8e1d/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc=
github.com/phayes/freeport v0.0.0-20171002181615-b8543db493a5 h1:rZQtoozkfsiNs36c7Tdv/gyGNzD1X1XWKO8rptVNZuM=
github.com/phayes/freeport v0.0.0-20171002181615-b8543db493a5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc=
github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
github.com/pierrec/lz4 v0.0.0-20190327172049-315a67e90e41/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
github.com/pierrec/lz4 v2.0.5+incompatible h1:2xWsjqPFWcplujydGg4WmhC/6fZqK42wMM8aXeqhl0I=
Expand Down Expand Up @@ -2057,24 +2061,30 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
istio.io/api v0.0.0-20200227213531-891bf31f3c32/go.mod h1:bcY3prusO/6vA6zGHz4PNG2v79clPyTw06Xx3fprJSQ=
istio.io/gogo-genproto v0.0.0-20190930162913-45029607206a/go.mod h1:OzpAts7jljZceG4Vqi5/zXy/pOg1b209T3jb7Nv5wIs=
k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI=
k8s.io/api v0.20.0 h1:WwrYoZNM1W1aQEbyl8HNG+oWGzLpZQBlcerS9BQw9yI=
k8s.io/api v0.20.0/go.mod h1:HyLC5l5eoS/ygQYl1BXBgFzWNlkHiAuyNAbevIn+FKg=
k8s.io/apiextensions-apiserver v0.20.0/go.mod h1:ZH+C33L2Bh1LY1+HphoRmN1IQVLTShVcTojivK3N9xg=
k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
k8s.io/apimachinery v0.20.0 h1:jjzbTJRXk0unNS71L7h3lxGDH/2HPxMPaQY+MjECKL8=
k8s.io/apimachinery v0.20.0/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU=
k8s.io/apiserver v0.20.0/go.mod h1:6gRIWiOkvGvQt12WTYmsiYoUyYW0FXSiMdNl4m+sxY8=
k8s.io/client-go v0.20.0 h1:Xlax8PKbZsjX4gFvNtt4F5MoJ1V5prDvCuoq9B7iax0=
k8s.io/client-go v0.20.0/go.mod h1:4KWh/g+Ocd8KkCwKF8vUNnmqgv+EVnQDK4MBF4oB5tY=
k8s.io/code-generator v0.20.0/go.mod h1:UsqdF+VX4PU2g46NC2JRs4gc+IfrctnwHb76RNbWHJg=
k8s.io/component-base v0.20.0/go.mod h1:wKPj+RHnAr8LW2EIBIK7AxOHPde4gme2lzXwVSoRXeA=
k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
k8s.io/klog/v2 v2.4.0 h1:7+X0fUguPyrKEC4WjH8iGDg3laWgMo5tMnRTIGTTxGQ=
k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM=
k8s.io/utils v0.0.0-20201110183641-67b214c5f920 h1:CbnUZsM497iRC5QMVkHwyl8s2tB3g7yaSHkYPkpgelw=
k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
launchpad.net/gocheck v0.0.0-20140225173054-000000000087/go.mod h1:hj7XX3B/0A+80Vse0e+BUHsHMTEhd0O4cpUHr/e/BUM=
launchpad.net/xmlpath v0.0.0-20130614043138-000000000004/go.mod h1:vqyExLOM3qBx7mvYRkoxjSCF945s0mbe7YynlKYXtsA=
Expand All @@ -2093,7 +2103,9 @@ rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e h1:4Z09Hglb792X0kfOBBJUPFEyvVfQWrYT/l8h5EKA6JQ=
sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
sigs.k8s.io/structured-merge-diff/v4 v4.0.2 h1:YHQV7Dajm86OuqnIR6zAelnDWBRjo+YhYV9PmGrh1s8=
sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q=
Expand Down
11 changes: 10 additions & 1 deletion pkg/grpc/dapr/dapr_api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
"errors"
"github.com/dapr/components-contrib/bindings"
"github.com/dapr/components-contrib/pubsub"
"github.com/dapr/components-contrib/secretstores"
"github.com/dapr/components-contrib/state"
jsoniter "github.com/json-iterator/go"
"google.golang.org/grpc"
Expand Down Expand Up @@ -63,6 +64,7 @@ type daprGrpcAPI struct {
lockStores map[string]lock.LockStore
sequencers map[string]sequencer.Store
sendToOutputBindingFn func(name string, req *bindings.InvokeRequest) (*bindings.InvokeResponse, error)
secretStores map[string]secretstores.SecretStore
// app callback
AppCallbackConn *grpc.ClientConn
// json
Expand Down Expand Up @@ -161,6 +163,11 @@ func (d *daprGrpcAPI) InvokeBinding(ctx context.Context, in *runtime.InvokeBindi
return r, nil
}

func (d *daprGrpcAPI) isSecretAllowed(storeName string, key string) bool {
// TODO: add permission control
return true
}

// NewDaprAPI_Alpha construct a grpc_api.GrpcAPI which implements DaprServer.
// Currently it only support Dapr's InvokeService and InvokeBinding API.
// Note: this feature is still in Alpha state and we don't recommend that you use it in your production environment.
Expand All @@ -175,7 +182,7 @@ func NewDaprAPI_Alpha(ac *grpc_api.ApplicationContext) grpc_api.GrpcAPI {
return NewDaprServer(ac.AppId,
ac.Hellos, ac.ConfigStores, ac.Rpcs, ac.PubSubs, ac.StateStores, transactionalStateStores,
ac.Files, ac.LockStores, ac.Sequencers,
ac.SendToOutputBindingFn)
ac.SendToOutputBindingFn, ac.SecretStores)
}

func NewDaprServer(
Expand All @@ -190,6 +197,7 @@ func NewDaprServer(
lockStores map[string]lock.LockStore,
sequencers map[string]sequencer.Store,
sendToOutputBindingFn func(name string, req *bindings.InvokeRequest) (*bindings.InvokeResponse, error),
secretStores map[string]secretstores.SecretStore,
) DaprGrpcAPI {
// construct
return &daprGrpcAPI{
Expand All @@ -205,5 +213,6 @@ func NewDaprServer(
sequencers: sequencers,
sendToOutputBindingFn: sendToOutputBindingFn,
json: jsoniter.ConfigFastest,
secretStores: secretStores,
}
}
114 changes: 114 additions & 0 deletions pkg/grpc/dapr/dapr_api_secret.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
/*
* Copyright 2021 Layotto Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package dapr

import (
"context"
"github.com/dapr/components-contrib/secretstores"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"mosn.io/layotto/pkg/grpc/dapr/proto/runtime/v1"
"mosn.io/layotto/pkg/messages"
"mosn.io/pkg/log"
)

func (d *daprGrpcAPI) GetSecret(ctx context.Context, request *runtime.GetSecretRequest) (*runtime.GetSecretResponse, error) {
// 1. check parameters
if d.secretStores == nil || len(d.secretStores) == 0 {
err := status.Error(codes.FailedPrecondition, messages.ErrSecretStoreNotConfigured)
log.DefaultLogger.Errorf("GetSecret fail,not configured err:%+v", err)
return &runtime.GetSecretResponse{}, err
}
secretStoreName := request.StoreName

if d.secretStores[secretStoreName] == nil {
err := status.Errorf(codes.InvalidArgument, messages.ErrSecretStoreNotFound, secretStoreName)
log.DefaultLogger.Errorf("GetSecret fail,not find err:%+v", err)
return &runtime.GetSecretResponse{}, err
}

// 2. TODO permission control
if !d.isSecretAllowed(request.StoreName, request.Key) {
err := status.Errorf(codes.PermissionDenied, messages.ErrPermissionDenied, request.Key, request.StoreName)
return &runtime.GetSecretResponse{}, err
}

// 3. delegate to components
req := secretstores.GetSecretRequest{
Name: request.Key,
Metadata: request.Metadata,
}
getResponse, err := d.secretStores[secretStoreName].GetSecret(req)
// 4. parse result
if err != nil {
err = status.Errorf(codes.Internal, messages.ErrSecretGet, req.Name, secretStoreName, err.Error())
log.DefaultLogger.Errorf("GetSecret fail,get secret err:%+v", err)
return &runtime.GetSecretResponse{}, err
}

response := &runtime.GetSecretResponse{}
if getResponse.Data != nil {
response.Data = getResponse.Data
}
return response, nil
}

func (d *daprGrpcAPI) GetBulkSecret(ctx context.Context, in *runtime.GetBulkSecretRequest) (*runtime.GetBulkSecretResponse, error) {
// 1. check parameters
if d.secretStores == nil || len(d.secretStores) == 0 {
err := status.Error(codes.FailedPrecondition, messages.ErrSecretStoreNotConfigured)
log.DefaultLogger.Errorf("GetBulkSecret fail,not configured err:%+v", err)
return &runtime.GetBulkSecretResponse{}, err
}
secretStoreName := in.StoreName

if d.secretStores[secretStoreName] == nil {
err := status.Errorf(codes.InvalidArgument, messages.ErrSecretStoreNotFound, secretStoreName)
log.DefaultLogger.Errorf("GetBulkSecret fail,not find err:%+v", err)
return &runtime.GetBulkSecretResponse{}, err
}
// 2. delegate to components
req := secretstores.BulkGetSecretRequest{
Metadata: in.Metadata,
}
getResponse, err := d.secretStores[secretStoreName].BulkGetSecret(req)
// 3. parse result
if err != nil {
err = status.Errorf(codes.Internal, messages.ErrBulkSecretGet, secretStoreName, err.Error())
log.DefaultLogger.Errorf("GetBulkSecret fail,bulk secret err:%+v", err)
return &runtime.GetBulkSecretResponse{}, err
}

// 4. filter result
filteredSecrets := map[string]map[string]string{}
for key, v := range getResponse.Data {
// TODO: permission control
if d.isSecretAllowed(secretStoreName, key) {
filteredSecrets[key] = v
} else {
log.DefaultLogger.Debugf(messages.ErrPermissionDenied, key, in.StoreName)
}
}
response := &runtime.GetBulkSecretResponse{}
if getResponse.Data != nil {
response.Data = map[string]*runtime.SecretResponse{}
for key, v := range filteredSecrets {
response.Data[key] = &runtime.SecretResponse{Secrets: v}
}
}
return response, nil
}
Loading

0 comments on commit d2f2915

Please sign in to comment.