blob: f6d0ad892388e499122f4929e853a0f8911c7d4b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
using Microsoft.Extensions.Caching.Memory;
namespace IOL.GreatOffice.Api.Services;
public class VaultService
{
private readonly HttpClient _client;
private readonly IMemoryCache _cache;
private readonly IConfiguration _configuration;
private int CACHE_TTL { get; set; }
public VaultService(HttpClient client, IConfiguration configuration, IMemoryCache cache) {
var token = configuration.GetValue<string>(AppEnvironmentVariables.VAULT_TOKEN);
var vaultUrl = configuration.GetValue<string>(AppEnvironmentVariables.VAULT_URL);
CACHE_TTL = configuration.GetValue(AppEnvironmentVariables.VAULT_CACHE_TTL, 60 * 60 * 12);
if (token.IsNullOrWhiteSpace()) throw new ApplicationException("VAULT_TOKEN is empty");
if (vaultUrl.IsNullOrWhiteSpace()) throw new ApplicationException("VAULT_URL is empty");
client.DefaultRequestHeaders.Add("X-Vault-Token", token);
client.BaseAddress = new Uri(vaultUrl);
_client = client;
_cache = cache;
_configuration = configuration;
}
public static object Data { get; set; }
public T Get<T>(string path) {
return _cache.GetOrCreate(AppConstants.VAULT_CACHE_KEY,
cacheEntry => {
cacheEntry.AbsoluteExpirationRelativeToNow = TimeSpan.FromSeconds(CACHE_TTL);
var getSecretResponse = _client.GetFromJsonAsync<GetSecretResponse<T>>("/v1/kv/data/" + path).Result;
if (getSecretResponse == null) {
return default;
}
Log.Debug("Setting new Vault cache, "
+ new {
PATH = path,
CACHE_TTL,
Data = JsonSerializer.Serialize(getSecretResponse.Data.Data)
});
return getSecretResponse.Data.Data ?? default;
});
}
public T Refresh<T>(string path) {
_cache.Remove(AppConstants.VAULT_CACHE_KEY);
CACHE_TTL = _configuration.GetValue(AppEnvironmentVariables.VAULT_CACHE_TTL, 60 * 60 * 12);
return Get<T>(path);
}
public async Task<RenewTokenResponse> RenewTokenAsync<T>(string token) {
var response = await _client.PostAsJsonAsync("v1/auth/token/renew",
new {
Token = token
});
if (response.IsSuccessStatusCode) {
return await response.Content.ReadFromJsonAsync<RenewTokenResponse>();
}
return default;
}
public AppConfiguration GetCurrentAppConfiguration() {
var path = _configuration.GetValue<string>(AppEnvironmentVariables.MAIN_CONFIG_SHEET);
return Get<AppConfiguration>(path);
}
public AppConfiguration RefreshCurrentAppConfiguration() {
var path = _configuration.GetValue<string>(AppEnvironmentVariables.MAIN_CONFIG_SHEET);
return Refresh<AppConfiguration>(path);
}
public class RenewTokenResponse
{
public Guid RequestId { get; set; }
public string LeaseId { get; set; }
public bool Renewable { get; set; }
public long LeaseDuration { get; set; }
public object Data { get; set; }
public object WrapInfo { get; set; }
public List<string> Warnings { get; set; }
public Auth Auth { get; set; }
}
public class Auth
{
public string ClientToken { get; set; }
public string Accessor { get; set; }
public List<string> Policies { get; set; }
public List<string> TokenPolicies { get; set; }
public object Metadata { get; set; }
public long LeaseDuration { get; set; }
public bool Renewable { get; set; }
public string EntityId { get; set; }
public string TokenType { get; set; }
public bool Orphan { get; set; }
public object MfaRequirement { get; set; }
public long NumUses { get; set; }
}
public class GetSecretResponse<T>
{
public VaultSecret<T> Data { get; set; }
}
public class VaultSecret<T>
{
public T Data { get; set; }
public VaultSecretMetadata Metadata { get; set; }
}
public class VaultSecretMetadata
{
public DateTimeOffset CreatedTime { get; set; }
public object CustomMetadata { get; set; }
public string DeletionTime { get; set; }
public bool Destroyed { get; set; }
public long Version { get; set; }
}
}
|
