github.com/blend/go-sdk@v1.20220411.3/vault/option.go (about) 1 /* 2 3 Copyright (c) 2022 - Present. Blend Labs, Inc. All rights reserved 4 Use of this source code is governed by a MIT license that can be found in the LICENSE file. 5 6 */ 7 8 package vault 9 10 import ( 11 "context" 12 "crypto/tls" 13 "crypto/x509" 14 "net/http" 15 "net/url" 16 "os" 17 "time" 18 19 "github.com/blend/go-sdk/env" 20 "github.com/blend/go-sdk/ex" 21 "github.com/blend/go-sdk/logger" 22 ) 23 24 // Option is an option for a vault client. 25 type Option func(*APIClient) error 26 27 // OptLog sets the logger on the vault client. 28 func OptLog(log logger.Log) Option { 29 return func(vc *APIClient) error { 30 vc.Log = log 31 return nil 32 } 33 } 34 35 // OptConfigFromEnv sets the vault client from a given configuration read 36 // from the environment. 37 func OptConfigFromEnv() Option { 38 return func(vc *APIClient) error { 39 var cfg Config 40 if err := (&cfg).Resolve(env.WithVars(context.Background(), env.Env())); err != nil { 41 return err 42 } 43 if err := OptConfig(cfg)(vc); err != nil { 44 return err 45 } 46 return nil 47 } 48 } 49 50 // OptConfig sets the vault client from a given configuration. 51 func OptConfig(cfg Config) Option { 52 return func(vc *APIClient) error { 53 if err := OptRemote(cfg.AddrOrDefault())(vc); err != nil { 54 return err 55 } 56 if err := OptMount(cfg.MountOrDefault())(vc); err != nil { 57 return err 58 } 59 if err := OptToken(cfg.Token)(vc); err != nil { 60 return err 61 } 62 if err := OptTimeout(cfg.TimeoutOrDefault())(vc); err != nil { 63 return err 64 } 65 if err := OptRootCAs(cfg.RootCAs...)(vc); err != nil { 66 return err 67 } 68 return nil 69 } 70 } 71 72 // OptRemote sets the client remote. 73 func OptRemote(addr string) Option { 74 return func(vc *APIClient) error { 75 remote, err := url.Parse(addr) 76 if err != nil { 77 return err 78 } 79 vc.Remote = remote 80 return nil 81 } 82 } 83 84 // OptAddr is an alias to OptRemote. 85 func OptAddr(addr string) Option { 86 return OptRemote(addr) 87 } 88 89 // OptMount sets the vault client mount. 90 func OptMount(mount string) Option { 91 return func(vc *APIClient) error { 92 vc.Mount = mount 93 return nil 94 } 95 } 96 97 // OptToken sets the vault client token. 98 func OptToken(token string) Option { 99 return func(vc *APIClient) error { 100 vc.Token = token 101 return nil 102 } 103 } 104 105 // OptTimeout sets the timeout to vault 106 func OptTimeout(timeout time.Duration) Option { 107 return func(vc *APIClient) error { 108 vc.Timeout = timeout 109 return nil 110 } 111 } 112 113 // OptRootCAs sets the root ca pool for client requests. 114 func OptRootCAs(rootCAs ...string) Option { 115 return func(vc *APIClient) error { 116 if len(rootCAs) > 0 { 117 certPool, err := x509.SystemCertPool() 118 if err != nil { 119 return err 120 } 121 122 for _, caPath := range rootCAs { 123 contents, err := os.ReadFile(caPath) 124 if err != nil { 125 return err 126 } 127 if ok := certPool.AppendCertsFromPEM(contents); !ok { 128 return ex.New("Invalid Root CA") 129 } 130 } 131 132 xport := new(http.Transport) 133 xport.TLSClientConfig = new(tls.Config) 134 xport.TLSClientConfig.RootCAs = certPool 135 vc.Transport = xport 136 } 137 return nil 138 } 139 } 140 141 // OptTracer allows you to configure a tracer on the vault client 142 func OptTracer(tracer Tracer) Option { 143 return func(vc *APIClient) error { 144 vc.Tracer = tracer 145 return nil 146 } 147 }