github.com/google/osv-scalibr@v0.4.1/enricher/secrets/hashicorp/hashicorp.go

github.com/google/osv-scalibr@v0.4.1/enricher/secrets/hashicorp/hashicorp.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package hashicorp provides initialization logic for HashiCorp-related enrichers.
    16  package hashicorp
    17  
    18  import (
    19  	cpb "github.com/google/osv-scalibr/binary/proto/config_go_proto"
    20  	"github.com/google/osv-scalibr/enricher"
    21  	"github.com/google/osv-scalibr/enricher/secrets/convert"
    22  	"github.com/google/osv-scalibr/plugin"
    23  	"github.com/google/osv-scalibr/veles/secrets/hashicorpvault"
    24  )
    25  
    26  func vaultURL(cfg *cpb.PluginConfig) string {
    27  	specific := plugin.FindConfig(cfg, func(c *cpb.PluginSpecificConfig) *cpb.HashiCorpVaultValidatorConfig {
    28  		return c.GetHashicorpVaultValidator()
    29  	})
    30  	return specific.GetVaultUrl()
    31  }
    32  
    33  // NewTokenValidatorEnricher returns an enricher for Hashicorp token validation.
    34  //
    35  // The enricher is initialized with the vault URL from the config. If the URL is not set,
    36  // an empty string is used, which will cause the validation to fail.
    37  func NewTokenValidatorEnricher(cfg *cpb.PluginConfig) enricher.Enricher {
    38  	return convert.FromVelesValidator(hashicorpvault.NewTokenValidator(vaultURL(cfg)), "secrets/hashicorpvaulttokenvalidate", 0)()
    39  }
    40  
    41  // NewAppRoleValidatorEnricher returns an enricher for Hashicorp app role validation.
    42  //
    43  // The enricher is initialized with the vault URL from the config. If the URL is not set,
    44  // an empty string is used, which will cause the validation to fail.
    45  func NewAppRoleValidatorEnricher(cfg *cpb.PluginConfig) enricher.Enricher {
    46  	return convert.FromVelesValidator(hashicorpvault.NewAppRoleValidator(vaultURL(cfg)), "secrets/hashicorpvaultapprolevalidate", 0)()
    47  }