go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers-sdk/v1/vault/credentials_resolver/credentials_resolver.go (about) 1 // Copyright (c) Mondoo, Inc. 2 // SPDX-License-Identifier: BUSL-1.1 3 4 package credentials_resolver 5 6 import ( 7 "context" 8 "errors" 9 10 "github.com/rs/zerolog/log" 11 "go.mondoo.com/cnquery/providers-sdk/v1/vault" 12 "go.mondoo.com/cnquery/providers-sdk/v1/vault/cache" 13 ) 14 15 type resolver struct { 16 vault vault.Vault 17 } 18 19 // New creates a new credentials resolver. The resolver allows for caching already resolved credentials 20 // in memory such that they are not retrieved from vault again. 21 func New(v vault.Vault, enableCaching bool) vault.Resolver { 22 if enableCaching { 23 return &resolver{vault: cache.New(v)} 24 } 25 return &resolver{vault: v} 26 } 27 28 // GetCredential retrieves the credential from vault via the secret id 29 func (c *resolver) GetCredential(cred *vault.Credential) (*vault.Credential, error) { 30 if cred == nil { 31 return nil, errors.New("cannot find credential with empty input") 32 } 33 34 info, _ := c.vault.About(context.Background(), &vault.Empty{}) 35 var name string 36 if info != nil { 37 name = info.Name 38 } 39 log.Debug().Str("secret-id", cred.SecretId).Str("vault", name).Msg("fetch secret from vault") 40 // TODO: do we need to provide the encoding from outside or inside? 41 secret, err := c.vault.Get(context.Background(), &vault.SecretID{ 42 Key: cred.SecretId, 43 }) 44 if err != nil { 45 return nil, err 46 } 47 48 retrievedCred, err := secret.Credential() 49 if err != nil { 50 return nil, err 51 } 52 53 // merge creds since user can provide additional credential_type, user 54 if cred.User != "" { 55 retrievedCred.User = cred.User 56 } 57 58 if cred.Type != vault.CredentialType_undefined { 59 retrievedCred.Type = cred.Type 60 } 61 62 return retrievedCred, nil 63 }