Skip to content

Commit

Permalink
defaults: add support for token_file env
Browse files Browse the repository at this point in the history
  • Loading branch information
Matias Bertani authored and matiasbertani committed Jan 29, 2024
1 parent 05852d9 commit e29f9dd
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 20 deletions.
18 changes: 8 additions & 10 deletions lib/vault/defaults.rb
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@ module Defaults
# @return [String]
VAULT_ADDRESS = "https://127.0.0.1:8200".freeze

# The path to the vault token on disk.
# The default path to the vault token on disk.
# @return [String]
VAULT_DISK_TOKEN = Pathname.new("#{ENV["HOME"]}/.vault-token").expand_path.freeze
DEFAULT_VAULT_DISK_TOKEN = Pathname.new("#{ENV["HOME"]}/.vault-token").expand_path.freeze

# The list of SSL ciphers to allow. You should not change this value unless
# you absolutely know what you are doing!
Expand Down Expand Up @@ -56,18 +56,16 @@ def address
# The vault token to use for authentiation.
# @return [String, nil]
def token
if !ENV["VAULT_TOKEN"].nil?
return ENV["VAULT_TOKEN"]
end
ENV["VAULT_TOKEN"] || fetch_from_disk("VAULT_TOKEN_FILE")
end

if VAULT_DISK_TOKEN.exist? && VAULT_DISK_TOKEN.readable?
return VAULT_DISK_TOKEN.read.chomp
def fetch_from_disk(env_var)
path = ENV[env_var] ? Pathname.new(ENV[env_var]) : DEFAULT_VAULT_DISK_TOKEN
if path&.exist? && path.readable?
path.read.chomp
end

nil
end


# Vault Namespace, if any.
# @return [String, nil]
def namespace
Expand Down
54 changes: 44 additions & 10 deletions spec/unit/defaults_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,40 @@ module Vault
end

describe ".token" do
it "uses ENV['VAULT_TOKEN'] if present" do
with_stubbed_env("VAULT_TOKEN" => "testing") do
expect(Defaults.token).to eq("testing")
end
end

it "delegates to fetch_from_disk if ENV['VAULT_TOKEN'] is not present" do
with_stubbed_env("VAULT_TOKEN" => nil) do
allow(Defaults).to receive(:fetch_from_disk).with("VAULT_TOKEN_FILE").and_return("fetch_from_disk_token")
expect(Defaults.token).to eq("fetch_from_disk_token")
expect(Defaults).to have_received(:fetch_from_disk)
end
end

it "prefers the environment over local token" do
with_stubbed_env("VAULT_TOKEN" => "testing2") do
allow(Defaults).to receive(:fetch_from_disk)
expect(Defaults.token).to eq("testing2")
expect(Defaults).to_not have_received(:fetch_from_disk)
end
end

it "returns nil if ENV['VAULT_TOKEN'] is not present and fetch_from_disk return nil" do
with_stubbed_env("VAULT_TOKEN" => nil) do
allow(Defaults).to receive(:fetch_from_disk).and_return(nil)
expect(Defaults.token).to be_nil
end
end
end

describe ".fetch_from_disk" do
let(:token) { File.expand_path("~/.vault-token") }
let(:backup_token) { File.expand_path("~/.vault-token.old") }
let(:custom_token_path) { File.expand_path("~/custom_token_path") }

before do
if File.exist?(token)
Expand All @@ -41,21 +73,23 @@ module Vault
end
end

it "uses ~/.vault-token when present" do
File.open(token, "w") { |f| f.write("testing\n") }
expect(Defaults.token).to eq("testing")
it "reads from ENV specified path if present and file is readable" do
File.open(custom_token_path, "w") { |f| f.write("token_from_custom_path\n") }
with_stubbed_env("VAULT_TOKEN_FILE" => custom_token_path) do
expect(Defaults.fetch_from_disk("VAULT_TOKEN_FILE")).to eq("token_from_custom_path")
end
end

it "uses ENV['VAULT_TOKEN'] if present" do
with_stubbed_env("VAULT_TOKEN" => "testing") do
expect(Defaults.token).to eq("testing")
it "reads from default path if ENV specified path is not present" do
File.open(Defaults::DEFAULT_VAULT_DISK_TOKEN, "w") { |f| f.write("default_path_token\n") }
with_stubbed_env("VAULT_TOKEN_FILE" => nil) do
expect(Defaults.fetch_from_disk("VAULT_TOKEN_FILE")).to eq("default_path_token")
end
end

it "prefers the environment over local token" do
File.open(token, "w") { |f| f.write("testing1\n") }
with_stubbed_env("VAULT_TOKEN" => "testing2") do
expect(Defaults.token).to eq("testing2")
it "returns nil if no readable file is found" do
with_stubbed_env("VAULT_TOKEN_FILE" => "/non/existent/path") do
expect(Defaults.fetch_from_disk("VAULT_TOKEN_FILE")).to be_nil
end
end
end
Expand Down

0 comments on commit e29f9dd

Please sign in to comment.