add secrets manager guest modules

2025-04-18 08:04:02 +03:00 · 2023-01-12 02:56:05 +00:00 · 2023-01-12 02:56:05 +00:00 · 930a62ad35
commit 930a62ad35
parent 4dd61acb5a
4 changed files with 100 additions and 14 deletions
--- a/10
+++ b/10
@ -11,17 +11,17 @@ CADDY_VERSION="v2.6.2"

 all: info
 	@mkdir -p bin/
-	@rm -rf ./bin/caddy
-	@rm -rf ../xcaddy-$(PLUGIN_NAME)/*
+	@rm -rf ./bin/authp
+	@#rm -rf ../xcaddy-$(PLUGIN_NAME)/*
 	@#mkdir -p ../xcaddy-$(PLUGIN_NAME) && cd ../xcaddy-$(PLUGIN_NAME) &&
 	@#	xcaddy build $(CADDY_VERSION) --output ../$(PLUGIN_NAME)/bin/caddy
 	@#	--with github.com/greenpau/caddy-security@$(LATEST_GIT_COMMIT)=$(BUILD_DIR)
 	@#	--with github.com/greenpau/caddy-trace@v1.1.10
 	@#--with github.com/greenpau/go-authcrunch@v1.0.37=/home/greenpau/dev/go/src/github.com/greenpau/go-authcrunch
-	@go build -v -o ./bin/caddy cmd/authp/main.go
-	@./bin/caddy version
+	@go build -v -o ./bin/authp cmd/authp/main.go
+	@./bin/authp version
 	@#bin/caddy run -config assets/config/Caddyfile
-	@for f in `find ./assets -type f -name 'Caddyfile'`; do bin/caddy fmt --overwrite $$f; done
+	@for f in `find ./assets -type f -name 'Caddyfile'`; do bin/authp fmt --overwrite $$f; done

 info:
 	@echo "DEBUG: Version: $(PLUGIN_VERSION), Branch: $(GIT_BRANCH), Revision: $(GIT_COMMIT)"
--- a/app.go
+++ b/app.go
@ -15,10 +15,14 @@
 package security

 import (
+	"context"
+	"encoding/json"
+
 	"github.com/caddyserver/caddy/v2"
 	"github.com/greenpau/go-authcrunch"
 	"github.com/greenpau/go-authcrunch/pkg/authn"
 	"github.com/greenpau/go-authcrunch/pkg/authz"
+
 	"go.uber.org/zap"
 )

@ -35,10 +39,19 @@ func init() {
 	caddy.RegisterModule(App{})
 }

+type SecretsManager interface {
+	GetSecret(context.Context) (map[string]interface{}, error)
+	GetSecretByKey(context.Context, string) (interface{}, error)
+}
+
 // App implements security manager.
 type App struct {
 	Name   string             `json:"-"`
 	Config *authcrunch.Config `json:"config,omitempty"`
+
+	SecretsManagersRaw []json.RawMessage `json:"secrets_managers,omitempty" caddy:"namespace=security.secrets inline_key=driver"`
+	secretsManagers    []SecretsManager
+
 	server *authcrunch.Server
 	logger *zap.Logger
 }
@ -61,6 +74,20 @@ func (app *App) Provision(ctx caddy.Context) error {
 		zap.String("app", app.Name),
 	)

+	secretsManagerMods, err := ctx.LoadModule(app, "SecretsManagersRaw")
+	if err != nil {
+		app.logger.Error(
+			"app failed loading secrets manager plugins",
+			zap.String("app_name", app.Name),
+			zap.Error(err),
+		)
+		return err
+	}
+
+	for _, mod := range secretsManagerMods.([]any) {
+		app.secretsManagers = append(app.secretsManagers, mod.(SecretsManager))
+	}
+
 	server, err := authcrunch.NewServer(app.Config, app.logger)
 	if err != nil {
 		app.logger.Error(
--- a/caddyfile.go
+++ b/caddyfile.go
@ -20,6 +20,7 @@ import (
 	"github.com/caddyserver/caddy/v2/caddyconfig"
 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
 	"github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile"
+
 	// "github.com/caddyserver/caddy/v2/modules/caddyhttp"
 	"github.com/greenpau/go-authcrunch"
 	//	"strconv"
@ -34,15 +35,15 @@ func init() {
 //
 // Syntax:
 //
-//   security {
-//     credentials ...
-//     identity store <name>
-//     sso provider <name>
-//     [saml|oauth] identity provider <name>
-//     authentication ...
-//     authorization ...
-//   }
-//
+//	security {
+//		secrets ...
+//		credentials ...
+//		identity store <name>
+//		sso provider <name>
+//		[saml|oauth] identity provider <name>
+//		authentication ...
+//		authorization ...
+//	}
 func parseCaddyfile(d *caddyfile.Dispenser, _ interface{}) (interface{}, error) {
 	repl := caddy.NewReplacer()
 	app := new(App)
@ -83,6 +84,10 @@ func parseCaddyfile(d *caddyfile.Dispenser, _ interface{}) (interface{}, error)
 			if err := parseCaddyfileSingleSignOnProvider(d, repl, app.Config); err != nil {
 				return nil, err
 			}
+		case "secrets":
+			if err := parseCaddyfileSecrets(d, repl, app); err != nil {
+				return nil, err
+			}
 		default:
 			return nil, d.ArgErr()
 		}
--- a/caddyfile_secrets.go
+++ b/caddyfile_secrets.go
@ -0,0 +1,54 @@
+// Copyright 2022 Paul Greenberg greenpau@outlook.com
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package security
+
+import (
+	"github.com/caddyserver/caddy/v2"
+	"github.com/caddyserver/caddy/v2/caddyconfig"
+	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
+	"github.com/greenpau/caddy-security/pkg/util"
+)
+
+const (
+	secretsPrefix = "security.secrets"
+)
+
+// parseCaddyfileSecrets parses secrets configuration.
+//
+// Syntax:
+//
+//	secrets <secrets_plugin_name> <secret_id> {
+//	  ...
+//	}
+func parseCaddyfileSecrets(d *caddyfile.Dispenser, repl *caddy.Replacer, app *App) error {
+	args := util.FindReplaceAll(repl, d.RemainingArgs())
+	if len(args) != 2 {
+		return d.ArgErr()
+	}
+
+	modName := args[0]
+	modID := secretsPrefix + "." + modName
+	mod, err := caddyfile.UnmarshalModule(d, modID)
+	if err != nil {
+		return err
+	}
+
+	app.SecretsManagersRaw = append(
+		app.SecretsManagersRaw,
+		caddyconfig.JSONModuleObject(mod, "driver", modName, nil),
+	)
+
+	return nil
+}