Skip to content

Commit 0a2a21f

Browse files
upd vault
1 parent 9779357 commit 0a2a21f

1 file changed

Lines changed: 44 additions & 9 deletions

File tree

src/vault.rs

Lines changed: 44 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -28,14 +28,12 @@ impl AzureVault {
2828
}
2929

3030
// test the connection en authentication to the azure keyvault
31-
pub async fn test_connection(az: &AzureVault) {
32-
let spn_secret: String = env::var("SPN_SECRET").unwrap_or("none".to_string());
33-
31+
pub async fn test_connection(az: &AzureVault, client_secret: &String) {
3432
let creds = Arc::new(ClientSecretCredential::new(
3533
new_http_client(),
3634
az.tenant.clone(),
3735
az.spn.clone(),
38-
spn_secret,
36+
client_secret.clone(),
3937
TokenCredentialOptions::default(),
4038
));
4139

@@ -51,9 +49,9 @@ impl AzureVault {
5149
let secret_result = client.clone().list_secrets().into_stream().next().await;
5250

5351
match secret_result.map(|result| result.map(|_| ())) {
54-
Some(Ok(())) => info!("Connection to Azure KeyVault is Successful"),
52+
Some(Ok(_)) => info!("Connection to Azure KeyVault is Successfull"),
5553
Some(Err(error)) => eprintln!("Error connecting to Azure KeyVault: {}", error),
56-
None => eprintln!("Unexpected None value in secret_result"),
54+
None => eprintln!("Error connecting to Azure KeyVault, returned None"),
5755
}
5856
}
5957
}
@@ -85,9 +83,18 @@ pub async fn run(client: Client, name: &str, namespace: &str, cr: &CDBootstrap)
8583
if sps == true && azp == false {
8684
info!("SPN_SECRET value in Namespace {} Has been set", namespace);
8785
info!("Testing authentication to the Vault");
88-
89-
let azure_vault = AzureVault::new(&cr.spec.tenant, &cr.spec.keyvault, &cr.spec.spn);
90-
AzureVault::test_connection(&azure_vault).await;
86+
if let Ok(secret_value) =
87+
get_secret_value(client.clone(), &name, &namespace, "SPN_SECRET").await
88+
{
89+
let azure_vault = AzureVault::new(&cr.spec.tenant, &cr.spec.keyvault, &cr.spec.spn);
90+
AzureVault::test_connection(&azure_vault, &secret_value.to_string()).await;
91+
} else {
92+
// Handle the error
93+
error!(
94+
"Error retrieving SPN_SECRET value in Namespace {}",
95+
namespace
96+
);
97+
}
9198
}
9299

93100
if azp == true {
@@ -122,6 +129,34 @@ async fn secret_value_is_set(
122129
Ok(is_set)
123130
}
124131

132+
pub async fn get_secret_value(
133+
client: Client,
134+
name: &str,
135+
namespace: &str,
136+
key: &str,
137+
) -> Result<String, Utf8Error> {
138+
let mut client_secret = String::from("");
139+
140+
let api: Api<Secret> = Api::namespaced(client.clone(), namespace);
141+
142+
match api.get(name).await {
143+
Ok(secret) => {
144+
if let Some(data) = secret.data {
145+
if let Some(value) = data.get(key) {
146+
let token_decoded = from_utf8(&value.0)?;
147+
client_secret = token_decoded.to_string();
148+
println!("{:?}", token_decoded);
149+
}
150+
}
151+
}
152+
Err(_) => {
153+
error!("Error getting Secret {} in namespace {}", name, namespace);
154+
}
155+
}
156+
157+
Ok(client_secret)
158+
}
159+
125160
pub async fn print_secret_from_vault(az: &AzureVault, secret_name: &str) {
126161
let config = AzureVault {
127162
tenant: az.tenant.clone(),

0 commit comments

Comments
 (0)