todo

joe0BAB · joe0BAB · commit 45fdab6e6474 · 2025-06-26T16:58:42.000+02:00
diff --git a/pkg/adaptation/plugin.go b/pkg/adaptation/plugin.go
@@ -1,7 +1,11 @@
 package adaptation
 
 import (
+	"connectrpc.com/connect"
 	"context"
+	"errors"
+	v1 "github.com/docker/secrets-engine/pkg/api/resolver/v1"
+	"google.golang.org/protobuf/proto"
 	"net"
 	"net/http"
 	"os/exec"
@@ -62,6 +66,36 @@ func newExternalPlugin(conn net.Conn, v setupValidator) (*plugin, error) {
 	}, nil
 }
 
+var (
+	errIdMismatch = errors.New("id mismatch")
+)
+
+func (p *plugin) GetSecret(ctx context.Context, request secrets.Request) (secrets.Envelope, error) {
+	req := connect.NewRequest(v1.GetSecretRequest_builder{
+		SecretId: proto.String(request.ID.String()),
+	}.Build())
+	resp, err := p.resolverClient.GetSecret(ctx, req)
+	if err != nil {
+		return envelopeErr(request, err), err
+	}
+	id, err := secrets.ParseID(resp.Msg.GetSecretId())
+	if err != nil {
+		return envelopeErr(request, err), err
+	}
+	if id != request.ID {
+		return envelopeErr(request, errIdMismatch), errIdMismatch
+	}
+	return secrets.Envelope{
+		ID:       id,
+		Value:    []byte(resp.Msg.GetSecretValue()),
+		Provider: p.base,
+	}, nil
+}
+
+func envelopeErr(req secrets.Request, err error) secrets.Envelope {
+	return secrets.Envelope{ID: req.ID, ResolvedAt: time.Now(), Error: err.Error()}
+}
+
 func newSocketClient(conn net.Conn) *http.Client {
 	return &http.Client{
 		Transport: &http.Transport{
diff --git a/pkg/adaptation/plugin_test.go b/pkg/adaptation/plugin_test.go
@@ -1 +1,85 @@
 package adaptation
+
+import (
+	"context"
+	"fmt"
+	"github.com/docker/secrets-engine/pkg/api"
+	"github.com/docker/secrets-engine/pkg/secrets"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"net"
+	"os"
+	"path/filepath"
+	"testing"
+	"time"
+
+	p "github.com/docker/secrets-engine/plugin"
+)
+
+type mockStub struct {
+}
+
+func (m mockStub) GetSecret(ctx context.Context, request secrets.Request) (secrets.Envelope, error) {
+	return secrets.Envelope{}, nil
+}
+
+func (m mockStub) Config() p.Config {
+	return p.Config{
+		Version: "v1",
+		Pattern: "*",
+	}
+}
+
+func (m mockStub) Configure(ctx context.Context, config p.RuntimeConfig) error {
+	return nil
+}
+
+func (m mockStub) Shutdown(context.Context) {
+}
+
+func Test_newExternalPlugin(t *testing.T) {
+	tests := []struct {
+		name string
+		test func(t *testing.T)
+	}{
+		{
+			name: "create external plugin",
+			test: func(t *testing.T) {
+				t.Setenv("XDG_RUNTIME_DIR", os.TempDir())
+				socketPath := api.DefaultSocketPath()
+				os.Remove(socketPath)
+				require.NoError(t, os.MkdirAll(filepath.Dir(socketPath), 0755))
+				l, err := net.ListenUnix("unix", &net.UnixAddr{
+					Name: socketPath,
+					Net:  "unix",
+				})
+				go func() {
+					conn, err := l.Accept()
+					require.NoError(t, err)
+
+					p, err := newExternalPlugin(conn, setupValidator{
+						out:           pluginCfgOut{engineName: "test-engine", engineVersion: "1.0.0", requestTimeout: 30 * time.Second},
+						acceptPattern: func(pattern secrets.Pattern) error { return nil },
+					})
+					assert.NoError(t, err)
+					defer p.close()
+					e, err := p.GetSecret(t.Context(), secrets.Request{ID: "foo"})
+					assert.NoError(t, err)
+					fmt.Printf("Received envelope: %+v\n", e)
+				}()
+
+				conn, err := net.DialUnix("unix", nil, &net.UnixAddr{Name: socketPath, Net: "unix"})
+				require.NoError(t, err)
+
+				s, err := p.New(&mockStub{}, p.WithPluginName("my-plugin"), p.WithConnection(conn))
+				require.NoError(t, err)
+				assert.NoError(t, s.Run(context.Background()))
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tt.test(t)
+		})
+	}
+}
diff --git a/pkg/adaptation/registration.go b/pkg/adaptation/registration.go
@@ -3,6 +3,7 @@ package adaptation
 import (
 	"context"
 	"errors"
+	"github.com/sirupsen/logrus"
 	"sync"
 	"time"
 
@@ -40,6 +41,7 @@ type RegisterService struct {
 }
 
 func (r *RegisterService) RegisterPlugin(ctx context.Context, c *connect.Request[resolverv1.RegisterPluginRequest]) (*connect.Response[resolverv1.RegisterPluginResponse], error) {
+	logrus.Infof("Reveived plugin registration request: %s@%s (pattern: %v)", c.Msg.GetName(), c.Msg.GetVersion(), c.Msg.GetPattern())
 	pattern, err := secrets.ParsePattern(c.Msg.GetPattern())
 	if err != nil {
 		return nil, connect.NewError(connect.CodeInvalidArgument, err)
diff --git a/pkg/adaptation/setup.go b/pkg/adaptation/setup.go
@@ -50,6 +50,7 @@ func setup(conn net.Conn, v setupValidator) (*setupResult, error) {
 	var out pluginCfgIn
 	select {
 	case r := <-chRegistrationResult:
+		fmt.Printf("Received registration result: %+v\n", r)
 		if r.err != nil {
 			i.Close()
 			return nil, fmt.Errorf("failed to register plugin: %w", err)
@@ -76,7 +77,7 @@ func (p setupValidator) Validate(in pluginCfgIn) (*pluginCfgOut, error) {
 	if p.name == "" && in.name == "" {
 		return nil, errors.New("plugin name is required when not launched by engine")
 	}
-	if err := p.acceptPattern(in.pattern); err == nil {
+	if err := p.acceptPattern(in.pattern); err != nil {
 		return nil, err
 	}
 	return &p.out, nil
