-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathmain.go
120 lines (97 loc) · 2.84 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package main
import (
"context"
"errors"
"fmt"
"log"
"net/url"
"os"
"strings"
"time"
"github.com/google/go-github/v32/github"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/sdk/plugin"
"golang.org/x/oauth2"
)
func main() {
apiClientMeta := &api.PluginAPIClientMeta{}
flags := apiClientMeta.FlagSet()
flags.Parse(os.Args[1:])
tlsConfig := apiClientMeta.GetTLSConfig()
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
if err := plugin.Serve(&plugin.ServeOpts{
BackendFactoryFunc: Factory,
TLSProviderFunc: tlsProviderFunc,
}); err != nil {
log.Fatal(err)
}
}
func Factory(ctx context.Context, c *logical.BackendConfig) (logical.Backend, error) {
b := Backend(c)
if err := b.Setup(ctx, c); err != nil {
return nil, err
}
return b, nil
}
type backend struct {
*framework.Backend
}
func Backend(c *logical.BackendConfig) *backend {
var b backend
paths := []*framework.Path{
b.pathConfig(),
b.pathLogin(),
b.pathOrganizations(),
b.pathRepositories(),
}
b.Backend = &framework.Backend{
BackendType: logical.TypeCredential,
AuthRenew: b.pathAuthRenew,
PathsSpecial: &logical.Paths{
Unauthenticated: []string{"login"},
},
Paths: paths,
}
return &b
}
func githubClientFromToken(ctx context.Context, token string) *github.Client {
ts := oauth2.StaticTokenSource(&oauth2.Token{AccessToken: token})
tc := oauth2.NewClient(ctx, ts)
return github.NewClient(tc)
}
func repositoryName(fullRepoName, owner string) string {
return strings.Replace(fullRepoName, fmt.Sprintf("%s/", owner), "", 1)
}
func (b *backend) pathAuthRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
if req.Auth == nil {
return nil, errors.New("request auth was nil")
}
token := req.Auth.InternalData["token"].(string)
owner := req.Auth.InternalData["owner"].(string)
repository := req.Auth.InternalData["repository"].(string)
runID := req.Auth.InternalData["run_id"].(int64)
runNumber := req.Auth.InternalData["run_number"].(int)
config, err := b.Config(ctx, req.Storage)
if err != nil {
return nil, err
}
client := githubClientFromToken(ctx, token)
if config.BaseURL != "" {
parsedURL, err := url.Parse(config.BaseURL)
if err != nil {
return nil, errwrap.Wrapf("successfully parsed base_url when set but failing to parse now: {{err}}", err)
}
client.BaseURL = parsedURL
}
run, _, err := client.Actions.GetWorkflowRunByID(context.Background(), owner, repository, runID)
if err != nil {
return nil, err
}
if *run.Status != "in_progress" && *run.RunNumber != runNumber {
return nil, fmt.Errorf("Run is %s, expected 'in_progress'", *run.Status)
}
return framework.LeaseExtend(30*time.Second, 60*time.Minute, b.System())(ctx, req, d)
}