feat(vault): add configuration status warnings for admins
Some checks failed
Build and Release / Lint (push) Failing after 2m53s
Build and Release / Create Release (push) Successful in 0s
Build and Release / Build Binaries (amd64, linux, linux-latest) (push) Has been skipped
Build and Release / Build Binaries (amd64, windows, windows-latest) (push) Has been skipped
Build and Release / Build Binaries (amd64, darwin, macos) (push) Has been skipped
Build and Release / Build Binaries (arm64, darwin, macos) (push) Has been skipped
Build and Release / Build Binary (linux/arm64) (push) Has been skipped
Build and Release / Integration Tests (PostgreSQL) (push) Successful in 3m52s
Build and Release / Unit Tests (push) Successful in 4m14s
Some checks failed
Build and Release / Lint (push) Failing after 2m53s
Build and Release / Create Release (push) Successful in 0s
Build and Release / Build Binaries (amd64, linux, linux-latest) (push) Has been skipped
Build and Release / Build Binaries (amd64, windows, windows-latest) (push) Has been skipped
Build and Release / Build Binaries (amd64, darwin, macos) (push) Has been skipped
Build and Release / Build Binaries (arm64, darwin, macos) (push) Has been skipped
Build and Release / Build Binary (linux/arm64) (push) Has been skipped
Build and Release / Integration Tests (PostgreSQL) (push) Successful in 3m52s
Build and Release / Unit Tests (push) Successful in 4m14s
Displays a warning message to admins when vault master key is not configured. Adds ConfigurablePlugin interface for plugins to report configuration status, and implements IsConfigured() and GetConfigurationError() service methods. Warning appears on vault pages with instructions to add MASTER_KEY to app.ini.
This commit is contained in:
@@ -11,19 +11,20 @@ import (
|
||||
)
|
||||
|
||||
var (
|
||||
ErrVaultNotAvailable = errors.New("vault plugin not available")
|
||||
ErrVaultNotLicensed = errors.New("vault plugin not licensed")
|
||||
ErrSecretNotFound = errors.New("secret not found")
|
||||
ErrSecretExists = errors.New("secret already exists")
|
||||
ErrSecretLimitReached = errors.New("secret limit reached for current license tier")
|
||||
ErrFeatureNotInTier = errors.New("feature not available in current license tier")
|
||||
ErrTokenNotFound = errors.New("token not found")
|
||||
ErrTokenExpired = errors.New("token expired")
|
||||
ErrTokenLimitReached = errors.New("token limit reached for current license tier")
|
||||
ErrTokenTTLExceeded = errors.New("token TTL exceeds maximum for current license tier")
|
||||
ErrInvalidToken = errors.New("invalid token")
|
||||
ErrInvalidScope = errors.New("invalid token scope")
|
||||
ErrAccessDenied = errors.New("access denied")
|
||||
ErrVaultNotAvailable = errors.New("vault plugin not available")
|
||||
ErrVaultNotLicensed = errors.New("vault plugin not licensed")
|
||||
ErrVaultNotConfigured = errors.New("vault master key not configured")
|
||||
ErrSecretNotFound = errors.New("secret not found")
|
||||
ErrSecretExists = errors.New("secret already exists")
|
||||
ErrSecretLimitReached = errors.New("secret limit reached for current license tier")
|
||||
ErrFeatureNotInTier = errors.New("feature not available in current license tier")
|
||||
ErrTokenNotFound = errors.New("token not found")
|
||||
ErrTokenExpired = errors.New("token expired")
|
||||
ErrTokenLimitReached = errors.New("token limit reached for current license tier")
|
||||
ErrTokenTTLExceeded = errors.New("token TTL exceeds maximum for current license tier")
|
||||
ErrInvalidToken = errors.New("invalid token")
|
||||
ErrInvalidScope = errors.New("invalid token scope")
|
||||
ErrAccessDenied = errors.New("access denied")
|
||||
)
|
||||
|
||||
// Plugin defines the interface that vault plugins must implement
|
||||
@@ -54,6 +55,15 @@ type Plugin interface {
|
||||
ListAuditEntries(ctx context.Context, repoID int64, page, pageSize int) ([]AuditEntry, int64, error)
|
||||
}
|
||||
|
||||
// ConfigurablePlugin is an optional interface that vault plugins can implement
|
||||
// to report their configuration status
|
||||
type ConfigurablePlugin interface {
|
||||
// IsConfigured returns true if the plugin is properly configured (e.g., has master key)
|
||||
IsConfigured() bool
|
||||
// ConfigurationError returns the configuration error message, if any
|
||||
ConfigurationError() string
|
||||
}
|
||||
|
||||
// Secret represents a vault secret
|
||||
type Secret struct {
|
||||
ID int64
|
||||
@@ -154,6 +164,34 @@ func IsLicensed() bool {
|
||||
return plugins.IsLicensed("vault")
|
||||
}
|
||||
|
||||
// IsConfigured returns true if the vault plugin is properly configured
|
||||
// (e.g., has a master key set). Returns true if plugin doesn't implement
|
||||
// ConfigurablePlugin interface (assumes configured).
|
||||
func IsConfigured() bool {
|
||||
vp := GetPlugin()
|
||||
if vp == nil {
|
||||
return false
|
||||
}
|
||||
if cp, ok := vp.(ConfigurablePlugin); ok {
|
||||
return cp.IsConfigured()
|
||||
}
|
||||
return true // Assume configured if plugin doesn't implement interface
|
||||
}
|
||||
|
||||
// GetConfigurationError returns the configuration error message if the
|
||||
// vault plugin is not properly configured. Returns empty string if configured
|
||||
// or if the plugin doesn't implement ConfigurablePlugin interface.
|
||||
func GetConfigurationError() string {
|
||||
vp := GetPlugin()
|
||||
if vp == nil {
|
||||
return "vault plugin not available"
|
||||
}
|
||||
if cp, ok := vp.(ConfigurablePlugin); ok {
|
||||
return cp.ConfigurationError()
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
// GetLicenseInfo returns the license info for the vault plugin
|
||||
// Returns default Solo license if no license file is present
|
||||
func GetLicenseInfo() *plugins.LicenseInfo {
|
||||
|
||||
Reference in New Issue
Block a user