Skip to content

Commit 3304dca

Browse files
jilu1jilu1
committed
MQE-1647:  read vault token from local file system
(cherry picked from commit 84d7a44)
1 parent 7d11042 commit 3304dca

File tree

1 file changed

+34
-25
lines changed
  • src/Magento/FunctionalTestingFramework/DataGenerator/Handlers/SecretStorage

1 file changed

+34
-25
lines changed

src/Magento/FunctionalTestingFramework/DataGenerator/Handlers/SecretStorage/VaultStorage.php

Lines changed: 34 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,11 @@ class VaultStorage extends BaseStorage
3434
*/
3535
const CONFIG_PATH_ENV_VAR = 'VAULT_CONFIG_PATH';
3636

37-
const TOKEN_HELPER_REGEX = "~\s*token_helper\s*=(.+)$~";
37+
/**
38+
* Regex to grab token helper script
39+
*/
40+
const TOKEN_HELPER_REGEX_GROUP_NAME = 'GROUP_NAME';
41+
const TOKEN_HELPER_REGEX = "~\s*token_helper\s*=(?<" . self::TOKEN_HELPER_REGEX_GROUP_NAME . ">.+)$~";
3842

3943
/**
4044
* Vault client
@@ -146,35 +150,40 @@ private function readVaultTokenFromFileSystem()
146150
// Find user home directory
147151
$homeDir = getenv('HOME');
148152
if ($homeDir === false) {
149-
// If HOME is not set, don't fail right away
150-
$homeDir = '~/';
151-
} else {
152-
$homeDir = rtrim($homeDir, '/') . '/';
153+
throw new TestFrameworkException(
154+
"HOME environment variable is not set. It's required when using vault."
155+
);
153156
}
157+
$homeDir = realpath($homeDir) . DIRECTORY_SEPARATOR;
154158

159+
// Read .vault-token file if it is found in default location
155160
$vaultTokenFile = $homeDir . self::TOKEN_FILE;
156161
if (file_exists($vaultTokenFile)) {
157-
// Found .vault-token file in default location, construct command
158-
$cmd = 'cat ' . $vaultTokenFile;
159-
} else {
160-
// Otherwise search vault config file for custom token helper script
161-
$vaultConfigPath = getenv(self::CONFIG_PATH_ENV_VAR);
162-
if ($vaultConfigPath === false) {
163-
$vaultConfigFile = $homeDir . self::CONFIG_FILE;
164-
} else {
165-
$vaultConfigFile = rtrim($vaultConfigPath, '/') . '/' . self::CONFIG_FILE;
162+
$token = file_get_contents($vaultTokenFile);
163+
if ($token !== false) {
164+
$this->token = $token;
165+
return;
166166
}
167-
// Found .vault config file, read custom token helper script and construct command
168-
if (file_exists($vaultConfigFile)
169-
&& !empty($cmd = $this->getTokenHelperScript(file($vaultConfigFile, FILE_IGNORE_NEW_LINES)))) {
170-
$cmd = $cmd . ' get';
171-
} else {
172-
throw new TestFrameworkException(
173-
'Unable to read .vault-token file. Please authenticate to vault through vault CLI first.'
174-
);
167+
}
168+
169+
// Otherwise search vault config file for custom token helper script
170+
$vaultConfigPath = getenv(self::CONFIG_PATH_ENV_VAR);
171+
if ($vaultConfigPath === false) {
172+
$vaultConfigFile = $homeDir . self::CONFIG_FILE;
173+
} else {
174+
$vaultConfigFile = realpath($vaultConfigPath) . DIRECTORY_SEPARATOR . self::CONFIG_FILE;
175+
}
176+
// Get custom token helper script file from .vault config file
177+
if (file_exists($vaultConfigFile)) {
178+
$cmd = $this->getTokenHelperScript(file($vaultConfigFile, FILE_IGNORE_NEW_LINES));
179+
if (!empty($cmd)) {
180+
$this->token = $this->execVaultTokenHelper($cmd . ' get');
181+
return;
175182
}
176183
}
177-
$this->token = $this->execVaultTokenHelper($cmd);
184+
throw new TestFrameworkException(
185+
'Unable to read .vault-token file. Please authenticate to vault through vault CLI first.'
186+
);
178187
}
179188

180189
/**
@@ -188,8 +197,8 @@ private function getTokenHelperScript($lines)
188197
$tokenHelper = '';
189198
foreach ($lines as $line) {
190199
preg_match(self::TOKEN_HELPER_REGEX, $line, $matches);
191-
if (isset($matches[1])) {
192-
$tokenHelper = trim(trim(trim($matches[1]), '"'));
200+
if (isset($matches[self::TOKEN_HELPER_REGEX_GROUP_NAME])) {
201+
$tokenHelper = trim(trim(trim($matches[self::TOKEN_HELPER_REGEX_GROUP_NAME]), '"'));
193202
}
194203
}
195204
return $tokenHelper;

0 commit comments

Comments
 (0)