feat(vault): Setting up vault authentication (#36)

* Setting up vault authentication

* Correcting string args

cmd/dumper/cmd_dump.go

@@ -13,8 +13,10 @@ import (
 	"github.com/Jacobbrewer1/dumpster/pkg/dataaccess"
 	"github.com/Jacobbrewer1/dumpster/pkg/dumpster"
 	"github.com/Jacobbrewer1/dumpster/pkg/logging"
+	"github.com/Jacobbrewer1/dumpster/pkg/vault"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/google/subcommands"
+	"github.com/spf13/viper"
 	"google.golang.org/api/option"
 )
 
@@ -25,6 +27,17 @@ type dumpCmd struct {
 	// dbConnStr is the connection string to the database.
 	dbConnStr string
 
+	// vaultEnabled is whether to use vault for secrets.
+	//
+	// This cannot be used in tandem with the dbConnStr flag.
+	vaultEnabled bool
+
+	// host is the host of the database. Only used if vault is enabled.
+	host string
+
+	// schema is the schema of the database. Only used if vault is enabled.
+	schema string
+
 	// purge is the number of days to keep data for. If 0 (or not set), data will not be purged.
 	purge int
 }
@@ -46,6 +59,9 @@ func (c *dumpCmd) Usage() string {
 func (c *dumpCmd) SetFlags(f *flag.FlagSet) {
 	f.StringVar(&c.gcs, "gcs", "", "The GCS bucket to upload the dump to (Requires GCS_CREDENTIALS environment variable to be set)")
 	f.StringVar(&c.dbConnStr, "db-conn", "", "The connection string to the database")
+	f.BoolVar(&c.vaultEnabled, "vault", false, "Whether to use vault to access the database secrets (Requires VAULT_ADDR, VAULT_APPROLE_ID and VAULT_APPROLE_SECRET_ID environment variables to be set)")
+	f.StringVar(&c.host, "host", "", "The host of the database (Only used if vault is enabled)")
+	f.StringVar(&c.schema, "schema", "", "The schema of the database (Only used if vault is enabled)")
 	f.IntVar(&c.purge, "purge", 0, "The number of days to keep data for. If 0 (or not set), data will not be purged.")
 }
 
@@ -56,11 +72,45 @@ func (c *dumpCmd) Execute(ctx context.Context, f *flag.FlagSet, _ ...interface{}
 		return subcommands.ExitFailure
 	}
 
+	if c.vaultEnabled && c.dbConnStr != "" {
+		slog.Error("cannot use vault and db-conn flags together")
+		f.Usage()
+		return subcommands.ExitUsageError
+	}
+
 	// Check if the database connection string is set
 	if c.dbConnStr == "" {
 		slog.Error("database connection string not set")
 		f.Usage()
 		return subcommands.ExitUsageError
+	} else if c.vaultEnabled {
+		vip := viper.New()
+
+		err = vip.BindEnv("vault.addr", "VAULT_ADDR")
+		if err != nil {
+			slog.Error("error binding environment variable", slog.String(logging.KeyError, err.Error()))
+			return subcommands.ExitFailure
+		}
+
+		vc, err := vault.NewClient(vip.GetString("vault.addr"))
+		if err != nil {
+			slog.Error("error creating vault client", slog.String(logging.KeyError, err.Error()))
+			return subcommands.ExitFailure
+		}
+
+		vs, err := vc.GetSecrets("database")
+		if err != nil {
+			slog.Error("error getting database secrets", slog.String(logging.KeyError, err.Error()))
+			return subcommands.ExitFailure
+		}
+
+		vip.Set("db.host", c.host)
+		vip.Set("db.schema", c.schema)
+
+		connStr := dataaccess.GenerateConnectionStr(vip, vs)
+		c.dbConnStr = connStr
+
+		slog.Debug("database connection setup from vault")
 	}
 
 	// Open database connection

go.mod

@@ -8,7 +8,10 @@ require (
 	cloud.google.com/go/storage v1.40.0
 	github.com/go-sql-driver/mysql v1.8.1
 	github.com/google/subcommands v1.2.0
+	github.com/hashicorp/vault/api v1.13.0
+	github.com/hashicorp/vault/api/auth/approle v0.6.0
 	github.com/prometheus/client_golang v1.19.0
+	github.com/spf13/viper v1.15.0
 	github.com/stretchr/testify v1.9.0
 	github.com/vektra/mockery/v2 v2.42.2
 	google.golang.org/api v0.172.0
@@ -21,11 +24,13 @@ require (
 	cloud.google.com/go/iam v1.1.7 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chigopher/pathlib v0.19.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@@ -34,14 +39,22 @@ require (
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.3 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-retryablehttp v0.6.6 // indirect
+	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect
+	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
+	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/huandu/xstrings v1.4.0 // indirect
 	github.com/iancoleman/strcase v0.2.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jinzhu/copier v0.3.5 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
@@ -50,12 +63,12 @@ require (
 	github.com/prometheus/common v0.48.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/rs/zerolog v1.29.0 // indirect
+	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/spf13/afero v1.9.3 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/cobra v1.6.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spf13/viper v1.15.0 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/subosito/gotenv v1.4.2 // indirect
 	go.opencensus.io v0.24.0 // indirect