Skip to content

Commit

Permalink
client: add a StaticWatcher utility constructor
Browse files Browse the repository at this point in the history
This helps with migration of secrets that need a Watcher in production, but
which still need static values for development and testing. The resulting
Watcher never notifies an update, but is valid and vends the provided secret.

While here, pull all the static constructors out into their own file, as the
store file is getting a bit unwieldy.

Updates tailscale/corp#22445
  • Loading branch information
creachadair committed Aug 20, 2024
1 parent 6ab7aac commit 6378f76
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 37 deletions.
53 changes: 53 additions & 0 deletions client/setec/static.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause

package setec

import (
"bytes"
"fmt"
"os"
)

// StaticSecret returns a Secret that vends a static string value.
// This is useful as a placeholder for development, migration, and testing.
// The value reported by a static secret never changes.
func StaticSecret(value string) Secret {
return func() []byte { return []byte(value) }
}

// StaticWatcher returns a Watcher that vends a static string value.
// This is useful as a placeholder for development, migration, and testing.
// The value reported by a static watcher never changes, and the watcher
// channel is never ready.
func StaticWatcher(value string) Watcher {
return Watcher{secret: StaticSecret(value)}
}

// StaticFile returns a Secret that vends the contents of path. The contents
// of the file are returned exactly as stored.
//
// This is useful as a placeholder for development, migration, and testing.
// The value reported by this secret is the contents of path at the
// time this function is called, and never changes.
func StaticFile(path string) (Secret, error) {
bs, err := os.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("reading static secret: %w", err)
}
return func() []byte { return bs }, nil
}

// StaticTextFile returns a secret that vends the contents of path, which are
// treated as text with leading and trailing whitespace trimmed.
//
// This is useful as a placeholder for development, migration, and testing.
// The value reported by a static secret never changes.
func StaticTextFile(path string) (Secret, error) {
bs, err := os.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("reading static secret: %w", err)
}
text := bytes.TrimSpace(bs)
return func() []byte { return text }, nil
}
37 changes: 0 additions & 37 deletions client/setec/store.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,13 @@
package setec

import (
"bytes"
"context"
"encoding/json"
"errors"
"expvar"
"fmt"
"log"
"math/rand"
"os"
"sync"
"time"

Expand Down Expand Up @@ -492,41 +490,6 @@ func (s Secret) GetString() string {
return string(s())
}

// StaticSecret returns a Secret that vends a static string value.
// This is useful as a placeholder for development, migration, and testing.
// The value reported by a static secret never changes.
func StaticSecret(value string) Secret {
return func() []byte { return []byte(value) }
}

// StaticFile returns a Secret that vends the contents of path. The contents
// of the file are returned exactly as stored.
//
// This is useful as a placeholder for development, migration, and testing.
// The value reported by this secret is the contents of path at the
// time this function is called, and never changes.
func StaticFile(path string) (Secret, error) {
bs, err := os.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("reading static secret: %w", err)
}
return func() []byte { return bs }, nil
}

// StaticTextFile returns a secret that vends the contents of path, which are
// treated as text with leading and trailing whitespace trimmed.
//
// This is useful as a placeholder for development, migration, and testing.
// The value reported by a static secret never changes.
func StaticTextFile(path string) (Secret, error) {
bs, err := os.ReadFile(path)
if err != nil {
return nil, fmt.Errorf("reading static secret: %w", err)
}
text := bytes.TrimSpace(bs)
return func() []byte { return text }, nil
}

// hasExpired reports whether cs is an undeclared secret whose last access time
// was longer ago than the expiry window.
func (s *Store) hasExpired(cs *cachedSecret) bool {
Expand Down

0 comments on commit 6378f76

Please sign in to comment.