Add /check endpoint to verify env variable setup (#18)

Adds a `/check` endpoint that will return a 204 if the required environment variables are present, and otherwise returns a 400 with a list of what variables are missing. Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
hashicorp · Dec 15, 2022 · 6b1994e · 6b1994e
1 parent 47eab73
commit 6b1994e
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,7 @@
 ## Unreleased
 
+* Add `/check` endpoint to determine if environment variables are set [GH-18](/~https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/18)
+
 ### Changes
 
 * Update to Go 1.19 [GH-15](/~https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/15)

diff --git a/backend.go b/backend.go
@@ -87,6 +87,7 @@ func newBackend() (*backend, error) {
 			[]*framework.Path{
 				b.pathConfig(),
 				b.pathCredentials(),
+				b.pathCheck(),
 			},
 			b.pathRoles(),
 		),

diff --git a/integrationtest/integration_test.go b/integrationtest/integration_test.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"net/http"
 	"os"
 	"os/exec"
 	"strings"
@@ -68,6 +69,23 @@ func TestMount(t *testing.T) {
 	defer umount()
 }
 
+func TestCheckViability(t *testing.T) {
+	client, err := api.NewClient(nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	path, umount := mountHelper(t, client)
+	defer umount()
+	client, delNamespace := namespaceHelper(t, client)
+	defer delNamespace()
+
+	// check
+	resp, err := client.Logical().ReadRaw(path + "/check")
+	assert.NoError(t, err)
+	assert.Equal(t, http.StatusNoContent, resp.StatusCode)
+}
+
 func TestConfig(t *testing.T) {
 	// Pick up VAULT_ADDR and VAULT_TOKEN from env vars
 	client, err := api.NewClient(nil)

diff --git a/path_check.go b/path_check.go
@@ -0,0 +1,54 @@
+package kubesecrets
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"os"
+	"strings"
+
+	"github.com/hashicorp/vault/sdk/framework"
+	"github.com/hashicorp/vault/sdk/logical"
+)
+
+const (
+	checkPath            = "check"
+	checkHelpSynopsis    = `Checks the Kubernetes configuration is valid.`
+	checkHelpDescription = `Checks the Kubernetes configuration is valid, checking if required environment variables are set.`
+)
+
+var envVarsToCheck = []string{k8sServiceHostEnv, k8sServicePortEnv}
+
+func (b *backend) pathCheck() *framework.Path {
+	return &framework.Path{
+		Pattern: checkPath + "/?$",
+		Operations: map[logical.Operation]framework.OperationHandler{
+			logical.ReadOperation: &framework.PathOperation{
+				Callback: b.pathCheckRead,
+			},
+		},
+		HelpSynopsis:    checkHelpSynopsis,
+		HelpDescription: checkHelpDescription,
+	}
+}
+
+func (b *backend) pathCheckRead(_ context.Context, _ *logical.Request, _ *framework.FieldData) (*logical.Response, error) {
+	var missing []string
+	for _, key := range envVarsToCheck {
+		val := os.Getenv(key)
+		if val == "" {
+			missing = append(missing, key)
+		}
+	}
+
+	if len(missing) == 0 {
+		return &logical.Response{
+			Data: map[string]interface{}{
+				logical.HTTPStatusCode: http.StatusNoContent,
+			},
+		}, nil
+	}
+
+	missingText := strings.Join(missing, ", ")
+	return logical.ErrorResponse(fmt.Sprintf("Missing environment variables: %s", missingText)), nil
+}