Feature/nested parameters (#3)

* Added support for nested parameters

* Update README.md

Changed the description to reflect the changes.

* fixed test

Co-authored-by: Mikhail Merkulov <[email protected]>

Author: Kibnet

README.md

@@ -47,13 +47,32 @@ Alternatively, you can configure Vault connection using next environmnt variable
 ## Preparing secrets in Vault
 
 You need to store your secrets with special naming rules.
-First of all, all secrets should use KV2 storage and have prefix `data/{app_alias}/`.
-For example, if your app has alias `sampleapp` and you want to have configuration option `ConnectionString` your secret path would be `data/sampleapp/ConnectionString`.
+First of all, all secrets should use KV2 storage and have prefix `{app_alias}/{env}`.
+For example, if your app has alias `sampleapp` and environment `producton` and you want to have configuration option `ConnectionString` your secret path would be `sampleapp/producton`.
 
-All secret data should use JSON format with the only key `value` and secret data inside:
+All parameters are grouped and arranged in folders and can be managed within the group. All secret data should use JSON format with secret data inside:
 ```json
 {
-    "value": "secret value"
+    "ConnectionString": "secret value",
+    "Option1": "secret value 2",
+}
+```
+### Nested secrets
+
+There are two ways to create nested parameters.
+1. Description of nesting directly in Json format.:
+```json
+{
+    "DB": 
+    {
+        "ConnectionString": "secret value"
+    }
+}
+```
+2. Creating a parameter on the desired path "sampleapp/producton/DB":
+```json
+{
+    "ConnectionString": "secret value"
 }
 ```
 

Source/VaultSharp.Extensions.Configuration/VaultConfigurationProvider.cs

@@ -1,11 +1,12 @@
-namespace VaultSharp.Extensions.Configuration
+namespace VaultSharp.Extensions.Configuration
 {
     using System;
     using System.Collections.Generic;
     using System.Threading.Tasks;
     using Microsoft.Extensions.Configuration;
     using Microsoft.Extensions.Logging;
     using Microsoft.VisualStudio.Threading;
+    using Newtonsoft.Json.Linq;
     using VaultSharp;
     using VaultSharp.Core;
     using VaultSharp.V1.AuthMethods;
@@ -73,21 +74,70 @@ private async Task LoadVaultDataAsync(IVaultClient vaultClient)
             await foreach (var secretData in this.ReadKeysAsync(vaultClient, this._source.BasePath))
             {
                 var key = secretData.Key;
-                key = key.Replace(this._source.BasePath, string.Empty, StringComparison.InvariantCultureIgnoreCase)
+                key = key.Replace(this._source.BasePath, string.Empty, StringComparison.InvariantCultureIgnoreCase).TrimStart('/')
                     .Replace('/', ':');
-                if (secretData.SecretData.Data.ContainsKey("value"))
+                var data = secretData.SecretData.Data;
+
+                this.SetData(data, key);
+            }
+        }
+
+        private void SetData<TValue>(IEnumerable<KeyValuePair<string, TValue>> data, string key)
+        {
+            foreach (var pair in data)
+            {
+                var nestedKey = string.IsNullOrEmpty(key) ? pair.Key : $"{key}:{pair.Key}";
+                var nestedValue = pair.Value;
+                switch (nestedValue)
                 {
-                    this.Set(key, secretData.SecretData.Data["value"].ToString());
+                    case string sValue:
+                        this.Set(nestedKey, sValue);
+                        break;
+                    case JToken token:
+                        switch (token.Type)
+                        {
+                            case JTokenType.Object:
+                                this.SetData<JToken?>(token.Value<JObject>(), nestedKey);
+                                break;
+                            case JTokenType.String:
+                                this.Set(nestedKey, token.Value<string>());
+                                break;
+                            case JTokenType.None:
+                            case JTokenType.Array:
+                            case JTokenType.Constructor:
+                            case JTokenType.Property:
+                            case JTokenType.Comment:
+                            case JTokenType.Integer:
+                            case JTokenType.Float:
+                            case JTokenType.Boolean:
+                            case JTokenType.Null:
+                            case JTokenType.Undefined:
+                            case JTokenType.Date:
+                            case JTokenType.Raw:
+                            case JTokenType.Bytes:
+                            case JTokenType.Guid:
+                            case JTokenType.Uri:
+                            case JTokenType.TimeSpan:
+                                break;
+                        }
+
+                        break;
                 }
             }
         }
 
         private async IAsyncEnumerable<KeyedSecretData> ReadKeysAsync(IVaultClient vaultClient, string path)
         {
             Secret<ListInfo>? keys = null;
+            var folderPath = path;
+            if (folderPath.EndsWith("/", StringComparison.InvariantCulture) == false)
+            {
+                folderPath += "/";
+            }
+
             try
             {
-                keys = await vaultClient.V1.Secrets.KeyValue.V2.ReadSecretPathsAsync(path, this._source.MountPoint).ConfigureAwait(false);
+                keys = await vaultClient.V1.Secrets.KeyValue.V2.ReadSecretPathsAsync(folderPath, this._source.MountPoint).ConfigureAwait(false);
             }
             catch (VaultApiException)
             {
@@ -98,18 +148,34 @@ private async IAsyncEnumerable<KeyedSecretData> ReadKeysAsync(IVaultClient vault
             {
                 foreach (var key in keys.Data.Keys)
                 {
-                    var keyData = this.ReadKeysAsync(vaultClient, path + key);
+                    var keyData = this.ReadKeysAsync(vaultClient, folderPath + key);
                     await foreach (var secretData in keyData)
                     {
                         yield return secretData;
                     }
                 }
             }
-            else
+
+            var valuePath = path;
+            if (valuePath.EndsWith("/", StringComparison.InvariantCulture) == true)
+            {
+                valuePath = valuePath.TrimEnd('/');
+            }
+
+            KeyedSecretData? keyedSecretData = null;
+            try
+            {
+                var secretData = await vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync(valuePath, null, this._source.MountPoint).ConfigureAwait(false);
+                keyedSecretData = new KeyedSecretData(valuePath, secretData.Data);
+            }
+            catch (VaultApiException)
+            {
+                // this is folder, not a key 
+            }
+
+            if (keyedSecretData != null)
             {
-                var secretData =
-                    await vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync(path, null, this._source.MountPoint).ConfigureAwait(false);
-                yield return new KeyedSecretData(path, secretData.Data);
+                yield return keyedSecretData;
             }
         }
 

Source/VaultSharp.Extensions.Configuration/VaultConfigurationSource.cs

@@ -1,4 +1,4 @@
-namespace VaultSharp.Extensions.Configuration
+namespace VaultSharp.Extensions.Configuration
 {
     using Microsoft.Extensions.Configuration;
     using Microsoft.Extensions.Logging;
@@ -32,7 +32,7 @@ public VaultConfigurationSource(VaultOptions options, string basePath, string? m
         {
             this._logger = logger;
             this.Options = options;
-            this.BasePath = "data/" + basePath + "/";
+            this.BasePath = basePath;
             this.MountPoint = mountPoint ?? SecretsEngineDefaultPaths.KeyValueV2;
         }
 

Tests/VaultSharp.Extensions.Configuration.Test/IntegrationTests.cs

@@ -25,7 +25,7 @@ private TestcontainersContainer PrepareVaultContainer()
             return testcontainersBuilder.Build();
         }
 
-        private async Task LoadDataAsync(Dictionary<string, string> values)
+        private async Task LoadDataAsync(Dictionary<string, KeyValuePair<string,string>> values)
         {
             var authMethod = new TokenAuthMethodInfo("root");
 
@@ -34,7 +34,7 @@ private async Task LoadDataAsync(Dictionary<string, string> values)
 
             foreach (var pair in values)
             {
-                var data = new Dictionary<string, object>() { ["value"] = pair.Value };
+                var data = new Dictionary<string, object>() { [pair.Value.Key] = pair.Value.Value };
                 await vaultClient.V1.Secrets.KeyValue.V2.WriteSecretAsync(pair.Key, data).ConfigureAwait(false);
             }
         }
@@ -43,9 +43,9 @@ private async Task LoadDataAsync(Dictionary<string, string> values)
         public async Task Success_Test_TokenAuth()
         {
             // arrange
-            Dictionary<string, string> values = new Dictionary<string, string>();
-            values.Add("data/test/option1", "value1");
-            values.Add("data/test/subsection/option2", "value2");
+            Dictionary<string, KeyValuePair<string,string>> values = new Dictionary<string, KeyValuePair<string,string>>();
+            values.Add("test", new KeyValuePair<string, string>("option1", "value1"));
+            values.Add("test/subsection", new KeyValuePair<string, string>("option2", "value2"));
 
             var container = this.PrepareVaultContainer();
             try
@@ -60,9 +60,8 @@ public async Task Success_Test_TokenAuth()
                 var configurationRoot = builder.Build();
 
                 // assert
-                configurationRoot.GetValue<string>("option1").Should().Be(values["data/test/option1"]);
-                configurationRoot.GetSection("subsection").GetValue<string>("option2").Should()
-                    .Be(values["data/test/subsection/option2"]);
+                configurationRoot.GetValue<string>("option1").Should().Be("value1");
+                configurationRoot.GetSection("subsection").GetValue<string>("option2").Should().Be("value2");
             }
             finally
             {