WIP: Track changes in Vault data (#4)

* Implemented change notifications for Vault data

Author: MrZoidberg

Directory.Build.props

@@ -16,8 +16,8 @@
     <PackageReleaseNotes>https://github.com/MrZoidberg/VaultSharp.Extensions.Configuration/releases</PackageReleaseNotes>
   </PropertyGroup>
   <ItemGroup Label="Package References">
-    <PackageReference Include="Microsoft.CodeAnalysis.FxCopAnalyzers" PrivateAssets="All" Version="3.0.0" />
-    <PackageReference Include="Microsoft.VisualStudio.Threading.Analyzers" PrivateAssets="All" Version="16.6.13" />
+    <PackageReference Include="Microsoft.CodeAnalysis.FxCopAnalyzers" PrivateAssets="All" Version="3.3.0" />
+    <PackageReference Include="Microsoft.VisualStudio.Threading.Analyzers" PrivateAssets="All" Version="16.8.50" />
     <PackageReference Include="MinVer" PrivateAssets="All" Version="2.3.0" />
     <PackageReference Include="StyleCop.Analyzers" PrivateAssets="All" Version="1.1.118" />
   </ItemGroup>

README.md

@@ -35,6 +35,37 @@ The `AddVaultConfiguration` method accepts several parameters:
 
 3. Mount point of KV secrets. The default value is `secret` (optional).
 
+## Monitoring for changes
+
+You can enable monitoring of changes in Vault data and automatic reload by setting `VaultOptions.ReloadOnChange` to `true`.
+The default check interval is 5 minutes, but can be configured.
+Data is checked using version information from key metadata.
+
+```csharp
+config.AddVaultConfiguration(
+        () => new VaultOptions(
+            "htpp://localhost:8200",
+            "root",
+            reloadOnChange: true,
+            reloadCheckIntervalSeconds: 60),
+        "sampleapp",
+        "secret");
+```
+
+Also you would need to register hosted services `VaultChangeWatcher` in your `Startup.cs` that will check Vault data for updates:
+
+```csharp
+public void ConfigureServices(IServiceCollection services)
+{
+    services.AddControllers();
+    services.AddHostedService<VaultChangeWatcher>();
+}
+```
+
+Later in your services you can track changes in app configuration using `IOptionsSnapshot` or `IOptionsMonitor`.
+Keep in mind that your service should be registered as scoped or transient to receive updates.
+Also `IOptionsSnapshot` can return empty value in some cases ([it's .net core bug](https://github.com/dotnet/runtime/issues/37860))
+
 ## Configuration using environmnt variables
 
 Alternatively, you can configure Vault connection using next environmnt variables:
@@ -47,20 +78,25 @@ Alternatively, you can configure Vault connection using next environmnt variable
 ## Preparing secrets in Vault
 
 You need to store your secrets with special naming rules.
-First of all, all secrets should use KV2 storage and have prefix `{app_alias}/{env}`.
-For example, if your app has alias `sampleapp` and environment `producton` and you want to have configuration option `ConnectionString` your secret path would be `sampleapp/producton`.
+First of all, all secrets should use KV2 storage and have prefix `{app_alias}` or `{app_alias}/{env}`.
+
+For example, if your app has alias `sampleapp` and environment `producton` and you want to have configuration option `ConnectionString` your secret path would be or `sampleapp` or `sampleapp/producton`.
 
 All parameters are grouped and arranged in folders and can be managed within the group. All secret data should use JSON format with secret data inside:
+
 ```json
 {
     "ConnectionString": "secret value",
     "Option1": "secret value 2",
 }
 ```
+
 ### Nested secrets
 
 There are two ways to create nested parameters.
-1. Description of nesting directly in Json format.:
+
+1. Description of nesting directly in Json format:
+
 ```json
 {
     "DB": 
@@ -69,7 +105,9 @@ There are two ways to create nested parameters.
     }
 }
 ```
-2. Creating a parameter on the desired path "sampleapp/producton/DB":
+
+1. Creating a parameter on the desired path "sampleapp/producton/DB":
+
 ```json
 {
     "ConnectionString": "secret value"
@@ -81,3 +119,9 @@ There are two ways to create nested parameters.
 - Currently, only token and AppRole based authentication is supported.
 - Reload tokens are not supported.
 - TTL of the secrets is not controlled.
+
+## Contributing
+
+Before starting work on a pull request, I suggest commenting on, or raising, an issue on the issue tracker so that we can help and coordinate efforts.
+
+To run tests locally you need to have Docker running and have Vault's default port 8200 free.

Source/SampleWebApp/Program.cs

@@ -22,7 +22,14 @@ public static IHostBuilder CreateHostBuilder(string[] args) =>
                             $"appsettings.{Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") ?? "Development"}.json",
                             optional: true)
                         .AddEnvironmentVariables()
-                        .AddVaultConfiguration("sampleapp", "secret");
+                        .AddVaultConfiguration(
+                            () => new VaultOptions(
+                                "htpp://localhost:8200",
+                                "root",
+                                reloadOnChange: true,
+                                reloadCheckIntervalSeconds: 60),
+                            "sampleapp",
+                            "secret");
                 })
                 .ConfigureWebHostDefaults(webBuilder =>
                 {

Source/SampleWebApp/Startup.cs

@@ -5,6 +5,7 @@ namespace SampleWebApp
     using Microsoft.Extensions.Configuration;
     using Microsoft.Extensions.DependencyInjection;
     using Microsoft.Extensions.Hosting;
+    using VaultSharp.Extensions.Configuration;
 
     public class Startup
     {
@@ -19,6 +20,7 @@ public Startup(IConfiguration configuration)
         public void ConfigureServices(IServiceCollection services)
         {
             services.AddControllers();
+            services.AddHostedService<VaultChangeWatcher>();
         }
 
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.

Source/VaultSharp.Extensions.Configuration/VaultChangeToken.cs

@@ -0,0 +1,31 @@
+namespace VaultSharp.Extensions.Configuration
+{
+    using System;
+    using System.Threading;
+    using Microsoft.Extensions.Primitives;
+/*
+    /// <summary>
+    /// Implements <see cref="IChangeToken"/>.
+    /// </summary>
+    public class VaultChangeToken : IChangeToken, IDisposable
+    {
+        private CancellationTokenSource _cts = new CancellationTokenSource();
+
+        /// <inheritdoc />
+        public bool HasChanged => this._cts.IsCancellationRequested;
+
+        /// <inheritdoc />
+        public bool ActiveChangeCallbacks => true;
+
+        /// <inheritdoc />
+        public IDisposable RegisterChangeCallback(Action<object> callback, object state) => this._cts.Token.Register(callback, state);
+
+        /// <summary>
+        /// Used to trigger the change token when a reload occurs.
+        /// </summary>
+        public void OnReload() => this._cts.Cancel();
+
+        /// <inheritdoc/>
+        public void Dispose() => this._cts.Dispose();
+    }*/
+}

Source/VaultSharp.Extensions.Configuration/VaultChangeWatcher.cs

@@ -0,0 +1,69 @@
+namespace VaultSharp.Extensions.Configuration
+{
+    using System;
+    using System.Collections.Generic;
+    using System.ComponentModel;
+    using System.Linq;
+    using System.Threading;
+    using System.Threading.Tasks;
+    using Microsoft.Extensions.Configuration;
+    using Microsoft.Extensions.Hosting;
+    using Microsoft.Extensions.Logging;
+    using Microsoft.Extensions.Primitives;
+
+    /// <summary>
+    /// Background service to notify about Vault data changes.
+    /// </summary>
+    public class VaultChangeWatcher : BackgroundService
+    {
+        private readonly ILogger? _logger;
+        private VaultConfigurationProvider? _configProvider;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="VaultChangeWatcher"/> class.
+        /// test.
+        /// </summary>
+        /// <param name="configurationRoot">sdfsdf.</param>
+        /// <param name="logger">sdlvlkdfgf.</param>
+        public VaultChangeWatcher(IConfigurationRoot configurationRoot, ILogger? logger = null)
+        {
+            if (configurationRoot == null)
+            {
+                throw new ArgumentNullException(nameof(configurationRoot));
+            }
+
+            this._logger = logger;
+
+            this._configProvider = (VaultConfigurationProvider?)configurationRoot.Providers.FirstOrDefault(p =>
+                    p is VaultConfigurationProvider);
+        }
+
+        /// <inheritdoc />
+        protected override async Task ExecuteAsync(CancellationToken stoppingToken)
+        {
+            if (this._configProvider == null || !this._configProvider.ConfigurationSource.Options.ReloadOnChange)
+            {
+                this._logger?.LogInformation(
+                    "VaultChangeWatcher won't work because configuration provider is null or ReloadOnChange is disabled");
+                return;
+            }
+
+            int waitForSec = this._configProvider.ConfigurationSource.Options.ReloadCheckIntervalSeconds;
+
+            while (!stoppingToken.IsCancellationRequested)
+            {
+                this._logger?.LogInformation(
+                    $"VaultChangeWatcher will wait for {waitForSec} seconds");
+                await Task.Delay(TimeSpan.FromSeconds(waitForSec), stoppingToken).ConfigureAwait(false);
+                if (stoppingToken.IsCancellationRequested)
+                {
+                    break;
+                }
+
+                this._logger?.LogInformation(
+                    "Vault configuration reload is triggered by VaultChangeWatcher");
+                this._configProvider.Load();
+            }
+        }
+    }
+}

Source/VaultSharp.Extensions.Configuration/VaultConfigurationExtensions.cs

@@ -1,7 +1,10 @@
 namespace VaultSharp.Extensions.Configuration
 {
+#pragma warning disable CA2000
+
     using System;
     using Microsoft.Extensions.Configuration;
+    using Microsoft.Extensions.Logging;
 
     /// <summary>
     /// Vault configuration extensions.
@@ -15,17 +18,24 @@ public static class VaultConfigurationExtensions
         /// <param name="options">Vault options provider action.</param>
         /// <param name="basePath">Base path for vault keys.</param>
         /// <param name="mountPoint">KV mounting point.</param>
+        /// <param name="logger">Logger instance.</param>
         /// <returns>Instance of <see cref="IConfigurationBuilder"/>.</returns>
         public static IConfigurationBuilder AddVaultConfiguration(
             this IConfigurationBuilder configuration,
             Func<VaultOptions> options,
             string basePath,
-            string? mountPoint = null)
+            string? mountPoint = null,
+            ILogger? logger = null)
         {
+            if (configuration == null)
+            {
+                throw new ArgumentNullException(nameof(configuration));
+            }
+
             _ = options ?? throw new ArgumentNullException(nameof(options));
 
             var vaultOptions = options();
-            configuration.Add(new VaultConfigurationSource(vaultOptions, basePath, mountPoint));
+            configuration.Add(new VaultConfigurationSource(vaultOptions, basePath, mountPoint, logger));
             return configuration;
         }
 
@@ -35,11 +45,13 @@ public static IConfigurationBuilder AddVaultConfiguration(
         /// <param name="configuration">Configuration builder instance.</param>
         /// <param name="basePath">Base path for vault keys.</param>
         /// <param name="mountPoint">KV mounting point.</param>
+        /// <param name="logger">Logger instance.</param>
         /// <returns>Instance of <see cref="IConfigurationBuilder"/>.</returns>
         public static IConfigurationBuilder AddVaultConfiguration(
             this IConfigurationBuilder configuration,
             string basePath,
-            string? mountPoint = null)
+            string? mountPoint = null,
+            ILogger? logger = null)
         {
             if (configuration == null)
             {
@@ -57,8 +69,9 @@ public static IConfigurationBuilder AddVaultConfiguration(
                 Environment.GetEnvironmentVariable(VaultEnvironmentVariableNames.Token) ?? VaultConfigurationSource.DefaultVaultToken,
                 Environment.GetEnvironmentVariable(VaultEnvironmentVariableNames.Secret),
                 Environment.GetEnvironmentVariable(VaultEnvironmentVariableNames.RoleId));
-            configuration.Add(new VaultConfigurationSource(vaultOptions, basePath, mountPoint));
+            configuration.Add(new VaultConfigurationSource(vaultOptions, basePath, mountPoint, logger));
             return configuration;
         }
     }
+#pragma warning restore CA2000
 }