chore: fixed Makefile to be able to run the plugin locally

Author: ilijamt

.gitignore

@@ -40,4 +40,6 @@ tmp/
 bin/
 /coverage.html
 /coverage.out
-.envrc
+.envrc
+/build/
+/run/

Makefile

@@ -1,9 +1,10 @@
 SHELL := /bin/bash
 
 GO ?= go
+VAULT ?= vault
 
-COVER_PROFILE ?= coverage.out
-COVER_HTML ?= coverage.html
+COVER_PROFILE ?= $(BUILD_DIR)/coverage.out
+COVER_HTML ?= $(BUILD_DIR)/coverage.html
 
 # Default build tags for tests; can be overridden:
 #   make test TAGS="unit,local"
@@ -13,13 +14,54 @@ TAGS ?= unit,local,saas,selfhosted
 #   make test TEST_ARGS="-run TestFoo -v"
 TEST_ARGS ?=
 
-.PHONY: test coverage clean-coverage
+BUILD_DIR ?= build
+PLUGIN_CMD ?= vault-plugin-secrets-gitlab
+PLUGIN_BIN ?= gitlab
+
+VAULT_PLUGIN_DIR ?= ./run/plugins
+VAULT_ROOT_TOKEN ?= root-token
+VAULT_ADDR ?= http://127.0.0.1:8200
+
+PLUGIN_NAME ?= gitlab
+PLUGIN_TYPE ?= secret
+
+.PHONY: test coverage clean clean-coverage build vault-plugin-enable vault-dev check-go check-vault
+
+check-go:
+	@command -v "$(GO)" >/dev/null 2>&1 || { \
+		echo "ERROR: required binary '$(GO)' not found in PATH. Install Go or set GO=<path-to-go>."; \
+		exit 1; \
+	}
+
+check-vault:
+	@command -v "$(VAULT)" >/dev/null 2>&1 || { \
+		echo "ERROR: required binary '$(VAULT)' not found in PATH. Install Vault or set VAULT=<path-to-vault>."; \
+		exit 1; \
+	}
+
+clean:
+	rm -rf $(BUILD_DIR) $(VAULT_PLUGIN_DIR)
 
 test: coverage
 
-coverage:
-	$(GO) test ./... -coverprofile=$(COVER_PROFILE) -race -tags $(TAGS) -count 1 $(TEST_ARGS)
+coverage: check-go clean-coverage
+	mkdir -p $(BUILD_DIR)
+	$(GO) test ./... -cover -coverprofile=$(COVER_PROFILE) -race -tags $(TAGS) -count 1 $(TEST_ARGS)
 	$(GO) tool cover -html=$(COVER_PROFILE) -o $(COVER_HTML)
 
 clean-coverage:
-	rm -f $(COVER_PROFILE) $(COVER_HTML)
+	rm -f $(BUILD_DIR)/$(COVER_PROFILE) $(BUILD_DIR)/$(COVER_HTML)
+
+build: check-go
+	mkdir -p $(BUILD_DIR)
+	$(GO) build -trimpath -o $(BUILD_DIR)/$(PLUGIN_BIN) ./cmd/$(PLUGIN_CMD)
+
+vault-plugin-enable: check-vault
+	export VAULT_ADDR=$(VAULT_ADDR)
+	export VAULT_TOKEN=$(VAULT_ROOT_TOKEN)
+	$(VAULT) secrets enable -path="$(PLUGIN_NAME)" "$(PLUGIN_NAME)"
+
+vault-dev: check-vault clean build
+	mkdir -p $(VAULT_PLUGIN_DIR)
+	cp -f $(BUILD_DIR)/$(PLUGIN_BIN) $(VAULT_PLUGIN_DIR)/$(PLUGIN_BIN)
+	$(VAULT) server -dev -dev-root-token-id=$(VAULT_ROOT_TOKEN) -dev-plugin-dir=$(shell pwd)/$(VAULT_PLUGIN_DIR)

README.md

@@ -74,15 +74,15 @@ you may or may not be able to access certain paths.
         Lists existing configs
 
     ^flags$
-        Flags for the plugins.
+        Flags for the plugin.
 
     ^roles/(?P<role_name>\w(([\w-.]+)?\w)?)$
         Create a role with parameters that are used to generate a various access tokens.
 
     ^roles?/?$
         Lists existing roles
 
-    ^token/(?P<role_name>\w(([\w-.]+)?\w)?)$
+    ^token/(?P<role_name>\w(([\w-.]+)?\w)?)(/(?P<path>.+))?$
         Generate an access token based on the specified role
 ```
 ## Flags
@@ -425,3 +425,32 @@ $ vault secrets list -detailed -format=json | jq '."gitlab/"'
 ## Info
 
 Running the logging with `debug` level will show sensitive information in the logs.
+
+## Local development
+
+Start vault with, this should create a dev server on port 8200
+
+```shell
+make vault-dev
+```
+
+And then enable the plugin by running:
+
+```shell
+make vault-plugin-enable
+```
+
+To configure the plugin run:
+
+```shell
+vault write gitlab/config/default base_url=http://localhost:8080/ token=glpat-wU8yWBGat-nypZcyf1LL auto_rotate_token=false auto_rotate_before=48h type=self-managed
+vault write gitlab/roles/pdp name='{{ .role_name }}-{{ .token_type }}-{{ randHexString 4 }}' path='.*' dynamic_path=true scopes="read_api" token_type=personal ttl=48h
+```
+
+Then you can request the token for the role you created:
+
+```shell
+vault read gitlab/token/pdp/root
+vault read gitlab/token/pdp/admin-user
+vault read gitlab/token/pdp/normal-user
+```