// Code generated by Wire. DO NOT EDIT. //go:generate go run github.com/google/wire/cmd/wire //go:build !wireinject // +build !wireinject package vault import ( "context" "crypto/tls" "fmt" "github.com/elastic/harp-plugins/server/cmd/harp-server/internal/config" "github.com/elastic/harp-plugins/server/cmd/harp-server/internal/dispatchers/vault/routes" "github.com/elastic/harp-plugins/server/pkg/server/manager" "github.com/elastic/harp-plugins/server/pkg/server/storage/backends/container" "github.com/elastic/harp/pkg/sdk/log" "github.com/elastic/harp/pkg/sdk/tlsconfig" "github.com/elastic/harp/pkg/sdk/value" "github.com/elastic/harp/pkg/sdk/value/encryption" "github.com/elastic/harp/pkg/vault/path" "github.com/go-chi/chi" "github.com/go-chi/chi/middleware" "github.com/gosimple/slug" "go.uber.org/zap" "net/http" "time" ) // Injectors from wire.go: func setup(ctx context.Context, cfg *config.Configuration) (*http.Server, error) { backend, err := backendManager(ctx, cfg) if err != nil { return nil, err } vaultTransformerMap, err := transformers(cfg) if err != nil { return nil, err } server, err := httpServer(ctx, cfg, backend, vaultTransformerMap) if err != nil { return nil, err } return server, nil } // wire.go: func backendManager(ctx context.Context, cfg *config.Configuration) (manager.Backend, error) { bm := manager.Default() for _, b := range cfg.Backends { if err := bm.Register(ctx, path.SanitizePath(b.NS), b.URL); err != nil { return nil, err } } return bm, nil } type transformerMap map[string]value.Transformer func transformers(cfg *config.Configuration) (transformerMap, error) { res := transformerMap{} if len(cfg.Transformers) == 0 { return res, nil } for _, tr := range cfg.Transformers { t, err := encryption.FromKey(tr.Key) if err != nil { return res, fmt.Errorf("unable to initialize '%s' transformer: %w", tr.Name, err) } res[slug.Make(tr.Name)] = t } return res, nil } func httpServer(ctx context.Context, cfg *config.Configuration, bm manager.Backend, tm transformerMap) (*http.Server, error) { r := chi.NewRouter() r.Use(middleware.RequestID) r.Use(middleware.RealIP) r.Use(middleware.Recoverer) r.Use(middleware.Timeout(60 * time.Second)) routes.RootHandler(r) routes.KVHandler(r, bm) for name, t := range tm { routes.TransitHandler(r, name, t) } container.SetKeyring(cfg.Keyring) server := &http.Server{ Handler: r, } if cfg.Vault.UseTLS { clientAuth := tls.VerifyClientCertIfGiven if cfg.Vault.TLS.ClientAuthenticationRequired { clientAuth = tls.RequireAndVerifyClientCert } tlsConfig, err := tlsconfig.Server(&tlsconfig.Options{ KeyFile: cfg.Vault.TLS.PrivateKeyPath, CertFile: cfg.Vault.TLS.CertificatePath, CAFile: cfg.Vault.TLS.CACertificatePath, ClientAuth: clientAuth, }) if err != nil { log.For(ctx).Error("Unable to build TLS configuration from settings", zap.Error(err)) return nil, err } server.TLSConfig = tlsConfig } else { log.For(ctx).Info("No transport encryption enabled for fake Vault server") } return server, nil }