telegraf/plugins/secretstores/jose/jose.go

//go:generate ../../../tools/readme_config_includer/generator
package jose

import (
	_ "embed"
	"errors"
	"fmt"

	"github.com/99designs/keyring"

	"github.com/influxdata/telegraf"
	"github.com/influxdata/telegraf/config"
	"github.com/influxdata/telegraf/plugins/secretstores"
)

//go:embed sample.conf
var sampleConfig string

type Jose struct {
	ID       string        `toml:"id"`
	Path     string        `toml:"path"`
	Password config.Secret `toml:"password"`

	ring keyring.Keyring
}

func (*Jose) SampleConfig() string {
	return sampleConfig
}

// Init initializes all internals of the secret-store
func (j *Jose) Init() error {
	defer j.Password.Destroy()

	if j.ID == "" {
		return errors.New("id missing")
	}

	if j.Path == "" {
		return errors.New("path missing")
	}

	// Create the prompt-function in case we need it
	promptFunc := keyring.TerminalPrompt
	if !j.Password.Empty() {
		passwd, err := j.Password.Get()
		if err != nil {
			return fmt.Errorf("getting password failed: %w", err)
		}
		defer passwd.Destroy()
		promptFunc = keyring.FixedStringPrompt(passwd.String())
	} else if !config.Password.Empty() {
		passwd, err := config.Password.Get()
		if err != nil {
			return fmt.Errorf("getting global password failed: %w", err)
		}
		defer passwd.Destroy()
		promptFunc = keyring.FixedStringPrompt(passwd.String())
	}

	// Setup the actual keyring
	cfg := keyring.Config{
		AllowedBackends:  []keyring.BackendType{keyring.FileBackend},
		FileDir:          j.Path,
		FilePasswordFunc: promptFunc,
	}
	kr, err := keyring.Open(cfg)
	if err != nil {
		return fmt.Errorf("opening keyring failed: %w", err)
	}
	j.ring = kr

	return nil
}

// Get searches for the given key and return the secret
func (j *Jose) Get(key string) ([]byte, error) {
	item, err := j.ring.Get(key)
	if err != nil {
		return nil, err
	}

	return item.Data, nil
}

// Set sets the given secret for the given key
func (j *Jose) Set(key, value string) error {
	item := keyring.Item{
		Key:  key,
		Data: []byte(value),
	}

	return j.ring.Set(item)
}

// List lists all known secret keys
func (j *Jose) List() ([]string, error) {
	return j.ring.Keys()
}

// GetResolver returns a function to resolve the given key.
func (j *Jose) GetResolver(key string) (telegraf.ResolveFunc, error) {
	resolver := func() ([]byte, bool, error) {
		s, err := j.Get(key)
		return s, false, err
	}
	return resolver, nil
}

// Register the secret-store on load.
func init() {
	secretstores.Add("jose", func(id string) telegraf.SecretStore {
		return &Jose{ID: id}
	})
}
Adding upstream version 1.34.4. Signed-off-by: Daniel Baumann <daniel@debian.org> 2025-05-24 07:26:29 +02:00			`//go:generate ../../../tools/readme_config_includer/generator`
			`package jose`

			`import (`
			`_ "embed"`
			`"errors"`
			`"fmt"`

			`"github.com/99designs/keyring"`

			`"github.com/influxdata/telegraf"`
			`"github.com/influxdata/telegraf/config"`
			`"github.com/influxdata/telegraf/plugins/secretstores"`
			`)`

			`//go:embed sample.conf`
			`var sampleConfig string`

			`type Jose struct {`
			ID string `toml:"id"`
			Path string `toml:"path"`
			Password config.Secret `toml:"password"`

			`ring keyring.Keyring`
			`}`

			`func (*Jose) SampleConfig() string {`
			`return sampleConfig`
			`}`

			`// Init initializes all internals of the secret-store`
			`func (j *Jose) Init() error {`
			`defer j.Password.Destroy()`

			`if j.ID == "" {`
			`return errors.New("id missing")`
			`}`

			`if j.Path == "" {`
			`return errors.New("path missing")`
			`}`

			`// Create the prompt-function in case we need it`
			`promptFunc := keyring.TerminalPrompt`
			`if !j.Password.Empty() {`
			`passwd, err := j.Password.Get()`
			`if err != nil {`
			`return fmt.Errorf("getting password failed: %w", err)`
			`}`
			`defer passwd.Destroy()`
			`promptFunc = keyring.FixedStringPrompt(passwd.String())`
			`} else if !config.Password.Empty() {`
			`passwd, err := config.Password.Get()`
			`if err != nil {`
			`return fmt.Errorf("getting global password failed: %w", err)`
			`}`
			`defer passwd.Destroy()`
			`promptFunc = keyring.FixedStringPrompt(passwd.String())`
			`}`

			`// Setup the actual keyring`
			`cfg := keyring.Config{`
			`AllowedBackends: []keyring.BackendType{keyring.FileBackend},`
			`FileDir: j.Path,`
			`FilePasswordFunc: promptFunc,`
			`}`
			`kr, err := keyring.Open(cfg)`
			`if err != nil {`
			`return fmt.Errorf("opening keyring failed: %w", err)`
			`}`
			`j.ring = kr`

			`return nil`
			`}`

			`// Get searches for the given key and return the secret`
			`func (j *Jose) Get(key string) ([]byte, error) {`
			`item, err := j.ring.Get(key)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return item.Data, nil`
			`}`

			`// Set sets the given secret for the given key`
			`func (j *Jose) Set(key, value string) error {`
			`item := keyring.Item{`
			`Key: key,`
			`Data: []byte(value),`
			`}`

			`return j.ring.Set(item)`
			`}`

			`// List lists all known secret keys`
			`func (j *Jose) List() ([]string, error) {`
			`return j.ring.Keys()`
			`}`

			`// GetResolver returns a function to resolve the given key.`
			`func (j *Jose) GetResolver(key string) (telegraf.ResolveFunc, error) {`
			`resolver := func() ([]byte, bool, error) {`
			`s, err := j.Get(key)`
			`return s, false, err`
			`}`
			`return resolver, nil`
			`}`

			`// Register the secret-store on load.`
			`func init() {`
			`secretstores.Add("jose", func(id string) telegraf.SecretStore {`
			`return &Jose{ID: id}`
			`})`
			`}`