internal/configuration/sources/secrets/helpers.go

package secrets

import (
	"fmt"
	"net/netip"
	"strings"

	"github.com/qdm12/gluetun/internal/configuration/sources/files"
	"github.com/qdm12/gluetun/internal/openvpn/extract"
	"github.com/qdm12/gosettings/sources/env"
)

func (s *Source) readSecretFileAsStringPtr(secretPathEnvKey, defaultSecretPath string) (
	stringPtr *string, err error) {
	path := s.env.String(secretPathEnvKey, env.ForceLowercase(false))
	if path == "" {
		path = defaultSecretPath
	}
	return files.ReadFromFile(path)
}

func (s *Source) readPEMSecretFile(secretPathEnvKey, defaultSecretPath string) (
	base64Ptr *string, err error) {
	pemData, err := s.readSecretFileAsStringPtr(secretPathEnvKey, defaultSecretPath)
	if err != nil {
		return nil, fmt.Errorf("reading secret file: %w", err)
	}

	if pemData == nil {
		return nil, nil //nolint:nilnil
	}

	base64Data, err := extract.PEM([]byte(*pemData))
	if err != nil {
		return nil, fmt.Errorf("extracting base64 encoded data from PEM content: %w", err)
	}

	return &base64Data, nil
}

func parseAddresses(addressesCSV string) (addresses []netip.Prefix, err error) {
	if addressesCSV == "" {
		return nil, nil
	}

	addressStrings := strings.Split(addressesCSV, ",")
	addresses = make([]netip.Prefix, len(addressStrings))
	for i, addressString := range addressStrings {
		addressString = strings.TrimSpace(addressString)
		addresses[i], err = netip.ParsePrefix(addressString)
		if err != nil {
			return nil, fmt.Errorf("parsing address %d of %d: %w",
				i+1, len(addressStrings), err)
		}
	}

	return addresses, nil
}
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`package secrets`

			`import (`
fix(settings): read PEM files but b64 env vars - Extract base64 data from PEM files and secret files - Environment variables are not PEM encoded and only the base64 data - Affects OpenVPN certificate, key and encrypted key 2022-08-24 17:48:45 +00:00			`"fmt"`
feat(settings): load wireguard individual fields as secret files (#1348) - Private key from `/run/secrets/wireguard_private_key` (path configurable with `WIREGUARD_PRIVATE_KEY_SECRETFILE`) - Preshared key from `/run/secrets/wireguard_preshared_key` (path configurable with `WIREGUARD_PRESHARED_KEY_SECRETFILE`) - Addresses from `/run/secrets/wireguard_addresses` (path configurable with `WIREGUARD_ADDRESSES_SECRETFILE`) 2024-03-21 10:08:41 +01:00			`"net/netip"`
			`"strings"`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00
			`"github.com/qdm12/gluetun/internal/configuration/sources/files"`
fix(settings): read PEM files but b64 env vars - Extract base64 data from PEM files and secret files - Environment variables are not PEM encoded and only the base64 data - Affects OpenVPN certificate, key and encrypted key 2022-08-24 17:48:45 +00:00			`"github.com/qdm12/gluetun/internal/openvpn/extract"`
fix(settings): use qdm12/gosettings `env.Get` 2023-05-29 20:43:06 +00:00			`"github.com/qdm12/gosettings/sources/env"`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`)`

chore(env): bump `qdm12/gosettings` to v0.3.0-rc11 2023-06-01 08:22:55 +00:00			`func (s *Source) readSecretFileAsStringPtr(secretPathEnvKey, defaultSecretPath string) (`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`stringPtr *string, err error) {`
chore(env): bump `qdm12/gosettings` to v0.3.0-rc11 2023-06-01 08:22:55 +00:00			`path := s.env.String(secretPathEnvKey, env.ForceLowercase(false))`
chore(settings): refactor settings processing (#756) - Better settings tree structure logged using `qdm12/gotree` - Read settings from environment variables, then files, then secret files - Settings methods to default them, merge them and override them - `DNS_PLAINTEXT_ADDRESS` default changed to `127.0.0.1` to use DoT. Warning added if set to something else. - `HTTPPROXY_LISTENING_ADDRESS` instead of `HTTPPROXY_PORT` (with retro-compatibility) 2022-01-06 06:40:23 -05:00			`if path == "" {`
			`path = defaultSecretPath`
			`}`
			`return files.ReadFromFile(path)`
			`}`
fix(settings): read PEM files but b64 env vars - Extract base64 data from PEM files and secret files - Environment variables are not PEM encoded and only the base64 data - Affects OpenVPN certificate, key and encrypted key 2022-08-24 17:48:45 +00:00
chore(env): bump `qdm12/gosettings` to v0.3.0-rc11 2023-06-01 08:22:55 +00:00			`func (s *Source) readPEMSecretFile(secretPathEnvKey, defaultSecretPath string) (`
fix(settings): read PEM files but b64 env vars - Extract base64 data from PEM files and secret files - Environment variables are not PEM encoded and only the base64 data - Affects OpenVPN certificate, key and encrypted key 2022-08-24 17:48:45 +00:00			`base64Ptr *string, err error) {`
chore(env): bump `qdm12/gosettings` to v0.3.0-rc11 2023-06-01 08:22:55 +00:00			`pemData, err := s.readSecretFileAsStringPtr(secretPathEnvKey, defaultSecretPath)`
fix(settings): read PEM files but b64 env vars - Extract base64 data from PEM files and secret files - Environment variables are not PEM encoded and only the base64 data - Affects OpenVPN certificate, key and encrypted key 2022-08-24 17:48:45 +00:00			`if err != nil {`
			`return nil, fmt.Errorf("reading secret file: %w", err)`
			`}`

			`if pemData == nil {`
			`return nil, nil //nolint:nilnil`
			`}`

			`base64Data, err := extract.PEM([]byte(*pemData))`
			`if err != nil {`
			`return nil, fmt.Errorf("extracting base64 encoded data from PEM content: %w", err)`
			`}`

			`return &base64Data, nil`
			`}`
feat(settings): load wireguard individual fields as secret files (#1348) - Private key from `/run/secrets/wireguard_private_key` (path configurable with `WIREGUARD_PRIVATE_KEY_SECRETFILE`) - Preshared key from `/run/secrets/wireguard_preshared_key` (path configurable with `WIREGUARD_PRESHARED_KEY_SECRETFILE`) - Addresses from `/run/secrets/wireguard_addresses` (path configurable with `WIREGUARD_ADDRESSES_SECRETFILE`) 2024-03-21 10:08:41 +01:00
			`func parseAddresses(addressesCSV string) (addresses []netip.Prefix, err error) {`
			`if addressesCSV == "" {`
			`return nil, nil`
			`}`

			`addressStrings := strings.Split(addressesCSV, ",")`
			`addresses = make([]netip.Prefix, len(addressStrings))`
			`for i, addressString := range addressStrings {`
			`addressString = strings.TrimSpace(addressString)`
			`addresses[i], err = netip.ParsePrefix(addressString)`
			`if err != nil {`
			`return nil, fmt.Errorf("parsing address %d of %d: %w",`
			`i+1, len(addressStrings), err)`
			`}`
			`}`

			`return addresses, nil`
			`}`