From 3c7b540bed668e85aaf856a6f4a48b57bef62c67 Mon Sep 17 00:00:00 2001 From: Anisa Das Date: Wed, 28 Apr 2021 16:55:46 +0530 Subject: [PATCH 1/6] Getting an error as column 'id' requires hydrate data from getKeyVaultSecret but none is available on azure_key_vault_secret table. Closes #104 --- azure/table_azure_key_vault_secret.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/azure/table_azure_key_vault_secret.go b/azure/table_azure_key_vault_secret.go index 6d04f4ae..d42329f0 100644 --- a/azure/table_azure_key_vault_secret.go +++ b/azure/table_azure_key_vault_secret.go @@ -201,6 +201,10 @@ func getKeyVaultSecret(ctx context.Context, d *plugin.QueryData, h *plugin.Hydra splitID := strings.Split(*data.ID, "/") vaultName = strings.Split(splitID[2], ".")[0] name = splitID[4] + // Operation get is not allowed on a disabled secret + if !*data.Attributes.Enabled{ + return nil,nil + } } else { vaultName = d.KeyColumnQuals["vault_name"].GetStringValue() name = d.KeyColumnQuals["name"].GetStringValue() From a82008ca1ac37356a8d8c034968e2bd5de34f55c Mon Sep 17 00:00:00 2001 From: Anisa Das Date: Wed, 28 Apr 2021 19:02:54 +0530 Subject: [PATCH 2/6] Remove extra space --- azure/table_azure_key_vault_secret.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/azure/table_azure_key_vault_secret.go b/azure/table_azure_key_vault_secret.go index d42329f0..553c1d83 100644 --- a/azure/table_azure_key_vault_secret.go +++ b/azure/table_azure_key_vault_secret.go @@ -202,8 +202,8 @@ func getKeyVaultSecret(ctx context.Context, d *plugin.QueryData, h *plugin.Hydra vaultName = strings.Split(splitID[2], ".")[0] name = splitID[4] // Operation get is not allowed on a disabled secret - if !*data.Attributes.Enabled{ - return nil,nil + if !*data.Attributes.Enabled { + return nil, nil } } else { vaultName = d.KeyColumnQuals["vault_name"].GetStringValue() From b41e8e39fc811d02dfa98d35a5c3c9b83989b87e Mon Sep 17 00:00:00 2001 From: Anisa Das Date: Thu, 29 Apr 2021 13:12:12 +0530 Subject: [PATCH 3/6] Add extra line --- azure/table_azure_key_vault_secret.go | 1 + 1 file changed, 1 insertion(+) diff --git a/azure/table_azure_key_vault_secret.go b/azure/table_azure_key_vault_secret.go index 553c1d83..0e3c87a6 100644 --- a/azure/table_azure_key_vault_secret.go +++ b/azure/table_azure_key_vault_secret.go @@ -201,6 +201,7 @@ func getKeyVaultSecret(ctx context.Context, d *plugin.QueryData, h *plugin.Hydra splitID := strings.Split(*data.ID, "/") vaultName = strings.Split(splitID[2], ".")[0] name = splitID[4] + // Operation get is not allowed on a disabled secret if !*data.Attributes.Enabled { return nil, nil From f7105979f0cca0801e4f292e7990179d03265742 Mon Sep 17 00:00:00 2001 From: Anisa Das Date: Thu, 29 Apr 2021 17:49:31 +0530 Subject: [PATCH 4/6] Review changes are done --- azure/table_azure_key_vault_secret.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/azure/table_azure_key_vault_secret.go b/azure/table_azure_key_vault_secret.go index 0e3c87a6..a2dbed52 100644 --- a/azure/table_azure_key_vault_secret.go +++ b/azure/table_azure_key_vault_secret.go @@ -21,7 +21,7 @@ func tableAzureKeyVaultSecret(_ context.Context) *plugin.Table { Get: &plugin.GetConfig{ KeyColumns: plugin.AllColumns([]string{"vault_name", "name"}), Hydrate: getKeyVaultSecret, - ShouldIgnoreError: isNotFoundError([]string{"ResourceNotFound", "404"}), + ShouldIgnoreError: isNotFoundError([]string{"ResourceNotFound", "404", "403"}), }, List: &plugin.ListConfig{ Hydrate: listKeyVaultSecrets, @@ -221,7 +221,11 @@ func getKeyVaultSecret(ctx context.Context, d *plugin.QueryData, h *plugin.Hydra client.Authorizer = session.Authorizer vaultURI := "https://" + vaultName + ".vault.azure.net/" - + // data := h.Item.(secret.SecretItem) + // if !*data.Attributes.Enabled { + // logger.Debug("getKeyVaultSecret", "We can not perform GET operation on disable secret", *data.Attributes.Enabled) + // return nil, nil + // } op, err := client.GetSecret(ctx, vaultURI, name, "") if err != nil { return nil, err From d595d179791e6d65582272d19c277f54f7b2edb0 Mon Sep 17 00:00:00 2001 From: Anisa Das Date: Thu, 29 Apr 2021 17:52:26 +0530 Subject: [PATCH 5/6] Made changes --- azure/table_azure_key_vault_secret.go | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/azure/table_azure_key_vault_secret.go b/azure/table_azure_key_vault_secret.go index a2dbed52..c15497fc 100644 --- a/azure/table_azure_key_vault_secret.go +++ b/azure/table_azure_key_vault_secret.go @@ -221,11 +221,7 @@ func getKeyVaultSecret(ctx context.Context, d *plugin.QueryData, h *plugin.Hydra client.Authorizer = session.Authorizer vaultURI := "https://" + vaultName + ".vault.azure.net/" - // data := h.Item.(secret.SecretItem) - // if !*data.Attributes.Enabled { - // logger.Debug("getKeyVaultSecret", "We can not perform GET operation on disable secret", *data.Attributes.Enabled) - // return nil, nil - // } + op, err := client.GetSecret(ctx, vaultURI, name, "") if err != nil { return nil, err From 01e8568b4ab4cdbaf00363267c952a99246b0ea1 Mon Sep 17 00:00:00 2001 From: Anisa Das Date: Mon, 3 May 2021 17:22:59 +0530 Subject: [PATCH 6/6] Changes are done as per review comments --- azure/table_azure_key_vault_secret.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure/table_azure_key_vault_secret.go b/azure/table_azure_key_vault_secret.go index c15497fc..d21986e6 100644 --- a/azure/table_azure_key_vault_secret.go +++ b/azure/table_azure_key_vault_secret.go @@ -21,7 +21,7 @@ func tableAzureKeyVaultSecret(_ context.Context) *plugin.Table { Get: &plugin.GetConfig{ KeyColumns: plugin.AllColumns([]string{"vault_name", "name"}), Hydrate: getKeyVaultSecret, - ShouldIgnoreError: isNotFoundError([]string{"ResourceNotFound", "404", "403"}), + ShouldIgnoreError: isNotFoundError([]string{"ResourceNotFound", "404", "SecretDisabled"}), }, List: &plugin.ListConfig{ Hydrate: listKeyVaultSecrets,