fix: use unique values for the secrets round trip verification
This commit is contained in:
+5
-4
@@ -16,6 +16,7 @@ use gman::providers::local::LocalProvider;
|
|||||||
use inquire::{Password, PasswordDisplayMode, required};
|
use inquire::{Password, PasswordDisplayMode, required};
|
||||||
use std::sync::{Arc, LazyLock};
|
use std::sync::{Arc, LazyLock};
|
||||||
use tokio::runtime::Handle;
|
use tokio::runtime::Handle;
|
||||||
|
use uuid::Uuid;
|
||||||
|
|
||||||
pub static SECRET_RE: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"\{\{(.+)}}").unwrap());
|
pub static SECRET_RE: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"\{\{(.+)}}").unwrap());
|
||||||
|
|
||||||
@@ -175,22 +176,22 @@ impl Vault {
|
|||||||
}
|
}
|
||||||
|
|
||||||
pub fn validate_round_trip(&self) -> Result<()> {
|
pub fn validate_round_trip(&self) -> Result<()> {
|
||||||
const PROBE_KEY: &str = "__coyote_setup_probe__";
|
|
||||||
const PROBE_VALUE: &str = "ok";
|
const PROBE_VALUE: &str = "ok";
|
||||||
|
let probe_key = format!("__coyote_setup_probe_{}__", Uuid::new_v4().simple());
|
||||||
|
|
||||||
let h = Handle::current();
|
let h = Handle::current();
|
||||||
let result: Result<()> = tokio::task::block_in_place(|| {
|
let result: Result<()> = tokio::task::block_in_place(|| {
|
||||||
h.block_on(async {
|
h.block_on(async {
|
||||||
self.provider_ref()
|
self.provider_ref()
|
||||||
.set_secret(PROBE_KEY, PROBE_VALUE)
|
.set_secret(&probe_key, PROBE_VALUE)
|
||||||
.await
|
.await
|
||||||
.with_context(|| "vault write probe failed")?;
|
.with_context(|| "vault write probe failed")?;
|
||||||
let got = self
|
let got = self
|
||||||
.provider_ref()
|
.provider_ref()
|
||||||
.get_secret(PROBE_KEY)
|
.get_secret(&probe_key)
|
||||||
.await
|
.await
|
||||||
.with_context(|| "vault read probe failed")?;
|
.with_context(|| "vault read probe failed")?;
|
||||||
let _ = self.provider_ref().delete_secret(PROBE_KEY).await;
|
let _ = self.provider_ref().delete_secret(&probe_key).await;
|
||||||
if got != PROBE_VALUE {
|
if got != PROBE_VALUE {
|
||||||
bail!("vault read probe returned an unexpected value");
|
bail!("vault read probe returned an unexpected value");
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user