feat: stencil and update cli interface (#99)

The purpose of this PR is to be able to use this library for accessing the production Vault server. This can be seen in the second commit of this PR. This first commit is just an auxiliary restencil.

Re-stencil the repo to update to a newer version of Go which supports log/slog.

Update the interface of EnsureLoggedIn and IsLoggedIn to remove logrus, in favor of olog/slog, and to remove the dependency on box configs, which are specific to devenv.

.circleci/config.yml

@@ -2,13 +2,16 @@
 # syntax, such as anchors, will be fixed automatically.
 version: 2.1
 orbs:
-  shared: getoutreach/shared@2.19.0
-  queue: eddiewebb/queue@1.8.4
+  shared: getoutreach/shared@2.27.0
+  queue: eddiewebb/queue@2.2.1
 
 parameters:
   rebuild_cache:
     type: boolean
     default: false
+  ## <<Stencil::Block(CircleCIExtraParams)>>
+
+  ## <</Stencil::Block>>
 
 # Extra contexts to expose to all jobs below
 contexts: &contexts
@@ -20,6 +23,7 @@ contexts: &contexts
   - confluence
   - circleci-credentials
   - tray-webhooks
+  - wizcli
   ## <<Stencil::Block(extraContexts)>>
 
   ## <</Stencil::Block>>
@@ -75,7 +79,8 @@ workflows:
 
   release:
     when:
-      not: << pipeline.parameters.rebuild_cache >>
+      and:
+        - not: << pipeline.parameters.rebuild_cache >>
     jobs:
       ## <<Stencil::Block(circleWorkflowJobs)>>
 
@@ -95,12 +100,19 @@ workflows:
             - shared/test
           filters:
             branches:
-              only: *release_branches
-
-      # Dryrun release for PRs.
-      - shared/release:
-          <<: *release
+              only: main
+      # Dryrun for PRs
+      - shared/pre-release: &pre-release
           dryrun: true
+          context: *contexts
+          ## <<Stencil::Block(circlePreReleaseDryRunExtra)>>
+
+          ## <</Stencil::Block>>
+          requires:
+            ## <<Stencil::Block(circlePreReleaseDryRunRequires)>>
+
+            ## <</Stencil::Block>>
+            - shared/test
           filters:
             branches:
               ignore: *release_branches

.github/dependabot.yml

@@ -8,6 +8,7 @@ updates:
     # stencil-golang managed dependencies
     ignore:
       - dependency-name: github.com/getoutreach/gobox
+      - dependency-name: github.com/getoutreach/stencil-golang/pkg
       - dependency-name: github.com/getoutreach/services
       - dependency-name: github.com/getoutreach/datastores/v2
       - dependency-name: github.com/getoutreach/mint

.tool-versions

@@ -4,10 +4,10 @@
 # you are reducing compatibility guarantees.
 ## <<Stencil::Block(toolverOverride)>>
 ## <</Stencil::Block>>
-golang 1.19.11
-terraform 1.4.4
+golang 1.22.0
+nodejs 20.12.2
 protoc 21.5
-nodejs 18.14.1
+terraform 1.5.7
 # Note: Versions in this block do not override the default versions above
 # but sometimes you have to declare additional versions of the same tool
 # while leaving the 'default' version intact for the infra.

.vscode/extensions.json

@@ -9,7 +9,8 @@
     "zxh404.vscode-proto3",
     "redhat.vscode-yaml",
     "ms-azuretools.vscode-docker",
-    "foxundermoon.shell-format"
+    "foxundermoon.shell-format",
+    "WizCloud.wizcli-vscode"
 
     // Please consider contributing back all recommended
     // extensions to stencil!

.vscode/launch.json

@@ -36,16 +36,16 @@
           "to": "/home/dev/app"
         },
         // Maps the go module cache on the host to the persistent volume used by devspaces.
-        // See the value of `go env GOMODCACHE` on the host and devspace.
+        // These should be the respective values of `go env GOMODCACHE`.
         {
-          "from": "${env:HOME}/.asdf/installs/golang/1.19.11/packages/pkg/mod",
-          "to": "/tmp/cache/go/mod/"
+          "from": "${env:HOME}/.asdf/installs/golang/1.22.0/packages/pkg/mod",
+          "to": "/home/dev/.asdf/installs/golang/1.22.0/packages/pkg/mod"
         },
         {
           // Maps the standard library location on the host to the location in the devspace.
           // This enables debugging standard library code.
-          "from": "${env:HOME}/.asdf/installs/golang/1.19.11/go/src",
-          "to": "/home/dev/.asdf/installs/golang/1.19.11/go/src"
+          "from": "${env:HOME}/.asdf/installs/golang/1.22.0/go/src",
+          "to": "/home/dev/.asdf/installs/golang/1.22.0/go/src"
         }
       ]
     },

Makefile

@@ -1,6 +1,6 @@
 APP := vault-client
 OSS := true
-_ := $(shell ./scripts/devbase.sh) 
+_ := $(shell ./scripts/devbase.sh)
 
 include .bootstrap/root/Makefile
 

cli/logger.go

@@ -0,0 +1,17 @@
+// Copyright 2023 Outreach Corporation. All Rights Reserved.
+//
+// Description: Defines logger singleton.
+package cli
+
+import (
+	"log/slog"
+
+	"github.com/getoutreach/gobox/pkg/olog"
+)
+
+// logger - a package level singleton *slog.Logger instance.
+//
+// Uses a combination of built-in slog and olog functionality to
+// provide a standard, structured logging interface and implementation.
+// *slog.Logger instance are concurrency safe.
+var log *slog.Logger = olog.New()

cli/login.go

@@ -12,18 +12,26 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
 	"k8s.io/client-go/util/jsonpath"
+)
+
+// const defines constants for the Vault CLI
+const (
+	// ProductionAddress is the vault address for the producton Vault server
+	ProductionAddress = "https://vault.outreach.cloud"
+
+	// DevelopmentAddress is the Vault address for the development Vault server
+	DevelopmentAddress = "https://vault-dev.outreach.cloud/"
 
-	"github.com/getoutreach/gobox/pkg/box"
+	// OidcAuthMethod for using the oidc authentication method to obtain a Vault token
+	OidcAuthMethod = "oidc"
 )
 
-// EnsureLoggedIn ensures that we are authenticated with Vault and have a valid token,
-// returning the token and expiration date.
-func EnsureLoggedIn(ctx context.Context, log logrus.FieldLogger, b *box.Config, minTimeRemaining time.Duration) ([]byte, time.Time, error) {
+// EnsureLoggedIn ensures that we are authenticated with Vault and have a valid token, returning the token and expiration date.
+func EnsureLoggedIn(ctx context.Context, vaultAddress, authMethod string, minTimeRemaining time.Duration) ([]byte, time.Time, error) {
 	// Check if we need to issue a new token
 	var refresh bool
-	token, expiresAt, err := IsLoggedIn(ctx, log, b)
+	token, expiresAt, err := IsLoggedIn(ctx, vaultAddress)
 	if err != nil {
 		return nil, time.Time{}, err
 	}
@@ -39,7 +47,7 @@ func EnsureLoggedIn(ctx context.Context, log logrus.FieldLogger, b *box.Config,
 	if refresh {
 		// Issue a new token using our authentication method
 		//nolint:lll // Why: Passing in the vault address and method
-		args := []string{"login", "-format", "json", "-method", b.DeveloperEnvironmentConfig.VaultConfig.AuthMethod, "-address", b.DeveloperEnvironmentConfig.VaultConfig.Address}
+		args := []string{"login", "-format", "json", "-method", authMethod, "-address", vaultAddress}
 		_, err := exec.CommandContext(ctx, "vault", args...).Output()
 		if err != nil {
 			var execErr *exec.ExitError
@@ -52,7 +60,7 @@ func EnsureLoggedIn(ctx context.Context, log logrus.FieldLogger, b *box.Config,
 
 		// The login above only returns a little info about the token, so re-request info about the token to get full
 		// info about expiry/validity.
-		token, expiresAt, err = IsLoggedIn(ctx, log, b)
+		token, expiresAt, err = IsLoggedIn(ctx, vaultAddress)
 		if err != nil {
 			return nil, time.Time{}, errors.Wrap(err, "failed to parse token output")
 		}
@@ -78,9 +86,9 @@ func cmdOutputToToken(in []byte, expr string) ([]byte, error) {
 	return buf.Bytes(), errors.Wrapf(err, "failed to execute jsonpath %q", expr)
 }
 
-// IsLoggedIn returns a valid token and expiration time if auth lease is not expired
-func IsLoggedIn(ctx context.Context, log logrus.FieldLogger, b *box.Config) ([]byte, time.Time, error) {
-	args := []string{"token", "lookup", "-format", "json", "-address", b.DeveloperEnvironmentConfig.VaultConfig.Address}
+// IsLoggedIn returns a valid token and expiration time if it is not expired
+func IsLoggedIn(ctx context.Context, vaultAddress string) ([]byte, time.Time, error) {
+	args := []string{"token", "lookup", "-format", "json", "-address", vaultAddress}
 	output, err := exec.CommandContext(ctx, "vault", args...).CombinedOutput()
 	if err != nil {
 		if strings.Contains(string(output), "permission denied") {
@@ -94,7 +102,7 @@ func IsLoggedIn(ctx context.Context, log logrus.FieldLogger, b *box.Config) ([]b
 		return nil, time.Time{}, errors.Wrapf(err, "failed to parse token output: %s", output)
 	}
 
-	log.Infof("Token expires in %s (expire_time:%q)", time.Until(expireTime).Truncate(time.Second), expireTime)
+	log.InfoContext(ctx, "Logged into Vault", "expires", expireTime, "address", vaultAddress)
 	return token, expireTime, nil
 }
 

cortex.yaml

@@ -5,20 +5,57 @@ info:
   title: vault-client
   description: >
     Go Client for Vault
-  x-cortex-tag: vault-client
-  x-cortex-type: library
+  x-cortex-type: service
+  x-cortex-slack:
+    channels:
+      - name: fnd-star-alerts
+        notificationsEnabled: true
+      - name: star-oncall
+        notificationsEnabled: false
+      - name: star-support
+        notificationsEnabled: false
   x-cortex-owners:
     - type: group
       name: fnd-star
-      provider: GITHUB
+      provider: CORTEX
+  x-cortex-tag: vault-client
   x-cortex-git:
     github:
       repository: getoutreach/vault-client
+  x-cortex-oncall:
+    pagerduty:
+      id: P21C0GV
+      type: SERVICE
   x-cortex-link:
-    - name: Runbook
-      type: RUNBOOK
-      url: https://github.com/getoutreach/vault-client/blob/main/documentation/runbook.md
+    ## These are useful documentation links for this service. Please fill in the customLinks block if you have additional documentation links.
+    ## name: The name of the link
+    ## type: Choose one type from (dashboard,documentation,healthcheck,logs,metrics,runbook)
+    ## url: The link url
+    ## description(optional): Description to this link
+    - name: API Docs
+      type: api_documentation
+      url: https://engdocs.outreach.cloud/github.com/getoutreach/vault-client#section-readme
+    ## <<Stencil::Block(customLinks)>>
+    ## <</Stencil::Block>>
   x-cortex-custom-metadata:
-    stencil_version: "v1.35.0"
-    golang_version: "1.19.8"
-    lifecycle: public_ga
+    app: vault-client
+    name: vault-client
+    repo: https://github.com/getoutreach/vault-client
+    framework: stencil
+    language: Golang
+    stencil_version: v1.38.1
+    golang_version: 1.22.0
+    cli: false
+    service: false
+    product: Outreach
+    lifecycle: in_development
+    ## <<Stencil::Block(extraAliases)>>
+    ## <</Stencil::Block>>
+    reporting_team: fnd-star
+    lintroller: platinum
+  x-cortex-groups:
+    - lifecycle: in_development
+    - product: Outreach
+    - language: Golang
+    - framework: stencil
+    - engOrg: fnd