MQE-1647: read vault token from local file system

jilu1 · jilu1 · commit 9f63033b54c2 · 2019-07-24T14:15:40.000-05:00
diff --git a/src/Magento/FunctionalTestingFramework/DataGenerator/Handlers/CredentialStore.php b/src/Magento/FunctionalTestingFramework/DataGenerator/Handlers/CredentialStore.php
@@ -59,13 +59,9 @@ private function __construct()
 
         // Initialize vault storage
         $csBaseUrl = getenv('CREDENTIAL_VAULT_BASE_URL');
-        $csToken = getenv('CREDENTIAL_VAULT_TOKEN');
-        if ($csBaseUrl !== false && $csToken !== false) {
+        if ($csBaseUrl !== false) {
             try {
-                $this->credStorage[self::ARRAY_KEY_FOR_VAULT] = new VaultStorage(
-                    rtrim($csBaseUrl, '/'),
-                    $csToken
-                );
+                $this->credStorage[self::ARRAY_KEY_FOR_VAULT] = new VaultStorage(rtrim($csBaseUrl, '/'));
             } catch (TestFrameworkException $e) {
             }
         }
diff --git a/src/Magento/FunctionalTestingFramework/DataGenerator/Handlers/SecretStorage/VaultStorage.php b/src/Magento/FunctionalTestingFramework/DataGenerator/Handlers/SecretStorage/VaultStorage.php
@@ -21,6 +21,21 @@ class VaultStorage extends BaseStorage
     const BASE_PATH = '/dx_magento_qe';
     const KV_DATA = 'data';
 
+    /**
+     * Default vault token file
+     */
+    const TOKEN_FILE = '.vault-token';
+    /**
+     * Default vault config file
+     */
+    const CONFIG_FILE = '.vault';
+    /**
+     * Environment variable name for vault config path
+     */
+    const CONFIG_PATH_ENV_VAR = 'VAULT_CONFIG_PATH';
+
+    const TOKEN_HELPER_REGEX = "~\s*token_helper\s*=(.+)$~";
+
     /**
      * Vault client
      *
@@ -33,23 +48,22 @@ class VaultStorage extends BaseStorage
      *
      * @var string
      */
-    private $token;
+    private $token = null;
 
     /**
      * CredentialVault constructor
      *
      * @param string $baseUrl
-     * @param string $token
      * @throws TestFrameworkException
      */
-    public function __construct($baseUrl, $token)
+    public function __construct($baseUrl)
     {
         parent::__construct();
         if (null === $this->client) {
             // Creating the client using Guzzle6 Transport and passing a custom url
             $this->client = new Client(new Guzzle6Transport(['base_uri' => $baseUrl]));
         }
-        $this->token = $token;
+        $this->readVaultTokenFromFileSystem();
         if (!$this->authenticated()) {
             throw new TestFrameworkException("Credential vault is not used: cannot authenticate");
         }
@@ -120,4 +134,80 @@ private function authenticated()
         }
         return false;
     }
+
+    /**
+     * Read vault token from file system
+     *
+     * @return void
+     * @throws TestFrameworkException
+     */
+    private function readVaultTokenFromFileSystem()
+    {
+        // Find user home directory
+        $homeDir = getenv('HOME');
+        if ($homeDir === false) {
+            // If HOME is not set, don't fail right away
+            $homeDir = '~/';
+        } else {
+            $homeDir = rtrim($homeDir, '/') . '/';
+        }
+
+        $vaultTokenFile = $homeDir . self::TOKEN_FILE;
+        if (file_exists($vaultTokenFile)) {
+            // Found .vault-token file in default location, construct command
+            $cmd = 'cat ' .  $vaultTokenFile;
+        } else {
+            // Otherwise search vault config file for custom token helper script
+            $vaultConfigPath = getenv(self::CONFIG_PATH_ENV_VAR);
+            if ($vaultConfigPath === false) {
+                $vaultConfigFile = $homeDir . self::CONFIG_FILE;
+            } else {
+                $vaultConfigFile = rtrim($vaultConfigPath, '/') . '/' . self::CONFIG_FILE;
+            }
+            // Found .vault config file, read custom token helper script and construct command
+            if (file_exists($vaultConfigFile)
+                && !empty($cmd = $this->getTokenHelperScript(file($vaultConfigFile, FILE_IGNORE_NEW_LINES)))) {
+                $cmd = $cmd . ' get';
+            } else {
+                throw new TestFrameworkException(
+                    'Unable to read .vault-token file. Please authenticate to vault through vault CLI first.'
+                );
+            }
+        }
+        $this->token = $this->execVaultTokenHelper($cmd);
+    }
+
+    /**
+     * Get vault token helper script by parsing lines in vault config file
+     *
+     * @param array $lines
+     * @return array
+     */
+    private function getTokenHelperScript($lines)
+    {
+        $tokenHelper = '';
+        foreach ($lines as $line) {
+            preg_match(self::TOKEN_HELPER_REGEX, $line, $matches);
+            if (isset($matches[1])) {
+                $tokenHelper = trim(trim(trim($matches[1]), '"'));
+            }
+        }
+        return $tokenHelper;
+    }
+
+    /**
+     * Execute vault token helper script and return the token it contains
+     *
+     * @param string $cmd
+     * @return string
+     */
+    private function execVaultTokenHelper($cmd)
+    {
+        $output = '';
+        exec($cmd, $out, $status);
+        if ($status === 0 && isset($out[0])) {
+            $output = $out[0];
+        }
+        return $output;
+    }
 }
