From 7bf4853002cac20a8c070eb19802f304706af66c Mon Sep 17 00:00:00 2001 From: id443 Date: Thu, 29 Feb 2024 23:25:37 +0300 Subject: [PATCH 1/3] add Vault --- .../ClickHouse/ClickHouseStorage.cs | 10 ++++- .../ClickHouse/Vault.cs | 44 +++++++++++++++++++ .../OneSTools.EventLog.Exporter.Core.csproj | 1 + OneSTools.EventLog.Exporter/appsettings.json | 16 +++++-- README.md | 1 + 5 files changed, 67 insertions(+), 5 deletions(-) create mode 100644 OneSTools.EventLog.Exporter.Core/ClickHouse/Vault.cs diff --git a/OneSTools.EventLog.Exporter.Core/ClickHouse/ClickHouseStorage.cs b/OneSTools.EventLog.Exporter.Core/ClickHouse/ClickHouseStorage.cs index 007e843..ab9d86f 100644 --- a/OneSTools.EventLog.Exporter.Core/ClickHouse/ClickHouseStorage.cs +++ b/OneSTools.EventLog.Exporter.Core/ClickHouse/ClickHouseStorage.cs @@ -23,7 +23,7 @@ public ClickHouseStorage(string connectionsString, ILogger lo { _logger = logger; _connectionString = connectionsString; - + Init(); } @@ -31,7 +31,13 @@ public ClickHouseStorage(ILogger logger, IConfiguration confi { _logger = logger; _connectionString = configuration.GetValue("ClickHouse:ConnectionString", ""); - + var useVault = configuration.GetValue("Vault:UseVault", false); + if (useVault) { + var vault = new Vault(); + var arr = vault.GetSecretWithAppRole(configuration); + var username = arr[0]; + var password = arr[1]; + _connectionString = _connectionString.Replace("Username=test","Username:" + username).Replace("password=","password=" + password); } Init(); } diff --git a/OneSTools.EventLog.Exporter.Core/ClickHouse/Vault.cs b/OneSTools.EventLog.Exporter.Core/ClickHouse/Vault.cs new file mode 100644 index 0000000..89520b5 --- /dev/null +++ b/OneSTools.EventLog.Exporter.Core/ClickHouse/Vault.cs @@ -0,0 +1,44 @@ +using System.Collections.Specialized; +using System.ComponentModel; +using System.Diagnostics; +using System.Security.Cryptography; +using System.Text; +using VaultSharp; +using VaultSharp.V1.AuthMethods; +using VaultSharp.V1.AuthMethods.AppRole; +using VaultSharp.V1.AuthMethods.Token; +using VaultSharp.V1.Commons; +using VaultSharp.V1.SecretsEngines.Consul; +using Microsoft.Extensions.Configuration; + +namespace OneSTools.EventLog.Exporter.Core.ClickHouse +{ + public class Vault + { + public string[] GetSecretWithAppRole(IConfiguration configuration) + { + string vaultAddr = configuration.GetValue("Vault:VaultAddr",""); + string path = configuration.GetValue("Vault:Path",""); + string mountPoint = configuration.GetValue("Vault:MountPoint",""); + string roleId = configuration.GetValue("Vault:RoleId",""); + string secretId = configuration.GetValue("Vault:SecreteId",""); + string login = configuration.GetValue("Vault:Login",""); + string password = configuration.GetValue("Vault:Password",""); + + IAuthMethodInfo authMethod = new AppRoleAuthMethodInfo(roleId, secretId.ToString()); + var vaultClientSettings = new VaultClientSettings(vaultAddr, authMethod); + + IVaultClient vaultClient = new VaultClient(vaultClientSettings); + + Secret kv2Secret = null; + kv2Secret = vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync(path:path , mountPoint: mountPoint).Result; + + var arr = new string[2]; + string username = kv2Secret.Data.Data[login].ToString(); + string pass = kv2Secret.Data.Data[password].ToString(); + arr[0] = username; + arr[1] = pass; + return arr; + } + } +} diff --git a/OneSTools.EventLog.Exporter.Core/OneSTools.EventLog.Exporter.Core.csproj b/OneSTools.EventLog.Exporter.Core/OneSTools.EventLog.Exporter.Core.csproj index 09a2daf..090e986 100644 --- a/OneSTools.EventLog.Exporter.Core/OneSTools.EventLog.Exporter.Core.csproj +++ b/OneSTools.EventLog.Exporter.Core/OneSTools.EventLog.Exporter.Core.csproj @@ -29,6 +29,7 @@ + diff --git a/OneSTools.EventLog.Exporter/appsettings.json b/OneSTools.EventLog.Exporter/appsettings.json index 6f28040..53fd798 100644 --- a/OneSTools.EventLog.Exporter/appsettings.json +++ b/OneSTools.EventLog.Exporter/appsettings.json @@ -7,7 +7,7 @@ } }, "Exporter": { - "StorageType": 0, + "StorageType": "ClickHouse", "LogFolder": "", "Portion": 10000, "TimeZone": "Europe/Moscow", @@ -18,7 +18,7 @@ "SkipEventsBeforeDate": "2022-04-01T00:00:00" }, "ClickHouse": { - "ConnectionString": "Host=CH_HOST_NAME;Port=8123;Database=DATABASE_NAME;Username=USER_NAME;password=PASSWORD;" + "ConnectionString": "Host=;Port=8123;Username=test;password=;Database=example2;" }, "ElasticSearch": { "Nodes": [ @@ -31,5 +31,15 @@ "Separation": "M", "MaximumRetries": 2, "MaxRetryTimeout": 30 - } + }, + "Vault": { + "UseVault":"True", + "VaultAddr":"", + "Path":"", + "MountPoint":"", + "SecreteId":"", + "RoleId":"", + "Login":"login", + "Password":"password" +} } \ No newline at end of file diff --git a/README.md b/README.md index c6e7494..c21157b 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,7 @@ |[OneSTools.EventLog.Exporter.Core](https://github.com/akpaevj/OneSTools.EventLog/tree/master/OneSTools.EventLog.Exporter.Core)|Библиотека-ядро для инструментов экспорта журнала регистрации|| |[EventLogExporter](https://github.com/akpaevj/OneSTools.EventLog/tree/master/OneSTools.EventLog.Exporter)|Служба для экспорта журнала регистрации в [ClickHouse](https://clickhouse.tech/) и [ElasticSearch](https://www.elastic.co/)|![EventLogExporter .NET 5](https://github.com/akpaevj/OneSTools.EventLog/workflows/EventLogExporter%20.NET%205/badge.svg)| |[EventLogExportersManager](https://github.com/akpaevj/OneSTools.EventLog/tree/master/OneSTools.EventLog.Exporter.Manager)|Служба, выполняющая роль менеджера и наблюдающая каталоги серверов на предмет появления/удаления информационных баз с автоматическим подключением/отключением экспорта их журналов регистраций|| +|[Vault](https://github.com/rajanadar/VaultSharp)|HashiCorp Vault — это инструмент с открытым исходным кодом, который обеспечивает безопасный и надежный способ хранения и распространения секретов, таких как ключи API, токены доступа и пароли|| ## Get started: From 50734f7807f9521f46965119026796e099fbb1ca Mon Sep 17 00:00:00 2001 From: id443 Date: Wed, 20 Mar 2024 19:50:12 +0300 Subject: [PATCH 2/3] fix errors --- .../ClickHouse/ClickHouseStorage.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OneSTools.EventLog.Exporter.Core/ClickHouse/ClickHouseStorage.cs b/OneSTools.EventLog.Exporter.Core/ClickHouse/ClickHouseStorage.cs index ab9d86f..862f20e 100644 --- a/OneSTools.EventLog.Exporter.Core/ClickHouse/ClickHouseStorage.cs +++ b/OneSTools.EventLog.Exporter.Core/ClickHouse/ClickHouseStorage.cs @@ -37,7 +37,7 @@ public ClickHouseStorage(ILogger logger, IConfiguration confi var arr = vault.GetSecretWithAppRole(configuration); var username = arr[0]; var password = arr[1]; - _connectionString = _connectionString.Replace("Username=test","Username:" + username).Replace("password=","password=" + password); } + _connectionString = _connectionString.Replace("Username=test","Username=" + username).Replace("password=","password=" + password); } Init(); } From 1e236edd3c740135b30d9381b3cc675c4ddf040b Mon Sep 17 00:00:00 2001 From: id443 Date: Wed, 20 Mar 2024 19:51:09 +0300 Subject: [PATCH 3/3] remove extra import --- OneSTools.EventLog.Exporter.Core/ClickHouse/Vault.cs | 7 ------- 1 file changed, 7 deletions(-) diff --git a/OneSTools.EventLog.Exporter.Core/ClickHouse/Vault.cs b/OneSTools.EventLog.Exporter.Core/ClickHouse/Vault.cs index 89520b5..b5358fe 100644 --- a/OneSTools.EventLog.Exporter.Core/ClickHouse/Vault.cs +++ b/OneSTools.EventLog.Exporter.Core/ClickHouse/Vault.cs @@ -1,14 +1,7 @@ -using System.Collections.Specialized; -using System.ComponentModel; -using System.Diagnostics; -using System.Security.Cryptography; -using System.Text; using VaultSharp; using VaultSharp.V1.AuthMethods; using VaultSharp.V1.AuthMethods.AppRole; -using VaultSharp.V1.AuthMethods.Token; using VaultSharp.V1.Commons; -using VaultSharp.V1.SecretsEngines.Consul; using Microsoft.Extensions.Configuration; namespace OneSTools.EventLog.Exporter.Core.ClickHouse