4 years ago · af5b8295bb
--- a/pkg/provider/vault/fake/vault.go
+++ b/pkg/provider/vault/fake/vault.go
@@ -26,6 +26,10 @@ type MockRawRequestWithContextFn func(ctx context.Context, r *vault.Request) (*v
 
				 
			
 
				 type MockSetTokenFn func(v string)
			
 
				 
			
 
				+type MockTokenFn func() string
			
 
				+
			
 
				+type MockClearTokenFn func()
			
 
				+
			
 
				 type MockSetNamespaceFn func(namespace string)
			
 
				 
			
 
				 func NewMockNewRequestFn(req *vault.Request) MockNewRequestFn {
			
@@ -57,6 +61,16 @@ func NewSetTokenFn(ofn ...func(v string)) MockSetTokenFn {
 
				 	}
			
 
				 }
			
 
				 
			
 
				+func NewTokenFn(v string) MockTokenFn {
			
 
				+	return func() string {
			
 
				+		return v
			
 
				+	}
			
 
				+}
			
 
				+
			
 
				+func NewClearTokenFn() MockClearTokenFn {
			
 
				+	return func() {}
			
 
				+}
			
 
				+
			
 
				 func NewSetNamespaceFn() MockSetNamespaceFn {
			
 
				 	return func(namespace string) {}
			
 
				 }
			
@@ -65,6 +79,8 @@ type VaultClient struct {
 
				 	MockNewRequest            MockNewRequestFn
			
 
				 	MockRawRequestWithContext MockRawRequestWithContextFn
			
 
				 	MockSetToken              MockSetTokenFn
			
 
				+	MockToken                 MockTokenFn
			
 
				+	MockClearToken            MockClearTokenFn
			
 
				 	MockSetNamespace          MockSetNamespaceFn
			
 
				 }
			
 
				 
			
@@ -80,6 +96,14 @@ func (c *VaultClient) SetToken(v string) {
 
				 	c.MockSetToken(v)
			
 
				 }
			
 
				 
			
 
				+func (c *VaultClient) Token() string {
			
 
				+	return c.MockToken()
			
 
				+}
			
 
				+
			
 
				+func (c *VaultClient) ClearToken() {
			
 
				+	c.MockClearToken()
			
 
				+}
			
 
				+
			
 
				 func (c *VaultClient) SetNamespace(namespace string) {
			
 
				 	c.MockSetNamespace(namespace)
			
 
				 }
			
--- a/pkg/provider/vault/vault.go
+++ b/pkg/provider/vault/vault.go
@@ -68,12 +68,16 @@ const (
 
				 	errSecretKeyFmt  = "cannot find secret data for key: %q"
			
 
				 
			
 
				 	errClientTLSAuth = "error from Client TLS Auth: %q"
			
 
				+
			
 
				+	errVaultRevokeToken = "error while revoking token: %w"
			
 
				 )
			
 
				 
			
 
				 type Client interface {
			
 
				 	NewRequest(method, requestPath string) *vault.Request
			
 
				 	RawRequestWithContext(ctx context.Context, r *vault.Request) (*vault.Response, error)
			
 
				 	SetToken(v string)
			
 
				+	Token() string
			
 
				+	ClearToken()
			
 
				 	SetNamespace(namespace string)
			
 
				 }
			
 
				 
			
@@ -156,6 +160,15 @@ func (v *client) GetSecretMap(ctx context.Context, ref esv1alpha1.ExternalSecret
 
				 }
			
 
				 
			
 
				 func (v *client) Close(ctx context.Context) error {
			
 
				+	// Revoke the token if we have one set and it wasn't sourced from a TokenSecretRef
			
 
				+	if v.client.Token() != "" && v.store.Auth.TokenSecretRef == nil {
			
 
				+		req := v.client.NewRequest(http.MethodPost, "/v1/auth/token/revoke-self")
			
 
				+		_, err := v.client.RawRequestWithContext(ctx, req)
			
 
				+		if err != nil {
			
 
				+			return fmt.Errorf(errVaultRevokeToken, err)
			
 
				+		}
			
 
				+		v.client.ClearToken()
			
 
				+	}
			
 
				 	return nil
			
 
				 }
			
 
				 
			
--- a/pkg/provider/vault/vault_test.go
+++ b/pkg/provider/vault/vault_test.go
@@ -246,7 +246,9 @@ MIICsTCCAZkCFEJJ4daz5sxkFlzq9n1djLEuG7bmMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNVBAMMCHZh
 
				 
			
 
				 								return nil
			
 
				 							}),
			
 
				-						MockSetToken: fake.NewSetTokenFn(),
			
 
				+						MockSetToken:   fake.NewSetTokenFn(),
			
 
				+						MockToken:      fake.NewTokenFn(""),
			
 
				+						MockClearToken: fake.NewClearTokenFn(),
			
 
				 					}, nil
			
 
				 				},
			
 
				 			},