api_endpoint = rtrim(trim($api_endpoint), '/'); $this->db_path = trim($db_path); $this->token = trim($token); } public function validateParameters(): bool { if (parse_url($this->api_endpoint, PHP_URL_HOST) === null) { $this->addError(_s('Provided API endpoint "%1$s" is invalid.', $this->api_endpoint)); } $secret_parser = new CVaultSecretParser(['provider' => ZBX_VAULT_TYPE_HASHICORP, 'with_key' => false]); if ($secret_parser->parse($this->db_path) != CParser::PARSE_SUCCESS) { $this->addError(_s('Provided secret path "%1$s" is invalid.', $this->db_path)); } if ($this->token === '') { $this->addError(_s('Provided authentication token "%1$s" is empty.', $this->token)); } return !$this->getErrors(); } public function getCredentials(): ?array { $path_parts = explode('/', $this->db_path); array_splice($path_parts, 1, 0, 'data'); $url = $this->api_endpoint.'/v1/'.implode('/', $path_parts); $secret = @file_get_contents($url, false, stream_context_create([ 'http' => [ 'method' => 'GET', 'header' => "X-Vault-Token: $this->token\r\n", 'ignore_errors' => true ] ])); if ($secret === false) { $this->addError(_('Vault connection failed.')); return null; } $secret = $secret ? json_decode($secret, true) : null; if ($secret === null || !isset($secret['data']['data']) || !is_array($secret['data']['data'])) { $this->addError(_('Unable to load database credentials from Vault.')); return null; } $db_credentials = $secret['data']['data']; if (!array_key_exists('username', $db_credentials) || !array_key_exists('password', $db_credentials)) { $this->addError(_('Username and password must be stored in Vault secret keys "username" and "password".')); return null; } return [ 'user' => $db_credentials['username'], 'password' => $db_credentials['password'] ]; } }