feat: added credential_process option to config

[elyzov]

resolves #16

[kir4h]

Thanks @elyzov! I´ll try to take a look over the week-end

[codecov]

Codecov Report

Patch coverage: 78.94% and project coverage change: -0.73 ⚠️

Comparison is base (f0d8850) 89.61% compared to head (9e5bfe8) 88.88%.

❗ Current head 9e5bfe8 differs from pull request most recent head 61575cc. Consider uploading reports for the commit 61575cc to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##           master      #17      +/-   ##
==========================================
- Coverage   89.61%   88.88%   -0.73%     
==========================================
  Files           6        7       +1     
  Lines         260      279      +19     
==========================================
+ Hits          233      248      +15     
- Misses         13       15       +2     
- Partials       14       16       +2     

Flag	Coverage Δ
unittests	88.88% <78.94%> (-0.73%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
internal/pkg/credential/process.go	78.94% <78.94%> (ø)

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[kir4h]

Thanks for the contribution, love the way AWS CLI allows this, makes it pretty flexible.

To address:

• Some minor comments
• Couple of tests missing
• Adding the new variable to the man config in README.md

Maybe something like

# External process for sourcing Vault token
# If specified, `token` will be ignored
# credential_process = "get-vault-token -f credential-process"

You already documented in its own section, but I like to have a complete configuration
someone can copy paste if needed.

• Also one question: I see this new behaviour is added as configuration variable but not as a runtime argument; is this on purpose?

[kir4h]

Suggested change

	- Ability to specify `credential_process` option in the config to sourcing Vault token with an external process
	- Ability to specify `credential_process` option in the config to source Vault token from an external process

[kir4h]

Suggested change

	# External process for sourcing Valet token
	# External process for sourcing Vault token

[kir4h]

Suggested change

	"Token": "an Vault access token"
	"Token": "a Vault access token"

[kir4h]

Suggested change

	- **RVault** should run the process, parse the JSON from stdout, and add the token to the global configuration.
	- **RVault** will run the process, parse the JSON from stdout, and add the token to the global configuration.

[kir4h]

To get the behaviour stated in the documentation, viper.Set should be used instead. Otherwise an existing global.tokenin the configuration file will take precedence over the default value.

[kir4h]

I would rather unexport this one as it's not consumed outside of the package

[elyzov]

@kir4h I see your concerns, but, as far as I can see, it's not violates any security aspects, but allow to refer this values from the other packages if it's required. On the other hand your proposal restricts the usage of this variables within the single package and will require additional efforts to to provides them for extarnal usage if it's required. Maybe I can't see some other rational in your proposal, so could you please elaborate a bit with your point of view.

[kir4h]

Not security related, more in line of YAGNI principle (the reason I noticed was the code inspector showing a warning for it)

Also In my view exporting a constant makes think that the constant is used elsewhere, and thus a refactor could be a breaking change where in reality that variable was only consumed internally and thus there is no breaking change.

And if at some point we want to export it it´s just a matter of a small refactor to do so, no big effort there at all.

[kir4h]

Same unexport comment

[kir4h]

Worth documenting that this logic will inject VAULT_ADDR environment variable