lift service discovery client out of CyberArkClient

Service discovery will also be required for getting
encryption keys for envelope encryption. This change
makes the service discovery client available so we can
fetch keys before we sanitise / encrypt secret data

Signed-off-by: Ashley Davis <ashley.davis@cyberark.com>

Author: SgtCoDFish

internal/cyberark/client.go

@@ -49,24 +49,23 @@ func LoadClientConfigFromEnvironment() (ClientConfig, error) {
 // NewDatauploadClient initializes and returns a new CyberArk Data Upload client.
 // It performs service discovery to find the necessary API endpoints and authenticates
 // using the provided client configuration.
-func NewDatauploadClient(ctx context.Context, httpClient *http.Client, cfg ClientConfig) (*dataupload.CyberArkClient, error) {
-	discoveryClient := servicediscovery.New(httpClient)
-	serviceMap, err := discoveryClient.DiscoverServices(ctx, cfg.Subdomain)
-	if err != nil {
-		return nil, err
-	}
+func NewDatauploadClient(ctx context.Context, httpClient *http.Client, serviceMap *servicediscovery.Services, cfg ClientConfig) (*dataupload.CyberArkClient, error) {
 	identityAPI := serviceMap.Identity.API
 	if identityAPI == "" {
 		return nil, errors.New("service discovery returned an empty identity API")
 	}
-	identityClient := identity.New(httpClient, identityAPI, cfg.Subdomain)
-	err = identityClient.LoginUsernamePassword(ctx, cfg.Username, []byte(cfg.Secret))
-	if err != nil {
-		return nil, err
-	}
+
 	discoveryAPI := serviceMap.DiscoveryContext.API
 	if discoveryAPI == "" {
 		return nil, errors.New("service discovery returned an empty discovery API")
 	}
+
+	identityClient := identity.New(httpClient, identityAPI, cfg.Subdomain)
+
+	err := identityClient.LoginUsernamePassword(ctx, cfg.Username, []byte(cfg.Secret))
+	if err != nil {
+		return nil, err
+	}
+
 	return dataupload.New(httpClient, discoveryAPI, identityClient.AuthenticateRequest), nil
 }

internal/cyberark/client_test.go

@@ -32,13 +32,21 @@ func TestCyberArkClient_PutSnapshot_MockAPI(t *testing.T) {
 		Secret:    "somepassword",
 	}
 
-	cl, err := cyberark.NewDatauploadClient(ctx, httpClient, cfg)
+	discoveryClient := servicediscovery.New(httpClient)
+
+	serviceMap, err := discoveryClient.DiscoverServices(t.Context(), cfg.Subdomain)
+	if err != nil {
+		t.Fatalf("failed to discover mock services: %v", err)
+	}
+
+	cl, err := cyberark.NewDatauploadClient(ctx, httpClient, serviceMap, cfg)
 	require.NoError(t, err)
 
 	err = cl.PutSnapshot(ctx, dataupload.Snapshot{
 		ClusterID:    "ffffffff-ffff-ffff-ffff-ffffffffffff",
 		AgentVersion: version.PreflightVersion,
 	})
+
 	require.NoError(t, err)
 }
 
@@ -66,15 +74,24 @@ func TestCyberArkClient_PutSnapshot_RealAPI(t *testing.T) {
 		if errors.Is(err, cyberark.ErrMissingEnvironmentVariables) {
 			t.Skipf("Skipping: %s", err)
 		}
+
 		require.NoError(t, err)
 	}
 
-	cl, err := cyberark.NewDatauploadClient(ctx, httpClient, cfg)
+	discoveryClient := servicediscovery.New(httpClient)
+
+	serviceMap, err := discoveryClient.DiscoverServices(t.Context(), cfg.Subdomain)
+	if err != nil {
+		t.Fatalf("failed to discover services: %v", err)
+	}
+
+	cl, err := cyberark.NewDatauploadClient(ctx, httpClient, serviceMap, cfg)
 	require.NoError(t, err)
 
 	err = cl.PutSnapshot(ctx, dataupload.Snapshot{
 		ClusterID:    "ffffffff-ffff-ffff-ffff-ffffffffffff",
 		AgentVersion: version.PreflightVersion,
 	})
+
 	require.NoError(t, err)
 }

pkg/client/client_cyberark.go

@@ -19,6 +19,7 @@ import (
 	"github.com/jetstack/preflight/api"
 	"github.com/jetstack/preflight/internal/cyberark"
 	"github.com/jetstack/preflight/internal/cyberark/dataupload"
+	"github.com/jetstack/preflight/internal/cyberark/servicediscovery"
 	"github.com/jetstack/preflight/pkg/logs"
 	"github.com/jetstack/preflight/pkg/version"
 )
@@ -37,10 +38,12 @@ var _ Client = &CyberArkClient{}
 // If the configuration is invalid or missing, an error is returned.
 func NewCyberArk(httpClient *http.Client) (*CyberArkClient, error) {
 	configLoader := cyberark.LoadClientConfigFromEnvironment
+
 	_, err := configLoader()
 	if err != nil {
 		return nil, err
 	}
+
 	return &CyberArkClient{
 		configLoader: configLoader,
 		httpClient:   httpClient,
@@ -56,6 +59,19 @@ func NewCyberArk(httpClient *http.Client) (*CyberArkClient, error) {
 // The supplied Options are not used by this publisher.
 func (o *CyberArkClient) PostDataReadingsWithOptions(ctx context.Context, readings []*api.DataReading, opts Options) error {
 	log := klog.FromContext(ctx)
+
+	cfg, err := o.configLoader()
+	if err != nil {
+		return fmt.Errorf("failed to load config: %w", err)
+	}
+
+	discoveryClient := servicediscovery.New(o.httpClient)
+
+	serviceMap, err := discoveryClient.DiscoverServices(ctx, cfg.Subdomain)
+	if err != nil {
+		return err
+	}
+
 	snapshot := baseSnapshotFromOptions(opts)
 
 	if err := convertDataReadings(defaultExtractorFunctions, readings, &snapshot); err != nil {
@@ -65,11 +81,7 @@ func (o *CyberArkClient) PostDataReadingsWithOptions(ctx context.Context, readin
 	// Minimize the snapshot to reduce size and improve privacy
 	minimizeSnapshot(log.V(logs.Debug), &snapshot)
 
-	cfg, err := o.configLoader()
-	if err != nil {
-		return err
-	}
-	datauploadClient, err := cyberark.NewDatauploadClient(ctx, o.httpClient, cfg)
+	datauploadClient, err := cyberark.NewDatauploadClient(ctx, o.httpClient, serviceMap, cfg)
 	if err != nil {
 		return fmt.Errorf("while initializing data upload client: %s", err)
 	}