kjuulh
616d23c550
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Signed-off-by: kjuulh <contact@kjuulh.io>
154 lines
4.5 KiB
Rust
154 lines
4.5 KiB
Rust
use minijinja::{value::Object, Value};
|
|
|
|
use crate::Component;
|
|
|
|
#[derive(Debug)]
|
|
pub struct VaultSecretValues {
|
|
name: String,
|
|
secrets: VaultSecretsLookup,
|
|
}
|
|
|
|
#[derive(Debug, Clone)]
|
|
pub struct VaultSecretsLookup {
|
|
secrets: Vec<String>,
|
|
}
|
|
|
|
impl From<Vec<String>> for VaultSecretsLookup {
|
|
fn from(value: Vec<String>) -> Self {
|
|
Self { secrets: value }
|
|
}
|
|
}
|
|
|
|
#[derive(Default, Clone)]
|
|
pub struct VaultSecret {}
|
|
|
|
impl Component for VaultSecret {
|
|
fn name(&self) -> String {
|
|
"vault/secret".into()
|
|
}
|
|
|
|
fn validate(&self, value: &serde_yaml::Value) -> anyhow::Result<()> {
|
|
Ok(())
|
|
}
|
|
|
|
fn render_value(
|
|
&self,
|
|
environment: &str,
|
|
value: &serde_yaml::Value,
|
|
) -> Option<anyhow::Result<minijinja::Value>> {
|
|
if let Some(values) = value
|
|
.as_mapping()
|
|
.and_then(|map| map.get("env"))
|
|
.and_then(|v| v.as_mapping())
|
|
.map(|v| {
|
|
v.iter()
|
|
.filter_map(|(k, v)| {
|
|
if v.as_mapping()
|
|
.map(|m| m.get("vault").filter(|v| v.as_bool() == Some(true)))
|
|
.is_some()
|
|
{
|
|
Some(k)
|
|
} else {
|
|
None
|
|
}
|
|
})
|
|
.filter_map(|k| k.as_str())
|
|
.collect::<Vec<_>>()
|
|
})
|
|
{
|
|
let vault_values = VaultSecretValues {
|
|
name: self.name().replace("/", "-"),
|
|
secrets: values
|
|
.into_iter()
|
|
.map(|i| i.into())
|
|
.collect::<Vec<_>>()
|
|
.into(),
|
|
};
|
|
|
|
return Some(Ok(minijinja::Value::from_object(vault_values)));
|
|
}
|
|
|
|
Some(Ok(minijinja::Value::from_object(VaultSecretValues {
|
|
name: self.name().replace("/", "-"),
|
|
secrets: VaultSecretsLookup {
|
|
secrets: Vec::default(),
|
|
},
|
|
})))
|
|
}
|
|
|
|
fn render(
|
|
&self,
|
|
_environment: &str,
|
|
value: &serde_yaml::Value,
|
|
) -> Option<anyhow::Result<(String, String)>> {
|
|
value
|
|
.as_mapping()
|
|
.and_then(|map| map.get("env"))
|
|
.and_then(|v| v.as_mapping())
|
|
.map(|v| {
|
|
v.iter()
|
|
.filter_map(|(k, v)| {
|
|
if v.as_mapping()
|
|
.map(|m| m.get("vault").filter(|v| v.as_bool() == Some(true)))
|
|
.is_some()
|
|
{
|
|
Some(k)
|
|
} else {
|
|
None
|
|
}
|
|
})
|
|
.filter_map(|k| k.as_str())
|
|
.collect::<Vec<_>>()
|
|
})
|
|
.map(|_| {
|
|
Ok((
|
|
format!("{}.yaml", self.name().replace("/", "_")),
|
|
r#"apiVersion: secrets.hashicorp.com/v1beta1
|
|
kind: VaultStaticSecret
|
|
metadata:
|
|
name: {{ vars.vault_secret.file_name(vars.cuddle_vars.service) }}
|
|
namespace: {{ vars.cluster_vars.namespace }}
|
|
spec:
|
|
destination:
|
|
create: true
|
|
name: {{ vars.vault_secret.file_name(vars.cuddle_vars.service) }}
|
|
mount: kvv2
|
|
path: {{ vars.cuddle_vars.service }}/{{ environment }}
|
|
refreshAfter: 30s
|
|
type: kv-v2
|
|
"#
|
|
.into(),
|
|
))
|
|
})
|
|
}
|
|
}
|
|
|
|
impl Object for VaultSecretValues {
|
|
fn get_value(self: &std::sync::Arc<Self>, key: &minijinja::Value) -> Option<minijinja::Value> {
|
|
let name = self.name.clone();
|
|
let obj = match key.as_str()? {
|
|
"name" => Value::from_safe_string(self.name.clone()),
|
|
"secrets" => Value::from_object(self.secrets.clone()),
|
|
"has_values" => Value::from_serialize(!self.secrets.secrets.is_empty()),
|
|
"file_name" => Value::from_function(move |file_name: String| {
|
|
format!("{}-{}", file_name, name.replace("/", "-"))
|
|
}),
|
|
_ => return None,
|
|
};
|
|
|
|
Some(obj)
|
|
}
|
|
}
|
|
|
|
impl Object for VaultSecretsLookup {
|
|
fn get_value(self: &std::sync::Arc<Self>, key: &Value) -> Option<Value> {
|
|
let idx = key.as_usize()?;
|
|
|
|
self.secrets.get(idx).cloned().map(Value::from_safe_string)
|
|
}
|
|
|
|
fn enumerate(self: &std::sync::Arc<Self>) -> minijinja::value::Enumerator {
|
|
minijinja::value::Enumerator::Seq(self.secrets.len())
|
|
}
|
|
}
|