-
Notifications
You must be signed in to change notification settings - Fork 75
/
fake.go
89 lines (71 loc) · 2.23 KB
/
fake.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package fake
import (
"context"
"fmt"
"github.com/tidwall/gjson"
v1 "kusionstack.io/kusion/pkg/apis/api.kusion.io/v1"
"kusionstack.io/kusion/pkg/secrets"
)
const (
errMissingProviderSpec = "secret store spec is missing provider"
errMissingFakeProvider = "invalid provider spec. Missing Fake field in secret store provider spec"
)
type SecretData struct {
Value string
Version string
ValueMap map[string]string
}
// DefaultSecretStoreProvider should implement the secrets.SecretStoreProvider interface
var _ secrets.SecretStoreProvider = &DefaultSecretStoreProvider{}
// smSecretStore should implement the secrets.SecretStore interface
var _ secrets.SecretStore = &fakeSecretStore{}
type DefaultSecretStoreProvider struct{}
// NewSecretStore constructs a fake secret store instance.
func (p *DefaultSecretStoreProvider) NewSecretStore(spec v1.SecretStore) (secrets.SecretStore, error) {
providerSpec := spec.Provider
if providerSpec == nil {
return nil, fmt.Errorf(errMissingProviderSpec)
}
if providerSpec.Fake == nil {
return nil, fmt.Errorf(errMissingFakeProvider)
}
dataMap := make(map[string]*SecretData)
for _, data := range providerSpec.Fake.Data {
key := mapKey(data.Key, data.Version)
dataMap[key] = &SecretData{
Value: data.Value,
Version: data.Version,
}
if data.ValueMap != nil {
dataMap[key].ValueMap = data.ValueMap
}
}
return &fakeSecretStore{dataMap: dataMap}, nil
}
type fakeSecretStore struct {
dataMap map[string]*SecretData
}
// GetSecret retrieves ref secret value from backend data map.
func (f *fakeSecretStore) GetSecret(_ context.Context, ref v1.ExternalSecretRef) ([]byte, error) {
data, ok := f.dataMap[mapKey(ref.Name, ref.Version)]
if !ok || data.Version != ref.Version {
return nil, secrets.NoSecretErr
}
if ref.Property != "" {
val := gjson.Get(data.Value, ref.Property)
if !val.Exists() {
return nil, secrets.NoSecretErr
}
return []byte(val.String()), nil
}
return []byte(data.Value), nil
}
func mapKey(key, version string) string {
// Add the version suffix to preserve entries with the old versions as well.
return fmt.Sprintf("%v%v", key, version)
}
func init() {
secrets.Register(&DefaultSecretStoreProvider{}, &v1.ProviderSpec{
Fake: &v1.FakeProvider{},
})
}