forked from KazanExpress/argocd-terraform-plugin
/
onepasswordconnect.go
60 lines (48 loc) · 1.92 KB
/
onepasswordconnect.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
package backends
import (
"strings"
"github.com/1Password/connect-sdk-go/connect"
"github.com/akastav/argocd-terraform-plugin/pkg/utils"
)
// OnePassword is a struct for working with a 1Password Connect backend
type OnePasswordConnect struct {
Client connect.Client
}
// NewOnePasswordConnectBackend initializes a new 1Password Connect backend
func NewOnePasswordConnectBackend(client connect.Client) *OnePasswordConnect {
return &OnePasswordConnect{
Client: client,
}
}
// Login does nothing as a "login" is handled on the instantiation of the 1Password Connect SDK
func (a *OnePasswordConnect) Login() error {
return nil
}
// GetSecrets gets secrets from 1Password Connect server and returns the formatted data
func (a *OnePasswordConnect) GetSecrets(path string, version string, annotations map[string]string) (map[string]interface{}, error) {
// Format we expect is vaults/<vaultUUID>/items/<secret_UUID>
splits := strings.Split(path, "/")
vaultUUID := splits[1]
itemUUID := splits[3]
utils.VerboseToStdErr("OnePassword Connect getting item %s from vault %s", itemUUID, vaultUUID)
result, err := a.Client.GetItem(itemUUID, vaultUUID)
if err != nil {
return nil, err
}
utils.VerboseToStdErr("OnePassword Connect get secret response: %v", result)
data := make(map[string]interface{})
for _, field := range result.Fields {
data[field.Label] = field.Value
}
return data, nil
}
// GetIndividualSecret will get the specific secret (placeholder) from the 1Password connect backend
// For 1Password, we only support placeholders replaced from the k/v pairs of a secret which cannot be individually addressed
// So, we use GetSecrets and extract the specific placeholder we want
func (a *OnePasswordConnect) GetIndividualSecret(kvpath, secret, version string, annotations map[string]string) (interface{}, error) {
data, err := a.GetSecrets(kvpath, version, annotations)
if err != nil {
return nil, err
}
return data[secret], nil
}