Operator: Support JSON-formatted Vault policies #978
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What's in this PR?
This adds support for Vault Policies to be provided as JSON strings, in addition to HCL-formatted strings. Current behaviour tries to use an HCL formatter to make it pretty, which won't work for JSON!
This change makes the operator attempt to parse the policy (with a Vault function which parses both JSON and HCL) and if it succeeds, applies it.
Why?
Vault supports policies in both HCL and JSON format so the operator should too!
Additional context
Our policies were becoming boilerplate-y and less maintainable so we decided to generate them via Jsonnet, where it's significantly easier to template JSON than HCL.
This has been tested with valid JSON and HCL policies and both are created successfully.
Checklist