-
Notifications
You must be signed in to change notification settings - Fork 14
/
utility_secret.go
71 lines (56 loc) · 1.61 KB
/
utility_secret.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package transform
import (
"context"
"encoding/json"
"fmt"
"github.com/brexhq/substation/config"
iconfig "github.com/brexhq/substation/internal/config"
"github.com/brexhq/substation/internal/secrets"
"github.com/brexhq/substation/message"
)
type utilitySecretConfig struct {
// Secret is the secret to retrieve.
Secret config.Config `json:"secret"`
}
func (c *utilitySecretConfig) Decode(in interface{}) error {
return iconfig.Decode(in, c)
}
func newUtilitySecret(ctx context.Context, cfg config.Config) (*utilitySecret, error) {
// conf gets validated when calling secrets.New.
conf := utilitySecretConfig{}
if err := conf.Decode(cfg.Settings); err != nil {
return nil, fmt.Errorf("transform: utility_secret: %v", err)
}
ret, err := secrets.New(ctx, conf.Secret)
if err != nil {
return nil, fmt.Errorf("transform: utility_secret: %v", err)
}
tf := utilitySecret{
conf: conf,
secret: ret,
}
if err := tf.secret.Retrieve(ctx); err != nil {
return nil, fmt.Errorf("transform: utility_secret: %v", err)
}
return &tf, nil
}
type utilitySecret struct {
conf utilitySecretConfig
// secret is safe for concurrent access.
secret secrets.Retriever
}
func (tf *utilitySecret) Transform(ctx context.Context, msg *message.Message) ([]*message.Message, error) {
if msg.IsControl() {
return []*message.Message{msg}, nil
}
if tf.secret.Expired() {
if err := tf.secret.Retrieve(ctx); err != nil {
return nil, fmt.Errorf("transform: utility_secret: %v", err)
}
}
return []*message.Message{msg}, nil
}
func (tf *utilitySecret) String() string {
b, _ := json.Marshal(tf.conf)
return string(b)
}