-
Notifications
You must be signed in to change notification settings - Fork 10
/
provide_conjur_secrets.go
61 lines (53 loc) · 1.49 KB
/
provide_conjur_secrets.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package pushtofile
import (
"github.com/cyberark/conjur-authn-k8s-client/pkg/log"
"github.com/cyberark/secrets-provider-for-k8s/pkg/log/messages"
"github.com/cyberark/secrets-provider-for-k8s/pkg/secrets/clients/conjur"
)
type fileProvider struct {
retrieveSecretsFunc conjur.RetrieveSecretsFunc
secretGroups []*SecretGroup
}
// NewProvider creates a new provider for Push-to-File mode.
func NewProvider(retrieveSecretsFunc conjur.RetrieveSecretsFunc, secretsBasePath string, annotations map[string]string) (*fileProvider, []error) {
secretGroups, err := NewSecretGroups(secretsBasePath, annotations)
if err != nil {
return nil, err
}
return &fileProvider{
retrieveSecretsFunc: retrieveSecretsFunc,
secretGroups: secretGroups,
}, nil
}
// Provide implements a ProviderFunc to retrieve and push secrets to the filesystem.
func (p fileProvider) Provide() error {
return provideWithDeps(
p.secretGroups,
p.retrieveSecretsFunc,
openFileAsWriteCloser,
pushToWriter,
)
}
func provideWithDeps(
groups []*SecretGroup,
retrieveSecretsFunc conjur.RetrieveSecretsFunc,
depOpenWriteCloser openWriteCloserFunc,
depPushToWriter pushToWriterFunc,
) error {
secretsByGroup, err := FetchSecretsForGroups(retrieveSecretsFunc, groups)
if err != nil {
return err
}
for _, group := range groups {
err := group.pushToFileWithDeps(
depOpenWriteCloser,
depPushToWriter,
secretsByGroup[group.Name],
)
if err != nil {
return err
}
}
log.Info(messages.CSPFK015I)
return nil
}