/
secret_manager.go
139 lines (112 loc) · 3.42 KB
/
secret_manager.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
package cd
import (
"encoding/json"
"errors"
"fmt"
"sync"
"github.com/harness/harness-go-sdk/harness/cd/graphql"
"github.com/harness/harness-go-sdk/harness/cd/unpublished"
"github.com/harness/harness-go-sdk/harness/helpers"
"github.com/harness/harness-go-sdk/harness/utils"
)
const (
standardSecretsManagerFields = `
id
name
`
)
// CRUD
func (ac *SecretClient) GetSecretManagerById(id string) (*graphql.SecretManager, error) {
query := &GraphQLQuery{
Query: fmt.Sprintf(`query($secretManagerId: String!) {
secretManager(secretManagerId: $secretManagerId) {
%s
}
}`, standardSecretsManagerFields),
Variables: map[string]interface{}{
"secretManagerId": id,
},
}
res := &struct {
SecretManager graphql.SecretManager
}{}
err := ac.ApiClient.ExecuteGraphQLQuery(query, res)
if err != nil {
return nil, err
}
return &res.SecretManager, nil
}
func (ac *SecretClient) GetSecretManagerByName(name string) (*graphql.SecretManager, error) {
query := &GraphQLQuery{
Query: fmt.Sprintf(`query($name: String!) {
secretManagerByName(name: $name) {
%s
}
}`, standardSecretsManagerFields),
Variables: map[string]interface{}{
"name": name,
},
}
res := &struct {
SecretManagerByName graphql.SecretManager
}{}
err := ac.ApiClient.ExecuteGraphQLQuery(query, &res)
if err != nil {
return nil, err
}
return &res.SecretManagerByName, nil
}
// WARNING: This method requires the use of a bearer token which isn't supported in most scenarios.
func (c *SecretClient) ListSecretManagers() ([]*unpublished.SecretManager, error) {
req, err := c.ApiClient.NewAuthorizedGetRequest("/secrets/list-configs")
if err != nil {
return nil, err
}
query := req.URL.Query()
query.Add(helpers.QueryParameters.AccountId.String(), c.ApiClient.Configuration.AccountId)
req.URL.RawQuery = query.Encode()
resp, err := c.ApiClient.Configuration.HTTPClient.Do(req)
if err != nil {
return nil, err
}
defer resp.Body.Close()
responsePackage := &unpublished.Package{}
err = json.NewDecoder(resp.Body).Decode(responsePackage)
if err != nil {
return nil, err
}
secretManagers := []*unpublished.SecretManager{}
err = json.Unmarshal(*responsePackage.Resource, &secretManagers)
if err != nil {
return nil, err
}
return secretManagers, nil
}
var defaultSecretManagerId string
var defaultSecretManagerLookupError error
var configSecretManagerId sync.Once
// Currently there is no way to find the Id of the default secret manager
// directly through the API. Instead, this method creates a temporary secret
// without specifying which secret manager to use. Once it's created we can
// then read back the id of the secret manager that is automatically assigned.
func (c *SecretClient) GetDefaultSecretManagerId() (string, error) {
configSecretManagerId.Do(func() {
var secret *graphql.EncryptedText
input := &graphql.CreateSecretInput{
EncryptedText: &graphql.EncryptedTextInput{},
}
input.EncryptedText.Name = "__temp__" + utils.RandStringBytes(6)
input.EncryptedText.Value = "test"
secret, defaultSecretManagerLookupError = c.CreateEncryptedText(input)
if defaultSecretManagerLookupError != nil {
return
}
if secret == nil {
defaultSecretManagerLookupError = errors.New("could not create secret")
return
}
defaultSecretManagerId = secret.SecretManagerId
_ = c.DeleteSecret(secret.Id, graphql.SecretTypes.EncryptedText)
})
return defaultSecretManagerId, defaultSecretManagerLookupError
}