/
types.go
153 lines (128 loc) · 4.51 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
package secretfacade
import (
"fmt"
"github.com/jenkins-x-plugins/secretfacade/pkg/secretstore"
"github.com/jenkins-x-plugins/secretfacade/pkg/secretstore/factory"
v1 "github.com/jenkins-x/jx-secret/pkg/apis/external/v1"
schema "github.com/jenkins-x/jx-secret/pkg/apis/schema/v1alpha1"
"github.com/jenkins-x/jx-secret/pkg/extsecrets"
"github.com/jenkins-x/jx-secret/pkg/extsecrets/editor"
"github.com/jenkins-x/jx-secret/pkg/schemas"
"github.com/pkg/errors"
"github.com/spf13/cobra"
corev1 "k8s.io/api/core/v1"
"k8s.io/client-go/kubernetes"
)
// Options options for verifying secrets
type Options struct {
Dir string
Namespace string
SecretNamespace string
Filter string
SecretClient extsecrets.Interface
KubeClient kubernetes.Interface
Source string
SecretStoreManagerFactory secretstore.FactoryInterface
// ExternalSecrets the loaded secrets
ExternalSecrets []*v1.ExternalSecret
// EditorCache the optional cache of editors
EditorCache map[string]editor.Interface
}
type ExternalSecretLocation string
const FileSystem string = "filesystem"
const Kubernetes string = "kubernetes"
func (o *Options) AddFlags(cmd *cobra.Command) {
cmd.Flags().StringVarP(&o.Filter, "filter", "f", "", "the filter to filter on ExternalSecret names")
cmd.Flags().StringVarP(&o.Source, "source", "s", "kubernetes", "the source location for the ExternalSecrets, valid values include filesystem or kubernetes")
}
func (o *Options) Validate() error {
var err error
if o.SecretClient == nil && (o.Source == Kubernetes || o.Source == "") {
o.SecretClient, err = extsecrets.NewClient(nil)
if err != nil {
return errors.Wrap(err, "error initialising kubernetes external secrets client")
}
} else if o.SecretClient == nil && o.Source == FileSystem {
o.SecretClient = extsecrets.NewFileClient(o.Dir)
}
if o.SecretClient == nil {
return fmt.Errorf("secret client required to read external secrets")
}
if o.SecretStoreManagerFactory == nil {
o.SecretStoreManagerFactory = &factory.SecretManagerFactory{}
}
return nil
}
func (o *Options) ExternalSecretByName(secretName string) (*v1.ExternalSecret, error) {
for _, s := range o.ExternalSecrets {
if s.ObjectMeta.Name == secretName {
return s, nil
}
}
return nil, fmt.Errorf("unable to find External Secret with name %s", secretName)
}
// SecretError returns an error for a secret
type SecretError struct {
// ExternalSecret the external secret which is not valid
ExternalSecret v1.ExternalSecret
// EntryErrors the errors for each secret entry
EntryErrors []*EntryError
}
// EntryError represents the missing entries
type EntryError struct {
// Key the secret key
Key string
// Properties property names for the key
Properties []string
}
// SecretPair the external secret and the associated Secret an error for a secret
type SecretPair struct {
// ExternalSecret the external secret which is not valid
ExternalSecret v1.ExternalSecret
// Secret the secret if there is one
Secret *corev1.Secret
// Error last validation error at last check
Error *SecretError
// schemaObject caches the schema object
schemaObject *schema.Object
}
// IsInvalid returns true if the validation failed
func (p *SecretPair) IsInvalid() bool {
return p.Error != nil && len(p.Error.EntryErrors) > 0
}
// IsMandatory returns true if the secret is a mandatory secret
func (p *SecretPair) IsMandatory() bool {
obj, err := p.SchemaObject()
if err == nil && obj != nil {
return obj.Mandatory
}
return false
}
// SetSchemaObject sets the cached schema object: typically used for testing
func (p *SecretPair) SetSchemaObject(schemaObject *schema.Object) {
p.schemaObject = schemaObject
}
// SchemaObject returns the optional schema object from the annotation
func (p *SecretPair) SchemaObject() (*schema.Object, error) {
if p.schemaObject != nil {
return p.schemaObject, nil
}
var err error
p.schemaObject, err = schemas.ObjectFromObjectMeta(&p.ExternalSecret.ObjectMeta)
if err != nil {
return nil, errors.Wrapf(err, "failed to load schema object from ExternalSecret annotation for %s", p.ExternalSecret.Name)
}
return p.schemaObject, nil
}
// Name returns the name of the secret
func (p *SecretPair) Name() string {
return p.ExternalSecret.Name
}
// Namespace returns the namespace of the secret
func (p *SecretPair) Namespace() string {
return p.ExternalSecret.Namespace
}
// Key returns the unique key of the secret
func (p *SecretPair) Key() string {
return p.Namespace() + "/" + p.Name()
}