/
secrets_runtime_data.go
98 lines (80 loc) · 3.18 KB
/
secrets_runtime_data.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package secrets
import (
"context"
"fmt"
"io/ioutil"
"helm.sh/helm/v3/pkg/chart"
"github.com/werf/werf/pkg/deploy/secrets_manager"
"github.com/werf/werf/pkg/giterminism_manager"
"github.com/werf/werf/pkg/secret"
"github.com/werf/werf/pkg/util/secretvalues"
)
type SecretsRuntimeData struct {
DecodedSecretValues map[string]interface{}
DecodedSecretFilesData map[string]string
SecretValuesToMask []string
}
func NewSecretsRuntimeData() *SecretsRuntimeData {
return &SecretsRuntimeData{
DecodedSecretFilesData: make(map[string]string),
}
}
type DecodeAndLoadSecretsOptions struct {
GiterminismManager giterminism_manager.Interface
CustomSecretValueFiles []string
LoadFromLocalFilesystem bool
WithoutDefaultSecretValues bool
}
func (secretsRuntimeData *SecretsRuntimeData) DecodeAndLoadSecrets(ctx context.Context, loadedChartFiles []*chart.ChartExtenderBufferedFile, chartDir, secretsWorkingDir string, secretsManager *secrets_manager.SecretsManager, opts DecodeAndLoadSecretsOptions) error {
secretDirFiles := GetSecretDirFiles(loadedChartFiles)
var loadedSecretValuesFiles []*chart.ChartExtenderBufferedFile
if !opts.WithoutDefaultSecretValues {
if defaultSecretValues := GetDefaultSecretValuesFile(chartDir, loadedChartFiles); defaultSecretValues != nil {
loadedSecretValuesFiles = append(loadedSecretValuesFiles, defaultSecretValues)
}
}
for _, customSecretValuesFileName := range opts.CustomSecretValueFiles {
file := &chart.ChartExtenderBufferedFile{Name: customSecretValuesFileName}
if opts.LoadFromLocalFilesystem {
data, err := ioutil.ReadFile(customSecretValuesFileName)
if err != nil {
return fmt.Errorf("unable to read custom secret values file %q from local filesystem: %w", customSecretValuesFileName, err)
}
file.Data = data
} else {
data, err := opts.GiterminismManager.FileReader().ReadChartFile(ctx, customSecretValuesFileName)
if err != nil {
return fmt.Errorf("unable to read custom secret values file %q: %w", customSecretValuesFileName, err)
}
file.Data = data
}
loadedSecretValuesFiles = append(loadedSecretValuesFiles, file)
}
var encoder *secret.YamlEncoder
if len(secretDirFiles)+len(loadedSecretValuesFiles) > 0 {
if enc, err := secretsManager.GetYamlEncoder(ctx, secretsWorkingDir); err != nil {
return err
} else {
encoder = enc
}
}
if len(secretDirFiles) > 0 {
if data, err := LoadChartSecretDirFilesData(chartDir, secretDirFiles, encoder); err != nil {
return fmt.Errorf("error loading secret files data: %w", err)
} else {
secretsRuntimeData.DecodedSecretFilesData = data
for _, fileData := range secretsRuntimeData.DecodedSecretFilesData {
secretsRuntimeData.SecretValuesToMask = append(secretsRuntimeData.SecretValuesToMask, fileData)
}
}
}
if len(loadedSecretValuesFiles) > 0 {
if values, err := LoadChartSecretValueFiles(chartDir, loadedSecretValuesFiles, encoder); err != nil {
return fmt.Errorf("error loading secret value files: %w", err)
} else {
secretsRuntimeData.DecodedSecretValues = values
secretsRuntimeData.SecretValuesToMask = append(secretsRuntimeData.SecretValuesToMask, secretvalues.ExtractSecretValuesFromMap(values)...)
}
}
return nil
}