wip: Add support for secrets
This commit is contained in:
Nikolai Rodionov
@ -16,6 +16,7 @@ type Cluster struct {
|
||||
Git string
|
||||
Releases []string
|
||||
Provider string
|
||||
DotSops string
|
||||
// Internal
|
||||
ReleasesObj release.Releases `yaml:"-"`
|
||||
}
|
||||
@ -55,8 +56,26 @@ func (c *Cluster) BootstrapRepo(gh githelper.Githelper, workdir string, dry bool
|
||||
}
|
||||
}
|
||||
|
||||
} else {
|
||||
return err
|
||||
}
|
||||
if len(c.DotSops) > 0 {
|
||||
dotsopsPath := fmt.Sprintf("%s/.sops.yaml", workdir)
|
||||
if _, err := os.Stat(dotsopsPath); errors.Is(err, os.ErrNotExist) {
|
||||
file, err := os.Create(dotsopsPath)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if _, err := file.WriteString(c.DotSops); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := gh.AddAllAndCommit(workdir, "Create a sops config file"); err != nil {
|
||||
return err
|
||||
}
|
||||
if !dry {
|
||||
if err := gh.Push(workdir); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -15,12 +15,13 @@ type Config struct {
|
||||
Releases release.Releases
|
||||
Clusters cluster.Clusters
|
||||
ConfigPath string `yaml:"-"`
|
||||
SopsBin string `yaml:"-"`
|
||||
}
|
||||
|
||||
// NewConfigFromFile populates the config struct from a configuration yaml file
|
||||
func NewConfigFromFile(path string) (*Config, error) {
|
||||
var config Config
|
||||
logrus.Infof("reading the config file: %s", path)
|
||||
logrus.Infof("readig the config file: %s", path)
|
||||
configFile, err := os.ReadFile(path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
@ -8,6 +8,7 @@ import (
|
||||
"git.badhouseplants.net/allanger/shoebill/internal/config/repository"
|
||||
"git.badhouseplants.net/allanger/shoebill/internal/lockfile"
|
||||
"git.badhouseplants.net/allanger/shoebill/internal/utils/helmhelper"
|
||||
"git.badhouseplants.net/allanger/shoebill/internal/utils/sopshelper"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
@ -24,12 +25,20 @@ type Release struct {
|
||||
Namespace string
|
||||
// Value files
|
||||
Values []string
|
||||
// Secrets SOPS encrypted
|
||||
Secrets []string
|
||||
// Private fields that should be pupulated during the run-time
|
||||
RepositoryObj *repository.Repository `yaml:"-"`
|
||||
RepositoryObj *repository.Repository `yaml:"-"`
|
||||
UnencryptedSecrets map[string][]byte `yaml:"-"`
|
||||
}
|
||||
|
||||
type Releases []*Release
|
||||
|
||||
// Preare the release object
|
||||
func (r *Release) InitRelease() {
|
||||
r.UnencryptedSecrets = map[string][]byte{}
|
||||
}
|
||||
|
||||
// RepositoryObjFromName gather the whole repository object by its name
|
||||
func (r *Release) RepositoryObjFromName(repos repository.Repositories) error {
|
||||
for _, repo := range repos {
|
||||
@ -68,6 +77,18 @@ func (r *Release) ValuesHandler(dir string) {
|
||||
}
|
||||
}
|
||||
|
||||
func (r *Release) SecretsHandler(dir string, sops sopshelper.SopsHelper) error {
|
||||
for i := range r.Secrets {
|
||||
path := fmt.Sprintf("%s/%s", dir, strings.ReplaceAll(r.Secrets[i], "./", ""))
|
||||
res, err := sops.Decrypt(path)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
r.UnencryptedSecrets[path] = res
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func FindReleaseByNames(releases []string, releasesObj Releases) Releases {
|
||||
result := Releases{}
|
||||
for _, rObj := range releasesObj {
|
||||
|
||||
Reference in New Issue
Block a user