github.com/zntrio/harp/v2@v2.0.9/pkg/bundle/template/executor.go

github.com/zntrio/harp/v2@v2.0.9/pkg/bundle/template/executor.go (about)

     1  // Licensed to Elasticsearch B.V. under one or more contributor
     2  // license agreements. See the NOTICE file distributed with
     3  // this work for additional information regarding copyright
     4  // ownership. Elasticsearch B.V. licenses this file to you under
     5  // the Apache License, Version 2.0 (the "License"); you may
     6  // not use this file except in compliance with the License.
     7  // You may obtain a copy of the License at
     8  //
     9  //     http://www.apache.org/licenses/LICENSE-2.0
    10  //
    11  // Unless required by applicable law or agreed to in writing,
    12  // software distributed under the License is distributed on an
    13  // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    14  // KIND, either express or implied.  See the License for the
    15  // specific language governing permissions and limitations
    16  // under the License.
    17  
    18  package template
    19  
    20  import (
    21  	"encoding/base64"
    22  	"fmt"
    23  
    24  	"google.golang.org/protobuf/proto"
    25  
    26  	bundlev1 "github.com/zntrio/harp/v2/api/gen/go/harp/bundle/v1"
    27  	"github.com/zntrio/harp/v2/pkg/bundle/template/visitor"
    28  	"github.com/zntrio/harp/v2/pkg/sdk/types"
    29  
    30  	"golang.org/x/crypto/blake2b"
    31  )
    32  
    33  // Validate bundle template.
    34  func Validate(spec *bundlev1.Template) error {
    35  	// Check if spec is nil
    36  	if spec == nil {
    37  		return fmt.Errorf("unable to validate bundle template: template is nil")
    38  	}
    39  
    40  	if spec.ApiVersion != "harp.elastic.co/v1" {
    41  		return fmt.Errorf("apiVersion should be 'BundleTemplate'")
    42  	}
    43  
    44  	if spec.Kind != "BundleTemplate" {
    45  		return fmt.Errorf("kind should be 'BundleTemplate'")
    46  	}
    47  
    48  	if spec.Meta == nil {
    49  		return fmt.Errorf("meta should not be 'nil'")
    50  	}
    51  
    52  	if spec.Spec == nil {
    53  		return fmt.Errorf("spec should not be 'nil'")
    54  	}
    55  
    56  	// No error
    57  	return nil
    58  }
    59  
    60  // Checksum calculates the bundle template checksum.
    61  func Checksum(spec *bundlev1.Template) (string, error) {
    62  	// Check if spec is nil
    63  	if spec == nil {
    64  		return "", fmt.Errorf("unable to compute template checksum: template is nil")
    65  	}
    66  
    67  	// Validate bundle template
    68  	if err := Validate(spec); err != nil {
    69  		return "", fmt.Errorf("unable to validate spec: %w", err)
    70  	}
    71  
    72  	// Encode spec as protobuf
    73  	payload, err := proto.Marshal(spec)
    74  	if err != nil {
    75  		return "", fmt.Errorf("unable to encode bundle template: %w", err)
    76  	}
    77  
    78  	// Calculate checksum
    79  	checksum := blake2b.Sum256(payload)
    80  
    81  	// No error
    82  	return base64.RawURLEncoding.EncodeToString(checksum[:]), nil
    83  }
    84  
    85  // Execute a template to generate a final secret bundle.
    86  func Execute(spec *bundlev1.Template, v visitor.TemplateVisitor) error {
    87  	// Check if spec is nil
    88  	if spec == nil {
    89  		return fmt.Errorf("unable to execute bundle template: template is nil")
    90  	}
    91  	if types.IsNil(v) {
    92  		return fmt.Errorf("unable to execute bundle template: visitor is nil")
    93  	}
    94  
    95  	// Validate bundle template
    96  	if err := Validate(spec); err != nil {
    97  		return fmt.Errorf("unable to validate spec: %w", err)
    98  	}
    99  
   100  	// Walk all namespaces
   101  	v.Visit(spec)
   102  
   103  	// Check error
   104  	return v.Error()
   105  }