github.com/zntrio/harp/v2@v2.0.9/pkg/bundle/vault/push.go (about) 1 // Licensed to Elasticsearch B.V. under one or more contributor 2 // license agreements. See the NOTICE file distributed with 3 // this work for additional information regarding copyright 4 // ownership. Elasticsearch B.V. licenses this file to you under 5 // the Apache License, Version 2.0 (the "License"); you may 6 // not use this file except in compliance with the License. 7 // You may obtain a copy of the License at 8 // 9 // http://www.apache.org/licenses/LICENSE-2.0 10 // 11 // Unless required by applicable law or agreed to in writing, 12 // software distributed under the License is distributed on an 13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 // KIND, either express or implied. See the License for the 15 // specific language governing permissions and limitations 16 // under the License. 17 18 package vault 19 20 import ( 21 "context" 22 "fmt" 23 "regexp" 24 25 "github.com/hashicorp/vault/api" 26 27 bundlev1 "github.com/zntrio/harp/v2/api/gen/go/harp/bundle/v1" 28 "github.com/zntrio/harp/v2/pkg/bundle/vault/internal/operation" 29 ) 30 31 // Push the given bundle in Hashicorp Vault. 32 func Push(ctx context.Context, b *bundlev1.Bundle, client *api.Client, opts ...Option) error { 33 // Check parameters 34 if b == nil { 35 return fmt.Errorf("unable to process nil bundle") 36 } 37 if client == nil { 38 return fmt.Errorf("unable to process nil vault client") 39 } 40 41 // Default values 42 var ( 43 defaultPrefix = "" 44 defaultPathInclusions = []*regexp.Regexp{} 45 defaultPathExclusions = []*regexp.Regexp{} 46 defaultWithSecretMetadata = false 47 defaultWithVaultMetadata = false 48 defaultWorkerCount = int64(4) 49 ) 50 51 // Create default option instance 52 defaultOpts := &options{ 53 prefix: defaultPrefix, 54 exclusions: defaultPathExclusions, 55 includes: defaultPathInclusions, 56 withSecretMetadata: defaultWithSecretMetadata, 57 withVaultMetadata: defaultWithVaultMetadata, 58 workerCount: defaultWorkerCount, 59 } 60 61 // Apply option functions 62 for _, o := range opts { 63 if err := o(defaultOpts); err != nil { 64 return fmt.Errorf("unable to apply option: %w", err) 65 } 66 } 67 68 // No error 69 return runPush(ctx, b, client, defaultOpts) 70 } 71 72 func runPush(ctx context.Context, b *bundlev1.Bundle, client *api.Client, opts *options) error { 73 // Prepare bundle 74 if len(opts.includes) > 0 { 75 filteredPackages := []*bundlev1.Package{} 76 for _, p := range b.Packages { 77 if matchPathRule(p.Name, opts.exclusions) { 78 filteredPackages = append(filteredPackages, p) 79 } 80 } 81 b.Packages = filteredPackages 82 } 83 if len(opts.exclusions) > 0 { 84 filteredPackages := []*bundlev1.Package{} 85 for _, p := range b.Packages { 86 if !matchPathRule(p.Name, opts.exclusions) { 87 filteredPackages = append(filteredPackages, p) 88 } 89 } 90 b.Packages = filteredPackages 91 } 92 93 // Initialize operation 94 op := operation.Importer(client, b, opts.prefix, opts.withSecretMetadata, opts.withVaultMetadata, opts.workerCount) 95 96 // Run the vault operation 97 if err := op.Run(ctx); err != nil { 98 return fmt.Errorf("unable to push secret bundle: %w", err) 99 } 100 101 // No error 102 return nil 103 }