github.com/zntrio/harp/v2@v2.0.9/pkg/bundle/vault/push.go

github.com/zntrio/harp/v2@v2.0.9/pkg/bundle/vault/push.go (about)

     1  // Licensed to Elasticsearch B.V. under one or more contributor
     2  // license agreements. See the NOTICE file distributed with
     3  // this work for additional information regarding copyright
     4  // ownership. Elasticsearch B.V. licenses this file to you under
     5  // the Apache License, Version 2.0 (the "License"); you may
     6  // not use this file except in compliance with the License.
     7  // You may obtain a copy of the License at
     8  //
     9  //     http://www.apache.org/licenses/LICENSE-2.0
    10  //
    11  // Unless required by applicable law or agreed to in writing,
    12  // software distributed under the License is distributed on an
    13  // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    14  // KIND, either express or implied.  See the License for the
    15  // specific language governing permissions and limitations
    16  // under the License.
    17  
    18  package vault
    19  
    20  import (
    21  	"context"
    22  	"fmt"
    23  	"regexp"
    24  
    25  	"github.com/hashicorp/vault/api"
    26  
    27  	bundlev1 "github.com/zntrio/harp/v2/api/gen/go/harp/bundle/v1"
    28  	"github.com/zntrio/harp/v2/pkg/bundle/vault/internal/operation"
    29  )
    30  
    31  // Push the given bundle in Hashicorp Vault.
    32  func Push(ctx context.Context, b *bundlev1.Bundle, client *api.Client, opts ...Option) error {
    33  	// Check parameters
    34  	if b == nil {
    35  		return fmt.Errorf("unable to process nil bundle")
    36  	}
    37  	if client == nil {
    38  		return fmt.Errorf("unable to process nil vault client")
    39  	}
    40  
    41  	// Default values
    42  	var (
    43  		defaultPrefix             = ""
    44  		defaultPathInclusions     = []*regexp.Regexp{}
    45  		defaultPathExclusions     = []*regexp.Regexp{}
    46  		defaultWithSecretMetadata = false
    47  		defaultWithVaultMetadata  = false
    48  		defaultWorkerCount        = int64(4)
    49  	)
    50  
    51  	// Create default option instance
    52  	defaultOpts := &options{
    53  		prefix:             defaultPrefix,
    54  		exclusions:         defaultPathExclusions,
    55  		includes:           defaultPathInclusions,
    56  		withSecretMetadata: defaultWithSecretMetadata,
    57  		withVaultMetadata:  defaultWithVaultMetadata,
    58  		workerCount:        defaultWorkerCount,
    59  	}
    60  
    61  	// Apply option functions
    62  	for _, o := range opts {
    63  		if err := o(defaultOpts); err != nil {
    64  			return fmt.Errorf("unable to apply option: %w", err)
    65  		}
    66  	}
    67  
    68  	// No error
    69  	return runPush(ctx, b, client, defaultOpts)
    70  }
    71  
    72  func runPush(ctx context.Context, b *bundlev1.Bundle, client *api.Client, opts *options) error {
    73  	// Prepare bundle
    74  	if len(opts.includes) > 0 {
    75  		filteredPackages := []*bundlev1.Package{}
    76  		for _, p := range b.Packages {
    77  			if matchPathRule(p.Name, opts.exclusions) {
    78  				filteredPackages = append(filteredPackages, p)
    79  			}
    80  		}
    81  		b.Packages = filteredPackages
    82  	}
    83  	if len(opts.exclusions) > 0 {
    84  		filteredPackages := []*bundlev1.Package{}
    85  		for _, p := range b.Packages {
    86  			if !matchPathRule(p.Name, opts.exclusions) {
    87  				filteredPackages = append(filteredPackages, p)
    88  			}
    89  		}
    90  		b.Packages = filteredPackages
    91  	}
    92  
    93  	// Initialize operation
    94  	op := operation.Importer(client, b, opts.prefix, opts.withSecretMetadata, opts.withVaultMetadata, opts.workerCount)
    95  
    96  	// Run the vault operation
    97  	if err := op.Run(ctx); err != nil {
    98  		return fmt.Errorf("unable to push secret bundle: %w", err)
    99  	}
   100  
   101  	// No error
   102  	return nil
   103  }