github.com/zntrio/harp/v2@v2.0.9/pkg/tasks/container/recover.go (about) 1 // Licensed to Elasticsearch B.V. under one or more contributor 2 // license agreements. See the NOTICE file distributed with 3 // this work for additional information regarding copyright 4 // ownership. Elasticsearch B.V. licenses this file to you under 5 // the Apache License, Version 2.0 (the "License"); you may 6 // not use this file except in compliance with the License. 7 // You may obtain a copy of the License at 8 // 9 // http://www.apache.org/licenses/LICENSE-2.0 10 // 11 // Unless required by applicable law or agreed to in writing, 12 // software distributed under the License is distributed on an 13 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 // KIND, either express or implied. See the License for the 15 // specific language governing permissions and limitations 16 // under the License. 17 18 package container 19 20 import ( 21 "context" 22 "encoding/json" 23 "errors" 24 "fmt" 25 26 "github.com/zntrio/harp/v2/pkg/container/identity" 27 "github.com/zntrio/harp/v2/pkg/sdk/types" 28 "github.com/zntrio/harp/v2/pkg/sdk/value" 29 "github.com/zntrio/harp/v2/pkg/tasks" 30 ) 31 32 // RecoverTask implements secret container identity recovery task. 33 type RecoverTask struct { 34 JSONReader tasks.ReaderProvider 35 OutputWriter tasks.WriterProvider 36 Transformer value.Transformer 37 JSONOutput bool 38 } 39 40 // Run the task. 41 func (t *RecoverTask) Run(ctx context.Context) error { 42 // Check arguments 43 if types.IsNil(t.JSONReader) { 44 return errors.New("unable to run task with a nil jsonReader provider") 45 } 46 if types.IsNil(t.OutputWriter) { 47 return errors.New("unable to run task with a nil outputWriter provider") 48 } 49 if types.IsNil(t.Transformer) { 50 return errors.New("unable to run task with a nil transformer") 51 } 52 53 // Create input reader 54 reader, err := t.JSONReader(ctx) 55 if err != nil { 56 return fmt.Errorf("unable to read input reader: %w", err) 57 } 58 59 // Extract from reader 60 input, err := identity.FromReader(reader) 61 if err != nil { 62 return fmt.Errorf("unable to extract an identity from reader: %w", err) 63 } 64 65 // Try to decrypt the private key 66 privateKey, err := input.Decrypt(ctx, t.Transformer) 67 if err != nil { 68 return fmt.Errorf("unable to decrypt private key: %w", err) 69 } 70 71 // Retrieve recovery key 72 recoveryPrivateKey, err := privateKey.RecoveryKey() 73 if err != nil { 74 return fmt.Errorf("unable to retrieve recovery key from identity: %w", err) 75 } 76 77 // Get output writer 78 outputWriter, err := t.OutputWriter(ctx) 79 if err != nil { 80 return fmt.Errorf("unable to retrieve output writer: %w", err) 81 } 82 83 // Display as json 84 if t.JSONOutput { 85 if errJSON := json.NewEncoder(outputWriter).Encode(map[string]interface{}{ 86 "container_key": recoveryPrivateKey, 87 }); errJSON != nil { 88 return fmt.Errorf("unable to display as json: %w", errJSON) 89 } 90 } else { 91 // Display container key 92 if _, err := fmt.Fprintf(outputWriter, "Container key : %s\n", recoveryPrivateKey); err != nil { 93 return fmt.Errorf("unable to display result: %w", err) 94 } 95 } 96 97 // No error 98 return nil 99 }