github.com/zntrio/harp/v2@v2.0.9/pkg/tasks/container/recover.go

github.com/zntrio/harp/v2@v2.0.9/pkg/tasks/container/recover.go (about)

     1  // Licensed to Elasticsearch B.V. under one or more contributor
     2  // license agreements. See the NOTICE file distributed with
     3  // this work for additional information regarding copyright
     4  // ownership. Elasticsearch B.V. licenses this file to you under
     5  // the Apache License, Version 2.0 (the "License"); you may
     6  // not use this file except in compliance with the License.
     7  // You may obtain a copy of the License at
     8  //
     9  //     http://www.apache.org/licenses/LICENSE-2.0
    10  //
    11  // Unless required by applicable law or agreed to in writing,
    12  // software distributed under the License is distributed on an
    13  // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    14  // KIND, either express or implied.  See the License for the
    15  // specific language governing permissions and limitations
    16  // under the License.
    17  
    18  package container
    19  
    20  import (
    21  	"context"
    22  	"encoding/json"
    23  	"errors"
    24  	"fmt"
    25  
    26  	"github.com/zntrio/harp/v2/pkg/container/identity"
    27  	"github.com/zntrio/harp/v2/pkg/sdk/types"
    28  	"github.com/zntrio/harp/v2/pkg/sdk/value"
    29  	"github.com/zntrio/harp/v2/pkg/tasks"
    30  )
    31  
    32  // RecoverTask implements secret container identity recovery task.
    33  type RecoverTask struct {
    34  	JSONReader   tasks.ReaderProvider
    35  	OutputWriter tasks.WriterProvider
    36  	Transformer  value.Transformer
    37  	JSONOutput   bool
    38  }
    39  
    40  // Run the task.
    41  func (t *RecoverTask) Run(ctx context.Context) error {
    42  	// Check arguments
    43  	if types.IsNil(t.JSONReader) {
    44  		return errors.New("unable to run task with a nil jsonReader provider")
    45  	}
    46  	if types.IsNil(t.OutputWriter) {
    47  		return errors.New("unable to run task with a nil outputWriter provider")
    48  	}
    49  	if types.IsNil(t.Transformer) {
    50  		return errors.New("unable to run task with a nil transformer")
    51  	}
    52  
    53  	// Create input reader
    54  	reader, err := t.JSONReader(ctx)
    55  	if err != nil {
    56  		return fmt.Errorf("unable to read input reader: %w", err)
    57  	}
    58  
    59  	// Extract from reader
    60  	input, err := identity.FromReader(reader)
    61  	if err != nil {
    62  		return fmt.Errorf("unable to extract an identity from reader: %w", err)
    63  	}
    64  
    65  	// Try to decrypt the private key
    66  	privateKey, err := input.Decrypt(ctx, t.Transformer)
    67  	if err != nil {
    68  		return fmt.Errorf("unable to decrypt private key: %w", err)
    69  	}
    70  
    71  	// Retrieve recovery key
    72  	recoveryPrivateKey, err := privateKey.RecoveryKey()
    73  	if err != nil {
    74  		return fmt.Errorf("unable to retrieve recovery key from identity: %w", err)
    75  	}
    76  
    77  	// Get output writer
    78  	outputWriter, err := t.OutputWriter(ctx)
    79  	if err != nil {
    80  		return fmt.Errorf("unable to retrieve output writer: %w", err)
    81  	}
    82  
    83  	// Display as json
    84  	if t.JSONOutput {
    85  		if errJSON := json.NewEncoder(outputWriter).Encode(map[string]interface{}{
    86  			"container_key": recoveryPrivateKey,
    87  		}); errJSON != nil {
    88  			return fmt.Errorf("unable to display as json: %w", errJSON)
    89  		}
    90  	} else {
    91  		// Display container key
    92  		if _, err := fmt.Fprintf(outputWriter, "Container key : %s\n", recoveryPrivateKey); err != nil {
    93  			return fmt.Errorf("unable to display result: %w", err)
    94  		}
    95  	}
    96  
    97  	// No error
    98  	return nil
    99  }