github.com/zntrio/harp/v2@v2.0.9/pkg/tasks/from/vault.go

github.com/zntrio/harp/v2@v2.0.9/pkg/tasks/from/vault.go (about)

     1  // Licensed to Elasticsearch B.V. under one or more contributor
     2  // license agreements. See the NOTICE file distributed with
     3  // this work for additional information regarding copyright
     4  // ownership. Elasticsearch B.V. licenses this file to you under
     5  // the Apache License, Version 2.0 (the "License"); you may
     6  // not use this file except in compliance with the License.
     7  // You may obtain a copy of the License at
     8  //
     9  //     http://www.apache.org/licenses/LICENSE-2.0
    10  //
    11  // Unless required by applicable law or agreed to in writing,
    12  // software distributed under the License is distributed on an
    13  // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    14  // KIND, either express or implied.  See the License for the
    15  // specific language governing permissions and limitations
    16  // under the License.
    17  
    18  package from
    19  
    20  import (
    21  	"context"
    22  	"fmt"
    23  
    24  	"github.com/hashicorp/vault/api"
    25  
    26  	"github.com/zntrio/harp/v2/pkg/bundle"
    27  	bundlevault "github.com/zntrio/harp/v2/pkg/bundle/vault"
    28  	"github.com/zntrio/harp/v2/pkg/tasks"
    29  	"github.com/zntrio/harp/v2/pkg/vault"
    30  )
    31  
    32  // VaultTask implements secret-container building from Vault K/V.
    33  type VaultTask struct {
    34  	OutputWriter    tasks.WriterProvider
    35  	SecretPaths     []string
    36  	VaultNamespace  string
    37  	AsVaultMetadata bool
    38  	WithMetadata    bool
    39  	MaxWorkerCount  int64
    40  	ContinueOnError bool
    41  }
    42  
    43  // Run the task.
    44  func (t *VaultTask) Run(ctx context.Context) error {
    45  	// Initialize vault connection
    46  	client, err := api.NewClient(api.DefaultConfig())
    47  	if err != nil {
    48  		return fmt.Errorf("unable to initialize Vault connection: %w", err)
    49  	}
    50  
    51  	// If a namespace is specified
    52  	if t.VaultNamespace != "" {
    53  		client.SetNamespace(t.VaultNamespace)
    54  	}
    55  
    56  	// Verify vault connection
    57  	if _, errAuth := vault.CheckAuthentication(ctx, client); errAuth != nil {
    58  		return fmt.Errorf("vault connection verification failed: %w", errAuth)
    59  	}
    60  
    61  	// Call exporter
    62  	b, err := bundlevault.Pull(ctx, client, t.SecretPaths,
    63  		bundlevault.WithVaultMetadata(t.AsVaultMetadata),
    64  		bundlevault.WithSecretMetadata(t.WithMetadata),
    65  		bundlevault.WithMaxWorkerCount(t.MaxWorkerCount),
    66  		bundlevault.WithContinueOnError(t.ContinueOnError),
    67  	)
    68  	if err != nil {
    69  		return fmt.Errorf("error occurs during vault export: %w", err)
    70  	}
    71  
    72  	// Create output writer
    73  	writer, err := t.OutputWriter(ctx)
    74  	if err != nil {
    75  		return fmt.Errorf("unable to open output bundle: %w", err)
    76  	}
    77  
    78  	// Dump bundle
    79  	if err = bundle.ToContainerWriter(writer, b); err != nil {
    80  		return fmt.Errorf("unable to produce exported bundle: %w", err)
    81  	}
    82  
    83  	// No error
    84  	return nil
    85  }