provider.go 4.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132
  1. /*
  2. Licensed under the Apache License, Version 2.0 (the "License");
  3. you may not use this file except in compliance with the License.
  4. You may obtain a copy of the License at
  5. http://www.apache.org/licenses/LICENSE-2.0
  6. Unless required by applicable law or agreed to in writing, software
  7. distributed under the License is distributed on an "AS IS" BASIS,
  8. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implieclient.
  9. See the License for the specific language governing permissions and
  10. limitations under the License.
  11. */
  12. package doppler
  13. import (
  14. "context"
  15. "errors"
  16. "fmt"
  17. "os"
  18. "strconv"
  19. kclient "sigs.k8s.io/controller-runtime/pkg/client"
  20. "sigs.k8s.io/controller-runtime/pkg/webhook/admission"
  21. esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
  22. esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
  23. dClient "github.com/external-secrets/external-secrets/pkg/provider/doppler/client"
  24. "github.com/external-secrets/external-secrets/pkg/utils"
  25. )
  26. const (
  27. errNewClient = "unable to create DopplerClient : %s"
  28. errInvalidStore = "invalid store: %s"
  29. errDopplerStore = "missing or invalid Doppler SecretStore"
  30. )
  31. // Provider is a Doppler secrets provider implementing NewClient and ValidateStore for the esv1beta1.Provider interface.
  32. type Provider struct{}
  33. // https://github.com/external-secrets/external-secrets/issues/644
  34. var _ esv1beta1.SecretsClient = &Client{}
  35. var _ esv1beta1.Provider = &Provider{}
  36. func init() {
  37. esv1beta1.Register(&Provider{}, &esv1beta1.SecretStoreProvider{
  38. Doppler: &esv1beta1.DopplerProvider{},
  39. })
  40. }
  41. func (p *Provider) Capabilities() esv1beta1.SecretStoreCapabilities {
  42. return esv1beta1.SecretStoreReadOnly
  43. }
  44. func (p *Provider) Convert(_ esv1beta1.GenericStore) (kclient.Object, error) {
  45. return nil, nil
  46. }
  47. func (p *Provider) ApplyReferent(spec kclient.Object, _ esmeta.ReferentCallOrigin, _ string) (kclient.Object, error) {
  48. return spec, nil
  49. }
  50. func (p *Provider) NewClientFromObj(_ context.Context, _ kclient.Object, _ kclient.Client, _ string) (esv1beta1.SecretsClient, error) {
  51. return nil, fmt.Errorf("not implemented")
  52. }
  53. func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube kclient.Client, namespace string) (esv1beta1.SecretsClient, error) {
  54. storeSpec := store.GetSpec()
  55. if storeSpec == nil || storeSpec.Provider == nil || storeSpec.Provider.Doppler == nil {
  56. return nil, errors.New(errDopplerStore)
  57. }
  58. dopplerStoreSpec := storeSpec.Provider.Doppler
  59. // Default Key to dopplerToken if not specified
  60. if dopplerStoreSpec.Auth.SecretRef.DopplerToken.Key == "" {
  61. storeSpec.Provider.Doppler.Auth.SecretRef.DopplerToken.Key = "dopplerToken"
  62. }
  63. client := &Client{
  64. kube: kube,
  65. store: dopplerStoreSpec,
  66. namespace: namespace,
  67. storeKind: store.GetObjectKind().GroupVersionKind().Kind,
  68. }
  69. if err := client.setAuth(ctx); err != nil {
  70. return nil, err
  71. }
  72. doppler, err := dClient.NewDopplerClient(client.dopplerToken)
  73. if err != nil {
  74. return nil, fmt.Errorf(errNewClient, err)
  75. }
  76. if customBaseURL, found := os.LookupEnv(customBaseURLEnvVar); found {
  77. if err := doppler.SetBaseURL(customBaseURL); err != nil {
  78. return nil, fmt.Errorf(errNewClient, err)
  79. }
  80. }
  81. if customVerifyTLS, found := os.LookupEnv(verifyTLSOverrideEnvVar); found {
  82. customVerifyTLS, err := strconv.ParseBool(customVerifyTLS)
  83. if err == nil {
  84. doppler.VerifyTLS = customVerifyTLS
  85. }
  86. }
  87. client.doppler = doppler
  88. client.project = client.store.Project
  89. client.config = client.store.Config
  90. client.nameTransformer = client.store.NameTransformer
  91. client.format = client.store.Format
  92. return client, nil
  93. }
  94. func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnings, error) {
  95. storeSpec := store.GetSpec()
  96. dopplerStoreSpec := storeSpec.Provider.Doppler
  97. dopplerTokenSecretRef := dopplerStoreSpec.Auth.SecretRef.DopplerToken
  98. if err := utils.ValidateSecretSelector(store, dopplerTokenSecretRef); err != nil {
  99. return nil, fmt.Errorf(errInvalidStore, err)
  100. }
  101. if dopplerTokenSecretRef.Name == "" {
  102. return nil, fmt.Errorf(errInvalidStore, "dopplerToken.name cannot be empty")
  103. }
  104. return nil, nil
  105. }