client.go 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118
  1. /*
  2. Copyright © The ESO Authors
  3. Licensed under the Apache License, Version 2.0 (the "License");
  4. you may not use this file except in compliance with the License.
  5. You may obtain a copy of the License at
  6. https://www.apache.org/licenses/LICENSE-2.0
  7. Unless required by applicable law or agreed to in writing, software
  8. distributed under the License is distributed on an "AS IS" BASIS,
  9. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  10. See the License for the specific language governing permissions and
  11. limitations under the License.
  12. */
  13. // Package store adapts v1 provider implementations to the v2 gRPC SecretStoreProvider interface.
  14. package store
  15. import (
  16. "context"
  17. corev1 "k8s.io/api/core/v1"
  18. esv1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
  19. pb "github.com/external-secrets/external-secrets/proto/provider"
  20. v2 "github.com/external-secrets/external-secrets/providers/v2/common"
  21. )
  22. // Client wraps a v2.Provider (gRPC client) and exposes it as an esv1.SecretsClient.
  23. // This allows v2 providers to be used with the existing client manager infrastructure.
  24. type Client struct {
  25. v2Provider v2.Provider
  26. providerRef *pb.ProviderReference
  27. sourceNamespace string
  28. }
  29. // Ensure Client implements SecretsClient interface.
  30. var _ esv1.SecretsClient = &Client{}
  31. // NewClient creates a new wrapper that adapts a v2.Provider to esv1.SecretsClient.
  32. func NewClient(v2Provider v2.Provider, providerRef *pb.ProviderReference, sourceNamespace string) esv1.SecretsClient {
  33. return &Client{
  34. v2Provider: v2Provider,
  35. providerRef: providerRef,
  36. sourceNamespace: sourceNamespace,
  37. }
  38. }
  39. // GetSecret retrieves a single secret from the provider.
  40. func (w *Client) GetSecret(ctx context.Context, ref esv1.ExternalSecretDataRemoteRef) ([]byte, error) {
  41. return w.v2Provider.GetSecret(ctx, ref, w.providerRef, w.sourceNamespace)
  42. }
  43. // GetSecretMap retrieves a secret object and returns its key/value pairs.
  44. func (w *Client) GetSecretMap(ctx context.Context, ref esv1.ExternalSecretDataRemoteRef) (map[string][]byte, error) {
  45. return w.v2Provider.GetSecretMap(ctx, ref, w.providerRef, w.sourceNamespace)
  46. }
  47. // GetAllSecrets retrieves multiple secrets based on find criteria.
  48. func (w *Client) GetAllSecrets(ctx context.Context, find esv1.ExternalSecretFind) (map[string][]byte, error) {
  49. return w.v2Provider.GetAllSecrets(ctx, find, w.providerRef, w.sourceNamespace)
  50. }
  51. // PushSecret writes a secret to the provider.
  52. func (w *Client) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1.PushSecretData) error {
  53. // Convert metadata from *apiextensionsv1.JSON to []byte
  54. var metadata []byte
  55. if data.GetMetadata() != nil {
  56. metadata = data.GetMetadata().Raw
  57. }
  58. // Convert esv1.PushSecretData to pb.PushSecretData
  59. pushSecretData := &pb.PushSecretData{
  60. RemoteKey: data.GetRemoteKey(),
  61. SecretKey: data.GetSecretKey(),
  62. Property: data.GetProperty(),
  63. Metadata: metadata,
  64. }
  65. return w.v2Provider.PushSecret(ctx, secret, pushSecretData, w.providerRef, w.sourceNamespace)
  66. }
  67. // DeleteSecret deletes a secret from the provider.
  68. func (w *Client) DeleteSecret(ctx context.Context, remoteRef esv1.PushSecretRemoteRef) error {
  69. // Convert esv1.PushSecretRemoteRef to pb.PushSecretRemoteRef
  70. pbRemoteRef := &pb.PushSecretRemoteRef{
  71. RemoteKey: remoteRef.GetRemoteKey(),
  72. Property: remoteRef.GetProperty(),
  73. }
  74. return w.v2Provider.DeleteSecret(ctx, pbRemoteRef, w.providerRef, w.sourceNamespace)
  75. }
  76. // SecretExists checks if a secret exists in the provider.
  77. func (w *Client) SecretExists(ctx context.Context, remoteRef esv1.PushSecretRemoteRef) (bool, error) {
  78. // Convert esv1.PushSecretRemoteRef to pb.PushSecretRemoteRef
  79. pbRemoteRef := &pb.PushSecretRemoteRef{
  80. RemoteKey: remoteRef.GetRemoteKey(),
  81. Property: remoteRef.GetProperty(),
  82. }
  83. return w.v2Provider.SecretExists(ctx, pbRemoteRef, w.providerRef, w.sourceNamespace)
  84. }
  85. // Validate checks if the provider is properly configured.
  86. func (w *Client) Validate() (esv1.ValidationResult, error) {
  87. err := w.v2Provider.Validate(context.Background(), w.providerRef, w.sourceNamespace)
  88. if err != nil {
  89. return esv1.ValidationResultError, err
  90. }
  91. return esv1.ValidationResultReady, nil
  92. }
  93. // Close cleans up any resources held by the provider client.
  94. func (w *Client) Close(ctx context.Context) error {
  95. return w.v2Provider.Close(ctx)
  96. }