func()

in internal/loader/configuration_setting_loader.go [420:500]

• 71 lines of code
• 16 McCabe index (conditional complexity)

func (csl *ConfigurationSettingLoader) ResolveSecretReferences(
	ctx context.Context,
	secretReferencesToResolve map[string]*TargetK8sSecretMetadata,
	resolver SecretReferenceResolver) (*TargetKeyValueSettings, error) {
	if resolver == nil {
		if kvResolver, err := csl.createSecretReferenceResolver(ctx); err != nil {
			return nil, err
		} else {
			resolver = kvResolver
		}
	}

	resolvedSecrets := make(map[string]corev1.Secret)
	for name, targetSecretReference := range secretReferencesToResolve {
		resolvedSecrets[name] = corev1.Secret{
			Data: make(map[string][]byte),
			Type: targetSecretReference.Type,
		}

		var eg errgroup.Group
		if targetSecretReference.Type == corev1.SecretTypeOpaque {
			if len(targetSecretReference.SecretsKeyVaultMetadata) > 0 {
				lock := &sync.Mutex{}
				for key, kvReference := range targetSecretReference.SecretsKeyVaultMetadata {
					currentKey := key
					currentReference := kvReference
					eg.Go(func() error {
						resolvedSecret, err := resolver.Resolve(currentReference, ctx)
						if err != nil {
							return fmt.Errorf("fail to resolve the Key Vault reference type setting '%s': %s", currentKey, err.Error())
						}
						lock.Lock()
						defer lock.Unlock()
						resolvedSecrets[name].Data[currentKey] = []byte(*resolvedSecret.Value)
						return nil
					})
				}

				if err := eg.Wait(); err != nil {
					return nil, err
				}
			}
		} else if targetSecretReference.Type == corev1.SecretTypeTLS {
			eg.Go(func() error {
				resolvedSecret, err := resolver.Resolve(targetSecretReference.SecretsKeyVaultMetadata[name], ctx)
				if err != nil {
					return fmt.Errorf("fail to resolve the Key Vault reference type setting '%s': %s", name, err.Error())
				}

				if resolvedSecret.ContentType == nil {
					return fmt.Errorf("unspecified content type")
				}

				switch *resolvedSecret.ContentType {
				case CertTypePfx:
					resolvedSecrets[name].Data[TlsKey], resolvedSecrets[name].Data[TlsCrt], err = decodePkcs12(*resolvedSecret.Value)
				case CertTypePem:
					resolvedSecrets[name].Data[TlsKey], resolvedSecrets[name].Data[TlsCrt], err = decodePem(*resolvedSecret.Value)
				default:
					err = fmt.Errorf("unknown content type '%s'", *resolvedSecret.ContentType)
				}

				if err != nil {
					return fmt.Errorf("fail to decode the cert '%s': %s", name, err.Error())
				}

				return nil
			})
		}
		// All other types are not supported

		if err := eg.Wait(); err != nil {
			return nil, err
		}
	}

	return &TargetKeyValueSettings{
		SecretSettings: resolvedSecrets,
		K8sSecrets:     secretReferencesToResolve,
	}, nil
}