in secretmgmt/secrets.go [45:94]
func (secretResolver *SecretResolver) ResolveSecrets(ctx context.Context, secrets []*Secret) error {
if len(secrets) == 0 {
return nil
}
// We will resolve in batches of 5 to avoid throttling errors on the vault providers
batchSize := 5
errorChan := make(chan error)
for index := 0; index < len(secrets); index += batchSize {
endIndex := index + batchSize
if endIndex > len(secrets) {
endIndex = len(secrets)
}
var secretChannels []secretResolveChannel
for _, secret := range secrets[index:endIndex] {
if secret == nil {
continue
}
if secret.ResolvedChan == nil {
secret.ResolvedChan = make(chan bool)
}
ctxWithTimeout, cancel := context.WithTimeout(ctx, secretResolver.resolveTimeout)
defer cancel()
secretChannels = append(secretChannels, secretResolveChannel{secret.ResolvedChan, ctxWithTimeout.Done})
go secretResolver.Resolve(ctxWithTimeout, secret, errorChan)
}
// Block until either:
// - timeout in fetching any of the secrets.
// - The global context expires
// - Resolving a secret has error
// - All secrets are resolved successfully
for _, ch := range secretChannels {
select {
case <-ch.timeoutChan():
return errors.New("timeout in fetching secrets. please check permissions are valid")
case <-ctx.Done():
return ctx.Err()
case <-ch.resolvedChan:
case err := <-errorChan:
return err
}
}
}
return nil
}