in templating/base_render_options.go [223:272]
func renderAndResolveSecrets(
ctx context.Context,
template *Template,
templateEngine *Engine,
resolveSecretFunc secretmgmt.ResolveSecretFunc,
opts *BaseRenderOptions,
sourceValues Values) (Values, error) {
result := Values{}
// Cheap optimization to skip the secrets merging if the task definition file doesn't contain "secrets" string in it. Note that the task can
// have the string secrets but may not essentially the secrets section.
if !strings.Contains(string(template.Data), "secrets") {
return result, nil
}
// At first render the template with existing values to render templatized values for secrets.
sourceValues["Secrets"] = result
rendered, err := templateEngine.Render(template, sourceValues)
if err != nil {
return result, errors.Wrap(err, "failed to render the template")
}
if rendered == "" {
return result, errors.New("rendered template was empty")
}
// Unmarshall the template to Task and get all secrets defined in the template.
task, err := graph.NewTaskFromString(rendered)
if err != nil {
return result, errors.Wrap(err, "failed to parse template to create task")
}
// If no secrets found return.
if len(task.Secrets) == 0 {
return result, nil
}
secretResolver, err := secretmgmt.NewSecretResolver(resolveSecretFunc, opts.SecretResolveTimeout)
if err != nil {
return result, errors.Wrap(err, "failed to create secret resolver")
}
err = secretResolver.ResolveSecrets(ctx, task.Secrets)
if err != nil {
return result, err
}
for _, s := range task.Secrets {
result[s.ID] = s.ResolvedValue
}
return result, nil
}