func()

in pkg/provider/provider.go [381:428]

• 40 lines of code
• 11 McCabe index (conditional complexity)

func (p *provider) getSecret(ctx context.Context, kvClient KeyVault, kvObject types.KeyVaultObject) ([]keyvaultObject, error) {
	secret, err := kvClient.GetSecret(ctx, kvObject.ObjectName, kvObject.ObjectVersion)
	if err != nil {
		return nil, wrapObjectTypeError(err, kvObject.ObjectType, kvObject.ObjectName, kvObject.ObjectVersion)
	}
	if secret.Value == nil {
		return nil, errors.Errorf("secret value is nil")
	}
	if secret.ID == nil {
		return nil, errors.Errorf("secret id is nil")
	}
	content := *secret.Value
	id := *secret.ID
	version := id.Version()
	result := []keyvaultObject{}
	// if the secret is part of a certificate, then we need to convert the certificate and key to PEM format
	if secret.Kid != nil && len(*secret.Kid) > 0 {
		switch *secret.ContentType {
		case types.CertTypePem:
		case types.CertTypePfx:
			// object format requested is pfx, then return the content as is
			if strings.EqualFold(kvObject.ObjectFormat, types.ObjectFormatPFX) {
				break
			}
			// convert to pem as that's the default object format for this provider
			if content, err = p.decodePKCS12(*secret.Value); err != nil {
				return nil, wrapObjectTypeError(err, kvObject.ObjectType, kvObject.ObjectName, kvObject.ObjectVersion)
			}
		default:
			err := errors.Errorf("failed to get certificate. unknown content type '%s'", *secret.ContentType)
			return nil, wrapObjectTypeError(err, kvObject.ObjectType, kvObject.ObjectName, kvObject.ObjectVersion)
		}

		if p.writeCertAndKeyInSeparateFiles {
			// when writeCertAndKeyInSeparateFiles feature flag is enabled, we write the cert and key in separate files
			// with suffixes .crt and .key respectively. These files are written in addition to the default file which
			// contains the cert and key in a single file to maintain backward compatibility with the existing behavior.
			cert, key := splitCertAndKey(content)
			result = append(result,
				keyvaultObject{version: version, content: cert, fileNameSuffix: ".crt"},
				keyvaultObject{version: version, content: key, fileNameSuffix: ".key"},
			)
		}
	}

	result = append(result, keyvaultObject{content: content, version: version})
	return result, nil
}