in terraformer/pkg/terraformer/compiler.go [76:130]
func pathCompiler(ring csov1.Ring, prefix []string, suffixFunc func() []*terraformerv1.AppRoleDefinitionSecretSuffix, res *tmplModel) error {
// Retrieve suffix list
secretSuffixList := suffixFunc()
// Check nil / len
if len(secretSuffixList) == 0 {
return nil
}
// Foreach suffix
for _, item := range secretSuffixList {
// Check arguments
if item == nil {
continue
}
// Convert definition to CSO secret path
v, err := ring.Path(append(prefix, item.Suffix)...)
if err != nil {
// Will be used after path validation control implementation
return fmt.Errorf("unable to extract ring from path: %w", err)
}
// Check description
if item.Description == "" {
return fmt.Errorf("missing description for secret suffix '%s'", v)
}
// Filter capabilities
capabilities := types.StringArray(filterCapabilities(item.Capabilities))
// Add metadata access for list operation
if capabilities.Contains("list") {
// Add to mapped secrets
res.Namespaces[ring.Name()] = append(res.Namespaces[ring.Name()], tmpSecretModel{
Path: vaultKvV2Path(v, "metadata"),
Description: "Allow metadata access for list operation",
Capabilities: []string{"list"},
})
// Remove "list" from capabilities
capabilities.Remove("list")
}
// Add to mapped secrets
res.Namespaces[ring.Name()] = append(res.Namespaces[ring.Name()], tmpSecretModel{
Path: vaultKvV2Path(v, "data"),
Description: item.Description,
Capabilities: capabilities,
})
}
// No error
return nil
}