in terraformer/pkg/terraformer/compiler.go [132:203]
func compile(env string, def *terraformerv1.AppRoleDefinition, specHash string, noTokenWrap bool) (*tmplModel, error) {
// Check arguments
if err := validate(def); err != nil {
return nil, err
}
res := &tmplModel{
Date: time.Now().UTC().Format(time.RFC3339),
SpecHash: specHash,
Meta: def.Meta,
Environment: slug.Make(env),
RoleName: slug.Make(def.Meta.Name),
ObjectName: slug.Make(fmt.Sprintf("%s %s", def.Meta.Name, env)),
Namespaces: map[string][]tmpSecretModel{},
DisableTokenWrap: noTokenWrap,
}
if def.Spec.Namespaces != nil {
// Prepare ring processors
csoNamespaces, err := buildNamespaces(def, env)
if err != nil {
return nil, err
}
// Process CSO rings
for ns, suffixes := range csoNamespaces {
if err := pathCompiler(ns, suffixes.prefix, suffixes.suffixFunc, res); err != nil {
return nil, err
}
}
}
// Process custom paths
customRules := []tmpSecretModel{}
for _, customRule := range def.Spec.Custom {
// Check arguments
if customRule == nil {
continue
}
// Check suffix
if customRule.Suffix == "" {
return nil, fmt.Errorf("missing suffix for secret")
}
// Check description
if customRule.Description == "" {
return nil, fmt.Errorf("missing description for secret suffix '%s'", customRule.Suffix)
}
customPath, err := engine.Render(customRule.Suffix, map[string]interface{}{
"Env": res.Environment,
"Selector": def.Spec.Selector,
})
if err != nil {
return nil, fmt.Errorf("unable to compile suffix template: %w", err)
}
customRules = append(customRules, tmpSecretModel{
Path: vpath.SanitizePath(customPath),
Description: customRule.Description,
Capabilities: filterCapabilities(customRule.Capabilities),
})
}
// Assign result
if len(customRules) > 0 {
res.CustomRules = customRules
}
return res, nil
}