in pkg/bundle/template/visitor/secretbuilder/helpers.go [43:105]
func buildSecretChain(templateContext engine.Context, secretPath string, item *bundlev1.SecretSuffix, data interface{}) (*bundlev1.SecretChain, error) {
// Check arguments
if types.IsNil(templateContext) {
return nil, errors.New("unable to process with nil context")
}
if secretPath == "" {
return nil, errors.New("unable to process with blank secret path")
}
if item == nil {
return nil, errors.New("unable to process with nil secret suffix")
}
// Extract generated secret value
kv, err := renderSuffix(templateContext, secretPath, item, data)
if err != nil {
return nil, fmt.Errorf("unable to render secret suffix (path:%s suffix:%s): %w", secretPath, item.Suffix, err)
}
// Prepare secret list
chain := &bundlev1.SecretChain{
Version: uint32(0),
Labels: map[string]string{
"generated": "true",
},
Annotations: map[string]string{
"creationDate": fmt.Sprintf("%d", time.Now().UTC().Unix()),
"description": item.Description,
"template": item.Template,
},
Data: make([]*bundlev1.KV, 0),
NextVersion: nil,
PreviousVersion: nil,
}
// Check vendor status
if item.Vendor {
chain.Labels["vendor"] = "true"
}
// Iterate over K/V
for key, value := range kv {
// Skip empty key
if key == "" {
continue
}
// Pack secret value
secretBody, err := secret.Pack(value)
if err != nil {
return nil, fmt.Errorf("unable to pack secret value for path '%s': %w", secretPath, err)
}
// Add secret to package
chain.Data = append(chain.Data, &bundlev1.KV{
Key: key,
Type: fmt.Sprintf("%T", value),
Value: secretBody,
})
}
// No error
return chain, nil
}