in pkg/bundle/patch/executor.go [350:425]
func applySecretKVPatch(kv []*bundlev1.KV, op *bundlev1.PatchOperation, values map[string]interface{}) ([]*bundlev1.KV, error) {
// Check parameters
if kv == nil {
return nil, fmt.Errorf("cannot process nil kv list")
}
if op == nil {
return nil, fmt.Errorf("cannot process nil operation")
}
var out []*bundlev1.KV
// Remove all keys
if len(op.RemoveKeys) > 0 {
for _, rx := range op.RemoveKeys {
re, err := regexp.Compile(rx)
if err != nil {
return nil, fmt.Errorf("unable to compile regexp for key deletion '%s': %w", rx, err)
}
// Add to remove if match one expression
for _, k := range kv {
if k == nil {
continue
}
if re.MatchString(k.Key) {
if op.Remove == nil {
op.Remove = make([]string, 0)
}
op.Remove = append(op.Remove, k.Key)
}
}
}
}
// Remove secret
if len(op.Remove) > 0 {
// Overwrite secret list
out = removeSecret(kv, op.Remove)
}
// Add
if op.Add != nil {
inMap, err := precompileMap(op.Add, values)
if err != nil {
return nil, fmt.Errorf("unable to compile add map templates: %w", err)
}
if out, err = addSecret(kv, inMap); err != nil {
return nil, fmt.Errorf("unable to add secret: %w", err)
}
}
// Update
if op.Update != nil {
inMap, err := precompileMap(op.Update, values)
if err != nil {
return nil, fmt.Errorf("unable to compile update map templates: %w", err)
}
if out, err = updateSecret(kv, inMap); err != nil {
return nil, fmt.Errorf("unable to update secret: %w", err)
}
}
// Replace secrets
if op.ReplaceKeys != nil {
inMap, err := precompileMap(op.ReplaceKeys, values)
if err != nil {
return nil, fmt.Errorf("unable to compile replaceKeys map templates: %w", err)
}
// Replace keys
out = replaceSecret(kv, inMap)
}
// No error
return out, nil
}