in pkg/bundle/patch/executor.go [273:347]
func applySecretPatch(secrets *bundlev1.SecretChain, op *bundlev1.PatchSecret, values map[string]interface{}) error {
// Check parameters
if secrets == nil {
return fmt.Errorf("cannot process nil secrets")
}
if op == nil {
return fmt.Errorf("cannot process nil patch")
}
// Patch concerns annotations
if op.Annotations != nil {
if secrets.Annotations == nil {
secrets.Annotations = map[string]string{}
}
if err := applyMapOperations(secrets.Annotations, op.Annotations, values); err != nil {
return fmt.Errorf("unable to process annotations: %w", err)
}
}
// Patch concerns labels
if op.Labels != nil {
if secrets.Labels == nil {
secrets.Labels = map[string]string{}
}
if err := applyMapOperations(secrets.Labels, op.Labels, values); err != nil {
return fmt.Errorf("unable to process labels: %w", err)
}
}
// Check template
if op.Template != "" {
// Compile template
rendered, err := engine.Render(op.Template, map[string]interface{}{
"Values": values,
})
if err != nil {
return fmt.Errorf("unable to compile secret template: %w", err)
}
// Unmarshall as kv
var kv map[string]string
if errJSON := json.Unmarshal([]byte(rendered), &kv); errJSON != nil {
return fmt.Errorf("unable to valudate rendered secret template as a valid JSON: %w", errJSON)
}
// Update secret data
if secrets.Data == nil {
secrets.Data = make([]*bundlev1.KV, 0)
}
updatedData, err := updateSecret(secrets.Data, kv)
if err != nil {
return fmt.Errorf("unable to uppdate kv from template: %w", err)
}
// Update secret data
secrets.Data = updatedData
}
// Check K/V
if op.Kv != nil {
if secrets.Data == nil {
secrets.Data = make([]*bundlev1.KV, 0)
}
updatedData, err := applySecretKVPatch(secrets.Data, op.Kv, values)
if err != nil {
return fmt.Errorf("unable to process kv: %w", err)
}
// Update secret data
secrets.Data = updatedData
}
// No error
return nil
}