pkg/bundle/template/executor.go (55 lines of code) (raw):

// Licensed to Elasticsearch B.V. under one or more contributor // license agreements. See the NOTICE file distributed with // this work for additional information regarding copyright // ownership. Elasticsearch B.V. licenses this file to you under // the Apache License, Version 2.0 (the "License"); you may // not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, // software distributed under the License is distributed on an // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY // KIND, either express or implied. See the License for the // specific language governing permissions and limitations // under the License. package template import ( "encoding/base64" "fmt" "google.golang.org/protobuf/proto" bundlev1 "github.com/elastic/harp/api/gen/go/harp/bundle/v1" "github.com/elastic/harp/pkg/bundle/template/visitor" "github.com/elastic/harp/pkg/sdk/types" "golang.org/x/crypto/blake2b" ) // Validate bundle template. func Validate(spec *bundlev1.Template) error { // Check if spec is nil if spec == nil { return fmt.Errorf("unable to validate bundle template: template is nil") } if spec.ApiVersion != "harp.elastic.co/v1" { return fmt.Errorf("apiVersion should be 'BundleTemplate'") } if spec.Kind != "BundleTemplate" { return fmt.Errorf("kind should be 'BundleTemplate'") } if spec.Meta == nil { return fmt.Errorf("meta should not be 'nil'") } if spec.Spec == nil { return fmt.Errorf("spec should not be 'nil'") } // No error return nil } // Checksum calculates the bundle template checksum. func Checksum(spec *bundlev1.Template) (string, error) { // Check if spec is nil if spec == nil { return "", fmt.Errorf("unable to compute template checksum: template is nil") } // Validate bundle template if err := Validate(spec); err != nil { return "", fmt.Errorf("unable to validate spec: %w", err) } // Encode spec as protobuf payload, err := proto.Marshal(spec) if err != nil { return "", fmt.Errorf("unable to encode bundle template: %w", err) } // Calculate checksum checksum := blake2b.Sum256(payload) // No error return base64.RawURLEncoding.EncodeToString(checksum[:]), nil } // Execute a template to generate a final secret bundle. func Execute(spec *bundlev1.Template, v visitor.TemplateVisitor) error { // Check if spec is nil if spec == nil { return fmt.Errorf("unable to execute bundle template: template is nil") } if types.IsNil(v) { return fmt.Errorf("unable to execute bundle template: visitor is nil") } // Validate bundle template if err := Validate(spec); err != nil { return fmt.Errorf("unable to validate spec: %w", err) } // Walk all namespaces v.Visit(spec) // Check error return v.Error() }