Akeyless Provider - Add support for Certificate items Signed-off-by: barucoh <20933964+barucoh@users.noreply.github.com> (#3013)

Signed-off-by: “barucoh” <“ohadbaruch1@gmail.com”>
2024-12-14 11:57:59 +00:00 · 2024-01-11 00:11:03 +02:00 · 2024-01-11 00:11:03 +02:00 · ab1e95a458
commit ab1e95a458
parent 45e2bd3796
2 changed files with 43 additions and 2 deletions
--- a/pkg/provider/akeyless/akeyless.go
+++ b/pkg/provider/akeyless/akeyless.go
@ -69,6 +69,12 @@ type Akeyless struct {
 	url    string
 }

+type Item struct {
+	ItemName    string `json:"item_name"`
+	ItemType    string `json:"item_type"`
+	LastVersion int32  `json:"last_version"`
+}
+
 type akeylessVaultInterface interface {
 	GetSecretByType(ctx context.Context, secretName, token string, version int32) (string, error)
 	TokenFromSecretRef(ctx context.Context) (string, error)
--- a/pkg/provider/akeyless/akeyless_api.go
+++ b/pkg/provider/akeyless/akeyless_api.go
@ -93,6 +93,8 @@ func (a *akeylessBase) GetSecretByType(ctx context.Context, secretName, token st
 		return a.GetDynamicSecrets(ctx, secretName, token)
 	case "ROTATED_SECRET":
 		return a.GetRotatedSecrets(ctx, secretName, token, version)
+	case "CERTIFICATE":
+		return a.GetCertificate(ctx, secretName, token, version)
 	default:
 		return "", fmt.Errorf("invalid item type: %v", secretType)
 	}
@ -110,15 +112,48 @@ func (a *akeylessBase) DescribeItem(ctx context.Context, itemName, token string)
 	gsvOut, res, err := a.RestAPI.DescribeItem(ctx).Body(body).Execute()
 	if err != nil {
 		if errors.As(err, &apiErr) {
-			return nil, fmt.Errorf("can't describe item: %v", string(apiErr.Body()))
+			var item *Item
+			err = json.Unmarshal(apiErr.Body(), &item)
+			if err != nil {
+				return nil, fmt.Errorf("can't describe item: %v, error: %v", itemName, string(apiErr.Body()))
+			}
+		} else {
+			return nil, fmt.Errorf("can't describe item: %w", err)
 		}
-		return nil, fmt.Errorf("can't describe item: %w", err)
 	}
 	defer res.Body.Close()

 	return &gsvOut, nil
 }

+func (a *akeylessBase) GetCertificate(ctx context.Context, certificateName, token string, version int32) (string, error) {
+	body := akeyless.GetCertificateValue{
+		Name:    certificateName,
+		Version: &version,
+	}
+	if strings.HasPrefix(token, "u-") {
+		body.UidToken = &token
+	} else {
+		body.Token = &token
+	}
+
+	gcvOut, res, err := a.RestAPI.GetCertificateValue(ctx).Body(body).Execute()
+	if err != nil {
+		if errors.As(err, &apiErr) {
+			return "", fmt.Errorf("can't get certificate value: %v", string(apiErr.Body()))
+		}
+		return "", fmt.Errorf("can't get certificate value: %w", err)
+	}
+	defer res.Body.Close()
+
+	out, err := json.Marshal(gcvOut)
+	if err != nil {
+		return "", fmt.Errorf("can't marshal certificate value: %w", err)
+	}
+
+	return string(out), nil
+}
+
 func (a *akeylessBase) GetRotatedSecrets(ctx context.Context, secretName, token string, version int32) (string, error) {
 	body := akeyless.GetRotatedSecretValue{
 		Names:   secretName,