mirrors/external-secrets
1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00
Code Activity

Akeyless Provider - Add support for Certificate items Signed-off-by: barucoh <20933964+barucoh@users.noreply.github.com> (#3013)

Browse source 
Signed-off-by: “barucoh” <“ohadbaruch1@gmail.com”>
This commit is contained in:
barucoh 2024-01-11 00:11:03 +02:00 committed by GitHub
parent 45e2bd3796
commit ab1e95a458
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 43 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
pkg/provider/akeyless/akeyless.go
View file

@ -69,6 +69,12 @@ type Akeyless struct {
url string url string
} }
type Item struct {
ItemName string `json:"item_name"`
ItemType string `json:"item_type"`
LastVersion int32 `json:"last_version"`
}
type akeylessVaultInterface interface { type akeylessVaultInterface interface {
GetSecretByType(ctx context.Context, secretName, token string, version int32) (string, error) GetSecretByType(ctx context.Context, secretName, token string, version int32) (string, error)
TokenFromSecretRef(ctx context.Context) (string, error) TokenFromSecretRef(ctx context.Context) (string, error)

37
pkg/provider/akeyless/akeyless_api.go
View file

@ -93,6 +93,8 @@ func (a *akeylessBase) GetSecretByType(ctx context.Context, secretName, token st
return a.GetDynamicSecrets(ctx, secretName, token) return a.GetDynamicSecrets(ctx, secretName, token)
case "ROTATED_SECRET": case "ROTATED_SECRET":
return a.GetRotatedSecrets(ctx, secretName, token, version) return a.GetRotatedSecrets(ctx, secretName, token, version)
case "CERTIFICATE":
return a.GetCertificate(ctx, secretName, token, version)
default: default:
return "", fmt.Errorf("invalid item type: %v", secretType) return "", fmt.Errorf("invalid item type: %v", secretType)
} }
@ -110,15 +112,48 @@ func (a *akeylessBase) DescribeItem(ctx context.Context, itemName, token string)
gsvOut, res, err := a.RestAPI.DescribeItem(ctx).Body(body).Execute() gsvOut, res, err := a.RestAPI.DescribeItem(ctx).Body(body).Execute()
if err != nil { if err != nil {
if errors.As(err, &apiErr) { if errors.As(err, &apiErr) {
return nil, fmt.Errorf("can't describe item: %v", string(apiErr.Body())) var item *Item
err = json.Unmarshal(apiErr.Body(), &item)
if err != nil {
return nil, fmt.Errorf("can't describe item: %v, error: %v", itemName, string(apiErr.Body()))
} }
} else {
return nil, fmt.Errorf("can't describe item: %w", err) return nil, fmt.Errorf("can't describe item: %w", err)
} }
}
defer res.Body.Close() defer res.Body.Close()
return &gsvOut, nil return &gsvOut, nil
} }
func (a *akeylessBase) GetCertificate(ctx context.Context, certificateName, token string, version int32) (string, error) {
body := akeyless.GetCertificateValue{
Name: certificateName,
Version: &version,
}
if strings.HasPrefix(token, "u-") {
body.UidToken = &token
} else {
body.Token = &token
}
gcvOut, res, err := a.RestAPI.GetCertificateValue(ctx).Body(body).Execute()
if err != nil {
if errors.As(err, &apiErr) {
return "", fmt.Errorf("can't get certificate value: %v", string(apiErr.Body()))
}
return "", fmt.Errorf("can't get certificate value: %w", err)
}
defer res.Body.Close()
out, err := json.Marshal(gcvOut)
if err != nil {
return "", fmt.Errorf("can't marshal certificate value: %w", err)
}
return string(out), nil
}
func (a *akeylessBase) GetRotatedSecrets(ctx context.Context, secretName, token string, version int32) (string, error) { func (a *akeylessBase) GetRotatedSecrets(ctx context.Context, secretName, token string, version int32) (string, error) {
body := akeyless.GetRotatedSecretValue{ body := akeyless.GetRotatedSecretValue{
Names: secretName, Names: secretName,