1
0
Fork 0
mirror of https://github.com/external-secrets/external-secrets.git synced 2024-12-14 11:57:59 +00:00

Akeyless Provider - Add support for Certificate items Signed-off-by: barucoh <20933964+barucoh@users.noreply.github.com> (#3013)

Signed-off-by: “barucoh” <“ohadbaruch1@gmail.com”>
This commit is contained in:
barucoh 2024-01-11 00:11:03 +02:00 committed by GitHub
parent 45e2bd3796
commit ab1e95a458
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 43 additions and 2 deletions

View file

@ -69,6 +69,12 @@ type Akeyless struct {
url string
}
type Item struct {
ItemName string `json:"item_name"`
ItemType string `json:"item_type"`
LastVersion int32 `json:"last_version"`
}
type akeylessVaultInterface interface {
GetSecretByType(ctx context.Context, secretName, token string, version int32) (string, error)
TokenFromSecretRef(ctx context.Context) (string, error)

View file

@ -93,6 +93,8 @@ func (a *akeylessBase) GetSecretByType(ctx context.Context, secretName, token st
return a.GetDynamicSecrets(ctx, secretName, token)
case "ROTATED_SECRET":
return a.GetRotatedSecrets(ctx, secretName, token, version)
case "CERTIFICATE":
return a.GetCertificate(ctx, secretName, token, version)
default:
return "", fmt.Errorf("invalid item type: %v", secretType)
}
@ -110,15 +112,48 @@ func (a *akeylessBase) DescribeItem(ctx context.Context, itemName, token string)
gsvOut, res, err := a.RestAPI.DescribeItem(ctx).Body(body).Execute()
if err != nil {
if errors.As(err, &apiErr) {
return nil, fmt.Errorf("can't describe item: %v", string(apiErr.Body()))
var item *Item
err = json.Unmarshal(apiErr.Body(), &item)
if err != nil {
return nil, fmt.Errorf("can't describe item: %v, error: %v", itemName, string(apiErr.Body()))
}
} else {
return nil, fmt.Errorf("can't describe item: %w", err)
}
return nil, fmt.Errorf("can't describe item: %w", err)
}
defer res.Body.Close()
return &gsvOut, nil
}
func (a *akeylessBase) GetCertificate(ctx context.Context, certificateName, token string, version int32) (string, error) {
body := akeyless.GetCertificateValue{
Name: certificateName,
Version: &version,
}
if strings.HasPrefix(token, "u-") {
body.UidToken = &token
} else {
body.Token = &token
}
gcvOut, res, err := a.RestAPI.GetCertificateValue(ctx).Body(body).Execute()
if err != nil {
if errors.As(err, &apiErr) {
return "", fmt.Errorf("can't get certificate value: %v", string(apiErr.Body()))
}
return "", fmt.Errorf("can't get certificate value: %w", err)
}
defer res.Body.Close()
out, err := json.Marshal(gcvOut)
if err != nil {
return "", fmt.Errorf("can't marshal certificate value: %w", err)
}
return string(out), nil
}
func (a *akeylessBase) GetRotatedSecrets(ctx context.Context, secretName, token string, version int32) (string, error) {
body := akeyless.GetRotatedSecretValue{
Names: secretName,