feat: update examples and namings

bank-vaults · Sep 13, 2023 · c517abb · c517abb
1 parent 44d2699
commit c517abb
Show file tree

Hide file tree

Showing 5 changed files with 72 additions and 37 deletions.
diff --git a/cmd/testdata/syncjob.yaml b/cmd/testdata/syncjob.yaml
@@ -15,30 +15,64 @@ sync:
   - fromRef:
       key: /source/credentials/example
 
+  - fromRef:
+      key: /source/credentials/example
+    template:
+      rawData: "pre-{{ .Data }}-post"
+
   - fromRef:
       key: /source/credentials/example
     target:
       key: /target/credentials/example
 
-  ## 2. Usage: Sync all keys from query
+  ## 2. Usage: Sync all keys from query individually
+  - fromQuery:
+      path: /source/credentials
+      key:
+        regexp: (username|password)
+
+  - fromQuery:
+      path: /source/credentials
+      key:
+        regexp: (username|password)
+    template:
+      rawData: "pre-{{ .Data }}-post"
+
   - fromQuery:
       path: /source/credentials
       key:
         regexp: (username|password)
-    target: # If not specified, all keys will be synced under the same path
-      keyPrefix: /target/credentials
+    target:
+      keyPrefix: /target/credentials/new/
 
+  ## 3. Usage: Sync all keys from query into one key
+  # TODO: FIX ME
   - fromQuery:
       path: /source/credentials
       key:
         regexp: (username|password)
+    target:
+      key: /target/credentials/key-from-query
     template:
       data:
-        # TODO: FIX ME
         username: '{{ index .Data "username" }}'
         password: '{{ index .Data "password" }}'
-    target: # If not specified, all keys will be synced under the same path
-      key: /target/credentials/key-from-query
+
+  ## 3. Usage: Sync all keys from different sources into one key
+  # TODO: FIX ME
+  - fromSources:
+    - name: credentials
+      fromQuery:
+        path: /source/credentials
+        key:
+          regexp: (username|password)
+    target:
+      key: /target/credentials/key-from-sources
+    template:
+      data:
+        username: '{{ index .Data "credentials" }}'
+        password: '{{ index .Data "credentials" }}'
+
 
 #  ## 3. Usage: Sync key from ref with templating
 #  - fromRef:

diff --git a/pkg/apis/v1alpha1/secretkey_types.go b/pkg/apis/v1alpha1/secretkey_types.go
@@ -40,8 +40,8 @@ func (key *SecretRef) GetPath() []string {
 	return parts[:len(parts)-1]
 }
 
-// GetProperty returns property (domain) pointed by Key, e.g. GetProperty("/path/to/key") returns "key"
-func (key *SecretRef) GetProperty() string {
+// GetName returns (domain) name pointed by Key, e.g. GetName("/path/to/key") returns "key"
+func (key *SecretRef) GetName() string {
 	parts := strings.Split(strings.TrimPrefix(key.Key, "/"), "/")
 	if len(parts) == 0 {
 		return key.Key

diff --git a/pkg/provider/file/client.go b/pkg/provider/file/client.go
@@ -87,5 +87,5 @@ func (c *client) SetSecret(_ context.Context, key v1alpha1.SecretRef, value []by
 }
 
 func pathForKey(key v1alpha1.SecretRef) string {
-	return filepath.Join(append(key.GetPath(), key.GetProperty())...)
+	return filepath.Join(append(key.GetPath(), key.GetName())...)
 }
diff --git a/pkg/provider/vault/client.go b/pkg/provider/vault/client.go
@@ -53,13 +53,13 @@ func (c *client) GetSecret(_ context.Context, key v1alpha1.SecretRef) ([]byte, e
 		return nil, fmt.Errorf("api get request findind data: %w", err)
 	}
 
-	// Get property
-	property := key.GetProperty()
-	propertyData, ok := data[property]
+	// Get name
+	keyName := key.GetName()
+	keyData, ok := data[keyName]
 	if !ok {
-		return nil, fmt.Errorf("could not find property %s for in get response", property)
+		return nil, fmt.Errorf("could not find %s for in get response", keyName)
 	}
-	return []byte(propertyData.(string)), nil
+	return []byte(keyData.(string)), nil
 }
 
 func (c *client) ListSecretKeys(_ context.Context, query v1alpha1.SecretQuery) ([]v1alpha1.SecretRef, error) {
@@ -118,7 +118,7 @@ func (c *client) SetSecret(_ context.Context, key v1alpha1.SecretRef, value []by
 		fmt.Sprintf("%s/data/%s", c.apiKeyPath, keyPath),
 		map[string]interface{}{
 			"data": map[string]interface{}{
-				key.GetProperty(): value,
+				key.GetName(): value,
 			},
 		},
 	)
@@ -181,5 +181,5 @@ func (c *client) recursiveList(ctx context.Context, path string) ([]v1alpha1.Sec
 }
 
 func pathForKey(key v1alpha1.SecretRef) string {
-	return strings.Join(append(key.GetPath(), key.GetProperty()), "/")
+	return strings.Join(append(key.GetPath(), key.GetName()), "/")
 }
diff --git a/pkg/storesync/processor.go b/pkg/storesync/processor.go
@@ -48,7 +48,7 @@ func (p *processor) GetSyncPlan(ctx context.Context, req v1alpha1.SyncRequest) (
 
 		syncValue := fetchedValue
 		if req.Template != nil {
-			syncValue, err = getTemplatedValue(req.Template, fetchedValue)
+			syncValue, err = getTemplatedValue(req.Template, string(fetchedValue))
 			if err != nil {
 				return nil, err
 			}
@@ -75,7 +75,7 @@ func (p *processor) GetSyncPlan(ctx context.Context, req v1alpha1.SyncRequest) (
 			// TODO: Fix template data accessors
 			templateData := make(map[string]string)
 			for key, value := range fetchedSecrets {
-				templateData[key.GetProperty()] = string(value)
+				templateData[key.GetName()] = string(value)
 			}
 			if req.Template == nil {
 				return nil, fmt.Errorf("requires 'template' for 'fromQuery' and 'target.key'")
@@ -90,28 +90,29 @@ func (p *processor) GetSyncPlan(ctx context.Context, req v1alpha1.SyncRequest) (
 			}, nil
 		}
 
-		// Handle FromQuery => KeyPrefix
-		if req.Target.KeyPrefix != nil {
-			syncMap := make(map[v1alpha1.SecretRef][]byte)
-			for key, value := range fetchedSecrets {
-				syncKey := v1alpha1.SecretRef{
-					Key:     *req.Target.KeyPrefix + "/" + key.GetProperty(),
-					Version: key.Version,
-				}
+		// Handle FromQuery => KeyPrefix or empty
+		syncMap := make(map[v1alpha1.SecretRef][]byte)
+		for key, value := range fetchedSecrets {
+			keyPath := key.Key
+			if req.Target.KeyPrefix != nil {
+				keyPath = *req.Target.KeyPrefix + key.GetName()
+			}
+			syncKey := v1alpha1.SecretRef{
+				Key:     keyPath,
+				Version: key.Version,
+			}
 
-				syncValue := value
-				if req.Template != nil {
-					syncValue, err = getTemplatedValue(req.Template, value)
-					if err != nil {
-						return nil, err
-					}
+			syncValue := value
+			if req.Template != nil {
+				syncValue, err = getTemplatedValue(req.Template, string(value))
+				if err != nil {
+					return nil, err
 				}
-
-				syncMap[syncKey] = syncValue
 			}
-			return syncMap, nil
+
+			syncMap[syncKey] = syncValue
 		}
-		return nil, fmt.Errorf("no sources specified")
+		return syncMap, nil
 
 	// FromSources can only sync a single secret
 	case len(req.FromSources) > 0:
@@ -131,7 +132,7 @@ func (p *processor) GetSyncPlan(ctx context.Context, req v1alpha1.SyncRequest) (
 		// TODO: Fix template data accessors
 		templateData := make(map[string]string)
 		for key, value := range fetchedSecrets {
-			templateData[key.GetProperty()] = string(value)
+			templateData[key.GetName()] = string(value)
 		}
 		if req.Template == nil {
 			return nil, fmt.Errorf("requires 'template' for 'fromSources'")