-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
11b8d83
commit 875370c
Showing
7 changed files
with
137 additions
and
97 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,2 @@ | ||
| .idea/ | ||
| dist/ | ||
| ksops |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| package cmd | ||
|
|
||
| import ( | ||
| "github.com/argyle-engineering/ksops/pkg" | ||
| "os" | ||
| "sigs.k8s.io/kustomize/kyaml/errors" | ||
| "sigs.k8s.io/kustomize/kyaml/fn/framework" | ||
| "sigs.k8s.io/kustomize/kyaml/kio" | ||
|
|
||
| "github.com/spf13/cobra" | ||
| ) | ||
|
|
||
| // rootCmd represents the base command when called without any subcommands | ||
| var rootCmd = &cobra.Command{ | ||
| Use: "ksops", | ||
| Short: "KSOPS is a flexible Kustomize KRM-based plugin for SOPS encrypted resources", | ||
| Long: `KSOPS is a flexible Kustomize KRM-based plugin for SOPS encrypted resources. | ||
| - Provides the ability to fail silently if the generator fails to decrypt files. | ||
| - Generates dummy secrets with the 'KSOPS_GENERATE_DUMMY_SECRETS' environment variable.`, | ||
| RunE: func(cmd *cobra.Command, args []string) error { | ||
|
|
||
| // No config is required | ||
| p := framework.SimpleProcessor{Config: nil, Filter: kio.FilterFunc(pkg.Ksops)} | ||
|
|
||
| // STDIN and STDOUT will be used if no reader or writer respectively is provided. | ||
| err := framework.Execute(p, nil) | ||
|
|
||
| return errors.Wrap(err) | ||
| }, | ||
| Version: "v1.0.7", | ||
| } | ||
|
|
||
| // Execute adds all child commands to the root command and sets flags appropriately. | ||
| // This is called by main.main(). It only needs to happen once to the rootCmd. | ||
| func Execute() { | ||
| rootCmd.SetVersionTemplate("{{.Version}}\n") | ||
| err := rootCmd.Execute() | ||
| if err != nil { | ||
| os.Exit(1) | ||
| } | ||
| } | ||
|
|
||
| func init() { | ||
| // Here you will define your flags and configuration settings. | ||
| // Cobra supports persistent flags, which, if defined here, | ||
| // will be global for your application. | ||
|
|
||
| // rootCmd.PersistentFlags().StringVar(&cfgFile, "config", "", "config file (default is $HOME/.ksops.yaml)") | ||
|
|
||
| // Cobra also supports local flags, which will only run | ||
| // when this action is called directly. | ||
| //rootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle") | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| package dummy | ||
| package pkg | ||
|
|
||
| import ( | ||
| "fmt" | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,81 @@ | ||
| package pkg | ||
|
|
||
| import ( | ||
| "fmt" | ||
| "go.mozilla.org/sops/v3/cmd/sops/formats" | ||
| "go.mozilla.org/sops/v3/decrypt" | ||
| "os" | ||
| "sigs.k8s.io/kustomize/kyaml/yaml" | ||
| "strconv" | ||
| "strings" | ||
| ) | ||
|
|
||
| var ksopsGenerateDummySecrets bool | ||
|
|
||
| func init() { | ||
| var err error | ||
| ke := os.Getenv("KSOPS_GENERATE_DUMMY_SECRETS") | ||
| if len(ke) == 0 { // env not set | ||
| ke = "false" | ||
| } | ||
|
|
||
| ksopsGenerateDummySecrets, err = strconv.ParseBool(ke) | ||
| if err != nil { | ||
| _, _ = fmt.Fprintf(os.Stderr, "error converting string to boolean, please use either false or true : %q\n", err) | ||
| os.Exit(1) | ||
| } | ||
| } | ||
|
|
||
| func Ksops(items []*yaml.RNode) ([]*yaml.RNode, error) { | ||
| var filteredItems []*yaml.RNode | ||
| for i := range items { | ||
| item := items[i] | ||
|
|
||
| // All other resources get passed along unmodified | ||
| if strings.ToLower(item.GetKind()) != "ksops" || strings.ToLower(item.GetApiVersion()) != "argyle.com/v1" { | ||
| filteredItems = append(filteredItems, item) | ||
| continue | ||
| } | ||
|
|
||
| // Get the spec yaml & unmarshal it | ||
| var spec Spec | ||
| err := yaml.Unmarshal([]byte(item.MustString()), &spec) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("unable to parse ksops spec: %w\n", err) | ||
| } | ||
|
|
||
| // Generate secrets here | ||
| for _, file := range spec.Files { | ||
|
|
||
| var b, secret []byte | ||
|
|
||
| b, err = os.ReadFile(file) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("failed to read file %s: %w\n", file, err) | ||
| } | ||
|
|
||
| if ksopsGenerateDummySecrets { | ||
| secret, err = GenerateDummySecret(b) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("failed generating dummy file %s: %w\n", file, err) | ||
| } | ||
| } else { | ||
| format := formats.FormatForPath(file) | ||
| secret, err = decrypt.DataWithFormat(b, format) | ||
| if err != nil && !spec.FailSilently { | ||
| return nil, fmt.Errorf("failed decrypting file %s: \n\n%w\n\n", file, err) | ||
| } | ||
| } | ||
|
|
||
| var node *yaml.RNode | ||
| node, err = yaml.Parse(string(secret)) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("failed parse secret into yaml file %s: %w\n", file, err) | ||
| } | ||
|
|
||
| filteredItems = append(filteredItems, node) | ||
| } | ||
|
|
||
| } | ||
| return filteredItems, nil | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| package schema | ||
| package pkg | ||
|
|
||
| type Spec struct { | ||
| APIVersion string `yaml:"apiVersion"` | ||
|
|
||