From f85134c26fb70d5d380e43b62a718e01fa4d3b18 Mon Sep 17 00:00:00 2001 From: Saleh Khazaei Date: Wed, 31 Jul 2024 18:33:15 +0400 Subject: [PATCH] fix: Adds workspace secret --- pkg/workspace/statemanager/workspace.go | 2 +- .../transactions/create_helm_release.go | 49 +++++++++++++------ 2 files changed, 36 insertions(+), 15 deletions(-) diff --git a/pkg/workspace/statemanager/workspace.go b/pkg/workspace/statemanager/workspace.go index 97be54c2a..2f727a266 100644 --- a/pkg/workspace/statemanager/workspace.go +++ b/pkg/workspace/statemanager/workspace.go @@ -21,7 +21,7 @@ func (s *Service) getTransactionByTransactionID(currentState state.State, tid ap case api.Transaction_EnsureCredentialExists: transaction = transactions.NewEnsureCredentialExists(s.db) case api.Transaction_CreateHelmRelease: - transaction = transactions.NewCreateHelmRelease(s.kubeClient, s.vault, s.cfg, s.db) + transaction = transactions.NewCreateHelmRelease(s.kubeClient, s.vault, s.vaultSecretHandler, s.cfg, s.db, s.logger) //case api.Transaction_CreateInsightBucket: // transaction = transactions.NewCreateInsightBucket(s.s3Client) case api.Transaction_CreateMasterCredential: diff --git a/pkg/workspace/transactions/create_helm_release.go b/pkg/workspace/transactions/create_helm_release.go index 0e4365763..03ccd0170 100644 --- a/pkg/workspace/transactions/create_helm_release.go +++ b/pkg/workspace/transactions/create_helm_release.go @@ -2,44 +2,47 @@ package transactions import ( "context" + "crypto/rand" "encoding/json" "fmt" types2 "github.com/aws/aws-sdk-go-v2/service/iam/types" "github.com/fluxcd/helm-controller/api/v2beta1" helmv2 "github.com/fluxcd/helm-controller/api/v2beta1" apimeta "github.com/fluxcd/pkg/apis/meta" + api6 "github.com/hashicorp/vault/api" "github.com/kaytu-io/kaytu-engine/pkg/workspace/api" "github.com/kaytu-io/kaytu-engine/pkg/workspace/config" "github.com/kaytu-io/kaytu-engine/pkg/workspace/db" "github.com/kaytu-io/kaytu-engine/pkg/workspace/internal/helm" types3 "github.com/kaytu-io/kaytu-engine/pkg/workspace/types" "github.com/kaytu-io/kaytu-util/pkg/vault" + "go.uber.org/zap" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" k8sclient "sigs.k8s.io/controller-runtime/pkg/client" + "strings" ) type CreateHelmRelease struct { - kubeClient k8sclient.Client // the kubernetes client - vault vault.VaultSourceConfig - cfg config.Config - db *db.Database + kubeClient k8sclient.Client // the kubernetes client + vault vault.VaultSourceConfig + cfg config.Config + db *db.Database + logger *zap.Logger + vaultSecretHandler vault.VaultSecretHandler } -func NewCreateHelmRelease( - kubeClient k8sclient.Client, - vault vault.VaultSourceConfig, - cfg config.Config, - db *db.Database, -) *CreateHelmRelease { +func NewCreateHelmRelease(kubeClient k8sclient.Client, vault vault.VaultSourceConfig, handler vault.VaultSecretHandler, cfg config.Config, db *db.Database, logger *zap.Logger) *CreateHelmRelease { return &CreateHelmRelease{ - kubeClient: kubeClient, - vault: vault, - cfg: cfg, - db: db, + kubeClient: kubeClient, + vaultSecretHandler: handler, + vault: vault, + cfg: cfg, + db: db, + logger: logger, } } @@ -214,6 +217,24 @@ func (t *CreateHelmRelease) createHelmRelease(ctx context.Context, workspace db. return fmt.Errorf("create helm release: %w", err) } + if t.cfg.Vault.Provider == vault.HashiCorpVault { + _, err := vault.NewHashiCorpVaultClient(ctx, t.logger, t.cfg.Vault.HashiCorp, settings.Vault.KeyID) + if err != nil { + if strings.Contains(err.Error(), api6.ErrSecretNotFound.Error()) || strings.Contains(err.Error(), "secret value is nil") { + b := make([]byte, 32) + _, err := rand.Read(b) + if err != nil { + return err + } + + _, err = t.vaultSecretHandler.SetSecret(ctx, settings.Vault.KeyID, b) + if err != nil { + return err + } + } + } + } + return nil }