fix: only create vault secret template if actual secret found
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Signed-off-by: kjuulh <contact@kjuulh.io>
This commit is contained in:
parent
52007c82e0
commit
3e06479cda
@ -74,11 +74,31 @@ impl Component for VaultSecret {
|
||||
fn render(
|
||||
&self,
|
||||
_environment: &str,
|
||||
_value: &serde_yaml::Value,
|
||||
value: &serde_yaml::Value,
|
||||
) -> Option<anyhow::Result<(String, String)>> {
|
||||
Some(Ok((
|
||||
format!("{}.yaml", self.name().replace("/", "_")),
|
||||
r#"apiVersion: secrets.hashicorp.com/v1beta1
|
||||
value
|
||||
.as_mapping()
|
||||
.and_then(|map| map.get("env"))
|
||||
.and_then(|v| v.as_mapping())
|
||||
.map(|v| {
|
||||
v.iter()
|
||||
.filter_map(|(k, v)| {
|
||||
if v.as_mapping()
|
||||
.map(|m| m.get("vault").filter(|v| v.as_bool() == Some(true)))
|
||||
.is_some()
|
||||
{
|
||||
Some(k)
|
||||
} else {
|
||||
None
|
||||
}
|
||||
})
|
||||
.filter_map(|k| k.as_str())
|
||||
.collect::<Vec<_>>()
|
||||
})
|
||||
.map(|_| {
|
||||
Ok((
|
||||
format!("{}.yaml", self.name().replace("/", "_")),
|
||||
r#"apiVersion: secrets.hashicorp.com/v1beta1
|
||||
kind: VaultStaticSecret
|
||||
metadata:
|
||||
name: {{ vars.vault_secret.file_name(vars.cuddle_vars.service) }}
|
||||
@ -92,8 +112,9 @@ spec:
|
||||
refreshAfter: 30s
|
||||
type: kv-v2
|
||||
"#
|
||||
.into(),
|
||||
)))
|
||||
.into(),
|
||||
))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user