fix: only create vault secret template if actual secret found
All checks were successful
continuous-integration/drone/push Build is passing

Signed-off-by: kjuulh <contact@kjuulh.io>
This commit is contained in:
Kasper Juul Hermansen 2024-05-25 14:37:13 +02:00
parent 52007c82e0
commit 3e06479cda
Signed by: kjuulh
GPG Key ID: 9AA7BC13CE474394

View File

@ -74,11 +74,31 @@ impl Component for VaultSecret {
fn render(
&self,
_environment: &str,
_value: &serde_yaml::Value,
value: &serde_yaml::Value,
) -> Option<anyhow::Result<(String, String)>> {
Some(Ok((
format!("{}.yaml", self.name().replace("/", "_")),
r#"apiVersion: secrets.hashicorp.com/v1beta1
value
.as_mapping()
.and_then(|map| map.get("env"))
.and_then(|v| v.as_mapping())
.map(|v| {
v.iter()
.filter_map(|(k, v)| {
if v.as_mapping()
.map(|m| m.get("vault").filter(|v| v.as_bool() == Some(true)))
.is_some()
{
Some(k)
} else {
None
}
})
.filter_map(|k| k.as_str())
.collect::<Vec<_>>()
})
.map(|_| {
Ok((
format!("{}.yaml", self.name().replace("/", "_")),
r#"apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
name: {{ vars.vault_secret.file_name(vars.cuddle_vars.service) }}
@ -92,8 +112,9 @@ spec:
refreshAfter: 30s
type: kv-v2
"#
.into(),
)))
.into(),
))
})
}
}