fix: only create vault secret template if actual secret found
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Signed-off-by: kjuulh <contact@kjuulh.io>
This commit is contained in:
parent
52007c82e0
commit
3e06479cda
GPG Key ID:
9AA7BC13CE474394
@ -74,11 +74,31 @@ impl Component for VaultSecret {
|
|||||||
fn render(
|
fn render(
|
||||||
&self,
|
&self,
|
||||||
_environment: &str,
|
_environment: &str,
|
||||||
_value: &serde_yaml::Value,
|
value: &serde_yaml::Value,
|
||||||
) -> Option<anyhow::Result<(String, String)>> {
|
) -> Option<anyhow::Result<(String, String)>> {
|
||||||
Some(Ok((
|
value
|
||||||
format!("{}.yaml", self.name().replace("/", "_")),
|
.as_mapping()
|
||||||
r#"apiVersion: secrets.hashicorp.com/v1beta1
|
.and_then(|map| map.get("env"))
|
||||||
|
.and_then(|v| v.as_mapping())
|
||||||
|
.map(|v| {
|
||||||
|
v.iter()
|
||||||
|
.filter_map(|(k, v)| {
|
||||||
|
if v.as_mapping()
|
||||||
|
.map(|m| m.get("vault").filter(|v| v.as_bool() == Some(true)))
|
||||||
|
.is_some()
|
||||||
|
{
|
||||||
|
Some(k)
|
||||||
|
} else {
|
||||||
|
None
|
||||||
|
}
|
||||||
|
})
|
||||||
|
.filter_map(|k| k.as_str())
|
||||||
|
.collect::<Vec<_>>()
|
||||||
|
})
|
||||||
|
.map(|_| {
|
||||||
|
Ok((
|
||||||
|
format!("{}.yaml", self.name().replace("/", "_")),
|
||||||
|
r#"apiVersion: secrets.hashicorp.com/v1beta1
|
||||||
kind: VaultStaticSecret
|
kind: VaultStaticSecret
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ vars.vault_secret.file_name(vars.cuddle_vars.service) }}
|
name: {{ vars.vault_secret.file_name(vars.cuddle_vars.service) }}
|
||||||
@ -92,8 +112,9 @@ spec:
|
|||||||
refreshAfter: 30s
|
refreshAfter: 30s
|
||||||
type: kv-v2
|
type: kv-v2
|
||||||
"#
|
"#
|
||||||
.into(),
|
.into(),
|
||||||
)))
|
))
|
||||||
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user