blob: aaef1bf6fdd255305c99c43cbbee5550e967c324 [file] [log] [blame]
// Copyright 2015 The Vanadium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package main
import (
"archive/tar"
"bytes"
"encoding/base64"
"fmt"
"io"
"os"
"os/exec"
"strings"
"text/template"
)
func createSecrets(secrets string, templates []string) error {
files, err := decryptSecrets(secrets)
if err != nil {
return err
}
templateErrors := []error{}
funcMap := template.FuncMap{
"base64": func(name string) string {
if v, exists := files[name]; exists {
return v
}
templateErrors = append(templateErrors, fmt.Errorf("invalid name: %s", name))
return "ERR"
},
}
tmpl, err := template.New("").Funcs(funcMap).ParseFiles(templates...)
if err != nil {
return fmt.Errorf("template.ParseFiles failed: %v", err)
}
for _, t := range tmpl.Templates() {
var buf bytes.Buffer
if err := t.Execute(&buf, nil); err != nil {
return fmt.Errorf("tmpl.Execute failed: %v", err)
}
if len(templateErrors) != 0 {
return fmt.Errorf("template errors in %q: %v", t.Name(), templateErrors)
}
cmd := exec.Command(flagKubectlBin, "create", "-f", "-")
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
cmd.Stdin = &buf
if err := cmd.Run(); err != nil {
return fmt.Errorf("kubectl command failed: %v", err)
}
}
return nil
}
func decryptSecrets(secrets string) (map[string]string, error) {
gpg := exec.Command(flagGpg, "-d", secrets)
gpg.Stdin = os.Stdin
gpg.Stderr = os.Stderr
r, err := gpg.StdoutPipe()
if err != nil {
return nil, fmt.Errorf("gpg.StdoutPipe failed: %v", err)
}
if err := gpg.Start(); err != nil {
return nil, fmt.Errorf("gpg.Start failed: %v", err)
}
files := make(map[string]string)
tr := tar.NewReader(r)
for {
hdr, err := tr.Next()
if err == io.EOF {
break
}
if err != nil {
return nil, fmt.Errorf("tr.Next failed: %v", err)
}
if hdr.FileInfo().IsDir() {
continue
}
var buf bytes.Buffer
if _, err := io.Copy(&buf, tr); err != nil {
return nil, fmt.Errorf("io.Copy failed: %v", err)
}
name := strings.TrimPrefix(hdr.Name, "./")
files[name] = base64.StdEncoding.EncodeToString(buf.Bytes())
}
if err := gpg.Wait(); err != nil {
return nil, fmt.Errorf("gpg failed: %v", err)
}
return files, nil
}