diff --git a/iac/src/main/utils/vault.cljs b/iac/src/main/utils/vault.cljs index 46c3c88..1930eb4 100644 --- a/iac/src/main/utils/vault.cljs +++ b/iac/src/main/utils/vault.cljs @@ -9,9 +9,6 @@ ["path" :as path] [configs :refer [cfg]])) -(defn vault-path-exists? [vault path provider] - ) - (defn get-secret-val "Extract a specific key from a Vault secret Output/Promise." [secret-promise key] @@ -25,44 +22,43 @@ :dataJson (js/JSON.stringify (clj->js service-secrets))}) (clj->js {:provider vault-provider})))) +(defn prepare + "Prepares common resources and values for a deployment from a single config map." + [config] + (let [{:keys [provider vault-provider app-name app-namespace load-yaml]} config - -(defn prepare [vault-provider service-name provider load-yaml] - (let [apps-v1 (.. k8s -apps -v1) + apps-v1 (.. k8s -apps -v1) core-v1 (.. k8s -core -v1) helm-v3 (.. k8s -helm -v3) - vault-path (str "secret/" service-name) - _ (when vault-provider (initialize-mount vault-provider vault-path service-name)) - secrets (when vault-provider (pulumi/output (.getSecret (.-generic vault) - (clj->js {:path vault-path}) - (clj->js {:provider vault-provider})))) - secrets-data (when secrets (.apply secrets #(.. % -data))) - values-path (.join path js/__dirname ".." (-> cfg :resource-path) (str service-name ".yml")) - yaml-values (when load-yaml (js->clj (-> values-path - (fs/readFileSync "utf8") - (yaml/load)))) - ns (when provider (.. (new (.. core-v1 -Namespace) - (str service-name "-ns") - (clj->js {:metadata {:name service-name}}) - (clj->js {:provider provider})) -metadata -name)) - bind-secrets (when (and vault-provider provider) (new (.. core-v1 -Secret) - (str service-name "-secrets") - (clj->js {:metadata {:name (str service-name "-secrets") - :namespace service-name} - :stringData secrets-data}) - (clj->js {:provider provider})))] + values-path (.join path js/__dirname ".." (-> cfg :resource-path) (str app-name ".yml"))] - + (let [yaml-values (when load-yaml + (js->clj (-> values-path + (fs/readFileSync "utf8") + (yaml/load)))) + {:keys [secrets-data bind-secrets]} + (when vault-provider + (let [vault-path (str "secret/" app-name) + _ (initialize-mount vault-provider vault-path app-name) + secrets (pulumi/output (.getSecret (.-generic vault) + (clj->js {:path vault-path}) + (clj->js {:provider vault-provider}))) + secrets-data (.apply secrets #(.. % -data)) + bind-secrets (when (and provider app-namespace) + (new (.. core-v1 -Secret) (str app-name "-secrets") + (clj->js {:metadata {:name (str app-name "-secrets") + :namespace app-namespace} + :stringData secrets-data}) + (clj->js {:provider provider})))] + {:secrets-data secrets-data + :bind-secrets bind-secrets}))] - - - - {:apps-v1 apps-v1 - :core-v1 core-v1 - :helm-v3 helm-v3 - :secrets secrets-data - :yaml-path values-path - :yaml-values yaml-values - :namespace ns - :service-name service-name - :bind-secrets bind-secrets})) \ No newline at end of file + {:apps-v1 apps-v1 + :core-v1 core-v1 + :helm-v3 helm-v3 + :secrets secrets-data + :yaml-path values-path + :yaml-values yaml-values + :app-name app-name + :app-namespace app-namespace + :bind-secrets bind-secrets}))) \ No newline at end of file