Revise vault to better support DSL impl
This commit is contained in:
@@ -9,9 +9,6 @@
|
|||||||
["path" :as path]
|
["path" :as path]
|
||||||
[configs :refer [cfg]]))
|
[configs :refer [cfg]]))
|
||||||
|
|
||||||
(defn vault-path-exists? [vault path provider]
|
|
||||||
)
|
|
||||||
|
|
||||||
(defn get-secret-val
|
(defn get-secret-val
|
||||||
"Extract a specific key from a Vault secret Output/Promise."
|
"Extract a specific key from a Vault secret Output/Promise."
|
||||||
[secret-promise key]
|
[secret-promise key]
|
||||||
@@ -25,37 +22,36 @@
|
|||||||
:dataJson (js/JSON.stringify (clj->js service-secrets))})
|
:dataJson (js/JSON.stringify (clj->js service-secrets))})
|
||||||
(clj->js {:provider vault-provider}))))
|
(clj->js {:provider vault-provider}))))
|
||||||
|
|
||||||
|
(defn prepare
|
||||||
|
"Prepares common resources and values for a deployment from a single config map."
|
||||||
|
[config]
|
||||||
|
(let [{:keys [provider vault-provider app-name app-namespace load-yaml]} config
|
||||||
|
|
||||||
|
apps-v1 (.. k8s -apps -v1)
|
||||||
(defn prepare [vault-provider service-name provider load-yaml]
|
|
||||||
(let [apps-v1 (.. k8s -apps -v1)
|
|
||||||
core-v1 (.. k8s -core -v1)
|
core-v1 (.. k8s -core -v1)
|
||||||
helm-v3 (.. k8s -helm -v3)
|
helm-v3 (.. k8s -helm -v3)
|
||||||
vault-path (str "secret/" service-name)
|
values-path (.join path js/__dirname ".." (-> cfg :resource-path) (str app-name ".yml"))]
|
||||||
_ (when vault-provider (initialize-mount vault-provider vault-path service-name))
|
|
||||||
secrets (when vault-provider (pulumi/output (.getSecret (.-generic vault)
|
(let [yaml-values (when load-yaml
|
||||||
(clj->js {:path vault-path})
|
(js->clj (-> values-path
|
||||||
(clj->js {:provider vault-provider}))))
|
|
||||||
secrets-data (when secrets (.apply secrets #(.. % -data)))
|
|
||||||
values-path (.join path js/__dirname ".." (-> cfg :resource-path) (str service-name ".yml"))
|
|
||||||
yaml-values (when load-yaml (js->clj (-> values-path
|
|
||||||
(fs/readFileSync "utf8")
|
(fs/readFileSync "utf8")
|
||||||
(yaml/load))))
|
(yaml/load))))
|
||||||
ns (when provider (.. (new (.. core-v1 -Namespace)
|
{:keys [secrets-data bind-secrets]}
|
||||||
(str service-name "-ns")
|
(when vault-provider
|
||||||
(clj->js {:metadata {:name service-name}})
|
(let [vault-path (str "secret/" app-name)
|
||||||
(clj->js {:provider provider})) -metadata -name))
|
_ (initialize-mount vault-provider vault-path app-name)
|
||||||
bind-secrets (when (and vault-provider provider) (new (.. core-v1 -Secret)
|
secrets (pulumi/output (.getSecret (.-generic vault)
|
||||||
(str service-name "-secrets")
|
(clj->js {:path vault-path})
|
||||||
(clj->js {:metadata {:name (str service-name "-secrets")
|
(clj->js {:provider vault-provider})))
|
||||||
:namespace service-name}
|
secrets-data (.apply secrets #(.. % -data))
|
||||||
|
bind-secrets (when (and provider app-namespace)
|
||||||
|
(new (.. core-v1 -Secret) (str app-name "-secrets")
|
||||||
|
(clj->js {:metadata {:name (str app-name "-secrets")
|
||||||
|
:namespace app-namespace}
|
||||||
:stringData secrets-data})
|
:stringData secrets-data})
|
||||||
(clj->js {:provider provider})))]
|
(clj->js {:provider provider})))]
|
||||||
|
{:secrets-data secrets-data
|
||||||
|
:bind-secrets bind-secrets}))]
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
{:apps-v1 apps-v1
|
{:apps-v1 apps-v1
|
||||||
:core-v1 core-v1
|
:core-v1 core-v1
|
||||||
@@ -63,6 +59,6 @@
|
|||||||
:secrets secrets-data
|
:secrets secrets-data
|
||||||
:yaml-path values-path
|
:yaml-path values-path
|
||||||
:yaml-values yaml-values
|
:yaml-values yaml-values
|
||||||
:namespace ns
|
:app-name app-name
|
||||||
:service-name service-name
|
:app-namespace app-namespace
|
||||||
:bind-secrets bind-secrets}))
|
:bind-secrets bind-secrets})))
|
||||||
Reference in New Issue
Block a user