jaggar/iac-cljs-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revise vault to better support DSL impl

Browse Source
This commit is contained in:
GigiaJ
2025-10-02 03:54:46 -05:00
parent e42c18d958
commit 7ac41937a8
1 changed files with 35 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
iac/src/main/utils/vault.cljs
View File

@@ -9,9 +9,6 @@
["path" :as path] ["path" :as path]
[configs :refer [cfg]])) [configs :refer [cfg]]))
(defn vault-path-exists? [vault path provider]
)
(defn get-secret-val (defn get-secret-val
"Extract a specific key from a Vault secret Output/Promise." "Extract a specific key from a Vault secret Output/Promise."
[secret-promise key] [secret-promise key]
@@ -25,44 +22,43 @@
:dataJson (js/JSON.stringify (clj->js service-secrets))}) :dataJson (js/JSON.stringify (clj->js service-secrets))})
(clj->js {:provider vault-provider})))) (clj->js {:provider vault-provider}))))
(defn prepare
"Prepares common resources and values for a deployment from a single config map."
[config]
(let [{:keys [provider vault-provider app-name app-namespace load-yaml]} config
apps-v1 (.. k8s -apps -v1)
(defn prepare [vault-provider service-name provider load-yaml]
(let [apps-v1 (.. k8s -apps -v1)
core-v1 (.. k8s -core -v1) core-v1 (.. k8s -core -v1)
helm-v3 (.. k8s -helm -v3) helm-v3 (.. k8s -helm -v3)
vault-path (str "secret/" service-name) values-path (.join path js/__dirname ".." (-> cfg :resource-path) (str app-name ".yml"))]
_ (when vault-provider (initialize-mount vault-provider vault-path service-name))
secrets (when vault-provider (pulumi/output (.getSecret (.-generic vault)
(clj->js {:path vault-path})
(clj->js {:provider vault-provider}))))
secrets-data (when secrets (.apply secrets #(.. % -data)))
values-path (.join path js/__dirname ".." (-> cfg :resource-path) (str service-name ".yml"))
yaml-values (when load-yaml (js->clj (-> values-path
(fs/readFileSync "utf8")
(yaml/load))))
ns (when provider (.. (new (.. core-v1 -Namespace)
(str service-name "-ns")
(clj->js {:metadata {:name service-name}})
(clj->js {:provider provider})) -metadata -name))
bind-secrets (when (and vault-provider provider) (new (.. core-v1 -Secret)
(str service-name "-secrets")
(clj->js {:metadata {:name (str service-name "-secrets")
:namespace service-name}
:stringData secrets-data})
(clj->js {:provider provider})))]
(let [yaml-values (when load-yaml
(js->clj (-> values-path
(fs/readFileSync "utf8")
(yaml/load))))
{:keys [secrets-data bind-secrets]}
(when vault-provider
(let [vault-path (str "secret/" app-name)
_ (initialize-mount vault-provider vault-path app-name)
secrets (pulumi/output (.getSecret (.-generic vault)
(clj->js {:path vault-path})
(clj->js {:provider vault-provider})))
secrets-data (.apply secrets #(.. % -data))
bind-secrets (when (and provider app-namespace)
(new (.. core-v1 -Secret) (str app-name "-secrets")
(clj->js {:metadata {:name (str app-name "-secrets")
:namespace app-namespace}
:stringData secrets-data})
(clj->js {:provider provider})))]
{:secrets-data secrets-data
:bind-secrets bind-secrets}))]
{:apps-v1 apps-v1
:core-v1 core-v1
:helm-v3 helm-v3
:secrets secrets-data
{:apps-v1 apps-v1 :yaml-path values-path
:core-v1 core-v1 :yaml-values yaml-values
:helm-v3 helm-v3 :app-name app-name
:secrets secrets-data :app-namespace app-namespace
:yaml-path values-path :bind-secrets bind-secrets})))
:yaml-values yaml-values
:namespace ns
:service-name service-name
:bind-secrets bind-secrets}))