Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add explodeMap templating function #912

Open
hamishforbes opened this issue Sep 12, 2024 · 1 comment
Open

Add explodeMap templating function #912

hamishforbes opened this issue Sep 12, 2024 · 1 comment
Assignees
@benashz
Labels
enhancement New feature or request

Comments

@hamishforbes
Copy link

Is your feature request related to a problem? Please describe.
I'm looking at migrating from a setup where I use consul-template to fetch and then template Vault secrets (via the Vault Agent sidecar) into my application pods before launching the actual application process.

My apps generally consume JSON formatted config files with deeply nested structures.

The solution we've got now is to create fields in the Vault secret with / separated names and use the consul template explodeMap function to expand these out to a nested map, which can then be converted to JSON

e.g.
Vault secret

> vault kv get secret/foobar
...snip
============== Data ==============
Key                          Value
---                          -----
foo/bar/baz                  qux
foo/a/b                      c

template

{{- with secret "secret/foobar" -}}
{{- range $k, $v := .Data.data -}}
{{- scratch.MapSet "vars" $k $v -}}
{{- end -}}
{{- end -}}
{{ scratch.Get "vars" | explodeMap | toJSONPretty }}

json result

{
  "foo": {
    "bar": {
      "baz": "qux"
    },
    "a": {
      "b": "c"
    }
  }
}

Describe the solution you'd like
An equivalent function in VSO so that I can do something like

apiVersion: secrets.hashicorp.com/v1beta1
kind: VaultStaticSecret
metadata:
  name: foobar
  namespace: default
spec:
  destination:
    create: true
    name: foobar
    transformation:
      excludes:
      - .*
      templates:
        vault.json:
          text: |
            {{ .Secrets | explodeMap | toPrettyJson }}
  mount: /secret
  path: foobar
  type: kv-v2
  vaultAuthRef: foobar

Describe alternatives you've considered
If there's a way to do this with the available functions that'd be great too, especially if i can abstract it out into a shared SecretTransformation.
I haven't been able to figure out a way though, splitn maybe?
@hamishforbes hamishforbes added the enhancement New feature or request label Sep 12, 2024
@hamishforbes
Copy link
Author

hamishforbes commented Sep 12, 2024
edited
Loading

Ah of course, I think i've figured it out with the existing sprig functions, its not too pretty or easy to understand but...
In case anyone else has a similar use case this seems to be working for me

{{- $s := dict }}
{{- $i := dict }}
{{- range $key, $value := .Secrets }}
  {{- $splitkey := splitList "/" $key }}
  {{- $i = $s -}}
  {{- range $k, $v := $splitkey }}
    {{- if eq $k ( sub (len $splitkey) 1) }}
      {{- $_ := set $i $v $value }}
    {{- else -}}
      {{- if not (hasKey $i $v) }} {{- $_ := set $i $v (dict) }} {{- end }}
      {{- $i = get $i $v }}
    {{- end }}
  {{- end }}
{{- end -}}
{{ $s | toPrettyJson }}

@benashz benashz self-assigned this Sep 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@benashz benashz

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hamishforbes @benashz