Merge pull request #140 from Soluto/init-container-multiple-dir

added support for multiple folders when getting encrypted files
Soluto · Apr 2, 2019 · c6aaf31 · c6aaf31
2 parents 552f89b + cf9e4d8
commit c6aaf31
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 14 deletions.
diff --git a/init-container/README.md b/init-container/README.md
@@ -25,7 +25,7 @@ The init container accept the following environmenmt variables:
 | Option                | Required       |  Description                                     | Default Value |
 | -------------------   | ------------   |  ----------------------------------------------- | ------------- |
 | -V/--version          |   false        |   output the version number                |               |
-| `-e/--encrypted-folder <path>`          |   true        |   Encrypted files folder path (the volume mounted with the config map)               |               |
+| `-e/--encrypted-folders <path>`          |   true        |   Encrypted files folder paths, comma seperated (the volumes mounted with the config map)               |               |
 | `-d/--decrypted-path <path>`          |   false        |   Decrypted file/s folder path mounted. Pass this argument to create one decrypted file per encrypted secret              |               |
 | `-n/--decrypted-file-name <name>`          |   false        |   Decrypted file name. Pass this argument to create one configuration file with the encrypted secrets.             |               |
 | `-f/--output-format <format>`          |   false        |  The format of the output file. Supported types: json, cfg, cfg-strict (surround strings with quotation marks), files           |         JSON      |
diff --git a/init-container/index.js b/init-container/index.js
@@ -9,16 +9,16 @@ const path = require('path');
 
 program
     .version('0.1.0')
-    .option('-e, --encrypted-folder <path>', 'Encrypted files folder path')
+    .option('-e, --encrypted-folders <path>', 'Encrypted files folder paths, comma separated')
     .option('-d, --decrypted-path <path>', 'Decrypted file/s folder path')
     .option('-n, --decrypted-file-name <name>', 'Decrypted file name' )
     .option('-f, --output-format <format>', 'The format of the output file, default to JSON. Supported types: json, cfg, files', /^(json|cfg|cfg-strict|files)$/i, 'json')
     .parse(process.argv);
 
-const getEncryptedFiles = async () => {
-  return await readfiles(program.encryptedFolder, function (err, filename, contents) {
-    if (err) throw err;
-  });
+const getEncryptedFiles = async (folder) => {
+    return await readfiles(folder, function (err, filename, contents) {
+        if (err) throw err;
+    });
 }
 
 const getKamusUrl = () => {
@@ -33,8 +33,8 @@ const getBarerToken = async () => {
     return await readFileAsync("/var/run/secrets/kubernetes.io/serviceaccount/token", "utf8");
 }
 
-const decryptFile = async (httpClient, filePath) => {
-    var encryptedContent = await readFileAsync(program.encryptedFolder + '/' + filePath, "utf8");
+const decryptFile = async (httpClient, filePath, folder) => {
+    var encryptedContent = await readFileAsync(folder + '/' + filePath, "utf8");
     try {
       const response = await httpClient.post('/api/v1/decrypt', {data: encryptedContent});
       return response.data;
@@ -76,7 +76,6 @@ const serializeToCfgFormatStrict = (secrets) => {
 
 async function innerRun() {
 
-    let files = await getEncryptedFiles();
     let kamusUrl = getKamusUrl();
     let token = await getBarerToken();
     const httpClient = axios.create({
@@ -86,10 +85,11 @@ async function innerRun() {
     });
 
     let secrets = {};
-
-    for (let file of files)
-    {
-        secrets[file] = await decryptFile(httpClient, file);
+    for (let folder of program.encryptedFolders.split(",")) {
+        let files = await getEncryptedFiles(folder);
+        for (let file of files) {
+            secrets[file] = await decryptFile(httpClient, file, folder);
+        }
     }
 
     const outputFile = path.join(program.decryptedPath, program.decryptedFileName);

diff --git a/init-container/package.json b/init-container/package.json
@@ -1,6 +1,6 @@
 {
   "name": "init-decryptor",
-  "version": "0.0.4",
+  "version": "1.0.0",
   "description": "Meant to be used inside init container to read encrypted values from a given folder and decrypt to them into a json in a given folder",
   "main": "index.js",
   "scripts": {