-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathmain.go
120 lines (96 loc) · 3.22 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package main
import (
"fmt"
"os"
"time"
"github.com/cenkalti/backoff"
"github.com/cyberark/conjur-authn-k8s-client/pkg/access_token/memory"
"github.com/cyberark/conjur-authn-k8s-client/pkg/authenticator"
authnConfigProvider "github.com/cyberark/conjur-authn-k8s-client/pkg/authenticator/config"
"github.com/cyberark/conjur-authn-k8s-client/pkg/log"
"github.com/cyberark/secrets-provider-for-k8s/pkg/log/messages"
"github.com/cyberark/secrets-provider-for-k8s/pkg/secrets"
secretsConfigProvider "github.com/cyberark/secrets-provider-for-k8s/pkg/secrets/config"
"github.com/cyberark/secrets-provider-for-k8s/pkg/utils"
)
func main() {
var err error
log.Info(messages.CSPFK008I, secrets.FullVersionName)
// Initialize configurations
authnConfig, err := authnConfigProvider.NewFromEnv()
if err != nil {
printErrorAndExit(messages.CSPFK008E)
}
secretsConfig, err := secretsConfigProvider.NewFromEnv()
if err != nil {
printErrorAndExit(messages.CSPFK015E)
}
validateContainerMode(authnConfig.ContainerMode)
provideConjurSecrets, err := secrets.GetProvideConjurSecretFunc(secretsConfig.StoreType)
if err != nil {
printErrorAndExit(fmt.Sprintf(messages.CSPFK014E, err.Error()))
}
accessToken, err := memory.NewAccessToken()
if err != nil {
printErrorAndExit(messages.CSPFK001E)
}
authn, err := authenticator.NewWithAccessToken(*authnConfig, accessToken)
if err != nil {
printErrorAndExit(messages.CSPFK009E)
}
limitedBackOff := utils.NewLimitedBackOff(
time.Duration(secretsConfig.RetryIntervalSec)*time.Second,
secretsConfig.RetryCountLimit)
err = backoff.Retry(func() error {
if limitedBackOff.RetryCount() > 0 {
log.Info(fmt.Sprintf(messages.CSPFK010I, limitedBackOff.RetryCount(), limitedBackOff.RetryLimit))
}
return provideSecretsToTarget(authn, provideConjurSecrets, accessToken)
}, limitedBackOff)
if err != nil {
log.Error(messages.CSPFK038E)
// Deleting the retrieved Conjur access token in case we got an error after retrieval.
// if the access token is already deleted the action should not fail
err = accessToken.Delete()
if err != nil {
log.Error(messages.CSPFK003E, err)
}
printErrorAndExit(messages.CSPFK039E)
}
}
func provideSecretsToTarget(authn *authenticator.Authenticator, provideConjurSecrets secrets.ProvideConjurSecrets, accessToken *memory.AccessToken) error {
log.Info(fmt.Sprintf(messages.CSPFK001I, authn.Config.Username))
err := authn.Authenticate()
if err != nil {
return log.RecordedError(messages.CSPFK010E)
}
err = provideConjurSecrets(accessToken)
if err != nil {
return log.RecordedError(messages.CSPFK016E)
}
err = accessToken.Delete()
if err != nil {
return log.RecordedError(messages.CSPFK003E, err.Error())
}
log.Info(messages.CSPFK009I)
return nil
}
func printErrorAndExit(errorMessage string) {
log.Error(errorMessage)
os.Exit(1)
}
func validateContainerMode(containerMode string) {
validContainerModes := []string{
"init",
"application",
}
isValidContainerMode := false
for _, validContainerModeType := range validContainerModes {
if containerMode == validContainerModeType {
isValidContainerMode = true
}
}
if !isValidContainerMode {
printErrorAndExit(fmt.Sprintf(messages.CSPFK007E, containerMode, validContainerModes))
}
}