Merge pull request #73 from lukasjarosch/refactor/secrets

Refactor/secrets

Makefile

@@ -46,13 +46,27 @@ serve-docs:
 
 
 ## Examples
-example-terraform-dev:
+example-terraform:
 	go run examples/terraform/main.go \
 		-data examples/terraform/inventory \
 		-templates examples/terraform/templates \
 		-output examples/terraform/compiled \
 		-target dev
 
+example-terraform-azure:
+	go run examples/terraform_azure/main.go \
+		-data examples/terraform_azure/inventory \
+		-templates examples/terraform_azure/templates \
+		-output examples/terraform_azure/compiled \
+		-target develop
+
+example-keyvault:
+	go run examples/keyvault/main.go \
+		-data examples/keyvault/inventory \
+		-templates examples/keyvault/templates \
+		-output examples/keyvault/compiled \
+		-target develop
+
 example-external-classes:
 	cd examples/external_classes && go run main.go
 

examples/keyvault/compiled/develop/README.md

@@ -3,7 +3,7 @@
 
 It will create an `apply.sh` and a `destroy.sh` script which create/destroy a resource group and a key vault.
 
-- **Subscription:** `59efa773-ee54-47d6-a95a-eac3fca3bc24`
-- **Resource Group:** `skipper-example`
+- **Subscription:** `d62fd2d4-358f-4ddc-9373-7ac8a307f75b`
+- **Resource Group:** `skipper-keyvault-example`
 - **KeyVault:** `skipperkeyvaultexample`
 - **Location:** `westeurope`

examples/keyvault/compiled/develop/scripts/apply.sh → examples/keyvault/compiled/develop/apply.sh

@@ -1,12 +1,12 @@
 az group create \
   --location westeurope \
-  --name skipper-example \
-  --subscription 59efa773-ee54-47d6-a95a-eac3fca3bc24
+  --name skipper-keyvault-example \
+  --subscription d62fd2d4-358f-4ddc-9373-7ac8a307f75b
 
 az keyvault create \
   --location westeurope \
-  --subscription 59efa773-ee54-47d6-a95a-eac3fca3bc24 \
-  --resource-group skipper-example \
+  --subscription d62fd2d4-358f-4ddc-9373-7ac8a307f75b \
+  --resource-group skipper-keyvault-example \
   --name skipperkeyvaultexample
 
 az keyvault set-policy \

examples/keyvault/compiled/develop/destroy.sh

@@ -0,0 +1,13 @@
+az keyvault delete \
+  --subscription d62fd2d4-358f-4ddc-9373-7ac8a307f75b \
+  --resource-group skipper-keyvault-example \
+  --name skipperkeyvaultexample \
+
+az keyvault purge \
+  --subscription d62fd2d4-358f-4ddc-9373-7ac8a307f75b \
+  --name skipperkeyvaultexample \
+
+az group delete \
+  --name skipper-keyvault-example \
+  --subscription d62fd2d4-358f-4ddc-9373-7ac8a307f75b \
+  --yes 

examples/keyvault/compiled/develop/envrc

@@ -0,0 +1 @@
+export ARM_SUBSCRIPTION_ID=d62fd2d4-358f-4ddc-9373-7ac8a307f75b

examples/keyvault/go.mod

@@ -26,6 +26,7 @@ require (
 	github.com/imdario/mergo v0.3.11 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/mitchellh/copystructure v1.0.0 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.0 // indirect
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
 	github.com/shopspring/decimal v1.2.0 // indirect

examples/keyvault/go.sum

@@ -158,6 +158,8 @@ github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY=
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8=

examples/keyvault/inventory/classes/keyvault.yaml

@@ -1,4 +1,4 @@
 keyvault:
   name: "skipperkeyvaultexample"
   location: "westeurope"
-  resource_group: "skipper-example"
+  resource_group: "skipper-keyvault-example"

examples/keyvault/main.go

@@ -1,49 +1,63 @@
 package main
 
 import (
+	"flag"
+	"log"
 	"path"
 
 	"github.com/lukasjarosch/skipper"
 	"github.com/spf13/afero"
 )
 
 var (
-	fileSystem    = afero.NewOsFs()
-	inventoryPath = "inventory"
-	classPath     = path.Join(inventoryPath, "classes")
-	targetPath    = path.Join(inventoryPath, "targets")
-	templatePath  = "templates"
-	secretPath    = path.Join(inventoryPath, "secrets")
-	outputPath    = "compiled"
+	fileSystem = afero.NewOsFs()
 
-	target = "develop"
+	inventoryPath string
+	templatePath  string
+	outputPath    string
+
+	targetPath string
+	classPath  string
+	secretPath string
+	target     string
 )
 
+func init() {
+	flag.StringVar(&inventoryPath, "data", "inventory", "path to the inventory folder")
+	flag.StringVar(&templatePath, "templates", "templates", "path to the templates folder")
+	flag.StringVar(&outputPath, "output", "compiled", "template output path")
+	flag.StringVar(&target, "target", "dev", "name of the target to use")
+	flag.Parse()
+
+	targetPath = path.Join(inventoryPath, "targets")
+	classPath = path.Join(inventoryPath, "classes")
+	secretPath = path.Join(inventoryPath, "secrets")
+
+	log.Printf("inventory path set to '%s'", inventoryPath)
+	log.Printf("template path set to '%s'", templatePath)
+	log.Printf("compiled path set to '%s'", outputPath)
+	log.Printf("desired target is '%s'", target)
+}
+
 func main() {
 	inventory, err := skipper.NewInventory(fileSystem, classPath, targetPath, secretPath)
 	if err != nil {
 		panic(err)
 	}
 
-	// Load the inventory
-	err = inventory.Load()
-	if err != nil {
-		panic(err)
-	}
-
 	predefinedVariables := map[string]interface{}{
 		"target_name": target,
 		"output_path": outputPath,
 	}
 
 	// Process the inventory, given the target name
-	data, err := inventory.Data("develop", predefinedVariables, true)
+	data, err := inventory.Data("develop", predefinedVariables, false, true)
 	if err != nil {
 		panic(err)
 	}
 
 	templateOutputPath := path.Join(outputPath, target)
-	templater, err := skipper.NewTemplater(fileSystem, templatePath, templateOutputPath, nil)
+	templater, err := skipper.NewTemplater(fileSystem, templatePath, templateOutputPath, nil, nil)
 	if err != nil {
 		panic(err)
 	}
@@ -58,22 +72,22 @@ func main() {
 
 	// execute templates  ----------------------------------------------------------------------------------
 
-	{
-		components, err := inventory.GetComponents(target)
-		if err != nil {
-			panic(err)
-		}
-
-		err = templater.ExecuteComponents(templateData, components, false)
+	// {
+	// 	components, err := inventory.GetComponents(target)
+	// 	if err != nil {
+	// 		panic(err)
+	// 	}
+	//
+	// 	err = templater.ExecuteComponents(templateData, components, false)
+	// 	if err != nil {
+	// 		panic(err)
+	// 	}
+	// }
+	for _, template := range templater.Files {
+		err := templater.Execute(template, templateData, false, nil)
 		if err != nil {
 			panic(err)
 		}
+		log.Printf("executed template '%s' into: %s'", template.Path, path.Join(templateOutputPath, template.Path))
 	}
-	//for _, template := range templater.Files {
-	//	err := templater.Execute(template, templateData, false)
-	//	if err != nil {
-	//		panic(err)
-	//	}
-	//	log.Printf("executed template '%s' into: %s'", template.Path, path.Join(templateOutputPath, template.Path))
-	//}
 }

examples/keyvault/templates/README.md

@@ -2,8 +2,9 @@
 > This example is meant to quickly provision an Azure KeyVault used for testing the KeyVault secret driver
 
 It will create an `apply.sh` and a `destroy.sh` script which create/destroy a resource group and a key vault.
+Additionally, a `create_key.sh` is created to quickly create new keys within the keyvault.
 
-- **Subscription:** `{{ .Inventory.target.azure.common.subscription_id }}`
+- **Subscription:** `{{ .Inventory.azure.common.subscription_id }}`
 - **Resource Group:** `{{ .Inventory.keyvault.resource_group }}`
 - **KeyVault:** `{{ .Inventory.keyvault.name }}`
 - **Location:** `{{ .Inventory.keyvault.location }}`

examples/keyvault/templates/apply.sh

@@ -1,11 +1,11 @@
 az group create \
   --location {{ .Inventory.keyvault.location }} \
   --name {{ .Inventory.keyvault.resource_group }} \
-  --subscription {{ .Inventory.target.azure.common.subscription_id }}
+  --subscription {{ .Inventory.azure.common.subscription_id }}
 
 az keyvault create \
   --location {{ .Inventory.keyvault.location }} \
-  --subscription {{ .Inventory.target.azure.common.subscription_id }} \
+  --subscription {{ .Inventory.azure.common.subscription_id }} \
   --resource-group {{ .Inventory.keyvault.resource_group }} \
   --name {{ .Inventory.keyvault.name }}
 

examples/keyvault/templates/destroy.sh

@@ -1,13 +1,13 @@
 az keyvault delete \
-  --subscription {{ .Inventory.target.azure.common.subscription_id }} \
+  --subscription {{ .Inventory.azure.common.subscription_id }} \
   --resource-group {{ .Inventory.keyvault.resource_group }} \
   --name {{ .Inventory.keyvault.name }} \
 
 az keyvault purge \
-  --subscription {{ .Inventory.target.azure.common.subscription_id }} \
+  --subscription {{ .Inventory.azure.common.subscription_id }} \
   --name {{ .Inventory.keyvault.name }} \
 
 az group delete \
   --name {{ .Inventory.keyvault.resource_group }} \
-  --subscription {{ .Inventory.target.azure.common.subscription_id }} \
+  --subscription {{ .Inventory.azure.common.subscription_id }} \
   --yes 

examples/keyvault/templates/envrc

@@ -1 +1 @@
-export ARM_SUBSCRIPTION_ID={{ .Inventory.target.azure.common.subscription_id }}
+export ARM_SUBSCRIPTION_ID={{ .Inventory.azure.common.subscription_id }}

examples/terraform/compiled/dev/terraform/01_resource_group.tf

@@ -1,5 +1,5 @@
 // This code is part of the project 'terraform-example'
-// Copyright 2022, AcmeCorp International
+// Copyright 2023, AcmeCorp International
 //
 // This code is generated; DO NOT EDIT.
 

examples/terraform/compiled/dev/terraform/02_network.tf

@@ -1,5 +1,5 @@
 // This code is part of the project 'terraform-example'
-// Copyright 2022, AcmeCorp International
+// Copyright 2023, AcmeCorp International
 //
 // This code is generated; DO NOT EDIT.
 

examples/terraform/compiled/dev/terraform/03_aks.tf

@@ -1,5 +1,5 @@
 // This code is part of the project 'terraform-example'
-// Copyright 2022, AcmeCorp International
+// Copyright 2023, AcmeCorp International
 //
 // This code is generated; DO NOT EDIT.
 

examples/terraform/main.go

@@ -58,7 +58,7 @@ func main() {
 	}
 
 	templateOutputPath := path.Join(outputPath, target)
-	templater, err := skipper.NewTemplater(fileSystem, templatePath, templateOutputPath, myTemplateFuncs)
+	templater, err := skipper.NewTemplater(fileSystem, templatePath, templateOutputPath, myTemplateFuncs, []string{})
 	if err != nil {
 		panic(err)
 	}
@@ -74,7 +74,7 @@ func main() {
 		"year":         time.Now().Year(),
 	}
 
-	data, err := inventory.Data(target, predefinedVariables, false)
+	data, err := inventory.Data(target, predefinedVariables, false, false)
 	if err != nil {
 		panic(err)
 	}

examples/terraform_azure/compiled/develop/markdown/README.md

@@ -20,7 +20,7 @@
       "common": {
         "absolute_variable": "59efa773-ee54-47d6-a95a-eac3fca3bc24",
         "local_variable": "59efa773-ee54-47d6-a95a-eac3fca3bc24",
-        "secret": "?{azurekv:targets/develop/some_secret||randomstring:64}",
+        "secret": "1_up5tshpIxHC2b0yh-nMbyIyVOa90Vhi2wGuQ1FdUte_Mo2c7mLTu6dvoNW1U1z",
         "subscription_id": "59efa773-ee54-47d6-a95a-eac3fca3bc24"
       },
       "foo": "bar",
@@ -146,11 +146,8 @@
       "secrets": {
         "drivers": {
           "azurekv": {
-            "vault_name": "kv-dev-edge"
+            "key_id": "https://skipperkeyvaultexample.vault.azure.net/keys/test1/4535327f31154de3b8de7d09115890a6"
           }
-        },
-        "keys": {
-          "azurekv": "test"
         }
       },
       "use": [

examples/terraform_azure/inventory/secrets/targets/develop/some_secret

@@ -1,2 +1,2 @@
-data: YarLioor1NuX/nt13ruXzsP81Brl6obngdGePnKiyEivNT+S1k3QN0CtXjGwSBclmwE/VL9sJi+d+CWCjZLgJF1EoXaV3UPof4RhSiirlBqoqbm6B5ij+fwHOHlNpDW9tS1Q0GmhhB64CYFnvbso6QLFdlh2l1gszzKPtNWWDUsz7lZSV3DO2BbVo7nLh+QsXQKIIfXTNNoLLjFW6mtbZHlruN6LEenR9Ufnb6Gu48RpE6d2L0ptFf9mHEti89G3vEfjtnzdwNG4V1okayA8wrY9xRUmu/jZyUN4kNw/NsQxJXllz8PENilfFV1duBSZ/i4uGoB4P9GPyLGlANxjWwI93L/QrjDuXGdLIRAOs4jFyGLrkU9OEPshGjOUZuuOJo6mGg2eFVDRQvA5zFpo8KecKhNoq1v4f5vyUVWkt/TiaATc3v0duWWkNdnQmm9CxmmmGwpuBmF2gbajmm07Hwqf3HTk2zCTJcFAFGzngA5g4cpNRGKIZDONNVWO56eiCRzhyCaEQmMQE0e6/m8hPIUczLKCVzjFrqeNanR91D7BSReRb5jrn+nKK9aX4kSrxyfG+E5w6nCCdwqc8UJvGS1X0P9d63v3198nGhZYinA79ynH4GHiU8/eaBwHG9fHCD6LEiYMifrDdrp+HZPWcPKvISO+1u8ii2sCRoXG3fU
+data: qnaAMrwvK3JF6I/XAIHWAn5UyZN6gNKCOblgq7gCkuZU4tqcEPAGWz8yQcBIPVinD/OBeH+WQjgJ06BI2rFDElJeNxGkLIQduITI9Qyz2FUcysC3Uus+Aw2dWRHSfNJ5Zy+ZOKhImb0VBgpRcBsru2/6dWl1FS/McnscnXngRtYVeYWpJe908DCRmJZ8xHmYUTw4Ehz1u0rzgIxoggYq/EnLBjcXQaz///IQLs8QGpODArgNoB140lx+1v/HOwtJYBuPAjUJ9FBMfaa9P+f7AOOkAhnnNvTVR8CBSDqEDajDhevIwovk40PJf3Yc13svP/ZAGmHuXn/73/u5kBda8/wogSzVj5C+uqRjyuIuDIq4R4gE+TZU9zjFX9P7Hyx5AEXol63AGHj8VjUeD724W70VB6t4FzbSKGSOCAviUBK4cmI30NAftz3YXY/sePkH4vtOPci4ZkNVvheoHrFO4KUwjCDJI/XK/mz5d6gzcY1IT4NBPFthgW2jGXgS/Rb14v8GlhMJZXN+GowyRo5Tp/VeNSFyXmzgN8Z4NLdw0i5RVVIGS783PDdJHEdPgN5Lc3s1GVHX9tpJgM1v5hZXb7kw8HiP97Tfnz7Rbs3JZiKwO+rJqJwbm7Z1EbhCi4cIFcNJOuV99M0//trx6r0Z0ckZkvqqcdR7KJ+GElUB8Lg
 type: azurekv

examples/terraform_azure/inventory/targets/develop.yaml

@@ -21,10 +21,7 @@ target:
     secrets:
       drivers:
         azurekv: 
-          vault_name: "%{env:AZURE_KEY_VAULT_NAME}"
-      keys:
-        azurekv: "test"
-
+          key_id: https://skipperkeyvaultexample.vault.azure.net/keys/test1/4535327f31154de3b8de7d09115890a6
   azure:
     common:
       subscription_id: "59efa773-ee54-47d6-a95a-eac3fca3bc24" # random uuid