-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathreplacer.go
96 lines (82 loc) · 2.19 KB
/
replacer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
package cloudsecrets
import (
"errors"
"fmt"
"reflect"
"strings"
)
// Replace values with "$SECRET:" prefix in v with values from secrets.
func replaceSecrets(v reflect.Value, secrets []secret) error {
r := &replacer{
secretValues: map[string]string{},
fetchErrors: map[string]error{},
}
for _, secret := range secrets {
if secret.fetchErr != nil {
r.fetchErrors[secret.key] = secret.fetchErr
} else {
r.secretValues[secret.key] = secret.value
}
}
r.replaceSecrets(v, "config")
if len(r.errs) > 0 {
return fmt.Errorf("failed to replace %v field(s):\n%v", len(r.errs), errors.Join(r.errs...))
}
return nil
}
type replacer struct {
secretValues map[string]string
fetchErrors map[string]error
errs []error
}
// Walk given v recursively and try to replace all secrets. Record errors along the way.
func (r *replacer) replaceSecrets(v reflect.Value, path string) {
switch v.Kind() {
case reflect.Ptr:
if v.IsNil() {
return
}
r.replaceSecrets(v.Elem(), path)
case reflect.Struct:
for i := 0; i < v.NumField(); i++ {
field := v.Field(i)
r.replaceSecrets(field, fmt.Sprintf("%v.%v", path, v.Type().Field(i).Name))
}
case reflect.Slice, reflect.Array:
for i := 0; i < v.Len(); i++ {
item := v.Index(i)
r.replaceSecrets(item, fmt.Sprintf("%v[%v]", path, i))
}
case reflect.Map:
for _, key := range v.MapKeys() {
item := v.MapIndex(key)
if item.Kind() == reflect.Struct {
// If the value is a struct, create a pointer to it, update the value and reassign the map.
ptr := reflect.New(item.Type())
ptr.Elem().Set(item)
r.replaceSecrets(ptr, fmt.Sprintf("%v[%v]", path, key))
v.SetMapIndex(key, ptr.Elem())
} else {
r.replaceSecrets(item, fmt.Sprintf("%v[%v]", path, key))
}
}
case reflect.String:
secretKey, found := strings.CutPrefix(v.String(), "$SECRET:")
if !found {
return
}
if !v.CanSet() {
r.errs = append(r.errs, fmt.Errorf("%v: reflect: can't set field", path))
return
}
secretValue, ok := r.secretValues[secretKey]
if !ok {
err, _ := r.fetchErrors[secretKey]
r.errs = append(r.errs, fmt.Errorf("%v: %w", path, err))
return
}
v.SetString(secretValue)
default:
return
}
}