diff --git a/collector.go b/collector.go index 95d65af..d09150e 100644 --- a/collector.go +++ b/collector.go @@ -15,6 +15,7 @@ type secretField struct { type collector struct { fields []*secretField + hooks []func() err error } @@ -50,10 +51,14 @@ func (g *collector) collectSecretFields(v reflect.Value, path string) { ptr := reflect.New(item.Type()) ptr.Elem().Set(item) + g.hooks = append(g.hooks, func() { + v.SetMapIndex(key, ptr.Elem()) + }) + g.collectSecretFields(ptr, fmt.Sprintf("%v[%v]", path, key)) // Set the modified struct back into the map - v.SetMapIndex(key, ptr.Elem()) + } else { g.collectSecretFields(item, fmt.Sprintf("%v[%v]", path, key)) } diff --git a/hydrate.go b/hydrate.go index 5d8128e..411deea 100644 --- a/hydrate.go +++ b/hydrate.go @@ -74,5 +74,13 @@ func hydrateConfig(ctx context.Context, provider secretsProvider, v reflect.Valu }) } - return g.Wait() + if err := g.Wait(); err != nil { + return fmt.Errorf("failed to hydrate config: %w", err) + } + + for _, hook := range c.hooks { + hook() + } + + return nil } diff --git a/hydrate_test.go b/hydrate_test.go index e58cfb9..3058a15 100644 --- a/hydrate_test.go +++ b/hydrate_test.go @@ -14,6 +14,13 @@ type config struct { Analytics analytics Pass string JWTSecrets []string + Services map[string]service +} + +type service struct { + URL string + Auth string + Pass string } type db struct { @@ -52,6 +59,7 @@ func TestReplacePlaceholdersWithSecrets(t *testing.T) { "pass": "secret", "jwtSecretV1": "some-old-secret", "jwtSecretV2": "changeme-now", + "auth": "auth-secret", }, conf: &config{ Pass: "$SECRET:pass", @@ -66,6 +74,13 @@ func TestReplacePlaceholdersWithSecrets(t *testing.T) { AuthToken: "$SECRET:analyticsPassword", }, JWTSecrets: []string{"$SECRET:jwtSecretV2", "$SECRET:jwtSecretV1"}, + Services: map[string]service{ + "a": { + URL: "http://localhost:8000", + Auth: "$SECRET:auth", + Pass: "$SECRET:jwtSecretV2", + }, + }, }, wantErr: false, wantConf: &config{ @@ -84,6 +99,13 @@ func TestReplacePlaceholdersWithSecrets(t *testing.T) { "changeme-now", "some-old-secret", }, + Services: map[string]service{ + "a": { + URL: "http://localhost:8000", + Auth: "auth-secret", + Pass: "changeme-now", + }, + }, }, }, {