updating k8s flags to k8s-name, k8s-namespace and k8s-secret for bett…

…er clarity
amagioss · Aug 29, 2024 · 303b21a · 303b21a
1 parent 7a35b5e
commit 303b21a
Show file tree

Hide file tree

Showing 8 changed files with 51 additions and 67 deletions.
diff --git a/.github/workflows/pages.yaml b/.github/workflows/pages.yaml
@@ -1,13 +1,15 @@
-name: Pages
+name: Deploy to GitHub Pages
 
 on:
   push:
     branches: ["main"]
   workflow_dispatch:
+  workflow_call:
 
 jobs:
+
   pages:
-    name: Deploy to GitHub Pages
+    name: Deploy Static Assets to GitHub Pages
     runs-on: ubuntu-latest
     environment:
       name: github-pages
@@ -18,7 +20,7 @@ jobs:
       id-token: write
     concurrency:
       group: "pages"
-      cancel-in-progress: false
+      cancel-in-progress: true
     steps:
       - name: Checkout
         uses: actions/checkout@v4

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -51,36 +51,7 @@ jobs:
             ghcr.io/${{ github.repository }}:latest
 
   pages:
-    name: Deploy to GitHub Pages
+    name: Deploy Static Assets to GitHub Pages
     needs: release
-    runs-on: ubuntu-latest
-    environment:
-      name: github-pages
-      url: ${{ steps.deployment.outputs.page_url }}
-    permissions:
-      contents: read
-      pages: write
-      id-token: write
-    concurrency:
-      group: "pages"
-      cancel-in-progress: true
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-      - name: Prepare pages directory
-        run: |
-          cp scripts/install/* pages/
-          mkdir -p pages/k8s/samples/deploy
-          cp internal/k8s/config/crd/bases/slv.oss.amagi.com_slvs.yaml pages/k8s/crd.yaml
-          cp internal/k8s/deploy/operator.yaml pages/k8s/samples/deploy/operator.yaml
-          cp internal/k8s/deploy/job.yaml pages/k8s/samples/deploy/job.yaml
-          cp internal/k8s/config/samples/slv_v1_slv.yaml pages/k8s/samples/pets.slv.yaml
-      - name: Setup Pages
-        uses: actions/configure-pages@v5
-      - name: Upload artifact
-        uses: actions/upload-pages-artifact@v3
-        with:
-          path: pages
-      - name: Deploy to GitHub Pages
-        id: deployment
-        uses: actions/deploy-pages@v4
+    uses: ./.github/workflows/pages.yaml
+    secrets: inherit
diff --git a/internal/cli/commands/cmdvault/const.go b/internal/cli/commands/cmdvault/const.go
@@ -45,15 +45,19 @@ var (
 		Usage: "Enables hashing by preserving a partial hash of the actual secret for the purpose of validating secret rotation [Not recommended, though it might be difficult to brute-force]",
 	}
 
-	vaultK8sFlag = utils.FlagDef{
-		Name:  "k8s",
-		Usage: "Specify a name for the K8s SLV resource or path to an existing K8s Secret stored as a yaml config if the vault has to be used in a K8s environment",
+	vaultK8sNameFlag = utils.FlagDef{
+		Name:  "k8s-name",
+		Usage: "Name for the K8s SLV resource",
 	}
 
-	vaultK8sNameFlag = utils.FlagDef{
-		Name:      "name",
-		Shorthand: "n",
-		Usage:     "Name of the K8s SLV resource that needs to be created. This will also be the name of the corresponding K8s Secret",
+	vaultK8sNamespaceFlag = utils.FlagDef{
+		Name:  "k8s-namespace",
+		Usage: "Namespace for the K8s SLV resource",
+	}
+
+	vaultK8sSecretFlag = utils.FlagDef{
+		Name:  "k8s-secret",
+		Usage: "A K8s Secret that needs to be transformed to an SLV vault",
 	}
 
 	secretNamePrefixFlag = utils.FlagDef{

diff --git a/internal/cli/commands/cmdvault/k8s.go b/internal/cli/commands/cmdvault/k8s.go
@@ -13,23 +13,23 @@ import (
 	"oss.amagi.com/slv/internal/core/vaults"
 )
 
-func newK8sVault(filePath, k8sNameOrSecretFile string, hash, pq bool, rootPublicKey *crypto.PublicKey, publicKeys ...*crypto.PublicKey) (*vaults.Vault, error) {
-	if strings.HasSuffix(k8sNameOrSecretFile, ".yaml") || strings.HasSuffix(k8sNameOrSecretFile, ".yml") ||
-		strings.HasSuffix(k8sNameOrSecretFile, ".json") || k8sNameOrSecretFile == "-" {
-		var data []byte
+func newK8sVault(filePath, k8sName, k8sNamespace, k8sSecret string, hash, pq bool, rootPublicKey *crypto.PublicKey, publicKeys ...*crypto.PublicKey) (*vaults.Vault, error) {
+	var data []byte
+	if k8sSecret != "" {
 		var err error
-		if k8sNameOrSecretFile == "-" {
+		if strings.HasSuffix(k8sSecret, ".yaml") || strings.HasSuffix(k8sSecret, ".yml") ||
+			strings.HasSuffix(k8sSecret, ".json") {
+			data, err = os.ReadFile(k8sSecret)
+		} else if k8sSecret == "-" {
 			data, err = input.ReadBufferFromStdin("Input the k8s secret object as yaml/json: ")
 		} else {
-			data, err = os.ReadFile(k8sNameOrSecretFile)
+			return nil, fmt.Errorf("invalid k8s secret resource file")
 		}
 		if err != nil {
 			return nil, err
 		}
-		return vaults.New(filePath, "", data, hash, pq, rootPublicKey, publicKeys...)
-	} else {
-		return vaults.New(filePath, k8sNameOrSecretFile, nil, hash, pq, rootPublicKey, publicKeys...)
 	}
+	return vaults.New(filePath, k8sName, k8sNamespace, data, hash, pq, rootPublicKey, publicKeys...)
 }
 
 func vaultToK8sCommand() *cobra.Command {
@@ -42,18 +42,20 @@ func vaultToK8sCommand() *cobra.Command {
 		Short:   "Transform an existing SLV vault file to a K8s compatible one",
 		Run: func(cmd *cobra.Command, args []string) {
 			vaultFilePath := cmd.Flag(vaultFileFlag.Name).Value.String()
-			k8sResourceName := cmd.Flag(vaultK8sNameFlag.Name).Value.String()
+			name := cmd.Flag(vaultK8sNameFlag.Name).Value.String()
+			namespace := cmd.Flag(vaultK8sNamespaceFlag.Name).Value.String()
 			vault, err := getVault(vaultFilePath)
 			if err != nil {
 				utils.ExitOnError(err)
 			}
-			if err = vault.ToK8s(k8sResourceName, nil); err != nil {
+			if err = vault.ToK8s(name, namespace, nil); err != nil {
 				utils.ExitOnError(err)
 			}
-			fmt.Printf("Vault %s transformed to K8s resource %s\n", color.GreenString(vaultFilePath), color.GreenString(k8sResourceName))
+			fmt.Printf("Vault %s transformed to K8s resource %s\n", color.GreenString(vaultFilePath), color.GreenString(name))
 		},
 	}
 	vaultToK8sCmd.Flags().StringP(vaultK8sNameFlag.Name, vaultK8sNameFlag.Shorthand, "", vaultK8sNameFlag.Usage)
+	vaultToK8sCmd.Flags().StringP(vaultK8sNamespaceFlag.Name, vaultK8sNamespaceFlag.Shorthand, "", vaultK8sNamespaceFlag.Usage)
 	vaultToK8sCmd.MarkFlagRequired(vaultK8sNameFlag.Name)
 	return vaultToK8sCmd
 }
diff --git a/internal/cli/commands/cmdvault/new.go b/internal/cli/commands/cmdvault/new.go
@@ -34,8 +34,10 @@ func vaultNewCommand() *cobra.Command {
 				utils.ExitOnError(err)
 			}
 			enableHash, _ := cmd.Flags().GetBool(vaultEnableHashingFlag.Name)
-			k8sName := cmd.Flag(vaultK8sFlag.Name).Value.String()
-			if _, err = newK8sVault(vaultFile, k8sName, enableHash, pq, rootPublicKey, publicKeys...); err != nil {
+			k8sName := cmd.Flag(vaultK8sNameFlag.Name).Value.String()
+			k8sNamespace := cmd.Flag(vaultK8sNamespaceFlag.Name).Value.String()
+			k8sSecret := cmd.Flag(vaultK8sSecretFlag.Name).Value.String()
+			if _, err = newK8sVault(vaultFile, k8sName, k8sNamespace, k8sSecret, enableHash, pq, rootPublicKey, publicKeys...); err != nil {
 				utils.ExitOnError(err)
 			}
 			fmt.Println("Created vault:", color.GreenString(vaultFile))
@@ -46,7 +48,9 @@ func vaultNewCommand() *cobra.Command {
 	vaultNewCmd.Flags().StringSliceP(cmdenv.EnvSearchFlag.Name, cmdenv.EnvSearchFlag.Shorthand, []string{}, cmdenv.EnvSearchFlag.Usage)
 	vaultNewCmd.Flags().BoolP(cmdenv.EnvSelfFlag.Name, cmdenv.EnvSelfFlag.Shorthand, false, cmdenv.EnvSelfFlag.Usage)
 	vaultNewCmd.Flags().BoolP(vaultAccessK8sFlag.Name, vaultAccessK8sFlag.Shorthand, false, vaultAccessK8sFlag.Usage)
-	vaultNewCmd.Flags().StringP(vaultK8sFlag.Name, vaultK8sFlag.Shorthand, "", vaultK8sFlag.Usage)
+	vaultNewCmd.Flags().StringP(vaultK8sNameFlag.Name, vaultK8sNameFlag.Shorthand, "", vaultK8sNameFlag.Usage)
+	vaultNewCmd.Flags().StringP(vaultK8sNamespaceFlag.Name, vaultK8sNamespaceFlag.Shorthand, "", vaultK8sNamespaceFlag.Usage)
+	vaultNewCmd.Flags().StringP(vaultK8sSecretFlag.Name, vaultK8sSecretFlag.Shorthand, "", vaultK8sSecretFlag.Usage)
 	vaultNewCmd.Flags().BoolP(vaultEnableHashingFlag.Name, vaultEnableHashingFlag.Shorthand, false, vaultEnableHashingFlag.Usage)
 	vaultNewCmd.Flags().BoolP(utils.QuantumSafeFlag.Name, utils.QuantumSafeFlag.Shorthand, false, utils.QuantumSafeFlag.Usage)
 	return vaultNewCmd

diff --git a/internal/core/vaults/const.go b/internal/core/vaults/const.go
@@ -41,6 +41,6 @@ var (
 	errVaultPublicKeyNotFound       = errors.New("vault public key not found")
 	errInvalidReferenceFormat       = errors.New("invalid reference format. references must follow the pattern {{" + config.AppNameUpperCase + "_" + vaultIdAbbrev + "_ABCXYZ.secretName}} to allow dereferencing")
 	errInvalidImportDataFormat      = errors.New("invalid import data format - expected a map of string to string [secretName: secretValue] in YAML/JSON format")
-	errK8sNameRequired              = errors.New("k8s resource name is required for k8s compatible SLV vault")
+	errK8sNameRequired              = errors.New("k8s resource name is required for a k8s compatible SLV vault")
 	errVaultWrappedKeysNotFound     = errors.New("vault wrapped keys not found - vault will be inaccessible by any environment")
 )
diff --git a/internal/core/vaults/k8s.go b/internal/core/vaults/k8s.go
@@ -15,8 +15,8 @@ type k8slv struct {
 	Spec              *Vault            `json:"spec" yaml:"spec"`
 }
 
-func (vlt *Vault) ToK8s(k8sName string, k8SecretContent []byte) (err error) {
-	if k8sName == "" && k8SecretContent == nil {
+func (vlt *Vault) ToK8s(name, namespace string, k8SecretContent []byte) (err error) {
+	if name == "" && k8SecretContent == nil {
 		return errK8sNameRequired
 	}
 	if vlt.k8s == nil {
@@ -28,11 +28,6 @@ func (vlt *Vault) ToK8s(k8sName string, k8SecretContent []byte) (err error) {
 			Spec: vlt,
 		}
 	}
-	if k8sName != "" {
-		vlt.k8s.ObjectMeta = metav1.ObjectMeta{
-			Name: k8sName,
-		}
-	}
 	if k8SecretContent != nil {
 		var secretResource interface{}
 		if err = yaml.Unmarshal(k8SecretContent, &secretResource); err != nil {
@@ -73,6 +68,12 @@ func (vlt *Vault) ToK8s(k8sName string, k8SecretContent []byte) (err error) {
 			vlt.k8s.Type = k8secret.Type
 		}
 	}
+	if name != "" {
+		vlt.k8s.Name = name
+	}
+	if namespace != "" {
+		vlt.k8s.Namespace = namespace
+	}
 	return vlt.commit()
 }
 

diff --git a/internal/core/vaults/vault.go b/internal/core/vaults/vault.go
@@ -65,7 +65,7 @@ func newVaultId() (string, error) {
 }
 
 // Returns new vault instance and the vault contents set into the specified field. The vault file name must end with .slv.yml or .slv.yaml.
-func New(filePath, k8sName string, k8SecretContent []byte, hash, quantumSafe bool, rootPublicKey *crypto.PublicKey, publicKeys ...*crypto.PublicKey) (vlt *Vault, err error) {
+func New(filePath, k8sName, k8sNamespace string, k8SecretContent []byte, hash, quantumSafe bool, rootPublicKey *crypto.PublicKey, publicKeys ...*crypto.PublicKey) (vlt *Vault, err error) {
 	if !isValidVaultFileName(filePath) {
 		return nil, errInvalidVaultFileName
 	}
@@ -115,7 +115,7 @@ func New(filePath, k8sName string, k8SecretContent []byte, hash, quantumSafe boo
 	if k8sName == "" && k8SecretContent == nil {
 		return vlt, vlt.commit()
 	} else {
-		return vlt, vlt.ToK8s(k8sName, k8SecretContent)
+		return vlt, vlt.ToK8s(k8sName, k8sNamespace, k8SecretContent)
 	}
 }