1 package resolver
2
3
4
5
6
7 import (
8 "context"
9 "encoding/base64"
10 "errors"
11 "fmt"
12
13 "edge-infra.dev/pkg/edge/api/graph/model"
14 "edge-infra.dev/pkg/edge/api/middleware"
15 "edge-infra.dev/pkg/edge/api/utils"
16 "edge-infra.dev/pkg/edge/bsl"
17 "edge-infra.dev/pkg/edge/constants"
18 "edge-infra.dev/pkg/edge/externalsecrets"
19 )
20
21
22 func (r *mutationResolver) CreateOrUpdateSecretManagerSecret(ctx context.Context, name string, bannerEdgeID string, owner string, values []*model.KeyValues, workload *string, typeArg string) (bool, error) {
23 if workload != nil && !constants.NamespaceSelectorType(*workload).Valid() {
24 return false, fmt.Errorf("invalid workload: %s", *workload)
25 }
26 projectID, err := r.BannerService.GetBannerProjectID(ctx, bannerEdgeID)
27 if err != nil {
28 return false, err
29 }
30 if typeArg == externalsecrets.DockerPullSecretType {
31 url, username, password, err := utils.GetDockerValsOrFail(values)
32 if err != nil {
33 return false, err
34 }
35 auth := base64.RawStdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", username, password)))
36 values = []*model.KeyValues{
37 {
38 Key: "dockerconfigjson",
39 Value: fmt.Sprintf(`{"auths": {"%s":{"auth":"%s"}}}`, url, auth),
40 },
41 }
42 }
43 err = r.GCPService.AddSecret(ctx, name, owner, typeArg, values, projectID, workload, nil)
44 if err != nil {
45 return false, err
46 }
47 return true, nil
48 }
49
50
51 func (r *mutationResolver) DeleteSecretManagerSecret(ctx context.Context, name string, bannerEdgeID string) (bool, error) {
52 tenantName := bsl.GetOrgShortName(middleware.ForContext(ctx).Organization)
53 tenant, err := r.BannerService.GetBannerTenantInfo(ctx, tenantName)
54 if err != nil {
55 return false, err
56 }
57 banner, err := r.BannerService.GetBannerByEdgeID(ctx, bannerEdgeID)
58 if err != nil {
59 return false, err
60 }
61 if banner.TenantEdgeID == tenant.TenantEdgeID {
62 if _, err := r.GCPService.DeleteSecret(ctx, name, banner.ProjectID); err != nil {
63 return false, err
64 }
65 if err = r.SecretService.DeleteExternalSecret(ctx, name, "", banner.ProjectID, nil, nil, name); err != nil {
66 return false, err
67 }
68 return true, nil
69 }
70 return false, errors.New("user does not have access to the specified banner")
71 }
72
73
74 func (r *queryResolver) SecretManagerSecrets(ctx context.Context, bannerEdgeID string, owner *string, typeArg *string, getValues bool) ([]*model.SecretManagerResponse, error) {
75 tenantName := bsl.GetOrgShortName(middleware.ForContext(ctx).Organization)
76 tenant, err := r.BannerService.GetBannerTenantInfo(ctx, tenantName)
77 if err != nil {
78 return nil, err
79 }
80 banner, err := r.BannerService.GetBannerByEdgeID(ctx, bannerEdgeID)
81 if err != nil {
82 return nil, err
83 }
84 if banner.TenantEdgeID == tenant.TenantEdgeID {
85 if owner != nil {
86 return r.GCPService.GetSecrets(ctx, nil, owner, typeArg, getValues, banner.ProjectID)
87 }
88 defaultOwnerFilter := constants.DefaultOwnerFilter
89 return r.GCPService.GetSecrets(ctx, nil, &defaultOwnerFilter, typeArg, getValues, banner.ProjectID)
90 }
91 return nil, errors.New("user does not have access to the specified banner")
92 }
93
94
95 func (r *queryResolver) SecretManagerSecret(ctx context.Context, name string, bannerEdgeID string, owner *string, typeArg *string, getValues bool) (*model.SecretManagerResponse, error) {
96 tenantName := bsl.GetOrgShortName(middleware.ForContext(ctx).Organization)
97 tenant, err := r.BannerService.GetBannerTenantInfo(ctx, tenantName)
98 if err != nil {
99 return nil, err
100 }
101 banner, err := r.BannerService.GetBannerByEdgeID(ctx, bannerEdgeID)
102 if err != nil {
103 return nil, err
104 }
105 if banner.TenantEdgeID == tenant.TenantEdgeID {
106 result, err := r.GCPService.GetSecrets(ctx, &name, owner, typeArg, getValues, banner.ProjectID)
107 if len(result) == 0 {
108 return nil, fmt.Errorf("secret %s not found in banner %s ", name, bannerEdgeID)
109 }
110 return result[0], err
111 }
112 return nil, errors.New("user does not have access to the specified banner")
113 }
114
View as plain text