...

Source file src/edge-infra.dev/pkg/edge/api/graph/resolver/secret_manager_queries.resolvers.go

Documentation: edge-infra.dev/pkg/edge/api/graph/resolver

     1  package resolver
     2  
     3  // This file will be automatically regenerated based on the schema, any resolver implementations
     4  // will be copied through when generating and any unknown code will be moved to the end.
     5  // Code generated by github.com/99designs/gqlgen version v0.17.45
     6  
     7  import (
     8  	"context"
     9  	"encoding/base64"
    10  	"errors"
    11  	"fmt"
    12  
    13  	"edge-infra.dev/pkg/edge/api/graph/model"
    14  	"edge-infra.dev/pkg/edge/api/middleware"
    15  	"edge-infra.dev/pkg/edge/api/utils"
    16  	"edge-infra.dev/pkg/edge/bsl"
    17  	"edge-infra.dev/pkg/edge/constants"
    18  	"edge-infra.dev/pkg/edge/externalsecrets"
    19  )
    20  
    21  // CreateOrUpdateSecretManagerSecret is the resolver for the createOrUpdateSecretManagerSecret field.
    22  func (r *mutationResolver) CreateOrUpdateSecretManagerSecret(ctx context.Context, name string, bannerEdgeID string, owner string, values []*model.KeyValues, workload *string, typeArg string) (bool, error) {
    23  	if workload != nil && !constants.NamespaceSelectorType(*workload).Valid() {
    24  		return false, fmt.Errorf("invalid workload: %s", *workload)
    25  	}
    26  	projectID, err := r.BannerService.GetBannerProjectID(ctx, bannerEdgeID)
    27  	if err != nil {
    28  		return false, err
    29  	}
    30  	if typeArg == externalsecrets.DockerPullSecretType {
    31  		url, username, password, err := utils.GetDockerValsOrFail(values)
    32  		if err != nil {
    33  			return false, err
    34  		}
    35  		auth := base64.RawStdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", username, password)))
    36  		values = []*model.KeyValues{
    37  			{
    38  				Key:   "dockerconfigjson",
    39  				Value: fmt.Sprintf(`{"auths": {"%s":{"auth":"%s"}}}`, url, auth),
    40  			},
    41  		}
    42  	}
    43  	err = r.GCPService.AddSecret(ctx, name, owner, typeArg, values, projectID, workload, nil)
    44  	if err != nil {
    45  		return false, err
    46  	}
    47  	return true, nil
    48  }
    49  
    50  // DeleteSecretManagerSecret is the resolver for the deleteSecretManagerSecret field.
    51  func (r *mutationResolver) DeleteSecretManagerSecret(ctx context.Context, name string, bannerEdgeID string) (bool, error) {
    52  	tenantName := bsl.GetOrgShortName(middleware.ForContext(ctx).Organization)
    53  	tenant, err := r.BannerService.GetBannerTenantInfo(ctx, tenantName)
    54  	if err != nil {
    55  		return false, err
    56  	}
    57  	banner, err := r.BannerService.GetBannerByEdgeID(ctx, bannerEdgeID)
    58  	if err != nil {
    59  		return false, err
    60  	}
    61  	if banner.TenantEdgeID == tenant.TenantEdgeID {
    62  		if _, err := r.GCPService.DeleteSecret(ctx, name, banner.ProjectID); err != nil {
    63  			return false, err
    64  		}
    65  		if err = r.SecretService.DeleteExternalSecret(ctx, name, "", banner.ProjectID, nil, nil, name); err != nil {
    66  			return false, err
    67  		}
    68  		return true, nil
    69  	}
    70  	return false, errors.New("user does not have access to the specified banner")
    71  }
    72  
    73  // SecretManagerSecrets is the resolver for the secretManagerSecrets field.
    74  func (r *queryResolver) SecretManagerSecrets(ctx context.Context, bannerEdgeID string, owner *string, typeArg *string, getValues bool) ([]*model.SecretManagerResponse, error) {
    75  	tenantName := bsl.GetOrgShortName(middleware.ForContext(ctx).Organization)
    76  	tenant, err := r.BannerService.GetBannerTenantInfo(ctx, tenantName)
    77  	if err != nil {
    78  		return nil, err
    79  	}
    80  	banner, err := r.BannerService.GetBannerByEdgeID(ctx, bannerEdgeID)
    81  	if err != nil {
    82  		return nil, err
    83  	}
    84  	if banner.TenantEdgeID == tenant.TenantEdgeID {
    85  		if owner != nil {
    86  			return r.GCPService.GetSecrets(ctx, nil, owner, typeArg, getValues, banner.ProjectID)
    87  		}
    88  		defaultOwnerFilter := constants.DefaultOwnerFilter
    89  		return r.GCPService.GetSecrets(ctx, nil, &defaultOwnerFilter, typeArg, getValues, banner.ProjectID)
    90  	}
    91  	return nil, errors.New("user does not have access to the specified banner")
    92  }
    93  
    94  // SecretManagerSecret is the resolver for the secretManagerSecret field.
    95  func (r *queryResolver) SecretManagerSecret(ctx context.Context, name string, bannerEdgeID string, owner *string, typeArg *string, getValues bool) (*model.SecretManagerResponse, error) {
    96  	tenantName := bsl.GetOrgShortName(middleware.ForContext(ctx).Organization)
    97  	tenant, err := r.BannerService.GetBannerTenantInfo(ctx, tenantName)
    98  	if err != nil {
    99  		return nil, err
   100  	}
   101  	banner, err := r.BannerService.GetBannerByEdgeID(ctx, bannerEdgeID)
   102  	if err != nil {
   103  		return nil, err
   104  	}
   105  	if banner.TenantEdgeID == tenant.TenantEdgeID {
   106  		result, err := r.GCPService.GetSecrets(ctx, &name, owner, typeArg, getValues, banner.ProjectID)
   107  		if len(result) == 0 {
   108  			return nil, fmt.Errorf("secret %s not found in banner %s ", name, bannerEdgeID)
   109  		}
   110  		return result[0], err
   111  	}
   112  	return nil, errors.New("user does not have access to the specified banner")
   113  }
   114  

View as plain text