about summary refs log tree commit diff
diff options
context:
space:
mode:
authorVincent Ambo <tazjin@gmail.com>2017-02-09T14·33+0100
committerVincent Ambo <tazjin@gmail.com>2017-02-09T14·44+0100
commit2f6e0081214b4033132725065014c5022b997c92 (patch)
tree8d4262730a91534141f00b258b2d32ec4ad68e93
parent4713d565d344d123409dac389c327478b097766a (diff)
feat templater: Add 'pass' lookup function
This introduces support for looking up secret values in the 'pass' command line
tool (https://www.passwordstore.org/).

Values like passwords can be interpolated from pass and even more complex
structures like certificates for Kubernetes Secrets can be retrieved and base64-
encoded as necessary.

Fixes #2
-rw-r--r--example/some-api/some-api.yaml7
-rw-r--r--templater/pass.go32
-rw-r--r--templater/templater.go1
3 files changed, 40 insertions, 0 deletions
diff --git a/example/some-api/some-api.yaml b/example/some-api/some-api.yaml
index 6f6a29a1599a..57ab7c65275d 100644
--- a/example/some-api/some-api.yaml
+++ b/example/some-api/some-api.yaml
@@ -1,4 +1,11 @@
 ---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-certificate
+data:
+  cert.pem: {{ passLookup "my/secret/certificate" | b64enc }}
+---
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
diff --git a/templater/pass.go b/templater/pass.go
new file mode 100644
index 000000000000..f1dc82986174
--- /dev/null
+++ b/templater/pass.go
@@ -0,0 +1,32 @@
+// This file contains the implementation of a template function for retrieving variables from 'pass', the standard UNIX
+// password manager.
+package templater
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+
+	"github.com/polydawn/meep"
+)
+
+type PassError struct {
+	meep.TraitAutodescribing
+	meep.TraitCausable
+	Output string
+}
+
+func GetFromPass(key string) (string, error) {
+	fmt.Fprintf(os.Stderr, "Attempting to look up %s in pass\n", key)
+	pass := exec.Command("pass", "show", key)
+
+	output, err := pass.CombinedOutput()
+	if err != nil {
+		return "", meep.New(
+			&PassError{Output: string(output)},
+			meep.Cause(err),
+		)
+	}
+
+	return string(output), nil
+}
diff --git a/templater/templater.go b/templater/templater.go
index fc7433ff10e3..5e38ddf893d0 100644
--- a/templater/templater.go
+++ b/templater/templater.go
@@ -158,6 +158,7 @@ func templateFuncs() template.FuncMap {
 		b, _ := json.Marshal(data)
 		return string(b)
 	}
+	m["passLookup"] = GetFromPass
 
 	return m
 }