diff options
author | Vincent Ambo <tazjin@gmail.com> | 2017-02-09T14·33+0100 |
---|---|---|
committer | Vincent Ambo <tazjin@gmail.com> | 2017-02-09T14·44+0100 |
commit | 2f6e0081214b4033132725065014c5022b997c92 (patch) | |
tree | 8d4262730a91534141f00b258b2d32ec4ad68e93 | |
parent | 4713d565d344d123409dac389c327478b097766a (diff) |
feat templater: Add 'pass' lookup function
This introduces support for looking up secret values in the 'pass' command line tool (https://www.passwordstore.org/). Values like passwords can be interpolated from pass and even more complex structures like certificates for Kubernetes Secrets can be retrieved and base64- encoded as necessary. Fixes #2
-rw-r--r-- | example/some-api/some-api.yaml | 7 | ||||
-rw-r--r-- | templater/pass.go | 32 | ||||
-rw-r--r-- | templater/templater.go | 1 |
3 files changed, 40 insertions, 0 deletions
diff --git a/example/some-api/some-api.yaml b/example/some-api/some-api.yaml index 6f6a29a1599a..57ab7c65275d 100644 --- a/example/some-api/some-api.yaml +++ b/example/some-api/some-api.yaml @@ -1,4 +1,11 @@ --- +apiVersion: v1 +kind: Secret +metadata: + name: secret-certificate +data: + cert.pem: {{ passLookup "my/secret/certificate" | b64enc }} +--- apiVersion: extensions/v1beta1 kind: Deployment metadata: diff --git a/templater/pass.go b/templater/pass.go new file mode 100644 index 000000000000..f1dc82986174 --- /dev/null +++ b/templater/pass.go @@ -0,0 +1,32 @@ +// This file contains the implementation of a template function for retrieving variables from 'pass', the standard UNIX +// password manager. +package templater + +import ( + "fmt" + "os" + "os/exec" + + "github.com/polydawn/meep" +) + +type PassError struct { + meep.TraitAutodescribing + meep.TraitCausable + Output string +} + +func GetFromPass(key string) (string, error) { + fmt.Fprintf(os.Stderr, "Attempting to look up %s in pass\n", key) + pass := exec.Command("pass", "show", key) + + output, err := pass.CombinedOutput() + if err != nil { + return "", meep.New( + &PassError{Output: string(output)}, + meep.Cause(err), + ) + } + + return string(output), nil +} diff --git a/templater/templater.go b/templater/templater.go index fc7433ff10e3..5e38ddf893d0 100644 --- a/templater/templater.go +++ b/templater/templater.go @@ -158,6 +158,7 @@ func templateFuncs() template.FuncMap { b, _ := json.Marshal(data) return string(b) } + m["passLookup"] = GetFromPass return m } |