50 lines
1.2 KiB
Go
50 lines
1.2 KiB
Go
// Package hclsecret contains functions for exposing secrets to HCL parsers.
|
|
package hclsecret
|
|
|
|
import (
|
|
"github.com/zclconf/go-cty/cty"
|
|
"github.com/zclconf/go-cty/cty/function"
|
|
|
|
"git.maze.io/go/secret"
|
|
)
|
|
|
|
var templateSpec = &function.Spec{
|
|
Description: "Retrieve a secret from the configured secret provider",
|
|
Params: []function.Parameter{
|
|
{
|
|
Name: "key",
|
|
Description: "Unique key identifying the secret",
|
|
Type: cty.String,
|
|
},
|
|
},
|
|
Type: func(args []cty.Value) (cty.Type, error) {
|
|
return cty.String, nil
|
|
},
|
|
}
|
|
|
|
// Function returns a HCL function for resolving secrets.
|
|
//
|
|
// Typically one would use this in a [hcl.EvalContext]:
|
|
//
|
|
// ctx := &hcl.EvalContext{
|
|
// Functions: map[string]function.Function{
|
|
// "secret": Function(provider),
|
|
// }
|
|
// }
|
|
//
|
|
// This exposes a new HCL function "secret".
|
|
func Function(p secret.Provider) function.Function {
|
|
var spec = new(function.Spec)
|
|
*spec = *templateSpec
|
|
|
|
spec.Impl = func(args []cty.Value, returnType cty.Type) (cty.Value, error) {
|
|
value, err := p.GetSecret(args[0].AsString())
|
|
if err != nil {
|
|
return cty.StringVal(""), err
|
|
}
|
|
return cty.StringVal(string(value)), nil
|
|
}
|
|
|
|
return function.New(spec)
|
|
}
|