There are defined data structures for annotation parsing in M1

Question

There are defined data structures for annotation parsing in M1

Opened this issue 3 years ago · 1 comments

For the M1 push to file feature the Secrets provider will use Kubernetes annotations to
list the secrets that will be retrieved from Conjur.

When configured for push to file, the annotations will need to be parsed and the results
saved to a a data structure.

Requirements

When the Secrets Provider container starts up, it will need to parse the annotations file.
The Secrets Provider will need to parse all Pod annotations, and compile an array of per-group secrets mapping information.

Each annotation key will be parsed and split into three fields:

Annotation type (e.g. conjur-secrets, conjur-secrets-policy-path, etc)
Secrets group
Annotation value. The annotation value is a string that can be any of the following formats:
- Plain string
- YAML list of secrets
- Secrets file Golang template

The parsed annotations need to be saved in a data structure as outlined below from the spec.

// SecretsPaths comprises Conjur variable paths for all secrets in a secrets group, indexed by secret name.
type SecretsPaths map[string]string

// GroupSecretsInfo comprises secrets mapping information for a given secrets group.
type GroupSecretsInfo struct {
    Secrets SecretsPaths
    SecretsPathPrefix string
    FilePath string
    FileFormat int
    Template string
}

// GroupSecrets comprises secrets mapping info for all secrets groups
var GroupSecrets map[string]GroupSecretsInfo{}

Acceptance Criteria

The data structures exist for parsing the annotations.

Answer 1 · 2021-07-19T15:44:07.000Z

This is a design / spike story to come up with a starting point for a data structure to work with when parsing annotations.