feat: make it possible to read secrets from files

promhippie · Aug 10, 2023 · ed721cf · ed721cf
1 parent f33559c
commit ed721cf
Show file tree

Hide file tree

Showing 3 changed files with 77 additions and 31 deletions.
diff --git a/pkg/action/helper.go b/pkg/action/helper.go
@@ -0,0 +1,16 @@
+package action
+
+// boolP returns a boolean pointer.
+func boolP(i bool) *bool {
+	return &i
+}
+
+// stringP returns a string pointer.
+func stringP(i string) *string {
+	return &i
+}
+
+// slceP returns a slice pointer.
+func sliceP(i []string) *[]string {
+	return &i
+}
diff --git a/pkg/action/server.go b/pkg/action/server.go
@@ -3,7 +3,6 @@ package action
 import (
 	"context"
 	"crypto/tls"
-	"encoding/base64"
 	"io"
 	"net/http"
 	"os"
@@ -233,30 +232,6 @@ func handler(cfg *config.Config, logger log.Logger, client *github.Client) *chi.
 	return mux
 }
 
-func boolP(i bool) *bool {
-	return &i
-}
-
-func stringP(i string) *string {
-	return &i
-}
-
-func sliceP(i []string) *[]string {
-	return &i
-}
-
-func contentOrDecode(file string) ([]byte, error) {
-	decoded, err := base64.StdEncoding.DecodeString(
-		file,
-	)
-
-	if err != nil {
-		return os.ReadFile(file)
-	}
-
-	return decoded, nil
-}
-
 func useEnterprise(cfg *config.Config, _ log.Logger) bool {
 	return cfg.Target.BaseURL != ""
 }
@@ -271,7 +246,7 @@ func getClient(cfg *config.Config, logger log.Logger) (*github.Client, error) {
 	}
 
 	if useApplication(cfg, logger) {
-		privateKey, err := contentOrDecode(cfg.Target.PrivateKey)
+		privateKey, err := config.Value(cfg.Target.PrivateKey)
 
 		if err != nil {
 			level.Error(logger).Log(
@@ -286,7 +261,7 @@ func getClient(cfg *config.Config, logger log.Logger) (*github.Client, error) {
 			http.DefaultTransport,
 			cfg.Target.AppID,
 			cfg.Target.InstallID,
-			privateKey,
+			[]byte(privateKey),
 		)
 
 		if err != nil {
@@ -305,12 +280,23 @@ func getClient(cfg *config.Config, logger log.Logger) (*github.Client, error) {
 		), nil
 	}
 
+	accessToken, err := config.Value(cfg.Target.Token)
+
+	if err != nil {
+		level.Error(logger).Log(
+			"msg", "Failed to read token",
+			"err", err,
+		)
+
+		return nil, err
+	}
+
 	return github.NewClient(
 		oauth2.NewClient(
 			context.Background(),
 			oauth2.StaticTokenSource(
 				&oauth2.Token{
-					AccessToken: cfg.Target.Token,
+					AccessToken: accessToken,
 				},
 			),
 		),
@@ -319,7 +305,7 @@ func getClient(cfg *config.Config, logger log.Logger) (*github.Client, error) {
 
 func getEnterprise(cfg *config.Config, logger log.Logger) (*github.Client, error) {
 	if useApplication(cfg, logger) {
-		privateKey, err := contentOrDecode(cfg.Target.PrivateKey)
+		privateKey, err := config.Value(cfg.Target.PrivateKey)
 
 		if err != nil {
 			level.Error(logger).Log(
@@ -334,7 +320,7 @@ func getEnterprise(cfg *config.Config, logger log.Logger) (*github.Client, error
 			http.DefaultTransport,
 			cfg.Target.AppID,
 			cfg.Target.InstallID,
-			privateKey,
+			[]byte(privateKey),
 		)
 
 		if err != nil {
@@ -373,6 +359,17 @@ func getEnterprise(cfg *config.Config, logger log.Logger) (*github.Client, error
 		return client, err
 	}
 
+	accessToken, err := config.Value(cfg.Target.Token)
+
+	if err != nil {
+		level.Error(logger).Log(
+			"msg", "Failed to read token",
+			"err", err,
+		)
+
+		return nil, err
+	}
+
 	client, err := github.NewEnterpriseClient(
 		cfg.Target.BaseURL,
 		cfg.Target.BaseURL,
@@ -390,7 +387,7 @@ func getEnterprise(cfg *config.Config, logger log.Logger) (*github.Client, error
 			),
 			oauth2.StaticTokenSource(
 				&oauth2.Token{
-					AccessToken: cfg.Target.Token,
+					AccessToken: accessToken,
 				},
 			),
 		),

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -1,6 +1,10 @@
 package config
 
 import (
+	"encoding/base64"
+	"fmt"
+	"os"
+	"strings"
 	"time"
 
 	"github.com/urfave/cli/v2"
@@ -65,3 +69,32 @@ type Config struct {
 func Load() *Config {
 	return &Config{}
 }
+
+// Value returns the config value based on a DSN.
+func Value(val string) (string, error) {
+	if strings.HasPrefix(val, "file://") {
+		content, err := os.ReadFile(
+			strings.TrimPrefix(val, "file://"),
+		)
+
+		if err != nil {
+			return "", fmt.Errorf("failed to parse secret file: %w", err)
+		}
+
+		return string(content), nil
+	}
+
+	if strings.HasPrefix(val, "base64://") {
+		content, err := base64.StdEncoding.DecodeString(
+			strings.TrimPrefix(val, "base64://"),
+		)
+
+		if err != nil {
+			return "", fmt.Errorf("failed to parse base64 value: %w", err)
+		}
+
+		return string(content), nil
+	}
+
+	return val, nil
+}