Add fallback option to gcpsecrets provider (#98)

* add fallback option to gcpsecrets provider Using this with Helm and dynamic secret keys, and in some environments we want a fixed value, or we want the value to empty. The fixed value could be solved by adding a secret with that fixed value, but an empty value is not allowed in GCP. By providing a fallback option an empty string can be set as fallback. * fixup! add fallback option to gcpsecrets provider Co-authored-by: Yusuke Kuoka <[email protected]>
helmfile · Nov 29, 2022 · 7ef61dc · 7ef61dc
1 parent 0f3abc2
commit 7ef61dc
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 3 deletions.
diff --git a/pkg/providers/gcpsecrets/gcpsecrets.go b/pkg/providers/gcpsecrets/gcpsecrets.go
@@ -13,12 +13,13 @@ import (
 	"gopkg.in/yaml.v3"
 )
 
-// Format: ref+gcpsecrets://project/mykey[?version=VERSION]#/yaml_or_json_key/in/secret
+// Format: ref+gcpsecrets://project/mykey[?version=VERSION][&fallback=value=valuewhenkeyisnotfound][&optional=true]#/yaml_or_json_key/in/secret
 type provider struct {
 	client   *sm.Client
 	ctx      context.Context
 	version  string
 	optional bool
+	fallback *string
 }
 
 func New(cfg api.StaticConfig) *provider {
@@ -45,6 +46,11 @@ func New(cfg api.StaticConfig) *provider {
 		}
 	}
 
+	if cfg.Exists("fallback_value") {
+		fallback := cfg.String("fallback_value")
+		p.fallback = &fallback
+	}
+
 	return p
 }
 
@@ -82,6 +88,11 @@ func (p *provider) getSecret(ctx context.Context, key string) ([]byte, error) {
 		if p.optional {
 			return nil, nil
 		}
+
+		if p.fallback != nil {
+			return []byte(*p.fallback), nil
+		}
+
 		return nil, fmt.Errorf("failed to get secret: %w", err)
 	}
 	return secret.GetPayload().GetData(), nil

diff --git a/pkg/providers/gcpsecrets/gcpsecrets_test.go b/pkg/providers/gcpsecrets/gcpsecrets_test.go
@@ -1,18 +1,23 @@
 package gcpsecrets
 
 import (
-	config2 "github.com/variantdev/vals/pkg/config"
 	"testing"
+
+	config2 "github.com/variantdev/vals/pkg/config"
 )
 
 func Test_New(t *testing.T) {
+	defaultVal := "default-value"
+
 	tests := []struct {
 		name    string
 		options map[string]interface{}
 		want    provider
 	}{
 		{"latest", map[string]interface{}{"version": "latest"}, provider{version: "latest", optional: false}},
 		{"optional", map[string]interface{}{"version": "latest", "optional": true}, provider{version: "latest", optional: true}},
+		{"latest", map[string]interface{}{"version": "latest"}, provider{version: "latest", fallback: nil}},
+		{"fallback", map[string]interface{}{"version": "latest", "fallback_value": defaultVal}, provider{version: "latest", fallback: &defaultVal}},
 	}
 
 	for _, tt := range tests {

diff --git a/vals_gcpsecrets_test.go b/vals_gcpsecrets_test.go
@@ -1,10 +1,11 @@
 package vals
 
 import (
-	"github.com/variantdev/vals/pkg/config"
 	"os"
 	"reflect"
 	"testing"
+
+	"github.com/variantdev/vals/pkg/config"
 )
 
 // setup:
@@ -37,6 +38,40 @@ func TestValues_GCPSecretsManager(t *testing.T) {
 			},
 			map[string]interface{}{"valstestvar": "foo: bar"},
 		},
+		{
+			"fallback string",
+			map[string]string{},
+			map[string]interface{}{
+				"provider": map[string]interface{}{
+					"name":           "gcpsecrets",
+					"version":        "latest",
+					"type":           "string",
+					"path":           projectId,
+					"fallback_value": "default-value",
+				},
+				"inline": map[string]interface{}{
+					"missingvar": "missingvar",
+				},
+			},
+			map[string]interface{}{"missingvar": "default-value"},
+		},
+		{
+			"empty fallback string",
+			map[string]string{},
+			map[string]interface{}{
+				"provider": map[string]interface{}{
+					"name":           "gcpsecrets",
+					"version":        "latest",
+					"type":           "string",
+					"path":           projectId,
+					"fallback_value": "",
+				},
+				"inline": map[string]interface{}{
+					"missingvar": "missingvar",
+				},
+			},
+			map[string]interface{}{"missingvar": ""},
+		},
 		{
 			"v1 string",
 			map[string]string{"valstestvar": "foo: bar"},