Update backend formatting and add --format flag#530
Conversation
| useBackendFormatting := shouldMountFile && mountAPIFormat != models.JSON && mountFormat != models.TemplateMountFormat | ||
| if useBackendFormatting { | ||
| var apiError http.Error | ||
| _, _, formattedBytes, apiError := http.DownloadSecrets(localConfig.APIHost.Value, utils.GetBool(localConfig.VerifyTLS.Value, true), localConfig.Token.Value, localConfig.EnclaveProject.Value, localConfig.EnclaveConfig.Value, mountAPIFormat, nameTransformer, "", dynamicSecretsTTL, secretsToInclude) | ||
| if !apiError.IsNil() { | ||
| utils.HandleError(apiError.Unwrap(), apiError.Message) | ||
| } | ||
| mountOptions.FormattedBytes = formattedBytes | ||
| secrets = map[string]string{} | ||
| fromCache = false | ||
| } else { | ||
| // For JSON and template formats, use the standard FetchSecrets path with caching | ||
| secrets, fromCache = controllers.FetchSecrets(localConfig, enableCache, fallbackOpts, metadataPath, nameTransformer, dynamicSecretsTTL, format, secretsToInclude) | ||
| } |
There was a problem hiding this comment.
blocking: It is pretty unfortunate that we're introducing a regression in functionality here, where now mounting to an env file (or other formats) can no longer use the fallback file or cache. I was hoping that we'd unwind some of the internals of FetchSecrets, it really should just return a raw byte array, since it accepts format as an argument. All FetchSecrets does with it internally is some validations before writing the fallback file, I'm not convinced those are necessary.
If we're not going to do the work to keep the same level of functionality, we still should not be passing around an empty map and putting the raw bytes somewhere else, that's super hacky. At the very least, secrets here should be a byte array, ValidateSecrets can be moved closer to FetchSecrets, and PrepareSecrets should accept a byte array.
Finally, we should get rid of all of the dead code. SecretsToBytes can be removed entirely. secrets_mount.go can also be removed entirely (though the template option will need to be accommodated elsewhere. we should not introduce a breaking change, but this is not a "real" format, it's json piped through a user-defined local template file).
2 participants
This PR adds a new
--formatflag and adds information about the deprecation of the existing--mount-formatflag. It also moves all of our formatting to the backend for parity across commands and features.