Merge pull request #100 from nitrictech/feature/code-as-config-secrets

Add secret collection to codeconfig
nitrictech · Feb 25, 2022 · 7872c10 · 7872c10
2 parents c4b4957 + 4925e41
commit 7872c10
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 3 deletions.
diff --git a/go.mod b/go.mod
@@ -26,7 +26,7 @@ require (
 	github.com/moby/buildkit v0.9.3 // indirect
 	github.com/moby/moby v20.10.12+incompatible
 	github.com/nitrictech/boxygen v0.0.1-rc.7.0.20211212231606-62c668408f91
-	github.com/nitrictech/nitric v0.13.0-rc.17
+	github.com/nitrictech/nitric v0.14.0-rc.4
 	github.com/pkg/errors v0.9.1
 	github.com/pterm/pterm v0.12.34
 	github.com/pulumi/pulumi-aws/sdk/v4 v4.33.0

diff --git a/go.sum b/go.sum
@@ -1288,8 +1288,8 @@ github.com/nishanths/predeclared v0.2.1 h1:1TXtjmy4f3YCFjTxRd8zcFHOmoUir+gp0ESzj
 github.com/nishanths/predeclared v0.2.1/go.mod h1:HvkGJcA3naj4lOwnFXFDkFxVtSqQMB9sbB1usJ+xjQE=
 github.com/nitrictech/boxygen v0.0.1-rc.7.0.20211212231606-62c668408f91 h1:gtZZJc7l5pML1eRsqyXe0U7NdQxSa7u/cbyEvnGLBpc=
 github.com/nitrictech/boxygen v0.0.1-rc.7.0.20211212231606-62c668408f91/go.mod h1:2XXi1xEwqitH4/gus1bHyG/IQe8WOniK+pybGTz2y/Y=
-github.com/nitrictech/nitric v0.13.0-rc.17 h1:Pv6aGNP/+kHNVt87QfT06bqpbKIy2s3SYcqYXDIRKE4=
-github.com/nitrictech/nitric v0.13.0-rc.17/go.mod h1:XC6DG1/NrMc59Jzq/1h6SLn6L4foSS67pCqyTpauT3o=
+github.com/nitrictech/nitric v0.14.0-rc.4 h1:x3Ng7TTUSqj/ulKRnEdwHDz9gax5+Hrq1rsoBJ6j/9s=
+github.com/nitrictech/nitric v0.14.0-rc.4/go.mod h1:XC6DG1/NrMc59Jzq/1h6SLn6L4foSS67pCqyTpauT3o=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=

diff --git a/pkg/codeconfig/codeconfig.go b/pkg/codeconfig/codeconfig.go
@@ -372,6 +372,9 @@ func (c *codeConfig) ToStack() (*stack.Stack, error) {
 		for k := range f.queues {
 			s.Queues[k] = stack.Queue{}
 		}
+		for k := range f.secrets {
+			s.Secrets[k] = stack.Secret{}
+		}
 
 		// Add policies
 		s.Policies = append(s.Policies, f.policies...)

diff --git a/pkg/codeconfig/function.go b/pkg/codeconfig/function.go
@@ -90,6 +90,7 @@ type FunctionDependencies struct {
 	collections   map[string]*pb.CollectionResource
 	queues        map[string]*pb.QueueResource
 	policies      []*pb.PolicyResource
+	secrets       map[string]*pb.SecretResource
 	lock          sync.RWMutex
 }
 
@@ -174,6 +175,12 @@ func (a *FunctionDependencies) AddQueue(name string, q *pb.QueueResource) {
 	a.queues[name] = q
 }
 
+func (a *FunctionDependencies) AddSecret(name string, s *pb.SecretResource) {
+	a.lock.Lock()
+	defer a.lock.Unlock()
+	a.secrets[name] = s
+}
+
 // NewFunction - creates a new Nitric Function, ready to register handlers and dependencies.
 func NewFunction(name string) *FunctionDependencies {
 	return &FunctionDependencies{
@@ -185,6 +192,7 @@ func NewFunction(name string) *FunctionDependencies {
 		topics:        make(map[string]*pb.TopicResource),
 		collections:   make(map[string]*pb.CollectionResource),
 		queues:        make(map[string]*pb.QueueResource),
+		secrets:       make(map[string]*pb.SecretResource),
 		policies:      make([]*pb.PolicyResource, 0),
 	}
 }
diff --git a/pkg/codeconfig/server.go b/pkg/codeconfig/server.go
@@ -79,6 +79,8 @@ func (s *Server) Declare(ctx context.Context, req *pb.ResourceDeclareRequest) (*
 		s.function.AddTopic(req.Resource.Name, req.GetTopic())
 	case pb.ResourceType_Policy:
 		s.function.AddPolicy(req.GetPolicy())
+	case pb.ResourceType_Secret:
+		s.function.AddSecret(req.Resource.Name, req.GetSecret())
 	}
 
 	return &pb.ResourceDeclareResponse{}, nil

diff --git a/pkg/stack/types.go b/pkg/stack/types.go
@@ -97,6 +97,8 @@ type Topic struct{}
 
 type Queue struct{}
 
+type Secret struct{}
+
 type Stack struct {
 	Dir         string                 `yaml:"-"`
 	Name        string                 `yaml:"name"`
@@ -115,6 +117,7 @@ type Stack struct {
 	// repetition/redefinition
 	// NOTE: if we want to use the proto definition here we would need support for yaml parsing to use customisable tags
 	Policies []*v1.PolicyResource `yaml:"-"`
+	Secrets  map[string]Secret    `yaml:"secrets,omitempty"`
 }
 
 func New(name, dir string) *Stack {
@@ -131,6 +134,7 @@ func New(name, dir string) *Stack {
 		Apis:        map[string]string{},
 		ApiDocs:     map[string]*openapi3.T{},
 		Policies:    make([]*v1.PolicyResource, 0),
+		Secrets:     map[string]Secret{},
 	}
 }
 
@@ -236,6 +240,23 @@ func calculateDefaultPolicies(s *Stack) []*v1.PolicyResource {
 		Resources: collectionResources,
 	})
 
+	secretResources := make([]*v1.Resource, 0, len(s.Secrets))
+	for name := range s.Secrets {
+		secretResources = append(secretResources, &v1.Resource{
+			Name: name,
+			Type: v1.ResourceType_Secret,
+		})
+	}
+
+	policies = append(policies, &v1.PolicyResource{
+		Principals: principals,
+		Actions: []v1.Action{
+			v1.Action_SecretAccess,
+			v1.Action_SecretPut,
+		},
+		Resources: secretResources,
+	})
+
 	// TODO: Calculate policies for stacks loaded from a file
 	return policies
 }