@controlplane/cli/dist/src/k8s-converter/classes/identity-manager.js

Control Plane Corporation CLI

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.IdentityManager = void 0;
const links_1 = require("../../util/links");
class IdentityManager {
    constructor(context) {
        this.context = context;
        this.identities = [];
        this.policies = [];
    }
    // Public Methods //
    assignIdentitiesToWorkloads(workloadToSecretNames) {
        for (const [workload, secretNames] of workloadToSecretNames) {
            workload.spec.identityLink = this.getOrCreateIdentity(workload.name, secretNames);
        }
    }
    // Private Methods //
    getOrCreateIdentity(workloadName, secretNames) {
        // Check if there is an existing policy referring to the received secrets
        for (const policy of this.policies) {
            // If a policy referring to the same exact secrets, return the same identity linked to the policy
            if (this.areSecretsInPolicy(policy.targetLinks, secretNames)) {
                return policy.bindings[0].principalLinks[0];
            }
        }
        // Create a new identity
        const identity = this.initializeIdentity(workloadName);
        this.identities.push(identity);
        // Resolve links
        const identitySelfLink = `//gvc/${this.context.gvc}/identity/${identity.name}`;
        const targetLinks = [];
        for (const secretName of secretNames) {
            const secretSelfLink = `//secret/${secretName}`;
            targetLinks.push(secretSelfLink);
        }
        // Create a new policy
        const policy = this.initializeRevealPolicy(identity.name, targetLinks, identitySelfLink);
        this.policies.push(policy);
        // Return identity self link
        return identitySelfLink;
    }
    areSecretsInPolicy(secretLinks, secretNames) {
        if (secretLinks.length != secretNames.size) {
            return false;
        }
        // Iterate over each secret link and check if its name is part of secret names set
        for (const secretLink of secretLinks) {
            const secretName = (0, links_1.getLastPartOfLink)(secretLink);
            // Secret name is not part of the secret names set
            if (!secretNames.has(secretName)) {
                return false;
            }
        }
        return true;
    }
    initializeIdentity(suffix) {
        return {
            kind: 'identity',
            name: `identity-${suffix}`,
        };
    }
    initializeRevealPolicy(suffix, targetLinks, identitySelfLink) {
        return {
            kind: 'policy',
            name: `policy-${suffix}`,
            targetKind: 'secret',
            targetLinks: targetLinks,
            bindings: [
                {
                    permissions: ['reveal'],
                    principalLinks: [identitySelfLink],
                },
            ],
        };
    }
}
exports.IdentityManager = IdentityManager;
//# sourceMappingURL=identity-manager.js.map