generated from TBD54566975/tbd-project-template
-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: use secrets instead of env vars for DSNs (#1483)
Fixes #1427 database/ftl-project.toml was written using: ``` ftl secret set --inline database.FTL_DSN_DATABASE_TESTDB --config integration/testdata/go/database/ftl-project.toml ``` This PR only works thanks to this earlier PR: #1472
- Loading branch information
Showing
10 changed files
with
95 additions
and
89 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
ftl-min-version = "" | ||
|
||
[global] | ||
|
||
[modules] | ||
[modules.database] | ||
[modules.database.secrets] | ||
FTL_DSN_DATABASE_TESTDB = "inline://InBvc3RncmVzOi8vcG9zdGdyZXM6c2VjcmV0QGxvY2FsaG9zdDo1NDMyMC90ZXN0ZGI_c3NsbW9kZT1kaXNhYmxlIg" | ||
|
||
[executables] | ||
ftl = "" | ||
|
||
[commands] |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
package modulecontext | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
"strings" | ||
) | ||
|
||
// DatabasesFromSecrets finds DSNs in environment variables and creates a map of databases. | ||
// | ||
// Environment variables should be in the format FTL_POSTGRES_DSN__<MODULENAME>_<DBNAME> | ||
func DatabasesFromSecrets(ctx context.Context, module string, secrets map[string][]byte) (map[string]Database, error) { | ||
databases := map[string]Database{} | ||
for sName, maybeDSN := range secrets { | ||
if !strings.HasPrefix(sName, "FTL_DSN_") { | ||
continue | ||
} | ||
// FTL_DSN_<MODULE>_<DBNAME> | ||
parts := strings.Split(sName, "_") | ||
if len(parts) != 4 { | ||
return nil, fmt.Errorf("invalid DSN secret key %q should have format FTL_DSN_MODULE_DBNAME", sName) | ||
} | ||
moduleName := strings.ToLower(parts[2]) | ||
dbName := strings.ToLower(parts[3]) | ||
if !strings.EqualFold(moduleName, module) { | ||
continue | ||
} | ||
dsnStr := string(maybeDSN) | ||
dsn := dsnStr[1 : len(dsnStr)-1] // chop leading + trailing quotes | ||
db, err := NewDatabase(DBTypePostgres, dsn) | ||
if err != nil { | ||
return nil, fmt.Errorf("could not create database %q with DSN %q: %w", dbName, maybeDSN, err) | ||
} | ||
databases[dbName] = db | ||
} | ||
return databases, nil | ||
} | ||
|
||
// DSNSecretKey returns the key for the secret that is expected to hold the DSN for a database. | ||
// | ||
// The format is FTL_DSN_<MODULE>_<DBNAME> | ||
func DSNSecretKey(module, name string) string { | ||
return fmt.Sprintf("FTL_DSN_%s_%s", strings.ToUpper(module), strings.ToUpper(name)) | ||
} | ||
|
||
// GetDSNFromSecret returns the DSN for a database from the relevant secret | ||
func GetDSNFromSecret(module, name string, secrets map[string][]byte) (string, error) { | ||
key := DSNSecretKey(module, name) | ||
dsn, ok := secrets[key] | ||
if !ok { | ||
return "", fmt.Errorf("secrets map %v is missing DSN with key %q", secrets, key) | ||
} | ||
dsnStr := string(dsn) | ||
return dsnStr[1 : len(dsnStr)-1], nil // chop leading + trailing quotes | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters