feat: Add two template functions (#712)

* chore: replace ioutil.ReadFile by os.ReadFile * feat: Add two template functions - cat: Allows reading a value from a file - credential: Allows reading a credential passed by systemd
2025-06-27 14:58:31 +00:00 · 2025-01-12 00:42:22 +01:00 · 2025-01-12 00:42:22 +01:00 · eb7e8f5ba8
commit eb7e8f5ba8
parent 7bb680821d
1 changed files with 31 additions and 3 deletions
--- a/internal/hook/hook.go
+++ b/internal/hook/hook.go
@ -13,12 +13,12 @@ import (
 	"errors"
 	"fmt"
 	"hash"
-	"io/ioutil"
 	"log"
 	"math"
 	"net"
 	"net/textproto"
 	"os"
+	"path"
 	"reflect"
 	"regexp"
 	"strconv"
@ -750,14 +750,18 @@ func (h *Hooks) LoadFromFile(path string, asTemplate bool) error {
 	}

 	// parse hook file for hooks
-	file, e := ioutil.ReadFile(path)
+	file, e := os.ReadFile(path)

 	if e != nil {
 		return e
 	}

 	if asTemplate {
-		funcMap := template.FuncMap{"getenv": getenv}
+		funcMap := template.FuncMap{
+			"cat":        cat,
+			"credential": credential,
+			"getenv":     getenv,
+		}

 		tmpl, err := template.New("hooks").Funcs(funcMap).Parse(string(file))
 		if err != nil {
@ -956,3 +960,27 @@ func compare(a, b string) bool {
 func getenv(s string) string {
 	return os.Getenv(s)
 }
+
+// cat provides a template function to retrieve content of files
+// Similarly to getenv, if no file is found, it returns the empty string
+func cat(s string) string {
+	data, e := os.ReadFile(s)
+
+	if e != nil {
+		return ""
+	}
+
+	return string(data)
+}
+
+// credential provides a template function to retreive secrets using systemd's LoadCredential mechanism
+func credential(s string) string {
+	dir := getenv("CREDENTIALS_DIRECTORY")
+
+	// If no credential directory is found, fallback to the env variable
+	if dir == "" {
+		return getenv(s)
+	}
+
+	return cat(path.Join(dir, s))
+}