From 16407ff7c9f9eaff06b0c3704587c7486632b5a5 Mon Sep 17 00:00:00 2001
From: Daniel Salazar <podany270895@gmail.com>
Date: Thu, 19 Dec 2024 09:38:35 -0500
Subject: [PATCH] refac(back): #1378 deprecate builtins

- Deprecate makeSecretForAwsFromGitlab
- Deprecate makeSecretForKubernetesConfigFromAws
- Deprecate makeSecretForNomadFromEnv

Signed-off-by: Daniel Salazar <podany270895@gmail.com>
---
 src/args/agnostic.nix                         |  6 --
 .../default.nix                               | 13 ----
 .../template.sh                               | 62 -------------------
 .../default.nix                               | 12 ----
 .../template.sh                               | 17 -----
 .../default.nix                               | 10 ---
 .../template.sh                               | 15 -----
 src/evaluator/modules/default.nix             |  1 -
 .../secrets-for-aws-from-gitlab/default.nix   | 37 -----------
 tests/pipelines/makes.nix                     |  8 +--
 10 files changed, 3 insertions(+), 178 deletions(-)
 delete mode 100644 src/args/make-secret-for-aws-from-gitlab/default.nix
 delete mode 100644 src/args/make-secret-for-aws-from-gitlab/template.sh
 delete mode 100644 src/args/make-secret-for-kubernetes-config-from-aws/default.nix
 delete mode 100644 src/args/make-secret-for-kubernetes-config-from-aws/template.sh
 delete mode 100644 src/args/make-secret-for-nomad-from-env/default.nix
 delete mode 100644 src/args/make-secret-for-nomad-from-env/template.sh
 delete mode 100644 src/evaluator/modules/secrets-for-aws-from-gitlab/default.nix

diff --git a/src/args/agnostic.nix b/src/args/agnostic.nix
index ef457592..b7ed27f0 100644
--- a/src/args/agnostic.nix
+++ b/src/args/agnostic.nix
@@ -76,14 +76,8 @@ let
       makeSearchPaths = import ./make-search-paths/default.nix self;
       makeSecretForAwsFromEnv =
         import ./make-secret-for-aws-from-env/default.nix self;
-      makeSecretForAwsFromGitlab =
-        import ./make-secret-for-aws-from-gitlab/default.nix self;
       makeSecretForEnvFromSops =
         import ./make-secret-for-env-from-sops/default.nix self;
-      makeSecretForKubernetesConfigFromAws =
-        import ./make-secret-for-kubernetes-config-from-aws/default.nix self;
-      makeSecretForNomadFromEnv =
-        import ./make-secret-for-nomad-from-env/default.nix self;
       makeSecretForTerraformFromEnv =
         import ./make-secret-for-terraform-from-env/default.nix self;
       makeTerraformEnvironment =
diff --git a/src/args/make-secret-for-aws-from-gitlab/default.nix b/src/args/make-secret-for-aws-from-gitlab/default.nix
deleted file mode 100644
index 8afe74d5..00000000
--- a/src/args/make-secret-for-aws-from-gitlab/default.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ __nixpkgs__, makeTemplate, toDerivationName, ... }:
-{ duration, name, retries, roleArn, }:
-makeTemplate {
-  replace = {
-    __argDuration__ = duration;
-    __argName__ = toDerivationName name;
-    __argRetries__ = retries;
-    __argRoleArn__ = roleArn;
-  };
-  name = "make-secret-for-aws-from-gitlab-for-${name}";
-  searchPaths.bin = [ __nixpkgs__.awscli __nixpkgs__.jq ];
-  template = ./template.sh;
-}
diff --git a/src/args/make-secret-for-aws-from-gitlab/template.sh b/src/args/make-secret-for-aws-from-gitlab/template.sh
deleted file mode 100644
index 686765c0..00000000
--- a/src/args/make-secret-for-aws-from-gitlab/template.sh
+++ /dev/null
@@ -1,62 +0,0 @@
-# shellcheck shell=bash
-
-function _get_credential {
-  local credential="${1}"
-  local session="${2}"
-
-  echo "${session}" | jq -rec ".Credentials.${credential}"
-}
-
-function login {
-  # AWS STS args
-  local args=(
-    --role-arn "${1}"
-    --role-session-name "gitlab-${CI_PROJECT_ID}-${CI_PIPELINE_ID}-${CI_JOB_ID}"
-    --web-identity-token "${CI_JOB_JWT_V2}"
-    --duration-seconds "${2}"
-  )
-
-  # Retry logic
-  local retries="__argRetries__"
-  local wait="1"
-  local try="1"
-  local success="1"
-
-  # Session variables
-  local session
-  export AWS_ACCESS_KEY_ID
-  export AWS_SECRET_ACCESS_KEY
-  export AWS_SESSION_TOKEN
-
-  : \
-    && while [ "${try}" -le "${retries}" ]; do
-      if session="$(aws sts assume-role-with-web-identity "${args[@]}" 2> /dev/null)"; then
-        success="0" \
-          && break
-      else
-        info "Login failed. Attempt ${try} of ${retries}." \
-          && sleep "${wait}" \
-          && try=$((try + 1))
-      fi
-    done \
-    && if [ "${success}" == "0" ]; then
-      AWS_ACCESS_KEY_ID="$(_get_credential "AccessKeyId" "${session}")" \
-        && AWS_SECRET_ACCESS_KEY="$(_get_credential "SecretAccessKey" "${session}")" \
-        && AWS_SESSION_TOKEN="$(_get_credential "SessionToken" "${session}")"
-    else
-      error "Could not login to AWS."
-    fi
-}
-
-function main {
-  : \
-    && info "Making secrets for aws from gitlab for __argName__:" \
-    && if test -n "${CI_JOB_JWT_V2-}"; then
-      info "Logging in as '__argName__' using GitLab OIDC." \
-        && login "__argRoleArn__" "__argDuration__"
-    else
-      warn "It looks like this job is not running on GitLab CI. Skipping."
-    fi
-}
-
-main "${@}"
diff --git a/src/args/make-secret-for-kubernetes-config-from-aws/default.nix b/src/args/make-secret-for-kubernetes-config-from-aws/default.nix
deleted file mode 100644
index 5bbe9b9e..00000000
--- a/src/args/make-secret-for-kubernetes-config-from-aws/default.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ __nixpkgs__, makeTemplate, ... }:
-{ cluster, name, region, }:
-makeTemplate {
-  name = "make-secret-for-kubernetes-config-from-aws-for-${name}";
-  replace = {
-    __argCluster__ = cluster;
-    __argName__ = name;
-    __argRegion__ = region;
-  };
-  searchPaths.bin = [ __nixpkgs__.awscli ];
-  template = ./template.sh;
-}
diff --git a/src/args/make-secret-for-kubernetes-config-from-aws/template.sh b/src/args/make-secret-for-kubernetes-config-from-aws/template.sh
deleted file mode 100644
index 3be00362..00000000
--- a/src/args/make-secret-for-kubernetes-config-from-aws/template.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-# shellcheck shell=bash
-
-function main {
-  local config
-
-  info Making secret for Kubernetes Config from AWS for __argName__: \
-    && config="$(mktemp)" \
-    && aws \
-      --region '__argRegion__' \
-      eks \
-      update-kubeconfig \
-      --name '__argCluster__' \
-      --kubeconfig "${config}" \
-    && export KUBECONFIG="${config}${KUBECONFIG:+:}${KUBECONFIG-}"
-}
-
-main "${@}"
diff --git a/src/args/make-secret-for-nomad-from-env/default.nix b/src/args/make-secret-for-nomad-from-env/default.nix
deleted file mode 100644
index 0b973be5..00000000
--- a/src/args/make-secret-for-nomad-from-env/default.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ __nixpkgs__, toBashMap, makeTemplate, toDerivationName, ... }:
-{ mapping, name, }:
-makeTemplate {
-  replace = {
-    __argName__ = toDerivationName name;
-    __argMap__ = toBashMap mapping;
-  };
-  name = "make-secret-for-nomad-from-env-for-${name}";
-  template = ./template.sh;
-}
diff --git a/src/args/make-secret-for-nomad-from-env/template.sh b/src/args/make-secret-for-nomad-from-env/template.sh
deleted file mode 100644
index fb97e92f..00000000
--- a/src/args/make-secret-for-nomad-from-env/template.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-# shellcheck shell=bash
-
-function main {
-  source __argMap__/template map
-
-  info Making secret for Nomad from environment variables for __argName__: \
-    && for var in "${!map[@]}"; do
-      require_env_var "${map[${var}]}" \
-        && info - "NOMAD_${var}" \
-        && export "NOMAD_${var}=${!map[${var}]}" \
-        || return 1
-    done
-}
-
-main "${@}"
diff --git a/src/evaluator/modules/default.nix b/src/evaluator/modules/default.nix
index 1ccf1998..6630160b 100644
--- a/src/evaluator/modules/default.nix
+++ b/src/evaluator/modules/default.nix
@@ -24,7 +24,6 @@
     (import ./lint-with-ajv/default.nix args)
     (import ./pipelines/default.nix args)
     (import ./secrets-for-aws-from-env/default.nix args)
-    (import ./secrets-for-aws-from-gitlab/default.nix args)
     (import ./secrets-for-env-from-sops/default.nix args)
     (import ./secrets-for-terraform-from-env/default.nix args)
     (import ./test-license/default.nix args)
diff --git a/src/evaluator/modules/secrets-for-aws-from-gitlab/default.nix b/src/evaluator/modules/secrets-for-aws-from-gitlab/default.nix
deleted file mode 100644
index 6f3eac2f..00000000
--- a/src/evaluator/modules/secrets-for-aws-from-gitlab/default.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-{ __toModuleOutputs__, makeSecretForAwsFromGitlab, ... }:
-{ config, lib, ... }:
-let
-  type = lib.types.submodule (_: {
-    options = {
-      duration = lib.mkOption {
-        default = 3600;
-        type = lib.types.ints.positive;
-      };
-      retries = lib.mkOption {
-        default = 15;
-        type = lib.types.ints.positive;
-      };
-      roleArn = lib.mkOption { type = lib.types.str; };
-    };
-  });
-  output = name:
-    { duration, retries, roleArn, }: {
-      name = "/secretsForAwsFromGitlab/${name}";
-      value = makeSecretForAwsFromGitlab {
-        inherit duration;
-        inherit name;
-        inherit retries;
-        inherit roleArn;
-      };
-    };
-in {
-  options = {
-    secretsForAwsFromGitlab = lib.mkOption {
-      default = { };
-      type = lib.types.attrsOf type;
-    };
-  };
-  config = {
-    outputs = __toModuleOutputs__ output config.secretsForAwsFromGitlab;
-  };
-}
diff --git a/tests/pipelines/makes.nix b/tests/pipelines/makes.nix
index 3f58849f..d0205f33 100644
--- a/tests/pipelines/makes.nix
+++ b/tests/pipelines/makes.nix
@@ -1,8 +1,6 @@
 {
-  pipelines = {
-    example = {
-      gitlabPath = "/tests/pipelines/.gitlab-ci.yaml";
-      jobs = [ { output = "/lintNix"; } { output = "/formatNix"; } ];
-    };
+  pipelines.example = {
+    gitlabPath = "/tests/pipelines/.gitlab-ci.yaml";
+    jobs = [ { output = "/lintNix"; } { output = "/formatNix"; } ];
   };
 }