jsonpath

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 21, 2026 License: MIT Imports: 6 Imported by: 0

README

JSONPath Secret Modifier (jp)

This modifier allows you to extract specific values from a secret that contains JSON data. It uses JSONPath syntax to query the JSON structure.

Status

Built-in: This modifier is included and enabled by default in spelunk.

Usage

To use the JSONPath modifier, append ?jp=<expression> to your secret coordinates URI.

Syntax
<type>://<location>?jp=<jsonpath_expression>
  • Modifier Key: jp
  • Value: A valid JSONPath expression (e.g., $.users[0].name).
Example

Suppose you have a secret stored in Kubernetes at my-namespace/db-config/connection with the following JSON content:

{
  "host": "db.example.com",
  "port": 5432,
  "users": [
    { "username": "admin", "role": "read-write" },
    { "username": "viewer", "role": "read-only" }
  ]
}

To extract just the host:

k8s://my-namespace/db-config/connection?jp=$.host

Result: db.example.com

To extract the username of the first user:

k8s://my-namespace/db-config/connection?jp=$.users[0].username

Result: admin

Behavior

  1. Parsing: The modifier first attempts to parse the retrieved secret value as JSON. If the secret is not valid JSON, it returns an error.
  2. Extraction: It applies the provided JSONPath expression.
  3. Result Handling:
    • Strings: Returned as-is.
    • Numbers: Converted to string, with trailing zeros removed (e.g., 1.500 becomes 1.5).
    • Booleans: Converted to string ("true" or "false").
    • Lists/Arrays: If the JSONPath expression matches multiple elements, only the first element is returned.
    • Objects/Complex Types: Marshaled back into a JSON string.
    • Null: Returns an error indicating the result is null.

Implementation Details

This modifier uses the github.com/oliveagle/jsonpath library, which implements the RFC-9535 standard for JSONPath.

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrSecretNotJSON          = fmt.Errorf("secret is not a valid JSON")
	ErrJSONPathFailed         = fmt.Errorf("failed to apply JSONPath")
	ErrJSONPathMatchingFailed = fmt.Errorf("failed to match JSONPath")
)

Functions

This section is empty.

Types

type SecretModifierJSONPath 

type SecretModifierJSONPath struct{}

SecretModifierJSONPath is a modifier that can extract a specific field out of a JSON stored in a secret value. After the secret has been dug-up, the modifier digs further at the provided JSONPath, and returns the value found there.

To use it, append the modifier `jq` to the given secret coordinates string: 

k8s://NAMESPACE/NAME/KEY?jp=$.kafka.brokers

JSONPath (https://goessner.net/articles/JsonPath/) defines a string syntax for selecting and extracting JSON (RFC-8259) values from within a given JSON object.

If a given JSONPath refers to multiple elements, only the first one is returned.

JSONPath has been normalized as RFC-9535 (https://www.rfc-editor.org/rfc/rfc9535).

See: https://github.com/oliveagle/jsonpath (underlying library).

func (*SecretModifierJSONPath) Modify 

func (s *SecretModifierJSONPath) Modify(
	_ context.Context,
	secretValue string,
	mod string,
) (string, error)

func (*SecretModifierJSONPath) Type 

func (s *SecretModifierJSONPath) Type() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.