-
Notifications
You must be signed in to change notification settings - Fork 31
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[go] Secrets functionality and ShellExecutor backend (#539)
- Loading branch information
Showing
6 changed files
with
149 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
package course | ||
|
||
import ( | ||
"bytes" | ||
"fmt" | ||
"os/exec" | ||
|
||
"k8s.io/klog/v2" | ||
) | ||
|
||
// Executor represents a shell script to run | ||
type executor struct { | ||
Executable string | ||
Args []string | ||
} | ||
|
||
// newShellExecutor returns an executor with the given script | ||
func newShellExecutor(script []string) (*executor, error) { | ||
var args []string | ||
if len(script) == 1 { | ||
args = []string{} | ||
} else { | ||
args = script[1:] | ||
} | ||
path, err := exec.LookPath(script[0]) | ||
if err != nil { | ||
return nil, fmt.Errorf("failed to find executable for ShellExecutor secret: %s - %w", script[0], err) | ||
} | ||
return &executor{ | ||
Executable: path, | ||
Args: args, | ||
}, nil | ||
} | ||
|
||
// Get returns the value of the secret and also satisfies the secrets.Getter interface | ||
func (s executor) Get(key string) (string, error) { | ||
cmd := exec.Command(s.Executable, s.Args...) | ||
var stdoutBuf, stderrBuf bytes.Buffer | ||
|
||
cmd.Stdout = &stdoutBuf | ||
cmd.Stderr = &stderrBuf | ||
|
||
err := cmd.Run() | ||
outStr, errStr := stdoutBuf.String(), stderrBuf.String() | ||
if err != nil { | ||
klog.V(8).Infof("stdout: %s", outStr) | ||
klog.V(7).Infof("stderr: %s", errStr) | ||
return "", fmt.Errorf("exit code %d running command %s - %w", cmd.ProcessState.ExitCode(), cmd.String(), err) | ||
} | ||
return outStr, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
package secrets | ||
|
||
import "os" | ||
|
||
type Getter interface { | ||
Get(key string) (string, error) | ||
} | ||
|
||
type Backend struct { | ||
getter Getter | ||
} | ||
|
||
// NewSecretBackend creates a new SecretBackend based on a concrete secrets.Getter implementation. | ||
func NewSecretBackend(getter Getter) *Backend { | ||
return &Backend{getter: getter} | ||
} | ||
|
||
// SetEnv populates the current ENV with the given secret key by fetching it from the SecretBackend and calling os.Setenv. | ||
func (b Backend) SetEnv(key string) error { | ||
value, err := b.get(key) | ||
if err != nil { | ||
return err | ||
} | ||
return os.Setenv(key, value) | ||
} | ||
|
||
// get fetches a secret from the implemented SecretBackend. | ||
func (b Backend) get(key string) (string, error) { | ||
return b.getter.Get(key) | ||
} |