/
writeRegistryConfigEncryptedStep.go
142 lines (118 loc) · 5.48 KB
/
writeRegistryConfigEncryptedStep.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
package data
import (
"context"
"fmt"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
appcontext "github.com/cloudogu/k8s-ces-setup/app/context"
"github.com/cloudogu/k8s-ces-setup/app/validation"
)
type writeRegistryConfigEncryptedStep struct {
configuration *appcontext.SetupJsonConfiguration
clientSet kubernetes.Interface
namespace string
Writer MapWriter
}
// MapWriter is responsible to write entries into a map[string]map[string]string{}.
type MapWriter interface {
WriteConfigToStringDataMap(registryConfig appcontext.CustomKeyValue) (map[string]map[string]string, error)
}
// NewWriteRegistryConfigEncryptedStep create a new setup step which writes the registry config encrypted configuration into the cluster.
func NewWriteRegistryConfigEncryptedStep(configuration *appcontext.SetupJsonConfiguration, clientSet kubernetes.Interface, namespace string) *writeRegistryConfigEncryptedStep {
return &writeRegistryConfigEncryptedStep{configuration: configuration, clientSet: clientSet, namespace: namespace, Writer: &stringDataConfigurationWriter{}}
}
// GetStepDescription return the human-readable description of the step.
func (wrces *writeRegistryConfigEncryptedStep) GetStepDescription() string {
return "Write registry config encrypted data to the registry"
}
// PerformSetupStep writes the registry config data into the registry
func (wrces *writeRegistryConfigEncryptedStep) PerformSetupStep(ctx context.Context) error {
resultConfigs, err := wrces.Writer.WriteConfigToStringDataMap(wrces.configuration.RegistryConfigEncrypted)
if err != nil {
return fmt.Errorf("failed to write registry config encrypted: %w", err)
}
// append edge cases
wrces.appendLdapConfig(resultConfigs)
wrces.appendCasConfig(resultConfigs)
wrces.appendLdapMapperConfig(resultConfigs)
// write secrets
for dogu, resultConfig := range resultConfigs {
err := wrces.createRegistryConfigEncryptedSecret(ctx, dogu, resultConfig)
if err != nil {
return fmt.Errorf("failed create %s-secrets: %w", dogu, err)
}
}
return nil
}
func (wrces *writeRegistryConfigEncryptedStep) appendLdapMapperConfig(resultConfigs map[string]map[string]string) {
if wrces.configuration.UserBackend.DsType == validation.DsTypeEmbedded {
return
}
const ldapMapperDoguName = "ldap-mapper"
if isDoguInstalled(wrces.configuration.Dogus.Install, ldapMapperDoguName) {
if resultConfigs[ldapMapperDoguName] == nil {
resultConfigs[ldapMapperDoguName] = map[string]string{"backend.password": wrces.configuration.UserBackend.Password,
"backend.connection_dn": wrces.configuration.UserBackend.ConnectionDN}
} else {
resultConfigs[ldapMapperDoguName]["backend.password"] = wrces.configuration.UserBackend.Password
resultConfigs[ldapMapperDoguName]["backend.connection_dn"] = wrces.configuration.UserBackend.ConnectionDN
}
}
}
func (wrces *writeRegistryConfigEncryptedStep) appendCasConfig(resultConfigs map[string]map[string]string) {
if wrces.configuration.UserBackend.DsType == validation.DsTypeExternal {
if resultConfigs["cas"] == nil {
resultConfigs["cas"] = map[string]string{"password": wrces.configuration.UserBackend.Password}
} else {
resultConfigs["cas"]["password"] = wrces.configuration.UserBackend.Password
}
}
}
func (wrces *writeRegistryConfigEncryptedStep) appendLdapConfig(resultConfigs map[string]map[string]string) {
if wrces.configuration.UserBackend.DsType != validation.DsTypeEmbedded {
return
}
if resultConfigs["ldap"] == nil {
resultConfigs["ldap"] = map[string]string{"admin_password": wrces.configuration.Admin.Password}
} else {
resultConfigs["ldap"]["admin_password"] = wrces.configuration.Admin.Password
}
}
func (wrces *writeRegistryConfigEncryptedStep) createRegistryConfigEncryptedSecret(ctx context.Context, dogu string, stringData map[string]string) error {
secretName := dogu + "-secrets"
secret := &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: secretName, Namespace: wrces.namespace}, StringData: stringData}
_, err := wrces.clientSet.CoreV1().Secrets(wrces.namespace).Create(ctx, secret, metav1.CreateOptions{})
if err != nil {
return fmt.Errorf("failed to create secret %s: %w", secretName, err)
}
return nil
}
// stringDataConfigurationWriter writes a configuration into a map used to set in secrets.
type stringDataConfigurationWriter struct{}
// NewStringDataConfigurationWriter creates a new instance of a map string data configuration write used for
// registry config encrypted
func NewStringDataConfigurationWriter() *stringDataConfigurationWriter {
return &stringDataConfigurationWriter{}
}
// WriteConfigToStringDataMap write the given registry config to a map. It uses the delimiter '.' because the keys
// from the secret do not allow '/' in their data keys
func (mcw *stringDataConfigurationWriter) WriteConfigToStringDataMap(registryConfig appcontext.CustomKeyValue) (map[string]map[string]string, error) {
resultConfigs := map[string]map[string]string{}
// build a string map for every key in registry config encrypted
for config, entryMap := range registryConfig {
resultConfig := map[string]string{}
for key, value := range entryMap {
contextWriter := &configWriter{delimiter: ".", write: func(field string, value string) error {
resultConfig[field] = value
return nil
}}
err := contextWriter.handleEntry(key, value)
if err != nil {
return nil, fmt.Errorf("failed to write %s config to map: %w", config, err)
}
}
resultConfigs[config] = resultConfig
}
return resultConfigs, nil
}