-
Notifications
You must be signed in to change notification settings - Fork 10
/
k8s_secrets_client.go
72 lines (60 loc) · 2.42 KB
/
k8s_secrets_client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package k8s
import (
"context"
"github.com/cyberark/conjur-authn-k8s-client/pkg/log"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"github.com/cyberark/secrets-provider-for-k8s/pkg/log/messages"
)
type RetrieveK8sSecretFunc func(namespace string, secretName string) (*v1.Secret, error)
type UpdateK8sSecretFunc func(namespace string, secretName string, originalK8sSecret *v1.Secret, stringDataEntriesMap map[string][]byte) error
func RetrieveK8sSecret(namespace string, secretName string) (*v1.Secret, error) {
// get K8s client object
kubeClient, _ := configK8sClient()
log.Info(messages.CSPFK005I, secretName, namespace)
k8sSecret, err := kubeClient.CoreV1().Secrets(namespace).Get(context.Background(), secretName, metav1.GetOptions{})
if err != nil {
// Error messages returned from K8s should be printed only in debug mode
log.Debug(messages.CSPFK004D, err.Error())
return nil, log.RecordedError(messages.CSPFK020E)
}
return k8sSecret, nil
}
func UpdateK8sSecret(namespace string, secretName string, originalK8sSecret *v1.Secret, stringDataEntriesMap map[string][]byte) error {
// get K8s client object
kubeClient, _ := configK8sClient()
for secretName, secretValue := range stringDataEntriesMap {
originalK8sSecret.Data[secretName] = secretValue
}
log.Info(messages.CSPFK006I, secretName, namespace)
_, err := kubeClient.CoreV1().Secrets(namespace).Update(context.Background(), originalK8sSecret, metav1.UpdateOptions{})
// Clear secret from memory
stringDataEntriesMap = nil
originalK8sSecret = nil
if err != nil {
// Error messages returned from K8s should be printed only in debug mode
log.Debug(messages.CSPFK005D, err.Error())
return log.RecordedError(messages.CSPFK022E)
}
return nil
}
func configK8sClient() (*kubernetes.Clientset, error) {
// Create the Kubernetes client
log.Info(messages.CSPFK004I)
kubeConfig, err := rest.InClusterConfig()
if err != nil {
// Error messages returned from K8s should be printed only in debug mode
log.Debug(messages.CSPFK002D, err.Error())
return nil, log.RecordedError(messages.CSPFK019E)
}
kubeClient, err := kubernetes.NewForConfig(kubeConfig)
if err != nil {
// Error messages returned from K8s should be printed only in debug mode
log.Debug(messages.CSPFK003D, err.Error())
return nil, log.RecordedError(messages.CSPFK018E)
}
// return a K8s client
return kubeClient, err
}