forked from keikoproj/aws-auth
-
Notifications
You must be signed in to change notification settings - Fork 0
/
configmaps.go
98 lines (80 loc) · 2.35 KB
/
configmaps.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package mapper
import (
yaml "gopkg.in/yaml.v2"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
)
const (
AwsAuthNamespace = "kube-system"
AwsAuthName = "aws-auth"
)
// ReadAuthMap reads the aws-auth config map and returns an AwsAuthData and the actualy ConfigMap objects
func ReadAuthMap(k kubernetes.Interface) (AwsAuthData, *v1.ConfigMap, error) {
var authData AwsAuthData
cm, err := k.CoreV1().ConfigMaps(AwsAuthNamespace).Get(AwsAuthName, metav1.GetOptions{})
if err != nil {
if errors.IsNotFound(err) {
cm, err = CreateAuthMap(k)
if err != nil {
return authData, cm, err
}
} else {
return authData, cm, err
}
}
err = yaml.Unmarshal([]byte(cm.Data["mapRoles"]), &authData.MapRoles)
if err != nil {
return authData, cm, err
}
err = yaml.Unmarshal([]byte(cm.Data["mapUsers"]), &authData.MapUsers)
if err != nil {
return authData, cm, err
}
return authData, cm, nil
}
func CreateAuthMap(k kubernetes.Interface) (*v1.ConfigMap, error) {
configMapObject := &v1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{
Name: "aws-auth",
Namespace: "kube-system",
},
}
configMap, err := k.CoreV1().ConfigMaps("kube-system").Create(configMapObject)
if err != nil {
return configMap, err
}
return configMap, nil
}
// UpdateAuthMap updates a given ConfigMap
func UpdateAuthMap(k kubernetes.Interface, authData AwsAuthData, cm *v1.ConfigMap) error {
mapRoles, err := yaml.Marshal(authData.MapRoles)
if err != nil {
return err
}
mapUsers, err := yaml.Marshal(authData.MapUsers)
if err != nil {
return err
}
cm.Data = map[string]string{
"mapRoles": string(mapRoles),
"mapUsers": string(mapUsers),
}
cm, err = k.CoreV1().ConfigMaps(AwsAuthNamespace).Update(cm)
if err != nil {
return err
}
return nil
}