/
secret.go
103 lines (88 loc) · 2.76 KB
/
secret.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
//
// Copyright (c) 2019-2023 Red Hat, Inc.
// This program and the accompanying materials are made
// available under the terms of the Eclipse Public License 2.0
// which is available at https://www.eclipse.org/legal/epl-2.0/
//
// SPDX-License-Identifier: EPL-2.0
//
// Contributors:
// Red Hat, Inc. - initial API and implementation
//
package deploy
import (
"context"
"sigs.k8s.io/controller-runtime/pkg/client"
"github.com/eclipse-che/che-operator/pkg/common/chetypes"
defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults"
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
k8slabels "k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/selection"
)
var SecretDiffOpts = cmp.Options{
cmpopts.IgnoreFields(corev1.Secret{}, "TypeMeta", "ObjectMeta"),
}
// SyncSecret applies secret into cluster or external namespace
func SyncSecretToCluster(
deployContext *chetypes.DeployContext,
name string,
namespace string,
data map[string][]byte) (bool, error) {
secretSpec := GetSecretSpec(deployContext, name, namespace, data)
return Sync(deployContext, secretSpec, SecretDiffOpts)
}
// Get all secrets by labels and annotations
func GetSecrets(deployContext *chetypes.DeployContext, labels map[string]string, annotations map[string]string) ([]corev1.Secret, error) {
secrets := []corev1.Secret{}
labelSelector := k8slabels.NewSelector()
for k, v := range labels {
req, err := k8slabels.NewRequirement(k, selection.Equals, []string{v})
if err != nil {
return secrets, err
}
labelSelector = labelSelector.Add(*req)
}
listOptions := &client.ListOptions{
Namespace: deployContext.CheCluster.Namespace,
LabelSelector: labelSelector,
}
secretList := &corev1.SecretList{}
if err := deployContext.ClusterAPI.Client.List(context.TODO(), secretList, listOptions); err != nil {
return secrets, err
}
for _, secret := range secretList.Items {
annotationsOk := true
for k, v := range annotations {
_, annotationExists := secret.Annotations[k]
if !annotationExists || secret.Annotations[k] != v {
annotationsOk = false
break
}
}
if annotationsOk {
secrets = append(secrets, secret)
}
}
return secrets, nil
}
// GetSecretSpec return default secret config for given data
func GetSecretSpec(deployContext *chetypes.DeployContext, name string, namespace string, data map[string][]byte) *corev1.Secret {
labels := GetLabels(defaults.GetCheFlavor())
secret := &corev1.Secret{
TypeMeta: metav1.TypeMeta{
Kind: "Secret",
APIVersion: "v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: name,
Namespace: namespace,
Labels: labels,
},
Type: corev1.SecretTypeOpaque,
Data: data,
}
return secret
}