This repository has been archived by the owner on Nov 30, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
/
create.go
63 lines (52 loc) · 1.61 KB
/
create.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
package encryptionkey
import (
"context"
"crypto/aes"
"crypto/rand"
"io"
"github.com/giantswarm/microerror"
corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"github.com/giantswarm/azure-operator/v7/service/controller/key"
)
func (r *Resource) EnsureCreated(ctx context.Context, obj interface{}) error {
var secret *corev1.Secret
var encKey, encIV []byte
cr, err := key.ToCustomResource(obj)
if err != nil {
return microerror.Mask(err)
}
encKey = make([]byte, keySize)
if _, err := io.ReadFull(rand.Reader, encKey); err != nil {
return microerror.Mask(err)
}
encIV = make([]byte, aes.BlockSize)
if _, err := io.ReadFull(rand.Reader, encIV); err != nil {
return microerror.Mask(err)
}
secret = &corev1.Secret{
Type: corev1.SecretTypeOpaque,
ObjectMeta: metav1.ObjectMeta{
Name: key.CertificateEncryptionSecretName(&cr),
Namespace: key.CertificateEncryptionNamespace,
Labels: map[string]string{
key.LabelCluster: key.ClusterID(&cr),
key.LabelManagedBy: r.projectName,
key.LabelOrganization: key.ClusterCustomer(cr),
},
},
Data: map[string][]byte{
key.CertificateEncryptionKeyName: encKey,
key.CertificateEncryptionIVName: encIV,
},
}
r.logger.Debugf(ctx, "creating encryptionkey secret")
_, err = r.k8sClient.CoreV1().Secrets(key.CertificateEncryptionNamespace).Create(ctx, secret, metav1.CreateOptions{})
if apierrors.IsAlreadyExists(err) {
r.logger.Debugf(ctx, "creating encryptionkey: already created")
} else if err != nil {
return microerror.Mask(err)
}
return nil
}