-
Notifications
You must be signed in to change notification settings - Fork 81
/
options.go
101 lines (86 loc) 路 2.44 KB
/
options.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package azure
import (
"fmt"
"os"
"github.com/appscode/go/types"
"github.com/spf13/pflag"
"k8s.io/api/apps/v1beta1"
core "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
)
type Options struct {
ClientID string
ClientSecret string
TenantID string
}
func NewOptions() Options {
return Options{
ClientSecret: os.Getenv("AZURE_CLIENT_SECRET"),
}
}
func (o *Options) AddFlags(fs *pflag.FlagSet) {
fs.StringVar(&o.ClientID, "azure.client-id", o.ClientID, "MS Graph application client ID to use")
fs.StringVar(&o.ClientSecret, "azure.client-secret", o.ClientSecret, "MS Graph application client secret to use")
fs.StringVar(&o.TenantID, "azure.tenant-id", o.TenantID, "MS Graph application tenant id to use")
}
func (o *Options) Validate() []error {
return nil
}
func (o Options) IsSet() bool {
return o.ClientID != "" || o.ClientSecret != "" || o.TenantID != ""
}
func (o Options) Apply(d *v1beta1.Deployment) (extraObjs []runtime.Object, err error) {
if !o.IsSet() {
return nil, nil // nothing to apply
}
container := d.Spec.Template.Spec.Containers[0]
// create auth secret
authSecret := &core.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: "guard-azure-auth",
Namespace: d.Namespace,
Labels: d.Labels,
},
Data: map[string][]byte{
"client-secret": []byte(o.ClientSecret),
},
}
extraObjs = append(extraObjs, authSecret)
// mount auth secret into deployment
volMount := core.VolumeMount{
Name: authSecret.Name,
MountPath: "/etc/guard/auth/azure",
}
container.VolumeMounts = append(container.VolumeMounts, volMount)
vol := core.Volume{
Name: authSecret.Name,
VolumeSource: core.VolumeSource{
Secret: &core.SecretVolumeSource{
SecretName: authSecret.Name,
DefaultMode: types.Int32P(0555),
},
},
}
d.Spec.Template.Spec.Volumes = append(d.Spec.Template.Spec.Volumes, vol)
// use auth secret in container[0] args
container.Env = append(container.Env, core.EnvVar{
Name: "AZURE_CLIENT_SECRET",
ValueFrom: &core.EnvVarSource{
SecretKeyRef: &core.SecretKeySelector{
LocalObjectReference: core.LocalObjectReference{
Name: authSecret.Name,
},
Key: "client-secret",
},
},
})
args := container.Args
if o.ClientID != "" {
args = append(args, fmt.Sprintf("--azure.client-id=%s", o.ClientID))
}
if o.TenantID != "" {
args = append(args, fmt.Sprintf("--azure.tenant-id=%s", o.TenantID))
}
return extraObjs, nil
}