/
provider.go
165 lines (145 loc) · 4.61 KB
/
provider.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
/*
Copyright 2020,2021 Avi Zimmerman
This file is part of kvdi.
kvdi is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
kvdi is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with kvdi. If not, see <https://www.gnu.org/licenses/>.
*/
package k8secret
import (
"context"
"encoding/base64"
"encoding/json"
appv1 "github.com/kvdi/kvdi/apis/app/v1"
"github.com/kvdi/kvdi/pkg/secrets/common"
"github.com/kvdi/kvdi/pkg/util/errors"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"sigs.k8s.io/controller-runtime/pkg/client"
)
// Provider implements a SecretsProvider that matches secret names to
// keys in a single configured secret.
type Provider struct {
common.SecretsProvider
// the k8s client
client client.Client
// the name of the secret backing this engine
secretName types.NamespacedName
}
// Blank assignmnt to make sure Provider satisfies the SecretsProvider
// interface.
var _ common.SecretsProvider = &Provider{}
// New returns a new Provider.
func New() *Provider {
return &Provider{}
}
// Setup will set the client inteface and secret name, and then ensure the presence
// of the secret in the cluster.
func (k *Provider) Setup(client client.Client, cluster *appv1.VDICluster) error {
k.secretName = types.NamespacedName{Name: cluster.GetAppSecretsName(), Namespace: cluster.GetCoreNamespace()}
k.client = client
return k.ensureSecret(cluster)
}
// ensureSecret makes sure the configured secret exists in the cluster.
func (k *Provider) ensureSecret(cluster *appv1.VDICluster) error {
if _, err := k.getSecret(); err != nil {
if client.IgnoreNotFound(err) != nil {
return err
}
secret := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: k.secretName.Name,
Namespace: k.secretName.Namespace,
Labels: cluster.GetComponentLabels("app-secret"),
OwnerReferences: cluster.OwnerReferences(),
},
}
return k.client.Create(context.TODO(), secret)
}
return nil
}
// getSecret will retrieve the configured secret.
func (k *Provider) getSecret() (*corev1.Secret, error) {
secret := &corev1.Secret{}
return secret, k.client.Get(context.TODO(), k.secretName, secret)
}
// ReadSecret returns the data in the key specified by the given name.
func (k *Provider) ReadSecret(name string) ([]byte, error) {
secret, err := k.getSecret()
if err != nil {
return nil, err
}
if secret.Data == nil {
secret.Data = make(map[string][]byte)
}
data, ok := secret.Data[name]
if !ok {
return nil, errors.NewSecretNotFoundError(name)
}
return data, nil
}
// WriteSecret will write the given data to the key of the given name and then
// update the secret.
func (k *Provider) WriteSecret(name string, content []byte) error {
secret, err := k.getSecret()
if err != nil {
return err
}
if secret.Data == nil {
secret.Data = make(map[string][]byte)
}
if content == nil {
delete(secret.Data, name)
} else {
secret.Data[name] = content
}
if err := k.client.Update(context.TODO(), secret); err != nil {
return err
}
return nil
}
// ReadSecretMap implements SecretsProvider and returns a stored map secret.
func (k *Provider) ReadSecretMap(name string) (map[string][]byte, error) {
contents, err := k.ReadSecret(name)
if err != nil {
return nil, err
}
// json marshalled bytes are encoded with base64
outEncoded := make(map[string]string)
if err := json.Unmarshal(contents, &outEncoded); err != nil {
return nil, err
}
out := make(map[string][]byte)
for k, v := range outEncoded {
vBytes, err := base64.StdEncoding.DecodeString(v)
if err != nil {
return nil, err
}
out[k] = vBytes
}
return out, nil
}
// WriteSecretMap implements SecretsProvider and will write the key-value pair
// to the secrets backend. The secret can be read back in the same fashion.
// This will be the preferred function going forward.
func (k *Provider) WriteSecretMap(name string, content map[string][]byte) error {
if content == nil {
return k.WriteSecret(name, nil)
}
// json will base64 encode the byte slices
out, err := json.Marshal(content)
if err != nil {
return err
}
return k.WriteSecret(name, out)
}
// Close just returns nil because no cleanup is necessary.
func (k *Provider) Close() error { return nil }