-
Notifications
You must be signed in to change notification settings - Fork 30
/
cred.go
71 lines (64 loc) · 1.91 KB
/
cred.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package ocmextensions
import (
"context"
"encoding/json"
"errors"
"fmt"
"regexp"
"github.com/google/go-containerregistry/pkg/authn"
"github.com/google/go-containerregistry/pkg/authn/kubernetes"
apicorev1 "k8s.io/api/core/v1"
apimetav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
)
var ErrNoAuthSecretFound = errors.New("no auth secret found")
func GetAuthnKeychain(ctx context.Context,
credSecretSelector *apimetav1.LabelSelector,
clnt client.Client,
) (authn.Keychain, error) {
secretList, err := getCredSecrets(ctx, credSecretSelector, clnt)
if err != nil {
return nil, err
}
keychain, err := kubernetes.NewFromPullSecrets(ctx, secretList.Items)
if err != nil {
return nil, fmt.Errorf("failed to create auth keychain: %w", err)
}
return keychain, nil
}
func getCredSecrets(
ctx context.Context,
credSecretSelector *apimetav1.LabelSelector,
clusterClient client.Client,
) (apicorev1.SecretList, error) {
secretList := apicorev1.SecretList{}
selector, err := apimetav1.LabelSelectorAsSelector(credSecretSelector)
if err != nil {
return secretList, fmt.Errorf("error converting labelSelector: %w", err)
}
err = clusterClient.List(
ctx, &secretList, &client.ListOptions{
LabelSelector: selector,
},
)
if err != nil {
return secretList, fmt.Errorf("failed to list cred secrets: %w", err)
}
if len(secretList.Items) == 0 {
return secretList, ErrNoAuthSecretFound
}
return secretList, nil
}
func GenerateLabelSelector(registryCredValue []byte) (*apimetav1.LabelSelector, error) {
credSecretLabel := make(map[string]string)
if err := json.Unmarshal(registryCredValue, &credSecretLabel); err != nil {
return nil, fmt.Errorf("failed to cred secret labels: %w", err)
}
return &apimetav1.LabelSelector{
MatchLabels: credSecretLabel,
}, nil
}
func NoSchemeURL(url string) string {
regex := regexp.MustCompile(`^https?://`)
return regex.ReplaceAllString(url, "")
}