forked from rancher/rancher
-
Notifications
You must be signed in to change notification settings - Fork 0
/
secrets_store.go
103 lines (87 loc) · 2.36 KB
/
secrets_store.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package encryptedstore
import (
"reflect"
"github.com/rancher/types/apis/core/v1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
typedv1 "k8s.io/client-go/kubernetes/typed/core/v1"
)
const (
defaultNamespace = "cattle-system"
)
type GenericEncryptedStore struct {
prefix string
namespace string
secrets typedv1.SecretsGetter
}
func NewGenericEncrypedStore(prefix, namespace string, namespaceInterface v1.NamespaceInterface, secrets typedv1.SecretsGetter) (*GenericEncryptedStore, error) {
if namespace == "" {
namespace = defaultNamespace
}
_, err := namespaceInterface.Get(namespace, metav1.GetOptions{})
if errors.IsNotFound(err) {
ns := &corev1.Namespace{}
ns.Name = namespace
if _, err := namespaceInterface.Create(ns); err != nil {
return nil, err
}
} else if err != nil {
return nil, err
}
return &GenericEncryptedStore{
prefix: prefix,
namespace: namespace,
secrets: secrets,
}, nil
}
func (g *GenericEncryptedStore) Get(name string) (map[string]string, error) {
sec, err := g.secrets.Secrets(g.namespace).Get(g.getKey(name), metav1.GetOptions{})
if err != nil {
return nil, err
}
result := map[string]string{}
for k, v := range sec.Data {
result[k] = string(v)
}
return result, nil
}
func (g *GenericEncryptedStore) getKey(name string) string {
return g.prefix + name
}
func (g *GenericEncryptedStore) Set(name string, data map[string]string) error {
return g.set(name, data, 0)
}
func (g *GenericEncryptedStore) set(name string, data map[string]string, try int) error {
sec, err := g.secrets.Secrets(g.namespace).Get(g.getKey(name), metav1.GetOptions{})
if errors.IsNotFound(err) {
sec = &corev1.Secret{}
sec.Name = g.getKey(name)
sec.StringData = data
_, err := g.secrets.Secrets(g.namespace).Create(sec)
return err
} else if err != nil {
return err
}
orig := sec.DeepCopy()
if sec.Data == nil {
sec.Data = map[string][]byte{}
}
for k, v := range data {
sec.Data[k] = []byte(v)
}
if !reflect.DeepEqual(orig, sec) {
_, err = g.secrets.Secrets(g.namespace).Update(sec)
if err != nil && try < 5 {
return g.set(name, data, try+1)
}
}
return err
}
func (g *GenericEncryptedStore) Remove(name string) error {
err := g.secrets.Secrets(g.namespace).Delete(g.getKey(name), nil)
if errors.IsNotFound(err) {
return nil
}
return err
}