This repository has been archived by the owner on Feb 2, 2021. It is now read-only.
/
secrets.go
77 lines (60 loc) · 1.54 KB
/
secrets.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package types
import (
"crypto/sha256"
"fmt"
"log"
"os"
"github.com/openfaas-incubator/ofc-bootstrap/pkg/execute"
)
func CreateDockerSecret(kvn KeyValueNamespaceTuple) string {
val, err := generateSecret()
if err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(1)
}
return fmt.Sprintf("echo %s | docker secret create %s", val, kvn.Name)
}
func CreateK8sSecret(kvn KeyValueNamespaceTuple) string {
secretCmd := fmt.Sprintf("kubectl create secret generic -n %s %s", kvn.Namespace, kvn.Name)
if len(kvn.Type) != 0 {
secretCmd = fmt.Sprintf("%s --type=%s", secretCmd, kvn.Type)
}
for _, key := range kvn.Literals {
secretValue := key.Value
if len(secretValue) == 0 {
val, err := generateSecret()
if err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(1)
}
secretValue = val
}
secretCmd = fmt.Sprintf(`%s --from-literal=%s=%s`, secretCmd, key.Name, secretValue)
}
for _, file := range kvn.Files {
if len(file.ValueCommand) > 0 {
task := execute.ExecTask{
Command: file.ValueCommand,
}
_, err := task.Execute()
if err != nil {
log.Println(err)
}
}
secretCmd = fmt.Sprintf("%s --from-file=%s=%s", secretCmd, file.Name, file.ExpandValueFrom())
}
return secretCmd
}
func generateSecret() (string, error) {
task := execute.ExecTask{
Command: "scripts/generate-sha.sh",
Shell: false,
}
res, err := task.Execute()
if res.ExitCode != 0 && err != nil {
err = fmt.Errorf("non-zero exit code")
}
h := sha256.New()
h.Write([]byte(res.Stdout))
return fmt.Sprintf("%x", h.Sum(nil)), err
}