/
secrets.go
134 lines (105 loc) · 3.29 KB
/
secrets.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
package kube
import (
"context"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
_ "k8s.io/client-go/plugin/pkg/client/auth"
)
// CreateSecret creates a K8s secret with a given name from a given map
func (c *K8sClient) CreateSecret(name, namespace string, secType corev1.SecretType, data map[string]interface{}) error {
secretsClient := c.Client.CoreV1().Secrets(namespace)
if secType == "" {
secType = "Opaque"
}
secret := &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: name,
Annotations: map[string]string{
"helm.sh/resource-policy": "keep",
},
},
Data: convertMapInterfaceToString(data),
Type: secType,
}
_, err := secretsClient.Create(context.TODO(), secret, metav1.CreateOptions{})
if err != nil {
return err
}
return nil
}
// UpdateSecret updates a K8s secret with a given name from a given map and creates one if it's absent
func (c *K8sClient) UpdateSecret(name, namespace string, data map[string]interface{}) error {
secretsClient := c.Client.CoreV1().Secrets(namespace)
result, err := secretsClient.Get(context.TODO(), name, metav1.GetOptions{})
if err != nil {
if errors.IsNotFound(err) {
return c.CreateSecret(name, namespace, "Opaque", data)
}
return err
}
byteData := convertMapInterfaceToString(data)
resData := result.Data
for k, v := range byteData {
resData[k] = v
}
result.Data = resData
result.ObjectMeta.Annotations = map[string]string{
"helm.sh/resource-policy": "keep",
}
_, err = secretsClient.Update(context.TODO(), result, metav1.UpdateOptions{})
if err != nil {
return err
}
return nil
}
// ReadSecret reads a K8s secret with a given name
func (c *K8sClient) ReadSecret(name, namespace string) (map[string][]byte, error) {
secretsClient := c.Client.CoreV1().Secrets(namespace)
result, err := secretsClient.Get(context.TODO(), name, metav1.GetOptions{})
if err != nil {
return nil, err
}
return result.Data, nil
}
// GetAnnotatedPullSecrets get a K8s secret with a given name and annotations
func (c *K8sClient) GetAnnotatedPullSecrets(namespace string, annotations map[string]string) ([]corev1.Secret, error) {
secretsClient := c.Client.CoreV1().Secrets(namespace)
secrets, err := secretsClient.List(context.TODO(), metav1.ListOptions{})
if err != nil {
return nil, err
}
ps := []corev1.Secret{}
for _, secret := range secrets.Items {
if secret.Type == corev1.SecretTypeDockerConfigJson {
for key, elem := range annotations {
if val, ok := secret.Annotations[key]; ok && elem == val {
ps = append(ps, secret)
}
}
}
}
return ps, nil
}
// GetSecrets get a K8s secret with a given name
func (c *K8sClient) GetSecrets(namespace string) ([]corev1.Secret, error) {
secretsClient := c.Client.CoreV1().Secrets(namespace)
secrets, err := secretsClient.List(context.TODO(), metav1.ListOptions{})
if err != nil {
return nil, err
}
ps := []corev1.Secret{}
for _, secret := range secrets.Items {
ps = append(ps, secret)
}
return ps, nil
}
// DeleteSecret delete a K8s secret with a given name
func (c *K8sClient) DeleteSecret(name, namespace string) error {
secretsClient := c.Client.CoreV1().Secrets(namespace)
err := secretsClient.Delete(context.TODO(), name, metav1.DeleteOptions{})
if err != nil {
return err
}
return nil
}