-
Notifications
You must be signed in to change notification settings - Fork 88
/
identity.go
94 lines (78 loc) · 2.98 KB
/
identity.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package midstream
import (
"context"
"io/ioutil"
"os"
"path/filepath"
"github.com/pkg/errors"
identitydeploy "github.com/replicatedhq/kots/pkg/identity/deploy"
"github.com/replicatedhq/kots/pkg/k8sutil"
kustomizetypes "sigs.k8s.io/kustomize/api/types"
)
func (m *Midstream) writeIdentityService(ctx context.Context, options WriteOptions) (string, error) {
if !identitydeploy.IsEnabled(m.IdentitySpec, m.IdentityConfig) {
return "", nil
}
base := "identity-service"
absDir := filepath.Join(options.MidstreamDir, base)
if err := os.MkdirAll(absDir, 0744); err != nil {
return "", errors.Wrap(err, "failed to mkdir")
}
additionalLabels := map[string]string{
"kots.io/app": options.AppSlug,
}
proxyEnv := map[string]string{
"HTTP_PROXY": options.HTTPProxyEnvValue,
"HTTPS_PROXY": options.HTTPSProxyEnvValue,
"NO_PROXY": options.NoProxyEnvValue,
}
deployOptions := identitydeploy.Options{
NamePrefix: options.AppSlug,
IdentitySpec: m.IdentitySpec.Spec,
IdentityConfigSpec: m.IdentityConfig.Spec,
IsOpenShift: options.IsOpenShift,
ImageRewriteFn: nil, // TODO (ethan): do we rewrite in kustomization.images?
ProxyEnv: proxyEnv,
AdditionalLabels: additionalLabels,
Cipher: &options.Cipher,
Builder: &options.Builder,
}
resources, err := identitydeploy.Render(ctx, deployOptions)
if err != nil {
return "", errors.Wrap(err, "failed to render identity service resources")
}
if m.IdentityConfig.Spec.Storage.PostgresConfig != nil {
postgresSecretResource, err := identitydeploy.RenderPostgresSecret(ctx, options.AppSlug, &options.Cipher, *m.IdentityConfig.Spec.Storage.PostgresConfig, additionalLabels)
if err != nil {
return "", errors.Wrap(err, "failed to render postgres secret")
}
resources["postgressecret.yaml"] = postgresSecretResource
}
if m.IdentityConfig.Spec.ClientID != "" {
clientSecret, err := m.IdentityConfig.Spec.ClientSecret.GetValue(options.Cipher)
if err != nil {
return "", errors.Wrap(err, "failed to decrypt client secret")
}
clientSecretResource, err := identitydeploy.RenderClientSecret(ctx, m.IdentityConfig.Spec.ClientID, clientSecret, additionalLabels)
if err != nil {
return "", errors.Wrap(err, "failed to render client secret")
}
resources["clientsecret.yaml"] = clientSecretResource
}
kustomization := kustomizetypes.Kustomization{
TypeMeta: kustomizetypes.TypeMeta{
APIVersion: "kustomize.config.k8s.io/v1beta1",
Kind: "Kustomization",
},
}
for filename, resource := range resources {
if err := ioutil.WriteFile(filepath.Join(absDir, filename), resource, 0644); err != nil {
return "", errors.Wrapf(err, "failed to write resource %s", filename)
}
kustomization.Resources = append(kustomization.Resources, filename)
}
if err := k8sutil.WriteKustomizationToFile(kustomization, filepath.Join(absDir, "kustomization.yaml")); err != nil {
return "", errors.Wrap(err, "failed to write kustomization file")
}
return base, nil
}