-
Notifications
You must be signed in to change notification settings - Fork 0
/
secret.go
85 lines (65 loc) · 2.13 KB
/
secret.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
// Package secret contains utilities for consuming secret values from various
// data sources.
package secret
import (
"context"
"fmt"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
coreclientv1 "k8s.io/client-go/kubernetes/typed/core/v1"
"github.com/zeiss/typhoon/pkg/apis/common/v1alpha1"
)
// Secrets is list of secret values.
type Secrets []string
// Getter can obtain secrets.
type Getter interface {
// Get returns exactly one secret value per input.
Get(...v1alpha1.ValueFromField) (Secrets, error)
}
// NewGetter returns a Getter for the given namespaced Secret client interface.
func NewGetter(cli coreclientv1.SecretInterface) *GetterWithClientset {
return &GetterWithClientset{
cli: cli,
}
}
// GetterWithClientset gets Kubernetes secrets using a namespaced Secret client
// interface.
type GetterWithClientset struct {
cli coreclientv1.SecretInterface
}
// GetterWithClientset implements Getter.
var _ Getter = (*GetterWithClientset)(nil)
// Get implements Getter.
func (g *GetterWithClientset) Get(refs ...v1alpha1.ValueFromField) (Secrets, error) {
s := make(Secrets, 0)
// cache Secret objects by name between iterations to avoid multiple
// round trips to the Kubernetes API for the same Secret object.
secretCache := make(map[string]*corev1.Secret)
for _, ref := range refs {
val := ref.Value
if vfs := ref.ValueFromSecret; vfs != nil {
var secr *corev1.Secret
var err error
if secretCache != nil && secretCache[vfs.Name] != nil {
secr = secretCache[vfs.Name]
} else {
secr, err = g.cli.Get(context.Background(), vfs.Name, metav1.GetOptions{})
if err != nil {
return nil, fmt.Errorf("getting Secret from cluster: %w", err)
}
secretCache[vfs.Name] = secr
}
val = string(secr.Data[vfs.Key])
}
s = append(s, val)
}
return s, nil
}
// GetterFunc allows the use of ordinary functions as Getter.
type GetterFunc func(...v1alpha1.ValueFromField) (Secrets, error)
// GetterFunc implements Getter.
var _ Getter = (GetterFunc)(nil)
// Get implements Getter.
func (f GetterFunc) Get(refs ...v1alpha1.ValueFromField) (Secrets, error) {
return f(refs...)
}