Beispiel #1
0
func secret(name string, secretType string, keysNames []string, flags *flag.FlagSet) api.Secret {
	return api.Secret{
		ObjectMeta: api.ObjectMeta{
			Name: name,
		},
		Type: api.SecretType(secretType),
		Data: getSecretData(secretType, name, keysNames, flags),
	}
}
Beispiel #2
0
// GetSecretForPV locates secret by name and namespace, verifies the secret type, and returns secret map
func GetSecretForPV(secretNamespace, secretName, volumePluginName string, kubeClient clientset.Interface) (map[string]string, error) {
	secret := make(map[string]string)
	if kubeClient == nil {
		return secret, fmt.Errorf("Cannot get kube client")
	}
	secrets, err := kubeClient.Core().Secrets(secretNamespace).Get(secretName)
	if err != nil {
		return secret, err
	}
	if secrets.Type != api.SecretType(volumePluginName) {
		return secret, fmt.Errorf("Cannot get secret of type %s", volumePluginName)
	}
	for name, data := range secrets.Data {
		secret[name] = string(data)
	}
	return secret, nil
}
Beispiel #3
0
// StructuredGenerate outputs a secret object using the configured fields
func (s SecretGeneratorV1) StructuredGenerate() (runtime.Object, error) {
	if err := s.validate(); err != nil {
		return nil, err
	}
	secret := &api.Secret{}
	secret.Name = s.Name
	secret.Data = map[string][]byte{}
	if len(s.Type) > 0 {
		secret.Type = api.SecretType(s.Type)
	}
	if len(s.FileSources) > 0 {
		if err := handleFromFileSources(secret, s.FileSources); err != nil {
			return nil, err
		}
	}
	if len(s.LiteralSources) > 0 {
		if err := handleFromLiteralSources(secret, s.LiteralSources); err != nil {
			return nil, err
		}
	}
	return secret, nil
}
Beispiel #4
0
func (o *CreateSecretOptions) BundleSecret() (*kapi.Secret, error) {
	secretData := make(map[string][]byte)

	for _, source := range o.Sources {
		keyName, filePath, err := parseSource(source)
		if err != nil {
			return nil, err
		}

		info, err := os.Stat(filePath)
		if err != nil {
			switch err := err.(type) {
			case *os.PathError:
				return nil, fmt.Errorf("error reading %s: %v", filePath, err.Err)
			default:
				return nil, fmt.Errorf("error reading %s: %v", filePath, err)
			}
		}

		if info.IsDir() {
			if strings.Contains(source, "=") {
				return nil, errors.New("Cannot give a key name for a directory path.")
			}
			fileList, err := ioutil.ReadDir(filePath)
			if err != nil {
				return nil, fmt.Errorf("error listing files in %s: %v", filePath, err)
			}

			for _, item := range fileList {
				itemPath := path.Join(filePath, item.Name())
				if !item.Mode().IsRegular() {
					if o.Stderr != nil && o.Quiet != true {
						fmt.Fprintf(o.Stderr, "Skipping resource %s\n", itemPath)
					}
				} else {
					keyName = item.Name()
					err = addKeyToSecret(keyName, itemPath, secretData)
					if err != nil {
						return nil, err
					}
				}
			}
		} else {
			err = addKeyToSecret(keyName, filePath, secretData)
			if err != nil {
				return nil, err
			}
		}
	}

	if len(secretData) == 0 {
		return nil, errors.New("No files selected")
	}

	// if the secret type isn't specified, attempt to auto-detect likely hit
	secretType := kapi.SecretType(o.SecretTypeName)
	if len(o.SecretTypeName) == 0 {
		secretType = kapi.SecretTypeOpaque

		for _, knownSecretType := range KnownSecretTypes {
			if knownSecretType.Matches(secretData) {
				secretType = knownSecretType.Type
			}
		}
	}

	secret := &kapi.Secret{
		ObjectMeta: kapi.ObjectMeta{Name: o.Name},
		Type:       secretType,
		Data:       secretData,
	}

	return secret, nil
}
func secretsResource() *schema.Resource {

	return &schema.Resource{
		Schema: map[string]*schema.Schema{
			"namespace": {
				Type:     schema.TypeString,
				Optional: true,
				ForceNew: true,
				Default:  "default",
			},
			"name": {
				Type:     schema.TypeString,
				Required: true,
				ForceNew: true,
			},
			"type": {
				Type:     schema.TypeString,
				Optional: true,
				ForceNew: true,
				Default:  "Opaque",
			},
			"data": {
				Type:     schema.TypeSet,
				Optional: true,
				Set:      secretsSetFunc,
				Elem: &schema.Resource{
					Schema: map[string]*schema.Schema{
						"name": {
							Type:     schema.TypeString,
							Required: true,
						},
						"value": {
							Type:     schema.TypeString,
							Required: true,
						},
					},
				},
			},
			"labels": {
				Type:     schema.TypeMap,
				Optional: true,
				Elem: &schema.Schema{
					Type:     schema.TypeString,
					Required: true,
				},
			},
			"annotations": {
				Type:     schema.TypeMap,
				Optional: true,
				Elem: &schema.Schema{
					Type:     schema.TypeString,
					Required: true,
				},
			},
		},
		Create: func(r *schema.ResourceData, v interface{}) error {
			client := extractClient(v)
			namespace := r.Get("namespace").(string)
			name := r.Get("name").(string)

			item := &api.Secret{}
			item.Name = name
			item.Type = api.SecretType(r.Get("type").(string))

			writeLabels(r, &item.ObjectMeta)
			writeAnnotations(r, &item.ObjectMeta)
			writeSecretData(r, item)

			item, err := client.Secrets(namespace).Create(item)
			if err != nil {
				return err
			}

			r.SetId(join(namespace, name))
			return nil
		},
		Read: func(r *schema.ResourceData, v interface{}) error {
			client := extractClient(v)
			namespace, name := split(r.Id())

			item, err := client.Secrets(namespace).Get(name)
			if err != nil {
				return err
			}

			readLabels(r, &item.ObjectMeta)
			readAnnotations(r, &item.ObjectMeta)
			readSecretData(r, item)

			r.Set("type", string(item.Type))
			r.Set("name", item.ObjectMeta.Name)
			return nil
		},
		Update: func(r *schema.ResourceData, v interface{}) error {

			client := extractClient(v)
			namespace, name := split(r.Id())

			item, err := client.Secrets(namespace).Get(name)
			if err != nil {
				return err
			}

			item.Type = api.SecretType(r.Get("type").(string))
			writeLabels(r, &item.ObjectMeta)
			writeAnnotations(r, &item.ObjectMeta)
			writeSecretData(r, item)

			_, err = client.Secrets(namespace).Update(item)
			if err != nil {
				return err
			}

			return nil
		},
		Delete: func(r *schema.ResourceData, v interface{}) error {
			client := extractClient(v)
			namespace, name := split(r.Id())

			return client.Secrets(namespace).Delete(name)
		},
		Exists: func(r *schema.ResourceData, v interface{}) (bool, error) {
			client := extractClient(v)
			namespace, name := split(r.Id())

			_, err := client.Secrets(namespace).Get(name)
			if errors.IsNotFound(err) {
				return false, nil
			}
			if err != nil {
				return false, err
			}
			return true, nil
		},
	}
}