func writeSecretData(r *schema.ResourceData, s *api.Secret) { s.Data = map[string][]byte{} if set, _ := r.Get("data").(*schema.Set); set != nil { for _, p := range set.List() { m := p.(map[string]interface{}) k := m["name"].(string) x := m["value"].(string) s.Data[k] = []byte(x) } } }
// generateTokenIfNeeded populates the token data for the given Secret if not already set func (e *TokensController) generateTokenIfNeeded(serviceAccount *api.ServiceAccount, secret *api.Secret) error { if secret.Annotations == nil { secret.Annotations = map[string]string{} } if secret.Data == nil { secret.Data = map[string][]byte{} } caData := secret.Data[api.ServiceAccountRootCAKey] needsCA := len(e.rootCA) > 0 && bytes.Compare(caData, e.rootCA) != 0 needsNamespace := len(secret.Data[api.ServiceAccountNamespaceKey]) == 0 tokenData := secret.Data[api.ServiceAccountTokenKey] needsToken := len(tokenData) == 0 if !needsCA && !needsToken && !needsNamespace { return nil } // Set the CA if needsCA { secret.Data[api.ServiceAccountRootCAKey] = e.rootCA } // Set the namespace if needsNamespace { secret.Data[api.ServiceAccountNamespaceKey] = []byte(secret.Namespace) } // Generate the token if needsToken { token, err := e.token.GenerateToken(*serviceAccount, *secret) if err != nil { return err } secret.Data[api.ServiceAccountTokenKey] = []byte(token) } // Set annotations secret.Annotations[api.ServiceAccountNameKey] = serviceAccount.Name secret.Annotations[api.ServiceAccountUIDKey] = string(serviceAccount.UID) // Save the secret if _, err := e.client.Core().Secrets(secret.Namespace).Update(secret); err != nil { return err } return nil }
func Convert_v1_Secret_To_api_Secret(in *Secret, out *api.Secret, s conversion.Scope) error { if err := autoConvert_v1_Secret_To_api_Secret(in, out, s); err != nil { return err } // StringData overwrites Data if len(in.StringData) > 0 { if out.Data == nil { out.Data = map[string][]byte{} } for k, v := range in.StringData { out.Data[k] = []byte(v) } } return nil }
func createAppEnvConfigSecret(secretsClient client.SecretsInterface, secretName string, env map[string]interface{}) error { newSecret := new(api.Secret) newSecret.Name = secretName newSecret.Type = api.SecretTypeOpaque newSecret.Data = make(map[string][]byte) for k, v := range env { newSecret.Data[k] = []byte(fmt.Sprintf("%v", v)) } if _, err := secretsClient.Create(newSecret); err != nil { if apierrors.IsAlreadyExists(err) { if _, err = secretsClient.Update(newSecret); err != nil { return err } return nil } return err } return nil }
// Get is the ClusterID interface implementation func (c clusterIDFromPersistentStorage) Get() (string, error) { c.rwm.Lock() defer c.rwm.Unlock() secret, err := c.secretGetterCreator.Get(wfmSecretName) //If we don't have the secret we shouldn't be returning error and instead a create a new one if err != nil && !apierrors.IsNotFound(err) { return "", err } // if we don't have secret data for the cluster ID we assume a new cluster // and create a new secret if secret.Data[clusterIDSecretKey] == nil { newSecret := new(api.Secret) newSecret.Name = wfmSecretName newSecret.Data = make(map[string][]byte) newSecret.Data[clusterIDSecretKey] = []byte(uuid.NewV4().String()) fromAPI, err := c.secretGetterCreator.Create(newSecret) if err != nil { return "", err } secret = fromAPI } return string(secret.Data[clusterIDSecretKey]), nil }
// createSecret creates a secret containing TLS certificates for the given Ingress. // If a secret with the same name already exists in the namespace of the // Ingress, it's updated. func createSecret(kubeClient clientset.Interface, ing *extensions.Ingress) (host string, rootCA, privKey []byte, err error) { var k, c bytes.Buffer tls := ing.Spec.TLS[0] host = strings.Join(tls.Hosts, ",") framework.Logf("Generating RSA cert for host %v", host) if err = generateRSACerts(host, true, &k, &c); err != nil { return } cert := c.Bytes() key := k.Bytes() secret := &api.Secret{ ObjectMeta: api.ObjectMeta{ Name: tls.SecretName, }, Data: map[string][]byte{ api.TLSCertKey: cert, api.TLSPrivateKeyKey: key, }, } var s *api.Secret if s, err = kubeClient.Core().Secrets(ing.Namespace).Get(tls.SecretName); err == nil { // TODO: Retry the update. We don't really expect anything to conflict though. framework.Logf("Updating secret %v in ns %v with hosts %v for ingress %v", secret.Name, secret.Namespace, host, ing.Name) s.Data = secret.Data _, err = kubeClient.Core().Secrets(ing.Namespace).Update(s) } else { framework.Logf("Creating secret %v in ns %v with hosts %v for ingress %v", secret.Name, secret.Namespace, host, ing.Name) _, err = kubeClient.Core().Secrets(ing.Namespace).Create(secret) } return host, cert, key, err }