func secret(name string, secretType string, keysNames []string, flags *flag.FlagSet) api.Secret {
return api.Secret{
ObjectMeta: api.ObjectMeta{
Name: name,
},
Type: api.SecretType(secretType),
Data: getSecretData(secretType, name, keysNames, flags),
}
}
// GetSecretForPV locates secret by name and namespace, verifies the secret type, and returns secret map
func GetSecretForPV(secretNamespace, secretName, volumePluginName string, kubeClient clientset.Interface) (map[string]string, error) {
secret := make(map[string]string)
if kubeClient == nil {
return secret, fmt.Errorf("Cannot get kube client")
}
secrets, err := kubeClient.Core().Secrets(secretNamespace).Get(secretName)
if err != nil {
return secret, err
}
if secrets.Type != api.SecretType(volumePluginName) {
return secret, fmt.Errorf("Cannot get secret of type %s", volumePluginName)
}
for name, data := range secrets.Data {
secret[name] = string(data)
}
return secret, nil
}
// StructuredGenerate outputs a secret object using the configured fields
func (s SecretGeneratorV1) StructuredGenerate() (runtime.Object, error) {
if err := s.validate(); err != nil {
return nil, err
}
secret := &api.Secret{}
secret.Name = s.Name
secret.Data = map[string][]byte{}
if len(s.Type) > 0 {
secret.Type = api.SecretType(s.Type)
}
if len(s.FileSources) > 0 {
if err := handleFromFileSources(secret, s.FileSources); err != nil {
return nil, err
}
}
if len(s.LiteralSources) > 0 {
if err := handleFromLiteralSources(secret, s.LiteralSources); err != nil {
return nil, err
}
}
return secret, nil
}
func (o *CreateSecretOptions) BundleSecret() (*kapi.Secret, error) {
secretData := make(map[string][]byte)
for _, source := range o.Sources {
keyName, filePath, err := parseSource(source)
if err != nil {
return nil, err
}
info, err := os.Stat(filePath)
if err != nil {
switch err := err.(type) {
case *os.PathError:
return nil, fmt.Errorf("error reading %s: %v", filePath, err.Err)
default:
return nil, fmt.Errorf("error reading %s: %v", filePath, err)
}
}
if info.IsDir() {
if strings.Contains(source, "=") {
return nil, errors.New("Cannot give a key name for a directory path.")
}
fileList, err := ioutil.ReadDir(filePath)
if err != nil {
return nil, fmt.Errorf("error listing files in %s: %v", filePath, err)
}
for _, item := range fileList {
itemPath := path.Join(filePath, item.Name())
if !item.Mode().IsRegular() {
if o.Stderr != nil && o.Quiet != true {
fmt.Fprintf(o.Stderr, "Skipping resource %s\n", itemPath)
}
} else {
keyName = item.Name()
err = addKeyToSecret(keyName, itemPath, secretData)
if err != nil {
return nil, err
}
}
}
} else {
err = addKeyToSecret(keyName, filePath, secretData)
if err != nil {
return nil, err
}
}
}
if len(secretData) == 0 {
return nil, errors.New("No files selected")
}
// if the secret type isn't specified, attempt to auto-detect likely hit
secretType := kapi.SecretType(o.SecretTypeName)
if len(o.SecretTypeName) == 0 {
secretType = kapi.SecretTypeOpaque
for _, knownSecretType := range KnownSecretTypes {
if knownSecretType.Matches(secretData) {
secretType = knownSecretType.Type
}
}
}
secret := &kapi.Secret{
ObjectMeta: kapi.ObjectMeta{Name: o.Name},
Type: secretType,
Data: secretData,
}
return secret, nil
}
func secretsResource() *schema.Resource {
return &schema.Resource{
Schema: map[string]*schema.Schema{
"namespace": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Default: "default",
},
"name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"type": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Default: "Opaque",
},
"data": {
Type: schema.TypeSet,
Optional: true,
Set: secretsSetFunc,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
},
"value": {
Type: schema.TypeString,
Required: true,
},
},
},
},
"labels": {
Type: schema.TypeMap,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
Required: true,
},
},
"annotations": {
Type: schema.TypeMap,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
Required: true,
},
},
},
Create: func(r *schema.ResourceData, v interface{}) error {
client := extractClient(v)
namespace := r.Get("namespace").(string)
name := r.Get("name").(string)
item := &api.Secret{}
item.Name = name
item.Type = api.SecretType(r.Get("type").(string))
writeLabels(r, &item.ObjectMeta)
writeAnnotations(r, &item.ObjectMeta)
writeSecretData(r, item)
item, err := client.Secrets(namespace).Create(item)
if err != nil {
return err
}
r.SetId(join(namespace, name))
return nil
},
Read: func(r *schema.ResourceData, v interface{}) error {
client := extractClient(v)
namespace, name := split(r.Id())
item, err := client.Secrets(namespace).Get(name)
if err != nil {
return err
}
readLabels(r, &item.ObjectMeta)
readAnnotations(r, &item.ObjectMeta)
readSecretData(r, item)
r.Set("type", string(item.Type))
r.Set("name", item.ObjectMeta.Name)
return nil
},
Update: func(r *schema.ResourceData, v interface{}) error {
client := extractClient(v)
namespace, name := split(r.Id())
item, err := client.Secrets(namespace).Get(name)
if err != nil {
return err
}
item.Type = api.SecretType(r.Get("type").(string))
writeLabels(r, &item.ObjectMeta)
writeAnnotations(r, &item.ObjectMeta)
writeSecretData(r, item)
_, err = client.Secrets(namespace).Update(item)
if err != nil {
return err
}
return nil
},
Delete: func(r *schema.ResourceData, v interface{}) error {
client := extractClient(v)
namespace, name := split(r.Id())
return client.Secrets(namespace).Delete(name)
},
Exists: func(r *schema.ResourceData, v interface{}) (bool, error) {
client := extractClient(v)
namespace, name := split(r.Id())
_, err := client.Secrets(namespace).Get(name)
if errors.IsNotFound(err) {
return false, nil
}
if err != nil {
return false, err
}
return true, nil
},
}
}