コード例 #1
0
// generateTokenIfNeeded populates the token data for the given Secret if not already set
func (e *TokensController) generateTokenIfNeeded(serviceAccount *api.ServiceAccount, secret *api.Secret) error {
	if secret.Annotations == nil {
		secret.Annotations = map[string]string{}
	}
	if secret.Data == nil {
		secret.Data = map[string][]byte{}
	}

	caData := secret.Data[api.ServiceAccountRootCAKey]
	needsCA := len(e.rootCA) > 0 && bytes.Compare(caData, e.rootCA) != 0

	needsNamespace := len(secret.Data[api.ServiceAccountNamespaceKey]) == 0

	tokenData := secret.Data[api.ServiceAccountTokenKey]
	needsToken := len(tokenData) == 0

	if !needsCA && !needsToken && !needsNamespace {
		return nil
	}

	// Set the CA
	if needsCA {
		secret.Data[api.ServiceAccountRootCAKey] = e.rootCA
	}
	// Set the namespace
	if needsNamespace {
		secret.Data[api.ServiceAccountNamespaceKey] = []byte(secret.Namespace)
	}

	// Generate the token
	if needsToken {
		token, err := e.token.GenerateToken(*serviceAccount, *secret)
		if err != nil {
			return err
		}
		secret.Data[api.ServiceAccountTokenKey] = []byte(token)
	}

	// Set annotations
	secret.Annotations[api.ServiceAccountNameKey] = serviceAccount.Name
	secret.Annotations[api.ServiceAccountUIDKey] = string(serviceAccount.UID)

	// Save the secret
	if _, err := e.client.Core().Secrets(secret.Namespace).Update(secret); err != nil {
		return err
	}
	return nil
}
コード例 #2
0
ファイル: k8s_util.go プロジェクト: mboersma/builder
func createAppEnvConfigSecret(secretsClient client.SecretsInterface, secretName string, env map[string]interface{}) error {
	newSecret := new(api.Secret)
	newSecret.Name = secretName
	newSecret.Type = api.SecretTypeOpaque
	newSecret.Data = make(map[string][]byte)
	for k, v := range env {
		newSecret.Data[k] = []byte(fmt.Sprintf("%v", v))
	}
	if _, err := secretsClient.Create(newSecret); err != nil {
		if apierrors.IsAlreadyExists(err) {
			if _, err = secretsClient.Update(newSecret); err != nil {
				return err
			}
			return nil
		}
		return err
	}
	return nil
}
コード例 #3
0
func writeSecretData(r *schema.ResourceData, s *api.Secret) {
	s.Data = map[string][]byte{}
	if set, _ := r.Get("data").(*schema.Set); set != nil {
		for _, p := range set.List() {
			m := p.(map[string]interface{})
			k := m["name"].(string)
			x := m["value"].(string)
			s.Data[k] = []byte(x)
		}
	}
}
コード例 #4
0
ファイル: cluster_id.go プロジェクト: deis/workflow-manager
// Get is the ClusterID interface implementation
func (c clusterIDFromPersistentStorage) Get() (string, error) {
	c.rwm.Lock()
	defer c.rwm.Unlock()
	secret, err := c.secretGetterCreator.Get(wfmSecretName)
	//If we don't have the secret we shouldn't be returning error and instead a create a new one
	if err != nil && !apierrors.IsNotFound(err) {
		return "", err
	}
	// if we don't have secret data for the cluster ID we assume a new cluster
	// and create a new secret
	if secret.Data[clusterIDSecretKey] == nil {
		newSecret := new(api.Secret)
		newSecret.Name = wfmSecretName
		newSecret.Data = make(map[string][]byte)
		newSecret.Data[clusterIDSecretKey] = []byte(uuid.NewV4().String())
		fromAPI, err := c.secretGetterCreator.Create(newSecret)
		if err != nil {
			return "", err
		}
		secret = fromAPI
	}
	return string(secret.Data[clusterIDSecretKey]), nil
}
コード例 #5
0
ファイル: conversion.go プロジェクト: Q-Lee/kubernetes
func Convert_v1_Secret_To_api_Secret(in *Secret, out *api.Secret, s conversion.Scope) error {
	if err := autoConvert_v1_Secret_To_api_Secret(in, out, s); err != nil {
		return err
	}

	// StringData overwrites Data
	if len(in.StringData) > 0 {
		if out.Data == nil {
			out.Data = map[string][]byte{}
		}
		for k, v := range in.StringData {
			out.Data[k] = []byte(v)
		}
	}

	return nil
}
コード例 #6
-2
ファイル: ingress_utils.go プロジェクト: neujie/kubernetes
// createSecret creates a secret containing TLS certificates for the given Ingress.
// If a secret with the same name already exists in the namespace of the
// Ingress, it's updated.
func createSecret(kubeClient clientset.Interface, ing *extensions.Ingress) (host string, rootCA, privKey []byte, err error) {
	var k, c bytes.Buffer
	tls := ing.Spec.TLS[0]
	host = strings.Join(tls.Hosts, ",")
	framework.Logf("Generating RSA cert for host %v", host)

	if err = generateRSACerts(host, true, &k, &c); err != nil {
		return
	}
	cert := c.Bytes()
	key := k.Bytes()
	secret := &api.Secret{
		ObjectMeta: api.ObjectMeta{
			Name: tls.SecretName,
		},
		Data: map[string][]byte{
			api.TLSCertKey:       cert,
			api.TLSPrivateKeyKey: key,
		},
	}
	var s *api.Secret
	if s, err = kubeClient.Core().Secrets(ing.Namespace).Get(tls.SecretName); err == nil {
		// TODO: Retry the update. We don't really expect anything to conflict though.
		framework.Logf("Updating secret %v in ns %v with hosts %v for ingress %v", secret.Name, secret.Namespace, host, ing.Name)
		s.Data = secret.Data
		_, err = kubeClient.Core().Secrets(ing.Namespace).Update(s)
	} else {
		framework.Logf("Creating secret %v in ns %v with hosts %v for ingress %v", secret.Name, secret.Namespace, host, ing.Name)
		_, err = kubeClient.Core().Secrets(ing.Namespace).Create(secret)
	}
	return host, cert, key, err
}