// GetServiceAccountTokens returns all ServiceAccountToken secrets for the given ServiceAccount
func GetServiceAccountTokens(secretsNamespacer client.SecretsNamespacer, sa *api.ServiceAccount) ([]*api.Secret, error) {
tokenSelector := fields.SelectorFromSet(map[string]string{client.SecretType: string(api.SecretTypeServiceAccountToken)})
secrets, err := secretsNamespacer.Secrets(sa.Namespace).List(labels.Everything(), tokenSelector)
if err != nil {
return nil, err
}
tokenSecrets := []*api.Secret{}
for i := range secrets.Items {
secret := &secrets.Items[i]
if IsServiceAccountToken(secret, sa) {
tokenSecrets = append(tokenSecrets, secret)
}
}
return tokenSecrets, nil
}
// GetSecretListChannel returns a pair of channels to a Secret list and errors that
// both must be read numReads times.
func GetSecretListChannel(client client.SecretsNamespacer, nsQuery *NamespaceQuery, numReads int) SecretListChannel {
channel := SecretListChannel{
List: make(chan *api.SecretList, numReads),
Error: make(chan error, numReads),
}
go func() {
list, err := client.Secrets(nsQuery.ToRequestParam()).List(listEverything)
var filteredItems []api.Secret
for _, item := range list.Items {
if nsQuery.Matches(item.ObjectMeta.Namespace) {
filteredItems = append(filteredItems, item)
}
}
list.Items = filteredItems
for i := 0; i < numReads; i++ {
channel.List <- list
channel.Error <- err
}
}()
return channel
}
func getRegistryDetails(kubeClient client.SecretsNamespacer, image *string, registryLocation, namespace, registrySecretPrefix string) (map[string]string, error) {
registryConfigSecretInterface := kubeClient.Secrets(*image)
privateRegistrySecretInterface := kubeClient.Secrets(namespace)
registryEnv := make(map[string]string)
var regSecretData map[string]string
var err error
if registryLocation == "off-cluster" {
regSecretData, err = getDetailsFromRegistrySecret(privateRegistrySecretInterface, registrySecret)
if err != nil {
return nil, err
}
for key, value := range regSecretData {
registryEnv["DEIS_REGISTRY_"+strings.ToUpper(key)] = value
}
if registryEnv["DEIS_REGISTRY_ORGANIZATION"] != "" {
*image = registryEnv["DEIS_REGISTRY_ORGANIZATION"] + "/" + *image
}
if registryEnv["DEIS_REGISTRY_HOSTNAME"] != "" {
*image = registryEnv["DEIS_REGISTRY_HOSTNAME"] + "/" + *image
}
} else if registryLocation == "ecr" {
registryEnv, err = getDetailsFromDockerConfigSecret(registryConfigSecretInterface, registrySecretPrefix+"-"+registryLocation)
if err != nil {
return nil, err
}
regSecretData, err = getDetailsFromRegistrySecret(privateRegistrySecretInterface, registrySecret)
if err != nil {
return nil, err
}
err = storage.CreateImageRepo(*image, regSecretData)
if err != nil {
return nil, err
}
hostname := strings.Replace(registryEnv["DEIS_REGISTRY_HOSTNAME"], "https://", "", 1)
*image = hostname + "/" + *image
} else if registryLocation == "gcr" {
registryEnv, err = getDetailsFromDockerConfigSecret(registryConfigSecretInterface, registrySecretPrefix+"-"+registryLocation)
if err != nil {
return nil, err
}
regSecretData, err = getDetailsFromRegistrySecret(privateRegistrySecretInterface, registrySecret)
if err != nil {
return nil, err
}
var key struct {
ProjectID string `json:"project_id"`
}
jsonKey := []byte(regSecretData["key.json"])
if err := json.Unmarshal(jsonKey, &key); err != nil {
return nil, err
}
hostname := strings.Replace(registryEnv["DEIS_REGISTRY_HOSTNAME"], "https://", "", 1)
projectID := strings.Replace(key.ProjectID, ":", "/", -1)
registryEnv["DEIS_REGISTRY_GCS_PROJ_ID"] = projectID
*image = strings.Replace(hostname, "https://", "", 1) + "/" + projectID + "/" + *image
}
return registryEnv, nil
}
