示例#1
0
// GetServiceAccountTokens returns all ServiceAccountToken secrets for the given ServiceAccount
func GetServiceAccountTokens(secretsNamespacer client.SecretsNamespacer, sa *api.ServiceAccount) ([]*api.Secret, error) {
	tokenSelector := fields.SelectorFromSet(map[string]string{client.SecretType: string(api.SecretTypeServiceAccountToken)})
	secrets, err := secretsNamespacer.Secrets(sa.Namespace).List(labels.Everything(), tokenSelector)
	if err != nil {
		return nil, err
	}

	tokenSecrets := []*api.Secret{}
	for i := range secrets.Items {
		secret := &secrets.Items[i]
		if IsServiceAccountToken(secret, sa) {
			tokenSecrets = append(tokenSecrets, secret)
		}
	}

	return tokenSecrets, nil
}
// GetSecretListChannel returns a pair of channels to a Secret list and errors that
// both must be read numReads times.
func GetSecretListChannel(client client.SecretsNamespacer, nsQuery *NamespaceQuery, numReads int) SecretListChannel {

	channel := SecretListChannel{
		List:  make(chan *api.SecretList, numReads),
		Error: make(chan error, numReads),
	}

	go func() {
		list, err := client.Secrets(nsQuery.ToRequestParam()).List(listEverything)
		var filteredItems []api.Secret
		for _, item := range list.Items {
			if nsQuery.Matches(item.ObjectMeta.Namespace) {
				filteredItems = append(filteredItems, item)
			}
		}
		list.Items = filteredItems
		for i := 0; i < numReads; i++ {
			channel.List <- list
			channel.Error <- err
		}
	}()

	return channel
}
示例#3
0
func getRegistryDetails(kubeClient client.SecretsNamespacer, image *string, registryLocation, namespace, registrySecretPrefix string) (map[string]string, error) {
	registryConfigSecretInterface := kubeClient.Secrets(*image)
	privateRegistrySecretInterface := kubeClient.Secrets(namespace)
	registryEnv := make(map[string]string)
	var regSecretData map[string]string
	var err error
	if registryLocation == "off-cluster" {
		regSecretData, err = getDetailsFromRegistrySecret(privateRegistrySecretInterface, registrySecret)
		if err != nil {
			return nil, err
		}
		for key, value := range regSecretData {
			registryEnv["DEIS_REGISTRY_"+strings.ToUpper(key)] = value
		}
		if registryEnv["DEIS_REGISTRY_ORGANIZATION"] != "" {
			*image = registryEnv["DEIS_REGISTRY_ORGANIZATION"] + "/" + *image
		}
		if registryEnv["DEIS_REGISTRY_HOSTNAME"] != "" {
			*image = registryEnv["DEIS_REGISTRY_HOSTNAME"] + "/" + *image
		}
	} else if registryLocation == "ecr" {
		registryEnv, err = getDetailsFromDockerConfigSecret(registryConfigSecretInterface, registrySecretPrefix+"-"+registryLocation)
		if err != nil {
			return nil, err
		}

		regSecretData, err = getDetailsFromRegistrySecret(privateRegistrySecretInterface, registrySecret)
		if err != nil {
			return nil, err
		}
		err = storage.CreateImageRepo(*image, regSecretData)
		if err != nil {
			return nil, err
		}
		hostname := strings.Replace(registryEnv["DEIS_REGISTRY_HOSTNAME"], "https://", "", 1)
		*image = hostname + "/" + *image

	} else if registryLocation == "gcr" {
		registryEnv, err = getDetailsFromDockerConfigSecret(registryConfigSecretInterface, registrySecretPrefix+"-"+registryLocation)
		if err != nil {
			return nil, err
		}

		regSecretData, err = getDetailsFromRegistrySecret(privateRegistrySecretInterface, registrySecret)
		if err != nil {
			return nil, err
		}
		var key struct {
			ProjectID string `json:"project_id"`
		}
		jsonKey := []byte(regSecretData["key.json"])
		if err := json.Unmarshal(jsonKey, &key); err != nil {
			return nil, err
		}
		hostname := strings.Replace(registryEnv["DEIS_REGISTRY_HOSTNAME"], "https://", "", 1)
		projectID := strings.Replace(key.ProjectID, ":", "/", -1)
		registryEnv["DEIS_REGISTRY_GCS_PROJ_ID"] = projectID
		*image = strings.Replace(hostname, "https://", "", 1) + "/" + projectID + "/" + *image
	}
	return registryEnv, nil
}