Iniciar sesión
golang
/
flannel
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: 63ea51959b
Ramas Etiquetas
flannel
/
vendor
/
k8s.io
/
kubernetes
/
pkg
/
kubectl
/
secret.go

secret.go 6.0 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208 
  1. /*
    2. 

  2. Copyright 2015 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package kubectl
    18. 

  18. 

  19. import (
    20. 

  20. 	"fmt"
    21. 

  21. 	"io/ioutil"
    22. 

  22. 	"os"
    23. 

  23. 	"path"
    24. 

  24. 	"strings"
    25. 

  25. 

  26. 	"k8s.io/kubernetes/pkg/api"
    27. 

  27. 	"k8s.io/kubernetes/pkg/runtime"
    28. 

  28. 	"k8s.io/kubernetes/pkg/util/validation"
    29. 

  29. )
    30. 

  30. 

  31. // SecretGeneratorV1 supports stable generation of an opaque secret
    32. 

  32. type SecretGeneratorV1 struct {
    33. 

  33. 	// Name of secret (required)
    34. 

  34. 	Name string
    35. 

  35. 	// Type of secret (optional)
    36. 

  36. 	Type string
    37. 

  37. 	// FileSources to derive the secret from (optional)
    38. 

  38. 	FileSources []string
    39. 

  39. 	// LiteralSources to derive the secret from (optional)
    40. 

  40. 	LiteralSources []string
    41. 

  41. }
    42. 

  42. 

  43. // Ensure it supports the generator pattern that uses parameter injection
    44. 

  44. var _ Generator = &SecretGeneratorV1{}
    45. 

  45. 

  46. // Ensure it supports the generator pattern that uses parameters specified during construction
    47. 

  47. var _ StructuredGenerator = &SecretGeneratorV1{}
    48. 

  48. 

  49. // Generate returns a secret using the specified parameters
    50. 

  50. func (s SecretGeneratorV1) Generate(genericParams map[string]interface{}) (runtime.Object, error) {
    51. 

  51. 	err := ValidateParams(s.ParamNames(), genericParams)
    52. 

  52. 	if err != nil {
    53. 

  53. 		return nil, err
    54. 

  54. 	}
    55. 

  55. 	delegate := &SecretGeneratorV1{}
    56. 

  56. 	fromFileStrings, found := genericParams["from-file"]
    57. 

  57. 	if found {
    58. 

  58. 		fromFileArray, isArray := fromFileStrings.([]string)
    59. 

  59. 		if !isArray {
    60. 

  60. 			return nil, fmt.Errorf("expected []string, found :%v", fromFileStrings)
    61. 

  61. 		}
    62. 

  62. 		delegate.FileSources = fromFileArray
    63. 

  63. 		delete(genericParams, "from-file")
    64. 

  64. 	}
    65. 

  65. 	fromLiteralStrings, found := genericParams["from-literal"]
    66. 

  66. 	if found {
    67. 

  67. 		fromLiteralArray, isArray := fromLiteralStrings.([]string)
    68. 

  68. 		if !isArray {
    69. 

  69. 			return nil, fmt.Errorf("expected []string, found :%v", fromFileStrings)
    70. 

  70. 		}
    71. 

  71. 		delegate.LiteralSources = fromLiteralArray
    72. 

  72. 		delete(genericParams, "from-literal")
    73. 

  73. 	}
    74. 

  74. 	params := map[string]string{}
    75. 

  75. 	for key, value := range genericParams {
    76. 

  76. 		strVal, isString := value.(string)
    77. 

  77. 		if !isString {
    78. 

  78. 			return nil, fmt.Errorf("expected string, saw %v for '%s'", value, key)
    79. 

  79. 		}
    80. 

  80. 		params[key] = strVal
    81. 

  81. 	}
    82. 

  82. 	delegate.Name = params["name"]
    83. 

  83. 	delegate.Type = params["type"]
    84. 

  84. 	return delegate.StructuredGenerate()
    85. 

  85. }
    86. 

  86. 

  87. // ParamNames returns the set of supported input parameters when using the parameter injection generator pattern
    88. 

  88. func (s SecretGeneratorV1) ParamNames() []GeneratorParam {
    89. 

  89. 	return []GeneratorParam{
    90. 

  90. 		{"name", true},
    91. 

  91. 		{"type", false},
    92. 

  92. 		{"from-file", false},
    93. 

  93. 		{"from-literal", false},
    94. 

  94. 		{"force", false},
    95. 

  95. 	}
    96. 

  96. }
    97. 

  97. 

  98. // StructuredGenerate outputs a secret object using the configured fields
    99. 

  99. func (s SecretGeneratorV1) StructuredGenerate() (runtime.Object, error) {
    100. 

  100. 	if err := s.validate(); err != nil {
    101. 

  101. 		return nil, err
    102. 

  102. 	}
    103. 

  103. 	secret := &api.Secret{}
    104. 

  104. 	secret.Name = s.Name
    105. 

  105. 	secret.Data = map[string][]byte{}
    106. 

  106. 	if len(s.Type) > 0 {
    107. 

  107. 		secret.Type = api.SecretType(s.Type)
    108. 

  108. 	}
    109. 

  109. 	if len(s.FileSources) > 0 {
    110. 

  110. 		if err := handleFromFileSources(secret, s.FileSources); err != nil {
    111. 

  111. 			return nil, err
    112. 

  112. 		}
    113. 

  113. 	}
    114. 

  114. 	if len(s.LiteralSources) > 0 {
    115. 

  115. 		if err := handleFromLiteralSources(secret, s.LiteralSources); err != nil {
    116. 

  116. 			return nil, err
    117. 

  117. 		}
    118. 

  118. 	}
    119. 

  119. 	return secret, nil
    120. 

  120. }
    121. 

  121. 

  122. // validate validates required fields are set to support structured generation
    123. 

  123. func (s SecretGeneratorV1) validate() error {
    124. 

  124. 	if len(s.Name) == 0 {
    125. 

  125. 		return fmt.Errorf("name must be specified")
    126. 

  126. 	}
    127. 

  127. 	return nil
    128. 

  128. }
    129. 

  129. 

  130. // handleFromLiteralSources adds the specified literal source information into the provided secret
    131. 

  131. func handleFromLiteralSources(secret *api.Secret, literalSources []string) error {
    132. 

  132. 	for _, literalSource := range literalSources {
    133. 

  133. 		keyName, value, err := parseLiteralSource(literalSource)
    134. 

  134. 		if err != nil {
    135. 

  135. 			return err
    136. 

  136. 		}
    137. 

  137. 		err = addKeyFromLiteralToSecret(secret, keyName, []byte(value))
    138. 

  138. 		if err != nil {
    139. 

  139. 			return err
    140. 

  140. 		}
    141. 

  141. 	}
    142. 

  142. 	return nil
    143. 

  143. }
    144. 

  144. 

  145. // handleFromFileSources adds the specified file source information into the provided secret
    146. 

  146. func handleFromFileSources(secret *api.Secret, fileSources []string) error {
    147. 

  147. 	for _, fileSource := range fileSources {
    148. 

  148. 		keyName, filePath, err := parseFileSource(fileSource)
    149. 

  149. 		if err != nil {
    150. 

  150. 			return err
    151. 

  151. 		}
    152. 

  152. 		info, err := os.Stat(filePath)
    153. 

  153. 		if err != nil {
    154. 

  154. 			switch err := err.(type) {
    155. 

  155. 			case *os.PathError:
    156. 

  156. 				return fmt.Errorf("error reading %s: %v", filePath, err.Err)
    157. 

  157. 			default:
    158. 

  158. 				return fmt.Errorf("error reading %s: %v", filePath, err)
    159. 

  159. 			}
    160. 

  160. 		}
    161. 

  161. 		if info.IsDir() {
    162. 

  162. 			if strings.Contains(fileSource, "=") {
    163. 

  163. 				return fmt.Errorf("cannot give a key name for a directory path.")
    164. 

  164. 			}
    165. 

  165. 			fileList, err := ioutil.ReadDir(filePath)
    166. 

  166. 			if err != nil {
    167. 

  167. 				return fmt.Errorf("error listing files in %s: %v", filePath, err)
    168. 

  168. 			}
    169. 

  169. 			for _, item := range fileList {
    170. 

  170. 				itemPath := path.Join(filePath, item.Name())
    171. 

  171. 				if item.Mode().IsRegular() {
    172. 

  172. 					keyName = item.Name()
    173. 

  173. 					err = addKeyFromFileToSecret(secret, keyName, itemPath)
    174. 

  174. 					if err != nil {
    175. 

  175. 						return err
    176. 

  176. 					}
    177. 

  177. 				}
    178. 

  178. 			}
    179. 

  179. 		} else {
    180. 

  180. 			err = addKeyFromFileToSecret(secret, keyName, filePath)
    181. 

  181. 			if err != nil {
    182. 

  182. 				return err
    183. 

  183. 			}
    184. 

  184. 		}
    185. 

  185. 	}
    186. 

  186. 

  187. 	return nil
    188. 

  188. }
    189. 

  189. 

  190. func addKeyFromFileToSecret(secret *api.Secret, keyName, filePath string) error {
    191. 

  191. 	data, err := ioutil.ReadFile(filePath)
    192. 

  192. 	if err != nil {
    193. 

  193. 		return err
    194. 

  194. 	}
    195. 

  195. 	return addKeyFromLiteralToSecret(secret, keyName, data)
    196. 

  196. }
    197. 

  197. 

  198. func addKeyFromLiteralToSecret(secret *api.Secret, keyName string, data []byte) error {
    199. 

  199. 	if errs := validation.IsConfigMapKey(keyName); len(errs) != 0 {
    200. 

  200. 		return fmt.Errorf("%q is not a valid key name for a Secret: %s", keyName, strings.Join(errs, ";"))
    201. 

  201. 	}
    202. 

  202. 

  203. 	if _, entryExists := secret.Data[keyName]; entryExists {
    204. 

  204. 		return fmt.Errorf("cannot add key %s, another key by that name already exists: %v.", keyName, secret.Data)
    205. 

  205. 	}
    206. 

  206. 	secret.Data[keyName] = data
    207. 

  207. 	return nil
    208. 

  208. }
    209.