1 package mapper
2
3 import (
4 "encoding/base64"
5 "encoding/json"
6 "fmt"
7
8 goext "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
9 "github.com/rs/zerolog/log"
10 corev1 "k8s.io/api/core/v1"
11 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
12 "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
13 "k8s.io/apimachinery/pkg/runtime"
14
15 "edge-infra.dev/pkg/edge/api/graph/model"
16 "edge-infra.dev/pkg/edge/api/utils"
17 )
18
19 func ToSecrets(secrets []corev1.Secret) []*model.Secret {
20 var secretModels []*model.Secret
21 for _, secret := range secrets {
22 secretModels = append(secretModels, ToSecret(&secret))
23 }
24 return secretModels
25 }
26
27 func ToSecret(secret *corev1.Secret) *model.Secret {
28 return &model.Secret{
29 Name: secret.Name,
30 Namespace: secret.Namespace,
31 CreatedOn: secret.ObjectMeta.CreationTimestamp.Format(TimeFormat),
32 }
33 }
34
35 func ToCreateSecretObject(name string, namespace string, values []*model.KeyValues) (*corev1.Secret, error) {
36 v1secret := corev1.Secret{
37 TypeMeta: metav1.TypeMeta{
38 Kind: "Secret",
39 APIVersion: "v1",
40 },
41 }
42 v1secret.ObjectMeta.Name = name
43 v1secret.ObjectMeta.Namespace = ConvertK8sName(namespace)
44 var data = make(map[string][]byte)
45 for _, value := range values {
46 var decodedValue []byte
47 decodedValue, err := base64.StdEncoding.DecodeString(value.Value)
48 if err != nil {
49 log.Err(err).Msg("invalid decodedValue, value needs to be in base64")
50 return nil, fmt.Errorf("invalid decodedValue, value needs to be in base64")
51 }
52 data[value.Key] = decodedValue
53 }
54 v1secret.Data = data
55 return &v1secret, nil
56 }
57
58 func ToConvertUnstructuredToSecret(resources *unstructured.UnstructuredList) ([]corev1.Secret, error) {
59 resp := make([]corev1.Secret, 0)
60 for _, item := range resources.Items {
61 converted := &corev1.Secret{}
62 err := runtime.DefaultUnstructuredConverter.
63 FromUnstructured(item.UnstructuredContent(), &converted)
64 if err != nil {
65 return nil, err
66 }
67 resp = append(resp, *converted)
68 }
69
70 return resp, nil
71 }
72
73 func ToConvertSecretToUnstructured(secret *corev1.Secret) (*unstructured.Unstructured, error) {
74 converted, err := runtime.DefaultUnstructuredConverter.ToUnstructured(secret)
75 if err != nil {
76 return nil, err
77 }
78
79 return &unstructured.Unstructured{Object: converted}, nil
80 }
81
82 func BuildSecret(secret *corev1.Secret, endpoint string, isRedacted bool) string {
83 s := `
84 apiVersion: v1
85 kind: Secret
86 data:
87 clientCert: ""
88 clientKey: ""
89 clusterCA: %s
90 endpoint: %s
91 password: ""
92 username: %s
93 namespace: %s
94 metadata:
95 namespace: %s
96 name: %s
97 `
98 if isRedacted {
99 return fmt.Sprintf(s, "********", endpoint, "default-agent", secret.Namespace, secret.Namespace, secret.Name)
100 }
101 return fmt.Sprintf(s, base64.StdEncoding.EncodeToString(secret.Data["ca.crt"]), endpoint, "default-agent", secret.Namespace, secret.Namespace, secret.Name)
102 }
103
104 func ToBase64StringFromExternalSecret(externalSecret *goext.ExternalSecret) (string, error) {
105 esByte, err := json.Marshal(externalSecret)
106 if err != nil {
107 return "", err
108 }
109 esBase64 := utils.ToBase64(esByte)
110 return esBase64, nil
111 }
112
113 func ToBase64StringFromClusterExternalSecret(clusterExternalSecret *goext.ClusterExternalSecret) (string, error) {
114 cesByte, err := json.Marshal(clusterExternalSecret)
115 if err != nil {
116 return "", err
117 }
118 cesBase64 := utils.ToBase64(cesByte)
119 return cesBase64, nil
120 }
121
View as plain text