1 package clientctl
2
3 import (
4 "context"
5 "fmt"
6 "reflect"
7
8 api "edge-infra.dev/pkg/edge/iam/api/v1alpha1"
9
10 "github.com/ory/x/randx"
11 apiv1 "k8s.io/api/core/v1"
12 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
13 ctrl "sigs.k8s.io/controller-runtime"
14 logger "sigs.k8s.io/controller-runtime/pkg/log"
15
16 "github.com/gofrs/uuid"
17 )
18
19 func (r *ClientReconciler) reconcileClientSecret(ctx context.Context, req ctrl.Request, client api.Client) (api.Client, *apiv1.Secret, error) {
20 secret, err := clientSecretExists(ctx, req, r.Client, client.Spec.SecretName)
21 if err != nil {
22 return api.MarkNotReady(client, ClientSecretExistFailure, err.Error()), nil, err
23 }
24
25
26 if secret != nil {
27 return client, secret, nil
28 }
29
30
31 secret, err = r.createSecret(ctx, client)
32 if err != nil {
33 return api.MarkNotReady(client, ClientSecretCreationFailure, err.Error()), nil, err
34 }
35 return client, secret, nil
36 }
37 func (r *ClientReconciler) ownerRef(client *api.Client) []metav1.OwnerReference {
38 kind := reflect.TypeOf(api.Client{}).Name()
39 ownerRef := []metav1.OwnerReference{
40 *metav1.NewControllerRef(
41 client,
42 api.GroupVersion.WithKind(kind),
43 ),
44 }
45 return ownerRef
46 }
47 func (r *ClientReconciler) createSecret(ctx context.Context, client api.Client) (*apiv1.Secret, error) {
48 log := logger.FromContext(ctx)
49
50 generatedID, _ := uuid.NewV4()
51 generatedSecret, _ := generateSecret(26)
52 secret := apiv1.Secret{
53 ObjectMeta: metav1.ObjectMeta{
54 Name: client.Spec.SecretName,
55 Namespace: client.Namespace,
56 OwnerReferences: r.ownerRef(&client),
57 },
58 Data: map[string][]byte{
59 "client_id": []byte(generatedID.String()),
60 "client_secret": generatedSecret,
61 },
62 }
63
64 err := r.Create(ctx, &secret)
65 if err != nil {
66 return nil, fmt.Errorf("failed to create client secret name '%v'", client.Spec.SecretName)
67 }
68 log.Info("client secret created successfully", "name", client.Spec.SecretName)
69 return &secret, nil
70 }
71
72 var secretCharSet = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_-.~")
73
74 func generateSecret(length int) ([]byte, error) {
75 secret, err := randx.RuneSequence(length, secretCharSet)
76 if err != nil {
77 return []byte{}, err
78 }
79 return []byte(string(secret)), nil
80 }
81
View as plain text