...

Source file src/github.com/GoogleCloudPlatform/k8s-config-connector/pkg/k8s/secrets.go

Documentation: github.com/GoogleCloudPlatform/k8s-config-connector/pkg/k8s 

     1  // Copyright 2022 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package k8s
    16  
    17  import (
    18  	"context"
    19  	"encoding/json"
    20  	"fmt"
    21  
    22  	corekccv1alpha1 "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/core/v1alpha1"
    23  
    24  	v1 "k8s.io/api/core/v1"
    25  	"k8s.io/apimachinery/pkg/api/errors"
    26  	"k8s.io/apimachinery/pkg/types"
    27  	"sigs.k8s.io/controller-runtime/pkg/client"
    28  )
    29  
    30  func GetSecretVal(secretKeyRef *corekccv1alpha1.SecretKeyReference, secretNamespace string, kubeClient client.Client) (secretVal string, secretVersion string, err error) {
    31  	nn := types.NamespacedName{
    32  		Name:      secretKeyRef.Name,
    33  		Namespace: secretNamespace,
    34  	}
    35  	secret := v1.Secret{}
    36  	if err := kubeClient.Get(context.TODO(), nn, &secret); err != nil {
    37  		if errors.IsNotFound(err) {
    38  			return "", "", NewSecretNotFoundError(nn)
    39  		}
    40  		return "", "", fmt.Errorf("error getting Secret %v: %v", nn, err)
    41  	}
    42  	secretValBytes, ok := secret.Data[secretKeyRef.Key]
    43  	if !ok {
    44  		return "", "", NewKeyInSecretNotFoundError(secretKeyRef.Key, nn)
    45  	}
    46  	return string(secretValBytes), secret.GetResourceVersion(), nil
    47  }
    48  
    49  func GetSecretVersionsFromAnnotations(resource *Resource) (map[string]string, error) {
    50  	annotationVal, ok := GetAnnotation(ObservedSecretVersionsAnnotation, resource)
    51  	if !ok {
    52  		return nil, nil
    53  	}
    54  	secretVersions := make(map[string]string)
    55  	if err := json.Unmarshal([]byte(annotationVal), &secretVersions); err != nil {
    56  		return nil, fmt.Errorf("error unmarshalling value of %v: %v", ObservedSecretVersionsAnnotation, err)
    57  	}
    58  	return secretVersions, nil
    59  }
    60  
    61  func UpdateOrRemoveObservedSecretVersionsAnnotation(resource *Resource, secretVersions map[string]string, hasSensitiveFields bool) error {
    62  	// The annotation should only be set for resources with sensitive fields.
    63  	if !hasSensitiveFields {
    64  		RemoveAnnotation(ObservedSecretVersionsAnnotation, resource)
    65  		return nil
    66  	}
    67  	b, err := json.Marshal(secretVersions)
    68  	if err != nil {
    69  		return err
    70  	}
    71  	SetAnnotation(ObservedSecretVersionsAnnotation, string(b), resource)
    72  	return nil
    73  }
    74  

View as plain text