replace commands/envcommand by DataSource in SecretGenerator

2026-06-12 01:14:22 +00:00 · 2019-01-15 15:03:45 -08:00
parent a5c6938c65
commit 2fa4a34589
11 changed files with 166 additions and 296 deletions
--- a/k8sdeps/configmapandsecret/secretfactory.go
+++ b/k8sdeps/configmapandsecret/secretfactory.go
@@ -17,34 +17,26 @@ limitations under the License.
 package configmapandsecret

 import (
-	"context"
 	"fmt"
-	"log"
-	"os/exec"
-	"path/filepath"
 	"strings"
-	"time"

 	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/util/validation"
 	"sigs.k8s.io/kustomize/pkg/fs"
+	"sigs.k8s.io/kustomize/pkg/ifc"
 	"sigs.k8s.io/kustomize/pkg/types"
 )

-const (
-	defaultCommandTimeout = 5 * time.Second
-)
-
 // SecretFactory makes Secrets.
 type SecretFactory struct {
 	fSys fs.FileSystem
-	wd   string
+	ldr  ifc.Loader
 }

 // NewSecretFactory returns a new SecretFactory.
-func NewSecretFactory(fSys fs.FileSystem, wd string) *SecretFactory {
-	return &SecretFactory{fSys: fSys, wd: wd}
+func NewSecretFactory(fSys fs.FileSystem, ldr ifc.Loader) *SecretFactory {
+	return &SecretFactory{fSys: fSys, ldr: ldr}
 }

 func (f *SecretFactory) makeFreshSecret(args *types.SecretArgs) *corev1.Secret {
@@ -67,28 +59,28 @@ func (f *SecretFactory) MakeSecret(args *types.SecretArgs, options *types.Genera
 	var err error
 	s := f.makeFreshSecret(args)

-	timeout := defaultCommandTimeout
-	if args.TimeoutSeconds != nil {
-		log.Println("SecretArgs.TimeoutSeconds will be deprected in next release. Please use GeneratorOptions.TimeoutSeconds instread.")
-		timeout = time.Duration(*args.TimeoutSeconds) * time.Second
+	pairs, err := keyValuesFromEnvFile(f.ldr, args.EnvSource)
+	if err != nil {
+		return nil, errors.Wrap(err, fmt.Sprintf(
+			"env source file: %s",
+			args.EnvSource))
 	}
-	if args.EnvCommand != "" {
-		pairs, err := f.keyValuesFromEnvFileCommand(args.EnvCommand, timeout, options)
-		if err != nil {
-			return nil, errors.Wrap(err, fmt.Sprintf(
-				"env source file: %s",
-				args.EnvCommand))
-		}
-		all = append(all, pairs...)
+	all = append(all, pairs...)
+
+	pairs, err = keyValuesFromLiteralSources(args.LiteralSources)
+	if err != nil {
+		return nil, errors.Wrap(err, fmt.Sprintf(
+			"literal sources %v", args.LiteralSources))
 	}
-	if len(args.Commands) != 0 {
-		pairs, err := f.keyValuesFromCommands(args.Commands, timeout, options)
-		if err != nil {
-			return nil, errors.Wrap(err, fmt.Sprintf(
-				"commands %v", args.Commands))
-		}
-		all = append(all, pairs...)
+	all = append(all, pairs...)
+
+	pairs, err = keyValuesFromFileSources(f.ldr, args.FileSources)
+	if err != nil {
+		return nil, errors.Wrap(err, fmt.Sprintf(
+			"file sources: %v", args.FileSources))
 	}
+	all = append(all, pairs...)
+
 	for _, kv := range all {
 		err = addKvToSecret(s, kv.key, kv.value)
 		if err != nil {
@@ -113,52 +105,3 @@ func addKvToSecret(secret *corev1.Secret, keyName, data string) error {
 	secret.Data[keyName] = []byte(data)
 	return nil
 }
-
-func (f *SecretFactory) keyValuesFromEnvFileCommand(cmd string, timeout time.Duration, options *types.GeneratorOptions) ([]kvPair, error) {
-	content, err := f.createSecretKey(cmd, timeout, options)
-	if err != nil {
-		return nil, err
-	}
-	return keyValuesFromLines(content)
-}
-
-func (f *SecretFactory) keyValuesFromCommands(sources map[string]string, timeout time.Duration, options *types.GeneratorOptions) ([]kvPair, error) {
-	var kvs []kvPair
-	for k, cmd := range sources {
-		content, err := f.createSecretKey(cmd, timeout, options)
-		if err != nil {
-			return nil, err
-		}
-		kvs = append(kvs, kvPair{key: k, value: string(content)})
-	}
-	return kvs, nil
-}
-
-// Run a command, return its output as the secret.
-func (f *SecretFactory) createSecretKey(command string, timeout time.Duration, options *types.GeneratorOptions) ([]byte, error) {
-	if !f.fSys.IsDir(f.wd) {
-		f.wd = filepath.Dir(f.wd)
-		if !f.fSys.IsDir(f.wd) {
-			return nil, errors.New("not a directory: " + f.wd)
-		}
-	}
-
-	if options != nil && options.TimeoutSeconds != nil {
-		t := time.Duration(*options.TimeoutSeconds) * time.Second
-		if t > timeout {
-			timeout = t
-		}
-	}
-
-	var commands []string
-	if options == nil || len(options.Shell) == 0 {
-		commands = []string{"sh", "-c", command}
-	} else {
-		commands = append(options.Shell, command)
-	}
-	ctx, cancel := context.WithTimeout(context.Background(), timeout)
-	defer cancel()
-	cmd := exec.CommandContext(ctx, commands[0], commands[1:]...)
-	cmd.Dir = f.wd
-	return cmd.Output()
-}
--- a/k8sdeps/configmapandsecret/secretfactory_test.go
+++ b/k8sdeps/configmapandsecret/secretfactory_test.go
@@ -17,94 +17,129 @@ limitations under the License.
 package configmapandsecret

 import (
+	"reflect"
 	"testing"

+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/kustomize/pkg/fs"
+	"sigs.k8s.io/kustomize/pkg/loader"
 	"sigs.k8s.io/kustomize/pkg/types"
 )

-func TestMakeSecretNoCommands(t *testing.T) {
-	factory := NewSecretFactory(fs.MakeFakeFS(), "/")
-	args := types.SecretArgs{
-		GeneratorArgs: types.GeneratorArgs{Name: "apple"},
-		Type:          "Opaque",
-		CommandSources: types.CommandSources{
-			Commands:   nil,
-			EnvCommand: "",
-		}}
-	s, err := factory.MakeSecret(&args, nil)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if s.ObjectMeta.Name != "apple" {
-		t.Fatalf("unexpected name: %v", s.ObjectMeta.Name)
-	}
-	if len(s.Data) > 0 || len(s.StringData) > 0 {
-		t.Fatalf("unexpected data: %v", s)
+func makeEnvSecret(name string) *corev1.Secret {
+	return &corev1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "Secret",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		Data: map[string][]byte{
+			"DB_PASSWORD": []byte("somepw"),
+			"DB_USERNAME": []byte("admin"),
+		},
+		Type: "Opaque",
 	}
 }

-func TestMakeSecretNoCommandsBadDir(t *testing.T) {
-	factory := NewSecretFactory(fs.MakeFakeFS(), "/does/not/exist")
-	args := types.SecretArgs{
-		GeneratorArgs: types.GeneratorArgs{Name: "envConfigMap"},
-		Type:          "Opaque",
-		CommandSources: types.CommandSources{
-			Commands:   nil,
-			EnvCommand: "",
-		}}
-	_, err := factory.MakeSecret(&args, nil)
-	if err != nil {
-		t.Fatalf("Unexpected error: %v", err)
+func makeFileSecret(name string) *corev1.Secret {
+	return &corev1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "Secret",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		Data: map[string][]byte{
+			"app-init.ini": []byte(`FOO=bar
+BAR=baz
+`),
+		},
+		Type: "Opaque",
 	}
 }

-func TestMakeSecretEmptyCommandMap(t *testing.T) {
-	factory := NewSecretFactory(fs.MakeFakeFS(), "/")
-	args := types.SecretArgs{
-		GeneratorArgs: types.GeneratorArgs{Name: "envConfigMap"},
-		Type:          "Opaque",
-		CommandSources: types.CommandSources{
-			// TODO try: map[string]string{"commandName": "bogusCommand bogusArg"},
-			Commands:   nil,
-			EnvCommand: "echo beans",
-		}}
-	s, err := factory.MakeSecret(&args, nil)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
-	}
-	if s == nil {
-		t.Fatalf("nil result")
-	}
-	v, ok := s.Data["beans"]
-	if !ok {
-		t.Fatalf("expected beans")
-	}
-	if len(v) > 0 {
-		t.Fatalf("unexpected data")
+func makeLiteralSecret(name string) *corev1.Secret {
+	s := &corev1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "Secret",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		Data: map[string][]byte{
+			"a": []byte("x"),
+			"b": []byte("y"),
+		},
+		Type: "Opaque",
 	}
+	s.SetLabels(map[string]string{"foo": "bar"})
+	return s
 }

-func TestMakeSecretWithCommandMap(t *testing.T) {
-	factory := NewSecretFactory(fs.MakeFakeFS(), "/")
-	args := types.SecretArgs{
-		GeneratorArgs: types.GeneratorArgs{Name: "envConfigMap"},
-		Type:          "Opaque",
-		CommandSources: types.CommandSources{
-			Commands: map[string]string{"commandName": "echo beans"},
-		}}
-	s, err := factory.MakeSecret(&args, nil)
-	if err != nil {
-		t.Fatalf("unexpected error: %v", err)
+func TestConstructSecret(t *testing.T) {
+	type testCase struct {
+		description string
+		input       types.SecretArgs
+		options     *types.GeneratorOptions
+		expected    *corev1.Secret
 	}
-	if s == nil {
-		t.Fatalf("nil result")
+
+	testCases := []testCase{
+		{
+			description: "construct secret from env",
+			input: types.SecretArgs{
+				GeneratorArgs: types.GeneratorArgs{Name: "envSecret"},
+				DataSources: types.DataSources{
+					EnvSource: "secret/app.env",
+				},
+			},
+			options:  nil,
+			expected: makeEnvSecret("envSecret"),
+		},
+		{
+			description: "construct secret from file",
+			input: types.SecretArgs{
+				GeneratorArgs: types.GeneratorArgs{Name: "fileSecret"},
+				DataSources: types.DataSources{
+					FileSources: []string{"secret/app-init.ini"},
+				},
+			},
+			options:  nil,
+			expected: makeFileSecret("fileSecret"),
+		},
+		{
+			description: "construct secret from literal",
+			input: types.SecretArgs{
+				GeneratorArgs: types.GeneratorArgs{Name: "literalSecret"},
+				DataSources: types.DataSources{
+					LiteralSources: []string{"a=x", "b=y"},
+				},
+			},
+			options: &types.GeneratorOptions{
+				Labels: map[string]string{
+					"foo": "bar",
+				},
+			},
+			expected: makeLiteralSecret("literalSecret"),
+		},
 	}
-	v, ok := s.Data["commandName"]
-	if !ok {
-		t.Fatalf("expected something for commandName")
-	}
-	if string(v) != "beans\n" {
-		t.Fatalf("unexpected data: %s", string(v))
+
+	fSys := fs.MakeFakeFS()
+	fSys.WriteFile("/secret/app.env", []byte("DB_USERNAME=admin\nDB_PASSWORD=somepw\n"))
+	fSys.WriteFile("/secret/app-init.ini", []byte("FOO=bar\nBAR=baz\n"))
+	f := NewSecretFactory(fSys, loader.NewFileLoaderAtRoot(fSys))
+	for _, tc := range testCases {
+		cm, err := f.MakeSecret(&tc.input, tc.options)
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+		if !reflect.DeepEqual(*cm, *tc.expected) {
+			t.Fatalf("in testcase: %q updated:\n%#v\ndoesn't match expected:\n%#v\n", tc.description, *cm, tc.expected)
+		}
 	}
 }