Isolated content of pkg/kustomize

2026-06-11 17:12:51 +00:00 · 2018-05-11 14:01:10 -07:00
parent 7f06454de8
commit 8aad8f447b
127 changed files with 0 additions and 0 deletions
--- a/pkg/configmapandsecret/configmap_secret.go
+++ b/pkg/configmapandsecret/configmap_secret.go
@@ -0,0 +1,181 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package configmapandsecret
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"time"
+
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime"
+	cutil "k8s.io/kubectl/pkg/kustomize/configmapandsecret/util"
+	"k8s.io/kubectl/pkg/kustomize/hash"
+	"k8s.io/kubectl/pkg/kustomize/resource"
+	"k8s.io/kubectl/pkg/kustomize/types"
+)
+
+// MakeConfigmapAndGenerateName makes a configmap and returns the configmap and the name appended with a hash.
+func MakeConfigmapAndGenerateName(cm types.ConfigMapArgs) (*unstructured.Unstructured, string, error) {
+	corev1CM, err := makeConfigMap(cm)
+	if err != nil {
+		return nil, "", err
+	}
+	h, err := hash.ConfigMapHash(corev1CM)
+	if err != nil {
+		return nil, "", err
+	}
+	nameWithHash := fmt.Sprintf("%s-%s", corev1CM.GetName(), h)
+	unstructuredCM, err := objectToUnstructured(corev1CM)
+	return unstructuredCM, nameWithHash, err
+}
+
+// MakeSecretAndGenerateName returns a secret with the name appended with a hash.
+func MakeSecretAndGenerateName(secret types.SecretArgs, path string) (*unstructured.Unstructured, string, error) {
+	corev1Secret, err := makeSecret(secret, path)
+	if err != nil {
+		return nil, "", err
+	}
+	h, err := hash.SecretHash(corev1Secret)
+	if err != nil {
+		return nil, "", err
+	}
+	nameWithHash := fmt.Sprintf("%s-%s", secret.Name, h)
+	unstructuredCM, err := objectToUnstructured(corev1Secret)
+	return unstructuredCM, nameWithHash, err
+}
+
+func objectToUnstructured(in runtime.Object) (*unstructured.Unstructured, error) {
+	marshaled, err := json.Marshal(in)
+	if err != nil {
+		return nil, err
+	}
+	var out unstructured.Unstructured
+	err = out.UnmarshalJSON(marshaled)
+	return &out, err
+}
+
+func makeConfigMap(cm types.ConfigMapArgs) (*corev1.ConfigMap, error) {
+	corev1cm := &corev1.ConfigMap{}
+	corev1cm.APIVersion = "v1"
+	corev1cm.Kind = "ConfigMap"
+	corev1cm.Name = cm.Name
+	corev1cm.Data = map[string]string{}
+
+	if cm.EnvSource != "" {
+		if err := cutil.HandleConfigMapFromEnvFileSource(corev1cm, cm.EnvSource); err != nil {
+			return nil, err
+		}
+	}
+	if cm.FileSources != nil {
+		if err := cutil.HandleConfigMapFromFileSources(corev1cm, cm.FileSources); err != nil {
+			return nil, err
+		}
+	}
+	if cm.LiteralSources != nil {
+		if err := cutil.HandleConfigMapFromLiteralSources(corev1cm, cm.LiteralSources); err != nil {
+			return nil, err
+		}
+	}
+
+	return corev1cm, nil
+}
+
+func makeSecret(secret types.SecretArgs, path string) (*corev1.Secret, error) {
+	corev1secret := &corev1.Secret{}
+	corev1secret.APIVersion = "v1"
+	corev1secret.Kind = "Secret"
+	corev1secret.Name = secret.Name
+	corev1secret.Type = corev1.SecretType(secret.Type)
+	if corev1secret.Type == "" {
+		corev1secret.Type = corev1.SecretTypeOpaque
+	}
+	corev1secret.Data = map[string][]byte{}
+
+	for k, v := range secret.Commands {
+		out, err := createSecretKey(path, v)
+		if err != nil {
+			return nil, err
+		}
+		corev1secret.Data[k] = out
+	}
+
+	return corev1secret, nil
+}
+
+func populateMap(m resource.ResourceCollection, obj *unstructured.Unstructured, newName string) error {
+	oldName := obj.GetName()
+	gvk := obj.GroupVersionKind()
+	gvkn := types.GroupVersionKindName{GVK: gvk, Name: oldName}
+
+	if _, found := m[gvkn]; found {
+		return fmt.Errorf("The <name: %q, GroupVersionKind: %v> already exists in the map", oldName, gvk)
+	}
+	obj.SetName(newName)
+	m[gvkn] = &resource.Resource{Data: obj}
+	return nil
+}
+
+// MakeConfigMapsResourceCollection returns a map of <GVK, oldName> -> unstructured object.
+func MakeConfigMapsResourceCollection(maps []types.ConfigMapArgs) (resource.ResourceCollection, error) {
+	m := resource.ResourceCollection{}
+	for _, cm := range maps {
+		unstructuredConfigMap, nameWithHash, err := MakeConfigmapAndGenerateName(cm)
+		if err != nil {
+			return nil, err
+		}
+		err = populateMap(m, unstructuredConfigMap, nameWithHash)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return m, nil
+}
+
+// MakeSecretsResourceCollection returns a map of <GVK, oldName> -> unstructured object.
+func MakeSecretsResourceCollection(secrets []types.SecretArgs, path string) (resource.ResourceCollection, error) {
+	m := resource.ResourceCollection{}
+	for _, secret := range secrets {
+		unstructuredSecret, nameWithHash, err := MakeSecretAndGenerateName(secret, path)
+		if err != nil {
+			return nil, err
+		}
+		err = populateMap(m, unstructuredSecret, nameWithHash)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return m, nil
+}
+
+func createSecretKey(wd string, command string) ([]byte, error) {
+	fi, err := os.Stat(wd)
+	if err != nil || !fi.IsDir() {
+		wd = filepath.Dir(wd)
+	}
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+	cmd := exec.CommandContext(ctx, "sh", "-c", command)
+	cmd.Dir = wd
+
+	return cmd.Output()
+}
--- a/pkg/configmapandsecret/configmap_secret_test.go
+++ b/pkg/configmapandsecret/configmap_secret_test.go
@@ -0,0 +1,243 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package configmapandsecret
+
+import (
+	"encoding/base64"
+	"reflect"
+	"testing"
+
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/kubectl/pkg/kustomize/types"
+)
+
+func makeEnvConfigMap(name string) *corev1.ConfigMap {
+	return &corev1.ConfigMap{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "ConfigMap",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		Data: map[string]string{
+			"DB_USERNAME": "admin",
+			"DB_PASSWORD": "somepw",
+		},
+	}
+}
+
+func makeUnstructuredEnvConfigMap(name string) *unstructured.Unstructured {
+	return &unstructured.Unstructured{
+		Object: map[string]interface{}{
+			"apiVersion": "v1",
+			"kind":       "ConfigMap",
+			"metadata": map[string]interface{}{
+				"name":              name,
+				"creationTimestamp": nil,
+			},
+			"data": map[string]interface{}{
+				"DB_USERNAME": "admin",
+				"DB_PASSWORD": "somepw",
+			},
+		},
+	}
+}
+
+func makeFileConfigMap(name string) *corev1.ConfigMap {
+	return &corev1.ConfigMap{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "ConfigMap",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		Data: map[string]string{
+			"app-init.ini": `FOO=bar
+BAR=baz
+`,
+		},
+	}
+}
+
+func makeLiteralConfigMap(name string) *corev1.ConfigMap {
+	return &corev1.ConfigMap{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "ConfigMap",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		Data: map[string]string{
+			"a": "x",
+			"b": "y",
+		},
+	}
+}
+
+func makeTestSecret(name string) *corev1.Secret {
+	return &corev1.Secret{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "Secret",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		Data: map[string][]byte{
+			"DB_USERNAME": []byte("admin"),
+			"DB_PASSWORD": []byte("somepw"),
+		},
+		Type: corev1.SecretTypeOpaque,
+	}
+}
+
+func makeUnstructuredSecret(name string) *unstructured.Unstructured {
+	return &unstructured.Unstructured{
+		Object: map[string]interface{}{
+			"apiVersion": "v1",
+			"kind":       "Secret",
+			"metadata": map[string]interface{}{
+				"name":              name,
+				"creationTimestamp": nil,
+			},
+			"type": string(corev1.SecretTypeOpaque),
+			"data": map[string]interface{}{
+				"DB_USERNAME": base64.StdEncoding.EncodeToString([]byte("admin")),
+				"DB_PASSWORD": base64.StdEncoding.EncodeToString([]byte("somepw")),
+			},
+		},
+	}
+}
+
+func TestConstructConfigMap(t *testing.T) {
+	type testCase struct {
+		description string
+		input       types.ConfigMapArgs
+		expected    *corev1.ConfigMap
+	}
+
+	testCases := []testCase{
+		{
+			description: "construct config map from env",
+			input: types.ConfigMapArgs{
+				Name: "envConfigMap",
+				DataSources: types.DataSources{
+					EnvSource: "../examples/simple/instances/exampleinstance/configmap/app.env",
+				},
+			},
+			expected: makeEnvConfigMap("envConfigMap"),
+		},
+		{
+			description: "construct config map from file",
+			input: types.ConfigMapArgs{
+				Name: "fileConfigMap",
+				DataSources: types.DataSources{
+					FileSources: []string{"../examples/simple/instances/exampleinstance/configmap/app-init.ini"},
+				},
+			},
+			expected: makeFileConfigMap("fileConfigMap"),
+		},
+		{
+			description: "construct config map from literal",
+			input: types.ConfigMapArgs{
+				Name: "literalConfigMap",
+				DataSources: types.DataSources{
+					LiteralSources: []string{"a=x", "b=y"},
+				},
+			},
+			expected: makeLiteralConfigMap("literalConfigMap"),
+		},
+	}
+
+	for _, tc := range testCases {
+		cm, err := makeConfigMap(tc.input)
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+		if !reflect.DeepEqual(*cm, *tc.expected) {
+			t.Fatalf("in testcase: %q updated:\n%#v\ndoesn't match expected:\n%#v\n", tc.description, *cm, tc.expected)
+		}
+	}
+}
+
+func TestConstructSecret(t *testing.T) {
+	secret := types.SecretArgs{
+		Name: "secret",
+		Commands: map[string]string{
+			"DB_USERNAME": "printf admin",
+			"DB_PASSWORD": "printf somepw",
+		},
+		Type: "Opaque",
+	}
+	cm, err := makeSecret(secret, ".")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	expected := makeTestSecret("secret")
+	if !reflect.DeepEqual(*cm, *expected) {
+		t.Fatalf("%#v\ndoesn't match expected:\n%#v", *cm, *expected)
+	}
+}
+
+func TestFailConstructSecret(t *testing.T) {
+	secret := types.SecretArgs{
+		Name: "secret",
+		Commands: map[string]string{
+			"FAILURE": "false", // This will fail.
+		},
+		Type: "Opaque",
+	}
+	_, err := makeSecret(secret, ".")
+	if err == nil {
+		t.Fatalf("Expected failure.")
+	}
+}
+
+func TestObjectConvertToUnstructured(t *testing.T) {
+	type testCase struct {
+		description string
+		input       *corev1.ConfigMap
+		expected    *unstructured.Unstructured
+	}
+
+	testCases := []testCase{
+		{
+			description: "convert config map",
+			input:       makeEnvConfigMap("envConfigMap"),
+			expected:    makeUnstructuredEnvConfigMap("envConfigMap"),
+		},
+		{
+			description: "convert secret",
+			input:       makeEnvConfigMap("envSecret"),
+			expected:    makeUnstructuredEnvConfigMap("envSecret"),
+		},
+	}
+	for _, tc := range testCases {
+		actual, err := objectToUnstructured(tc.input)
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+		if !reflect.DeepEqual(actual, tc.expected) {
+			t.Fatalf("%#v\ndoesn't match expected\n%#v\n", actual, tc.expected)
+		}
+	}
+}
--- a/pkg/configmapandsecret/util/configmap.go
+++ b/pkg/configmapandsecret/util/configmap.go
@@ -0,0 +1,134 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"strings"
+
+	"k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/util/validation"
+)
+
+// handleConfigMapFromLiteralSources adds the specified literal source
+// information into the provided configMap.
+func HandleConfigMapFromLiteralSources(configMap *v1.ConfigMap, literalSources []string) error {
+	for _, literalSource := range literalSources {
+		keyName, value, err := ParseLiteralSource(literalSource)
+		if err != nil {
+			return err
+		}
+		err = addKeyFromLiteralToConfigMap(configMap, keyName, value)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// handleConfigMapFromFileSources adds the specified file source information
+// into the provided configMap
+func HandleConfigMapFromFileSources(configMap *v1.ConfigMap, fileSources []string) error {
+	for _, fileSource := range fileSources {
+		keyName, filePath, err := ParseFileSource(fileSource)
+		if err != nil {
+			return err
+		}
+		info, err := os.Stat(filePath)
+		if err != nil {
+			switch err := err.(type) {
+			case *os.PathError:
+				return fmt.Errorf("error reading %s: %v", filePath, err.Err)
+			default:
+				return fmt.Errorf("error reading %s: %v", filePath, err)
+			}
+		}
+		if info.IsDir() {
+			if strings.Contains(fileSource, "=") {
+				return fmt.Errorf("cannot give a key name for a directory path.")
+			}
+			fileList, err := ioutil.ReadDir(filePath)
+			if err != nil {
+				return fmt.Errorf("error listing files in %s: %v", filePath, err)
+			}
+			for _, item := range fileList {
+				itemPath := path.Join(filePath, item.Name())
+				if item.Mode().IsRegular() {
+					keyName = item.Name()
+					err = addKeyFromFileToConfigMap(configMap, keyName, itemPath)
+					if err != nil {
+						return err
+					}
+				}
+			}
+		} else {
+			if err := addKeyFromFileToConfigMap(configMap, keyName, filePath); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+// handleConfigMapFromEnvFileSource adds the specified env file source information
+// into the provided configMap
+func HandleConfigMapFromEnvFileSource(configMap *v1.ConfigMap, envFileSource string) error {
+	info, err := os.Stat(envFileSource)
+	if err != nil {
+		switch err := err.(type) {
+		case *os.PathError:
+			return fmt.Errorf("error reading %s: %v", envFileSource, err.Err)
+		default:
+			return fmt.Errorf("error reading %s: %v", envFileSource, err)
+		}
+	}
+	if info.IsDir() {
+		return fmt.Errorf("env config file cannot be a directory")
+	}
+
+	return addFromEnvFile(envFileSource, func(key, value string) error {
+		return addKeyFromLiteralToConfigMap(configMap, key, value)
+	})
+}
+
+// addKeyFromFileToConfigMap adds a key with the given name to a ConfigMap, populating
+// the value with the content of the given file path, or returns an error.
+func addKeyFromFileToConfigMap(configMap *v1.ConfigMap, keyName, filePath string) error {
+	data, err := ioutil.ReadFile(filePath)
+	if err != nil {
+		return err
+	}
+	return addKeyFromLiteralToConfigMap(configMap, keyName, string(data))
+}
+
+// addKeyFromLiteralToConfigMap adds the given key and data to the given config map,
+// returning an error if the key is not valid or if the key already exists.
+func addKeyFromLiteralToConfigMap(configMap *v1.ConfigMap, keyName, data string) error {
+	// Note, the rules for ConfigMap keys are the exact same as the ones for SecretKeys.
+	if errs := validation.IsConfigMapKey(keyName); len(errs) != 0 {
+		return fmt.Errorf("%q is not a valid key name for a ConfigMap: %s", keyName, strings.Join(errs, ";"))
+	}
+	if _, entryExists := configMap.Data[keyName]; entryExists {
+		return fmt.Errorf("cannot add key %s, another key by that name already exists: %v.", keyName, configMap.Data)
+	}
+	configMap.Data[keyName] = data
+	return nil
+}
--- a/pkg/configmapandsecret/util/env_file.go
+++ b/pkg/configmapandsecret/util/env_file.go
@@ -0,0 +1,103 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"os"
+	"strings"
+	"unicode"
+	"unicode/utf8"
+
+	"k8s.io/apimachinery/pkg/util/validation"
+)
+
+var utf8bom = []byte{0xEF, 0xBB, 0xBF}
+
+// processEnvFileLine returns a blank key if the line is empty or a comment.
+// The value will be retrieved from the environment if necessary.
+func processEnvFileLine(line []byte, filePath string,
+	currentLine int) (key, value string, err error) {
+
+	if !utf8.Valid(line) {
+		return ``, ``, fmt.Errorf("env file %s contains invalid utf8 bytes at line %d: %v",
+			filePath, currentLine+1, line)
+	}
+
+	// We trim UTF8 BOM from the first line of the file but no others
+	if currentLine == 0 {
+		line = bytes.TrimPrefix(line, utf8bom)
+	}
+
+	// trim the line from all leading whitespace first
+	line = bytes.TrimLeftFunc(line, unicode.IsSpace)
+
+	// If the line is empty or a comment, we return a blank key/value pair.
+	if len(line) == 0 || line[0] == '#' {
+		return ``, ``, nil
+	}
+
+	data := strings.SplitN(string(line), "=", 2)
+	key = data[0]
+	if errs := validation.IsEnvVarName(key); len(errs) != 0 {
+		return ``, ``, fmt.Errorf("%q is not a valid key name: %s", key, strings.Join(errs, ";"))
+	}
+
+	if len(data) == 2 {
+		value = data[1]
+	} else {
+		// No value (no `=` in the line) is a signal to obtain the value
+		// from the environment.
+		value = os.Getenv(key)
+	}
+	return
+}
+
+// addFromEnvFile processes an env file allows a generic addTo to handle the
+// collection of key value pairs or returns an error.
+func addFromEnvFile(filePath string, addTo func(key, value string) error) error {
+	f, err := os.Open(filePath)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	scanner := bufio.NewScanner(f)
+	currentLine := 0
+	for scanner.Scan() {
+		// Process the current line, retrieving a key/value pair if
+		// possible.
+		scannedBytes := scanner.Bytes()
+		key, value, err := processEnvFileLine(scannedBytes, filePath, currentLine)
+		if err != nil {
+			return err
+		}
+		currentLine++
+
+		if len(key) == 0 {
+			// no key means line was empty or a comment
+			continue
+		}
+
+		if err = addTo(key, value); err != nil {
+			return err
+		}
+	}
+	return nil
+}
--- a/pkg/configmapandsecret/util/secret.go
+++ b/pkg/configmapandsecret/util/secret.go
@@ -0,0 +1,126 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"strings"
+
+	"k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/util/validation"
+)
+
+// HandleFromLiteralSources adds the specified literal source information into the provided secret
+func HandleFromLiteralSources(secret *v1.Secret, literalSources []string) error {
+	for _, literalSource := range literalSources {
+		keyName, value, err := ParseLiteralSource(literalSource)
+		if err != nil {
+			return err
+		}
+		if err = addKeyFromLiteralToSecret(secret, keyName, []byte(value)); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// HandleFromFileSources adds the specified file source information into the provided secret
+func HandleFromFileSources(secret *v1.Secret, fileSources []string) error {
+	for _, fileSource := range fileSources {
+		keyName, filePath, err := ParseFileSource(fileSource)
+		if err != nil {
+			return err
+		}
+		info, err := os.Stat(filePath)
+		if err != nil {
+			switch err := err.(type) {
+			case *os.PathError:
+				return fmt.Errorf("error reading %s: %v", filePath, err.Err)
+			default:
+				return fmt.Errorf("error reading %s: %v", filePath, err)
+			}
+		}
+		if info.IsDir() {
+			if strings.Contains(fileSource, "=") {
+				return fmt.Errorf("cannot give a key name for a directory path.")
+			}
+			fileList, err := ioutil.ReadDir(filePath)
+			if err != nil {
+				return fmt.Errorf("error listing files in %s: %v", filePath, err)
+			}
+			for _, item := range fileList {
+				itemPath := path.Join(filePath, item.Name())
+				if item.Mode().IsRegular() {
+					keyName = item.Name()
+					if err = addKeyFromFileToSecret(secret, keyName, itemPath); err != nil {
+						return err
+					}
+				}
+			}
+		} else {
+			if err := addKeyFromFileToSecret(secret, keyName, filePath); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+// HandleFromEnvFileSource adds the specified env file source information
+// into the provided secret
+func HandleFromEnvFileSource(secret *v1.Secret, envFileSource string) error {
+	info, err := os.Stat(envFileSource)
+	if err != nil {
+		switch err := err.(type) {
+		case *os.PathError:
+			return fmt.Errorf("error reading %s: %v", envFileSource, err.Err)
+		default:
+			return fmt.Errorf("error reading %s: %v", envFileSource, err)
+		}
+	}
+	if info.IsDir() {
+		return fmt.Errorf("env secret file cannot be a directory")
+	}
+
+	return addFromEnvFile(envFileSource, func(key, value string) error {
+		return addKeyFromLiteralToSecret(secret, key, []byte(value))
+	})
+}
+
+func addKeyFromFileToSecret(secret *v1.Secret, keyName, filePath string) error {
+	data, err := ioutil.ReadFile(filePath)
+	if err != nil {
+		return err
+	}
+	return addKeyFromLiteralToSecret(secret, keyName, data)
+}
+
+func addKeyFromLiteralToSecret(secret *v1.Secret, keyName string, data []byte) error {
+	if errs := validation.IsConfigMapKey(keyName); len(errs) != 0 {
+		return fmt.Errorf("%q is not a valid key name for a Secret: %s", keyName, strings.Join(errs, ";"))
+	}
+
+	if _, entryExists := secret.Data[keyName]; entryExists {
+		return fmt.Errorf("cannot add key %s, another key by that name already exists: %v.", keyName, secret.Data)
+	}
+	secret.Data[keyName] = data
+	return nil
+}
--- a/pkg/configmapandsecret/util/util.go
+++ b/pkg/configmapandsecret/util/util.go
@@ -0,0 +1,91 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package util
+
+import (
+	"crypto/md5"
+	"errors"
+	"fmt"
+	"path"
+	"strings"
+	"time"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+)
+
+// ParseRFC3339 parses an RFC3339 date in either RFC3339Nano or RFC3339 format.
+func ParseRFC3339(s string, nowFn func() metav1.Time) (metav1.Time, error) {
+	if t, timeErr := time.Parse(time.RFC3339Nano, s); timeErr == nil {
+		return metav1.Time{Time: t}, nil
+	}
+	t, err := time.Parse(time.RFC3339, s)
+	if err != nil {
+		return metav1.Time{}, err
+	}
+	return metav1.Time{Time: t}, nil
+}
+
+func HashObject(obj runtime.Object, codec runtime.Codec) (string, error) {
+	data, err := runtime.Encode(codec, obj)
+	if err != nil {
+		return "", err
+	}
+	return fmt.Sprintf("%x", md5.Sum(data)), nil
+}
+
+// ParseFileSource parses the source given.
+//
+//  Acceptable formats include:
+//   1.  source-path: the basename will become the key name
+//   2.  source-name=source-path: the source-name will become the key name and
+//       source-path is the path to the key file.
+//
+// Key names cannot include '='.
+func ParseFileSource(source string) (keyName, filePath string, err error) {
+	numSeparators := strings.Count(source, "=")
+	switch {
+	case numSeparators == 0:
+		return path.Base(source), source, nil
+	case numSeparators == 1 && strings.HasPrefix(source, "="):
+		return "", "", fmt.Errorf("key name for file path %v missing.", strings.TrimPrefix(source, "="))
+	case numSeparators == 1 && strings.HasSuffix(source, "="):
+		return "", "", fmt.Errorf("file path for key name %v missing.", strings.TrimSuffix(source, "="))
+	case numSeparators > 1:
+		return "", "", errors.New("Key names or file paths cannot contain '='.")
+	default:
+		components := strings.Split(source, "=")
+		return components[0], components[1], nil
+	}
+}
+
+// ParseLiteralSource parses the source key=val pair into its component pieces.
+// This functionality is distinguished from strings.SplitN(source, "=", 2) since
+// it returns an error in the case of empty keys, values, or a missing equals sign.
+func ParseLiteralSource(source string) (keyName, value string, err error) {
+	// leading equal is invalid
+	if strings.Index(source, "=") == 0 {
+		return "", "", fmt.Errorf("invalid literal source %v, expected key=value", source)
+	}
+	// split after the first equal (so values can have the = character)
+	items := strings.SplitN(source, "=", 2)
+	if len(items) != 2 {
+		return "", "", fmt.Errorf("invalid literal source %v, expected key=value", source)
+	}
+
+	return items[0], items[1], nil
+}