kubernetes-sigs/kustomize
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kustomize.git synced 2026-06-13 01:50:55 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

Merge pull request #241 from sethpollack/secret

Browse Source 
add env sources to secrets
This commit is contained in:
Jeff Regan
2018-08-09 13:05:21 -07:00
committed by GitHub
parent e913a71fad 7406dda074
commit bc2d69f4f9
4 changed files with 120 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
pkg/configmapandsecret/secretfactory.go
View File

@@ -1,3 +1,19 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package configmapandsecret package configmapandsecret
import ( import (
@@ -5,12 +21,14 @@ import (
"fmt" "fmt"
"os/exec" "os/exec"
"path/filepath" "path/filepath"
"strings"
"time" "time"
"github.com/kubernetes-sigs/kustomize/pkg/fs" "github.com/kubernetes-sigs/kustomize/pkg/fs"
"github.com/kubernetes-sigs/kustomize/pkg/types" "github.com/kubernetes-sigs/kustomize/pkg/types"
"github.com/pkg/errors" "github.com/pkg/errors"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/util/validation"
) )
// SecretFactory makes Secrets. // SecretFactory makes Secrets.
@@ -24,8 +42,7 @@ func NewSecretFactory(fSys fs.FileSystem, wd string) *SecretFactory {
return &SecretFactory{fSys: fSys, wd: wd} return &SecretFactory{fSys: fSys, wd: wd}
} }
// MakeSecret returns a new secret. func (f *SecretFactory) makeFreshSecret(args *types.SecretArgs) *corev1.Secret {
func (f *SecretFactory) MakeSecret(args types.SecretArgs) (*corev1.Secret, error) {
s := &corev1.Secret{} s := &corev1.Secret{}
s.APIVersion = "v1" s.APIVersion = "v1"
s.Kind = "Secret" s.Kind = "Secret"
@@ -35,17 +52,72 @@ func (f *SecretFactory) MakeSecret(args types.SecretArgs) (*corev1.Secret, error
s.Type = corev1.SecretTypeOpaque s.Type = corev1.SecretTypeOpaque
} }
s.Data = map[string][]byte{} s.Data = map[string][]byte{}
for k, v := range args.Commands { return s
out, err := f.createSecretKey(v) }
if err != nil {
errMsg := fmt.Sprintf("createSecretKey: couldn't make secret %s for key %s", s.Name, k) // MakeSecret returns a new secret.
return nil, errors.Wrap(err, errMsg) func (f *SecretFactory) MakeSecret(args *types.SecretArgs) (*corev1.Secret, error) {
} var all []kvPair
s.Data[k] = out var err error
s := f.makeFreshSecret(args)
pairs, err := f.keyValuesFromEnvFileCommand(args.EnvCommand)
if err != nil {
return nil, errors.Wrap(err, fmt.Sprintf(
"env source file: %s",
args.EnvCommand))
} }
all = append(all, pairs...)
pairs, err = f.keyValuesFromCommands(args.Commands)
if err != nil {
return nil, errors.Wrap(err, fmt.Sprintf(
"commands %v", args.Commands))
}
all = append(all, pairs...)
for _, kv := range all {
err = addKvToSecret(s, kv.key, kv.value)
if err != nil {
return nil, err
}
}
return s, nil return s, nil
} }
func addKvToSecret(secret *corev1.Secret, keyName, data string) error {
// Note, the rules for SecretKeys keys are the exact same as the ones for ConfigMap.
if errs := validation.IsConfigMapKey(keyName); len(errs) != 0 {
return fmt.Errorf("%q is not a valid key name for a Secret: %s", keyName, strings.Join(errs, ";"))
}
if _, entryExists := secret.Data[keyName]; entryExists {
return fmt.Errorf("cannot add key %s, another key by that name already exists", keyName)
}
secret.Data[keyName] = []byte(data)
return nil
}
func (f *SecretFactory) keyValuesFromEnvFileCommand(cmd string) ([]kvPair, error) {
content, err := f.createSecretKey(cmd)
if err != nil {
return nil, err
}
return keyValuesFromLines(content)
}
func (f *SecretFactory) keyValuesFromCommands(sources map[string]string) ([]kvPair, error) {
var kvs []kvPair
for k, cmd := range sources {
content, err := f.createSecretKey(cmd)
if err != nil {
return nil, err
}
kvs = append(kvs, kvPair{key: k, value: string(content)})
}
return kvs, nil
}
// Run a command, return its output as the secret. // Run a command, return its output as the secret.
func (f *SecretFactory) createSecretKey(command string) ([]byte, error) { func (f *SecretFactory) createSecretKey(command string) ([]byte, error) {
if !f.fSys.IsDir(f.wd) { if !f.fSys.IsDir(f.wd) {

2
pkg/resmap/secret.go
View File

@@ -30,7 +30,7 @@ func NewResMapFromSecretArgs(
secretList []types.SecretArgs) (ResMap, error) { secretList []types.SecretArgs) (ResMap, error) {
var allResources []*resource.Resource var allResources []*resource.Resource
for _, args := range secretList { for _, args := range secretList {
s, err := f.MakeSecret(args) s, err := f.MakeSecret(&args)
if err != nil { if err != nil {
return nil, errors.Wrap(err, "makeSecret") return nil, errors.Wrap(err, "makeSecret")
} }

29
pkg/resmap/secret_test.go
View File

@@ -35,9 +35,18 @@ func TestNewResMapFromSecretArgs(t *testing.T) {
secrets := []types.SecretArgs{ secrets := []types.SecretArgs{
{ {
Name: "apple", Name: "apple",
Commands: map[string]string{ CommandSources: types.CommandSources{
"DB_USERNAME": "printf admin", Commands: map[string]string{
"DB_PASSWORD": "printf somepw", "DB_USERNAME": "printf admin",
"DB_PASSWORD": "printf somepw",
},
},
Type: "Opaque",
},
{
Name: "peanuts",
CommandSources: types.CommandSources{
EnvCommand: "printf \"DB_USERNAME=admin\nDB_PASSWORD=somepw\"",
}, },
Type: "Opaque", Type: "Opaque",
}, },
@@ -66,6 +75,20 @@ func TestNewResMapFromSecretArgs(t *testing.T) {
"DB_PASSWORD": base64.StdEncoding.EncodeToString([]byte("somepw")), "DB_PASSWORD": base64.StdEncoding.EncodeToString([]byte("somepw")),
}, },
}).SetBehavior(resource.BehaviorCreate), }).SetBehavior(resource.BehaviorCreate),
resource.NewResId(secret, "peanuts"): resource.NewResourceFromMap(
map[string]interface{}{
"apiVersion": "v1",
"kind": "Secret",
"metadata": map[string]interface{}{
"name": "peanuts",
"creationTimestamp": nil,
},
"type": string(corev1.SecretTypeOpaque),
"data": map[string]interface{}{
"DB_USERNAME": base64.StdEncoding.EncodeToString([]byte("admin")),
"DB_PASSWORD": base64.StdEncoding.EncodeToString([]byte("somepw")),
},
}).SetBehavior(resource.BehaviorCreate),
} }
if !reflect.DeepEqual(actual, expected) { if !reflect.DeepEqual(actual, expected) {
t.Fatalf("%#v\ndoesn't match expected:\n%#v", actual, expected) t.Fatalf("%#v\ndoesn't match expected:\n%#v", actual, expected)

16
pkg/types/kustomization.go
View File

@@ -115,12 +115,20 @@ type SecretArgs struct {
// keys: "tls.key" and "tls.crt" // keys: "tls.key" and "tls.crt"
Type string `json:"type,omitempty" yaml:"type,omitempty"` Type string `json:"type,omitempty" yaml:"type,omitempty"`
// Map of keys to commands to generate the values // CommandSources for secret.
Commands map[string]string `json:",commands,omitempty" yaml:",inline,omitempty"` CommandSources `json:",inline,omitempty" yaml:",inline,omitempty"`
} }
// DataSources contains some generic sources for configmap or secret. // CommandSources contains some generic sources for secrets.
// Only one field can be set. type CommandSources struct {
// Map of keys to commands to generate the values
Commands map[string]string `json:"commands,omitempty" yaml:"commands,omitempty"`
// EnvCommand to output lines of key=val pairs to create a secret.
// i.e. a Docker .env file or a .ini file.
EnvCommand string `json:"envCommand,omitempty" yaml:"envCommand,omitempty"`
}
// DataSources contains some generic sources for configmaps.
type DataSources struct { type DataSources struct {
// LiteralSources is a list of literal sources. // LiteralSources is a list of literal sources.
// Each literal source should be a key and literal value, // Each literal source should be a key and literal value,