Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
H
helm3
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
go
helm3
Commits
76ac1f7f
Commit
76ac1f7f
authored
Mar 21, 2016
by
jackgr
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add secrets credential provider
parent
eb3385be
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
134 additions
and
0 deletions
+134
-0
secrets_credential_provider.go
pkg/repo/secrets_credential_provider.go
+134
-0
No files found.
pkg/repo/secrets_credential_provider.go
0 → 100644
View file @
76ac1f7f
/*
Copyright 2015 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package
repo
import
(
"encoding/base64"
"encoding/json"
"flag"
"fmt"
"log"
"github.com/ghodss/yaml"
"github.com/kubernetes/helm/pkg/common"
"github.com/kubernetes/helm/pkg/util"
)
var
(
kubePath
=
flag
.
String
(
"kubectl"
,
"./kubectl"
,
"The path to the kubectl binary."
)
kubeService
=
flag
.
String
(
"service"
,
""
,
"The DNS name of the kubernetes service."
)
kubeServer
=
flag
.
String
(
"server"
,
""
,
"The IP address and optional port of the kubernetes master."
)
kubeInsecure
=
flag
.
Bool
(
"insecure-skip-tls-verify"
,
false
,
"Do not check the server's certificate for validity."
)
kubeConfig
=
flag
.
String
(
"config"
,
""
,
"Path to a kubeconfig file."
)
kubeCertAuth
=
flag
.
String
(
"certificate-authority"
,
""
,
"Path to a file for the certificate authority."
)
kubeClientCert
=
flag
.
String
(
"client-certificate"
,
""
,
"Path to a client certificate file."
)
kubeClientKey
=
flag
.
String
(
"client-key"
,
""
,
"Path to a client key file."
)
kubeToken
=
flag
.
String
(
"token"
,
""
,
"A service account token."
)
kubeUsername
=
flag
.
String
(
"username"
,
""
,
"The username to use for basic auth."
)
kubePassword
=
flag
.
String
(
"password"
,
""
,
"The password to use for basic auth."
)
)
var
kubernetesConfig
*
util
.
KubernetesConfig
const
secretType
=
"Secret"
// SecretsCredentialProvider provides credentials for registries from Kubernertes secrets.
type
SecretsCredentialProvider
struct
{
// Actual object that talks to secrets service.
k
util
.
Kubernetes
}
// NewSecretsCredentialProvider creates a new secrets credential provider.
func
NewSecretsCredentialProvider
()
CredentialProvider
{
kubernetesConfig
:=
&
util
.
KubernetesConfig
{
KubePath
:
*
kubePath
,
KubeService
:
*
kubeService
,
KubeServer
:
*
kubeServer
,
KubeInsecure
:
*
kubeInsecure
,
KubeConfig
:
*
kubeConfig
,
KubeCertAuth
:
*
kubeCertAuth
,
KubeClientCert
:
*
kubeClientCert
,
KubeClientKey
:
*
kubeClientKey
,
KubeToken
:
*
kubeToken
,
KubeUsername
:
*
kubeUsername
,
KubePassword
:
*
kubePassword
,
}
return
&
SecretsCredentialProvider
{
util
.
NewKubernetesKubectl
(
kubernetesConfig
)}
}
func
parseCredential
(
credential
string
)
(
*
RepoCredential
,
error
)
{
var
c
common
.
KubernetesSecret
if
err
:=
json
.
Unmarshal
([]
byte
(
credential
),
&
c
);
err
!=
nil
{
return
nil
,
fmt
.
Errorf
(
"cannot unmarshal credential (%s): %s"
,
credential
,
err
)
}
d
,
err
:=
base64
.
StdEncoding
.
DecodeString
(
c
.
Data
[
"credential"
])
if
err
!=
nil
{
return
nil
,
fmt
.
Errorf
(
"cannot unmarshal credential (%s): %s"
,
c
,
err
)
}
// And then finally unmarshal it from yaml to RepoCredential
r
:=
&
RepoCredential
{}
if
err
:=
yaml
.
Unmarshal
(
d
,
&
r
);
err
!=
nil
{
return
nil
,
fmt
.
Errorf
(
"cannot unmarshal credential %s (%#v)"
,
c
,
err
)
}
return
r
,
nil
}
// GetCredential returns a credential by name.
func
(
scp
*
SecretsCredentialProvider
)
GetCredential
(
name
string
)
(
*
RepoCredential
,
error
)
{
o
,
err
:=
scp
.
k
.
Get
(
name
,
secretType
)
if
err
!=
nil
{
return
nil
,
err
}
return
parseCredential
(
o
)
}
// SetCredential sets a credential by name.
func
(
scp
*
SecretsCredentialProvider
)
SetCredential
(
name
string
,
credential
*
RepoCredential
)
error
{
// Marshal the credential & base64 encode it.
b
,
err
:=
yaml
.
Marshal
(
credential
)
if
err
!=
nil
{
log
.
Printf
(
"yaml marshal failed for credential named %s: %s"
,
name
,
err
)
return
err
}
enc
:=
base64
.
StdEncoding
.
EncodeToString
(
b
)
// Then create a kubernetes object out of it
metadata
:=
make
(
map
[
string
]
string
)
metadata
[
"name"
]
=
name
data
:=
make
(
map
[
string
]
string
)
data
[
"credential"
]
=
enc
obj
:=
&
common
.
KubernetesSecret
{
Kind
:
secretType
,
APIVersion
:
"v1"
,
Metadata
:
metadata
,
Data
:
data
,
}
ko
,
err
:=
yaml
.
Marshal
(
obj
)
if
err
!=
nil
{
log
.
Printf
(
"yaml marshal failed for kubernetes object named %s: %s"
,
name
,
err
)
return
err
}
_
,
err
=
scp
.
k
.
Create
(
string
(
ko
))
return
err
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment