kubeedge
/
sedna
Not watched
1
0
Fork 0
Code
Releases 12 Wiki evaluate Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain HPC
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: 0c0e7cd337
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0c0e7cd337'
${ noResults }
sedna/pkg/globalmanager/runtime/secret_injector.go

142 lines
3.3 kB
Raw Blame History 

  1. /*

  2. Copyright 2021 The KubeEdge Authors.

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. */

  16. 

  17. package runtime

  18. 

  19. import (

  20. 	"context"

  21. 	"encoding/json"

  22. 	"fmt"

  23. 

  24. 	v1 "k8s.io/api/core/v1"

  25. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

  26. 	"k8s.io/client-go/kubernetes"

  27. )

  28. 

  29. const (

  30. 	S3EndpointKey = "s3-endpoint"

  31. 	S3UseHTTPSKey = "s3-usehttps"

  32. 	// env name

  33. 	S3EndpointURLEnv = "S3_ENDPOINT_URL"

  34. 

  35. 	AccessKeyID = "ACCESS_KEY_ID"

  36. 	// env name

  37. 	AccessKeyIDEnv = "ACCESS_KEY_ID"

  38. 

  39. 	SecretAccessKey = "SECRET_ACCESS_KEY"

  40. 	// env name

  41. 	SecretAccessKeyEnv = "SECRET_ACCESS_KEY"

  42. 

  43. 	SecretAnnotationKey = "sedna.io/credential"

  44. )

  45. 

  46. func buildS3SecretEnvs(secret *v1.Secret) (envs []v1.EnvVar, err error) {

  47. 	if secret == nil {

  48. 		return

  49. 	}

  50. 

  51. 	var s3Endpoint string

  52. 	if s3Endpoint = secret.Annotations[S3EndpointKey]; s3Endpoint == "" {

  53. 		err = fmt.Errorf("empty endpoint in secret %s", secret.Name)

  54. 		return

  55. 	}

  56. 

  57. 	var s3EndpointURL string

  58. 	useHTTPS := true

  59. 	if httpsConf, ok := secret.Annotations[S3UseHTTPSKey]; ok && httpsConf == "0" {

  60. 		useHTTPS = false

  61. 	}

  62. 

  63. 	if useHTTPS {

  64. 		s3EndpointURL = "https://" + s3Endpoint

  65. 	} else {

  66. 		s3EndpointURL = "http://" + s3Endpoint

  67. 	}

  68. 

  69. 	envs = append(envs, v1.EnvVar{

  70. 		Name:  S3EndpointURLEnv,

  71. 		Value: s3EndpointURL,

  72. 	})

  73. 

  74. 	// Better to use secretKeyRef or EnvFrom for this.

  75. 	// But now(2021/4/28) kubeedge does not support secretKeyRef for env value,

  76. 	// there is a open pr for this, https://github.com/kubeedge/kubeedge/pull/2230

  77. 	envs = append(envs,

  78. 		v1.EnvVar{

  79. 			Name:  AccessKeyIDEnv,

  80. 			Value: string(secret.Data[AccessKeyID]),

  81. 		},

  82. 	)

  83. 	envs = append(envs,

  84. 		v1.EnvVar{

  85. 			Name:  SecretAccessKeyEnv,

  86. 			Value: string(secret.Data[SecretAccessKey]),

  87. 		},

  88. 	)

  89. 	return

  90. }

  91. 

  92. // MergeSecretEnvs merges two EnvVar list

  93. func MergeSecretEnvs(nowE, newE []v1.EnvVar, overwrite bool) []v1.EnvVar {

  94. 	existEnvNames := make(map[string]int)

  95. 	for i, e := range nowE {

  96. 		existEnvNames[e.Name] = i

  97. 	}

  98. 

  99. 	for _, e := range newE {

  100. 		if idx, exist := existEnvNames[e.Name]; !exist {

  101. 			nowE = append(nowE, e)

  102. 			existEnvNames[e.Name] = len(nowE) - 1

  103. 		} else {

  104. 			if overwrite {

  105. 				nowE[idx] = e

  106. 			}

  107. 		}

  108. 	}

  109. 	return nowE

  110. }

  111. 

  112. func InjectSecretAnnotations(client kubernetes.Interface, obj CommonInterface, secretName string) (err error) {

  113. 	if len(secretName) == 0 {

  114. 		return

  115. 	}

  116. 	secret, err := client.CoreV1().Secrets(obj.GetNamespace()).Get(context.TODO(), secretName, metav1.GetOptions{})

  117. 	if err != nil {

  118. 		return

  119. 	}

  120. 	return injectSecretObj(obj, secret)

  121. }

  122. 

  123. func injectSecretObj(obj CommonInterface, secret *v1.Secret) (err error) {

  124. 	secretData := secret.GetAnnotations()

  125. 

  126. 	for k, v := range secret.Data {

  127. 		// v already decoded

  128. 		secretData[k] = string(v)

  129. 	}

  130. 

  131. 	b, _ := json.Marshal(secretData)

  132. 	ann := obj.GetAnnotations()

  133. 	if ann == nil {

  134. 		ann = make(map[string]string)

  135. 	}

  136. 

  137. 	ann[SecretAnnotationKey] = string(b)

  138. 

  139. 	obj.SetAnnotations(ann)

  140. 	return nil

  141. }