Merge pull request #122 from ibuildthecloud/opaque-gen

Generate opaque secrets
acorn-io · May 31, 2022 · 7a79717 · 7a79717
2 parents f3acd01 + 5b94876
commit 7a79717
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 0 deletions.
diff --git a/pkg/controller/appdefinition/secret.go b/pkg/controller/appdefinition/secret.go
@@ -19,6 +19,7 @@ import (
 	"github.com/rancher/wrangler/pkg/data/convert"
 	"github.com/rancher/wrangler/pkg/merr"
 	"github.com/rancher/wrangler/pkg/randomtoken"
+	"golang.org/x/exp/maps"
 	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/equality"
@@ -289,6 +290,20 @@ func generateToken(req router.Request, appInstance *v1.AppInstance, secretName s
 	return updateOrCreate(req, existing, secret)
 }
 
+func generateOpaque(req router.Request, appInstance *v1.AppInstance, secretName string, secretRef v1.Secret, existing *corev1.Secret) (*corev1.Secret, error) {
+	secret := &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			GenerateName: secretName + "-",
+			Namespace:    appInstance.Namespace,
+			Labels:       labelsForSecret(secretName, appInstance),
+		},
+		Data: seedData(existing, secretRef.Data, maps.Keys(secretRef.Data)...),
+		Type: corev1.SecretTypeOpaque,
+	}
+
+	return updateOrCreate(req, existing, secret)
+}
+
 func generateBasic(req router.Request, appInstance *v1.AppInstance, secretName string, secretRef v1.Secret, existing *corev1.Secret) (*corev1.Secret, error) {
 	secret := &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
@@ -393,6 +408,8 @@ func generateSecret(secrets map[string]*corev1.Secret, req router.Request, appIn
 		}, secretName)
 	}
 	switch secretRef.Type {
+	case "opaque":
+		return generateOpaque(req, appInstance, secretName, secretRef, existing)
 	case "docker":
 		return generateDocker(req, appInstance, secretName, secretRef, existing)
 	case "basic":

diff --git a/pkg/controller/appdefinition/secret_test.go b/pkg/controller/appdefinition/secret_test.go
@@ -174,6 +174,45 @@ func TestTLS_ExternalCA_Gen(t *testing.T) {
 	assert.True(t, len(secret.Data["ca.key"]) == 0)
 }
 
+func TestOpaque_Gen(t *testing.T) {
+	h := tester.Harness{
+		Scheme: scheme.Scheme,
+	}
+	resp, err := h.InvokeFunc(t, &v1.AppInstance{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "app-name",
+			Namespace: "app-ns",
+		},
+		Status: v1.AppInstanceStatus{
+			Namespace: "app-target-ns",
+			AppSpec: v1.AppSpec{
+				Secrets: map[string]v1.Secret{
+					"pass": {
+						Type: "opaque",
+						Data: map[string]string{
+							"key1": "",
+							"key2": "value",
+						},
+					},
+				},
+			},
+		},
+	}, CreateSecrets)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assert.Len(t, resp.Client.Created, 1)
+	assert.Len(t, resp.Collected, 2)
+
+	secret := resp.Client.Created[0].(*corev1.Secret)
+	assert.Equal(t, "pass", secret.Labels[labels.AcornSecretName])
+	assert.True(t, strings.HasPrefix(secret.Name, "pass-"))
+	_, ok := secret.Data["key1"]
+	assert.True(t, ok)
+	assert.True(t, len(secret.Data["key2"]) > 0)
+}
+
 func TestBasic_Gen(t *testing.T) {
 	h := tester.Harness{
 		Scheme: scheme.Scheme,