From 5b948764ef733a57fbc6788bc8fdffd8e88f93e5 Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Tue, 31 May 2022 11:53:35 -0700 Subject: [PATCH] Generate opaque secrets --- pkg/controller/appdefinition/secret.go | 17 +++++++++ pkg/controller/appdefinition/secret_test.go | 39 +++++++++++++++++++++ 2 files changed, 56 insertions(+) diff --git a/pkg/controller/appdefinition/secret.go b/pkg/controller/appdefinition/secret.go index 068b6d4c5..35114a0a5 100644 --- a/pkg/controller/appdefinition/secret.go +++ b/pkg/controller/appdefinition/secret.go @@ -19,6 +19,7 @@ import ( "github.com/rancher/wrangler/pkg/data/convert" "github.com/rancher/wrangler/pkg/merr" "github.com/rancher/wrangler/pkg/randomtoken" + "golang.org/x/exp/maps" batchv1 "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/equality" @@ -289,6 +290,20 @@ func generateToken(req router.Request, appInstance *v1.AppInstance, secretName s return updateOrCreate(req, existing, secret) } +func generateOpaque(req router.Request, appInstance *v1.AppInstance, secretName string, secretRef v1.Secret, existing *corev1.Secret) (*corev1.Secret, error) { + secret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: secretName + "-", + Namespace: appInstance.Namespace, + Labels: labelsForSecret(secretName, appInstance), + }, + Data: seedData(existing, secretRef.Data, maps.Keys(secretRef.Data)...), + Type: corev1.SecretTypeOpaque, + } + + return updateOrCreate(req, existing, secret) +} + func generateBasic(req router.Request, appInstance *v1.AppInstance, secretName string, secretRef v1.Secret, existing *corev1.Secret) (*corev1.Secret, error) { secret := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ @@ -393,6 +408,8 @@ func generateSecret(secrets map[string]*corev1.Secret, req router.Request, appIn }, secretName) } switch secretRef.Type { + case "opaque": + return generateOpaque(req, appInstance, secretName, secretRef, existing) case "docker": return generateDocker(req, appInstance, secretName, secretRef, existing) case "basic": diff --git a/pkg/controller/appdefinition/secret_test.go b/pkg/controller/appdefinition/secret_test.go index f445b6e67..24ffb186b 100644 --- a/pkg/controller/appdefinition/secret_test.go +++ b/pkg/controller/appdefinition/secret_test.go @@ -174,6 +174,45 @@ func TestTLS_ExternalCA_Gen(t *testing.T) { assert.True(t, len(secret.Data["ca.key"]) == 0) } +func TestOpaque_Gen(t *testing.T) { + h := tester.Harness{ + Scheme: scheme.Scheme, + } + resp, err := h.InvokeFunc(t, &v1.AppInstance{ + ObjectMeta: metav1.ObjectMeta{ + Name: "app-name", + Namespace: "app-ns", + }, + Status: v1.AppInstanceStatus{ + Namespace: "app-target-ns", + AppSpec: v1.AppSpec{ + Secrets: map[string]v1.Secret{ + "pass": { + Type: "opaque", + Data: map[string]string{ + "key1": "", + "key2": "value", + }, + }, + }, + }, + }, + }, CreateSecrets) + if err != nil { + t.Fatal(err) + } + + assert.Len(t, resp.Client.Created, 1) + assert.Len(t, resp.Collected, 2) + + secret := resp.Client.Created[0].(*corev1.Secret) + assert.Equal(t, "pass", secret.Labels[labels.AcornSecretName]) + assert.True(t, strings.HasPrefix(secret.Name, "pass-")) + _, ok := secret.Data["key1"] + assert.True(t, ok) + assert.True(t, len(secret.Data["key2"]) > 0) +} + func TestBasic_Gen(t *testing.T) { h := tester.Harness{ Scheme: scheme.Scheme,