From 673bfcbd56595750cb2d04f0a987532f9b95ef93 Mon Sep 17 00:00:00 2001 From: Ettore Di Giacinto Date: Thu, 13 Oct 2022 22:21:06 +0000 Subject: [PATCH] Slightly change spec --- api/v1alpha1/sealedvolume_types.go | 7 +++---- api/v1alpha1/zz_generated.deepcopy.go | 14 ++++++++++++-- examples/sealedvolume.yaml | 8 ++++---- pkg/challenger/challenger.go | 17 +++++++++++------ 4 files changed, 30 insertions(+), 16 deletions(-) diff --git a/api/v1alpha1/sealedvolume_types.go b/api/v1alpha1/sealedvolume_types.go index 26d9ea2..b077ac1 100644 --- a/api/v1alpha1/sealedvolume_types.go +++ b/api/v1alpha1/sealedvolume_types.go @@ -25,10 +25,9 @@ import ( // SealedVolumeSpec defines the desired state of SealedVolume type SealedVolumeSpec struct { - TPMHash string `json:"TPMHash,omitempty"` - Label string `json:"label,omitempty"` - Passphrase *SecretSpec `json:"passphraseRef,omitempty"` - Quarantined bool `json:"quarantined,omitempty"` + TPMHash string `json:"TPMHash,omitempty"` + Passphrase map[string]*SecretSpec `json:"partitionSecrets,omitempty"` + Quarantined bool `json:"quarantined,omitempty"` } type SecretSpec struct { diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 610bd4c..fec9629 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -89,8 +89,18 @@ func (in *SealedVolumeSpec) DeepCopyInto(out *SealedVolumeSpec) { *out = *in if in.Passphrase != nil { in, out := &in.Passphrase, &out.Passphrase - *out = new(SecretSpec) - **out = **in + *out = make(map[string]*SecretSpec, len(*in)) + for key, val := range *in { + var outVal *SecretSpec + if val == nil { + (*out)[key] = nil + } else { + in, out := &val, &outVal + *out = new(SecretSpec) + **out = **in + } + (*out)[key] = outVal + } } } diff --git a/examples/sealedvolume.yaml b/examples/sealedvolume.yaml index 0004436..1e9ae63 100644 --- a/examples/sealedvolume.yaml +++ b/examples/sealedvolume.yaml @@ -15,8 +15,8 @@ metadata: namespace: default spec: TPMHash: "something" - label: "label" - passphraseRef: - name: mysecret - path: pass + partitionSecrets: + LABEL: + name: mysecret + path: pass quarantined: false diff --git a/pkg/challenger/challenger.go b/pkg/challenger/challenger.go index a8c19c4..33262e5 100644 --- a/pkg/challenger/challenger.go +++ b/pkg/challenger/challenger.go @@ -87,10 +87,16 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr found := false var volume keyserverv1alpha1.SealedVolume + var passsecret *keyserverv1alpha1.SecretSpec for _, v := range volumeList.Items { - if hashEncoded == v.Spec.TPMHash && v.Spec.Label == label { - found = true - volume = v + if hashEncoded == v.Spec.TPMHash { + for l, secretRef := range v.Spec.Passphrase { + if l == label { + found = true + volume = v + passsecret = secretRef + } + } } } @@ -119,11 +125,10 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr writer, _ := conn.NextWriter(websocket.BinaryMessage) if !volume.Spec.Quarantined { - secret, err := kclient.CoreV1().Secrets(namespace).Get(ctx, volume.Spec.Passphrase.Name, v1.GetOptions{}) + secret, err := kclient.CoreV1().Secrets(namespace).Get(ctx, passsecret.Name, v1.GetOptions{}) if err == nil { - passphrase := secret.Data[volume.Spec.Passphrase.Path] + passphrase := secret.Data[passsecret.Path] json.NewEncoder(writer).Encode(map[string]string{"passphrase": string(passphrase)}) - } } else { conn.Close()