kairos/kcrypt-challenger
1
0
Fork 0
mirror of https://github.com/kairos-io/kcrypt-challenger.git synced 2025-04-28 03:41:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Clean up default secret names

Browse Source
This commit is contained in:
mudler 2023-01-24 12:16:09 +01:00
parent dfe29aa24f
commit a95436bf16
1 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
pkg/challenger/challenger.go
View File

@ -7,6 +7,7 @@ import (
"io" "io"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"strings"
"time" "time"
keyserverv1alpha1 "github.com/kairos-io/kairos-challenger/api/v1alpha1" keyserverv1alpha1 "github.com/kairos-io/kairos-challenger/api/v1alpha1"
@ -47,6 +48,24 @@ var upgrader = websocket.Upgrader{
WriteBufferSize: 1024, WriteBufferSize: 1024,
} }
func cleanKubeName(s string) (d string) {
d = strings.ReplaceAll(s, "_", "-")
d = strings.ToLower(d)
return
}
func (s SealedVolumeData) DefaultSecret() (string, string) {
secretName := fmt.Sprintf("%s-%s", s.VolumeName, s.PartitionLabel)
secretPath := "passphrase"
if s.SecretName != "" {
secretName = s.SecretName
}
if s.SecretPath != "" {
secretPath = s.SecretPath
}
return cleanKubeName(secretName), cleanKubeName(secretPath)
}
func writeRead(conn *websocket.Conn, input []byte) ([]byte, error) { func writeRead(conn *websocket.Conn, input []byte) ([]byte, error) {
writer, err := conn.NextWriter(websocket.BinaryMessage) writer, err := conn.NextWriter(websocket.BinaryMessage)
if err != nil { if err != nil {
@ -148,14 +167,7 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr
} }
if v.HasPassphrase() && !v.HasError() { if v.HasPassphrase() && !v.HasError() {
secretName := fmt.Sprintf("%s-%s", sealedVolumeData.VolumeName, sealedVolumeData.PartitionLabel) secretName, secretPath := sealedVolumeData.DefaultSecret()
secretPath := "passphrase"
if sealedVolumeData.SecretName != "" {
secretName = sealedVolumeData.SecretName
}
if sealedVolumeData.SecretPath != "" {
secretPath = sealedVolumeData.SecretPath
}
_, err := kclient.CoreV1().Secrets(namespace).Get(ctx, secretName, v1.GetOptions{}) _, err := kclient.CoreV1().Secrets(namespace).Get(ctx, secretName, v1.GetOptions{})
if err != nil { if err != nil {
if !apierrors.IsNotFound(err) { if !apierrors.IsNotFound(err) {
@ -180,7 +192,7 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr
} }
_, err := kclient.CoreV1().Secrets(namespace).Create(ctx, &secret, v1.CreateOptions{}) _, err := kclient.CoreV1().Secrets(namespace).Create(ctx, &secret, v1.CreateOptions{})
if err != nil { if err != nil {
fmt.Println("failed during secret creation") fmt.Println("failed during secret creation:", err.Error())
} }
} else { } else {
fmt.Println("Posted for already existing secret - ignoring") fmt.Println("Posted for already existing secret - ignoring")
@ -235,14 +247,7 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr
writer, _ := conn.NextWriter(websocket.BinaryMessage) writer, _ := conn.NextWriter(websocket.BinaryMessage)
if !sealedVolumeData.Quarantined { if !sealedVolumeData.Quarantined {
secretName := fmt.Sprintf("%s-%s", sealedVolumeData.VolumeName, sealedVolumeData.PartitionLabel) secretName, secretPath := sealedVolumeData.DefaultSecret()
secretPath := "passphrase"
if sealedVolumeData.SecretName != "" {
secretName = sealedVolumeData.SecretName
}
if sealedVolumeData.SecretPath != "" {
secretPath = sealedVolumeData.SecretPath
}
// 1. The admin sets a specific cleartext password from Kube manager // 1. The admin sets a specific cleartext password from Kube manager
// SealedVolume -> with a secret . // SealedVolume -> with a secret .