From 673bfcbd56595750cb2d04f0a987532f9b95ef93 Mon Sep 17 00:00:00 2001
From: Ettore Di Giacinto <mudler@users.noreply.github.com>
Date: Thu, 13 Oct 2022 22:21:06 +0000
Subject: [PATCH] Slightly change spec
---
api/v1alpha1/sealedvolume_types.go | 7 +++----
api/v1alpha1/zz_generated.deepcopy.go | 14 ++++++++++++--
examples/sealedvolume.yaml | 8 ++++----
pkg/challenger/challenger.go | 17 +++++++++++------
4 files changed, 30 insertions(+), 16 deletions(-)
diff --git a/api/v1alpha1/sealedvolume_types.go b/api/v1alpha1/sealedvolume_types.go
index 26d9ea2..b077ac1 100644
--- a/api/v1alpha1/sealedvolume_types.go
+++ b/api/v1alpha1/sealedvolume_types.go
@@ -25,10 +25,9 @@ import (
// SealedVolumeSpec defines the desired state of SealedVolume
type SealedVolumeSpec struct {
- TPMHash string `json:"TPMHash,omitempty"`
- Label string `json:"label,omitempty"`
- Passphrase *SecretSpec `json:"passphraseRef,omitempty"`
- Quarantined bool `json:"quarantined,omitempty"`
+ TPMHash string `json:"TPMHash,omitempty"`
+ Passphrase map[string]*SecretSpec `json:"partitionSecrets,omitempty"`
+ Quarantined bool `json:"quarantined,omitempty"`
}
type SecretSpec struct {
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index 610bd4c..fec9629 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -89,8 +89,18 @@ func (in *SealedVolumeSpec) DeepCopyInto(out *SealedVolumeSpec) {
*out = *in
if in.Passphrase != nil {
in, out := &in.Passphrase, &out.Passphrase
- *out = new(SecretSpec)
- **out = **in
+ *out = make(map[string]*SecretSpec, len(*in))
+ for key, val := range *in {
+ var outVal *SecretSpec
+ if val == nil {
+ (*out)[key] = nil
+ } else {
+ in, out := &val, &outVal
+ *out = new(SecretSpec)
+ **out = **in
+ }
+ (*out)[key] = outVal
+ }
}
}
diff --git a/examples/sealedvolume.yaml b/examples/sealedvolume.yaml
index 0004436..1e9ae63 100644
--- a/examples/sealedvolume.yaml
+++ b/examples/sealedvolume.yaml
@@ -15,8 +15,8 @@ metadata:
namespace: default
spec:
TPMHash: "something"
- label: "label"
- passphraseRef:
- name: mysecret
- path: pass
+ partitionSecrets:
+ LABEL:
+ name: mysecret
+ path: pass
quarantined: false
diff --git a/pkg/challenger/challenger.go b/pkg/challenger/challenger.go
index a8c19c4..33262e5 100644
--- a/pkg/challenger/challenger.go
+++ b/pkg/challenger/challenger.go
@@ -87,10 +87,16 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr
found := false
var volume keyserverv1alpha1.SealedVolume
+ var passsecret *keyserverv1alpha1.SecretSpec
for _, v := range volumeList.Items {
- if hashEncoded == v.Spec.TPMHash && v.Spec.Label == label {
- found = true
- volume = v
+ if hashEncoded == v.Spec.TPMHash {
+ for l, secretRef := range v.Spec.Passphrase {
+ if l == label {
+ found = true
+ volume = v
+ passsecret = secretRef
+ }
+ }
}
}
@@ -119,11 +125,10 @@ func Start(ctx context.Context, kclient *kubernetes.Clientset, reconciler *contr
writer, _ := conn.NextWriter(websocket.BinaryMessage)
if !volume.Spec.Quarantined {
- secret, err := kclient.CoreV1().Secrets(namespace).Get(ctx, volume.Spec.Passphrase.Name, v1.GetOptions{})
+ secret, err := kclient.CoreV1().Secrets(namespace).Get(ctx, passsecret.Name, v1.GetOptions{})
if err == nil {
- passphrase := secret.Data[volume.Spec.Passphrase.Path]
+ passphrase := secret.Data[passsecret.Path]
json.NewEncoder(writer).Encode(map[string]string{"passphrase": string(passphrase)})
-
}
} else {
conn.Close()