github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/internal/operator/boom/api/latest/funcs.go

github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/internal/operator/boom/api/latest/funcs.go (about)

     1  package latest
     2  
     3  import (
     4  	"fmt"
     5  	"strings"
     6  
     7  	"github.com/caos/orbos/internal/operator/boom/api/latest/monitoring"
     8  	"github.com/caos/orbos/internal/operator/boom/api/latest/reconciling"
     9  	"github.com/caos/orbos/pkg/secret"
    10  	"github.com/caos/orbos/pkg/tree"
    11  )
    12  
    13  func ParseToolset(desiredTree *tree.Tree) (*Toolset, error) {
    14  	desiredKind := &Toolset{}
    15  	if err := desiredTree.Original.Decode(desiredKind); err != nil {
    16  		return nil, fmt.Errorf("parsing desired state failed: %w", err)
    17  	}
    18  	desiredTree.Parsed = desiredKind
    19  	return desiredKind, nil
    20  }
    21  
    22  func GetSecretsMap(desiredKind *Toolset) (
    23  	map[string]*secret.Secret,
    24  	map[string]*secret.Existing,
    25  ) {
    26  	secrets := make(map[string]*secret.Secret, 0)
    27  	existing := make(map[string]*secret.Existing, 0)
    28  
    29  	if desiredKind.Spec.APIGateway == nil {
    30  		desiredKind.Spec.APIGateway = &APIGateway{}
    31  	}
    32  	apigatewaySpec := desiredKind.Spec.APIGateway
    33  	apigatewaySpec.InitSecrets()
    34  	ambLicKey := "apigateway.licencekey"
    35  	secrets[ambLicKey] = apigatewaySpec.LicenceKey
    36  	existing[ambLicKey] = apigatewaySpec.ExistingLicenceKey
    37  
    38  	if desiredKind.Spec.Monitoring == nil {
    39  		desiredKind.Spec.Monitoring = &monitoring.Monitoring{}
    40  	}
    41  	monitoringSpec := desiredKind.Spec.Monitoring
    42  	monitoringSpec.InitSecrets()
    43  	monitoringAdminUser := "monitoring.admin.username"
    44  	secrets[monitoringAdminUser] = monitoringSpec.Admin.Username
    45  	existing[monitoringAdminUser] = monitoringSpec.Admin.ExistingUsername
    46  	monitoringAdminPW := "monitoring.admin.password"
    47  	secrets[monitoringAdminPW] = monitoringSpec.Admin.Password
    48  	existing[monitoringAdminPW] = monitoringSpec.Admin.ExistingPassword
    49  	monitoringoAuthClientIDKey := "monitoring.sso.oauth.clientid"
    50  	secrets[monitoringoAuthClientIDKey] = monitoringSpec.Auth.GenericOAuth.ClientID
    51  	existing[monitoringoAuthClientIDKey] = monitoringSpec.Auth.GenericOAuth.ExistingClientIDSecret
    52  	monitoringoAuthClientIDSecKey := "monitoring.sso.oauth.clientsecret"
    53  	secrets[monitoringoAuthClientIDSecKey] = monitoringSpec.Auth.GenericOAuth.ClientSecret
    54  	existing[monitoringoAuthClientIDSecKey] = monitoringSpec.Auth.GenericOAuth.ExistingClientSecretSecret
    55  	monitoringoGoogClientIDKey := "monitoring.sso.google.clientid"
    56  	secrets[monitoringoGoogClientIDKey] = monitoringSpec.Auth.Google.ClientID
    57  	existing[monitoringoGoogClientIDKey] = monitoringSpec.Auth.Google.ExistingClientIDSecret
    58  	monitoringoGoogClientIDSecKey := "monitoring.sso.google.clientsecret"
    59  	secrets[monitoringoGoogClientIDSecKey] = monitoringSpec.Auth.Google.ClientSecret
    60  	existing[monitoringoGoogClientIDSecKey] = monitoringSpec.Auth.Google.ExistingClientSecretSecret
    61  	monitoringoGHClientIDKey := "monitoring.sso.github.clientid"
    62  	secrets[monitoringoGHClientIDKey] = monitoringSpec.Auth.Github.ClientID
    63  	existing[monitoringoGHClientIDKey] = monitoringSpec.Auth.Github.ExistingClientIDSecret
    64  	monitoringoGHClientIDSecKey := "monitoring.sso.github.clientsecret"
    65  	secrets[monitoringoGHClientIDSecKey] = monitoringSpec.Auth.Github.ClientSecret
    66  	existing[monitoringoGHClientIDSecKey] = monitoringSpec.Auth.Github.ExistingClientSecretSecret
    67  	monitoringoGLClientIDKey := "monitoring.sso.gitlab.clientid"
    68  	secrets[monitoringoGLClientIDKey] = monitoringSpec.Auth.Gitlab.ClientID
    69  	existing[monitoringoGLClientIDKey] = monitoringSpec.Auth.Gitlab.ExistingClientIDSecret
    70  	monitoringoGLClientIDSecKey := "monitoring.sso.gitlab.clientsecret"
    71  	secrets[monitoringoGLClientIDSecKey] = monitoringSpec.Auth.Gitlab.ClientSecret
    72  	existing[monitoringoGLClientIDSecKey] = monitoringSpec.Auth.Gitlab.ExistingClientSecretSecret
    73  
    74  	if desiredKind.Spec.Reconciling == nil {
    75  		desiredKind.Spec.Reconciling = &reconciling.Reconciling{}
    76  	}
    77  	reconcilingSpec := desiredKind.Spec.Reconciling
    78  	reconcilingSpec.InitSecrets()
    79  
    80  	reconcilingGoogClientIDKey := "reconciling.sso.google.clientid"
    81  	secrets[reconcilingGoogClientIDKey] = reconcilingSpec.Auth.GoogleConnector.Config.ClientID
    82  	existing[reconcilingGoogClientIDKey] = reconcilingSpec.Auth.GoogleConnector.Config.ExistingClientIDSecret
    83  	reconcilingGoogClientIDSecKey := "reconciling.sso.google.clientsecret"
    84  	secrets[reconcilingGoogClientIDSecKey] = reconcilingSpec.Auth.GoogleConnector.Config.ClientSecret
    85  	existing[reconcilingGoogClientIDSecKey] = reconcilingSpec.Auth.GoogleConnector.Config.ExistingClientSecretSecret
    86  	reconcilingGoogSAKey := "reconciling.sso.google.serviceaccountjson"
    87  	secrets[reconcilingGoogSAKey] = reconcilingSpec.Auth.GoogleConnector.Config.ServiceAccountJSON
    88  	existing[reconcilingGoogSAKey] = reconcilingSpec.Auth.GoogleConnector.Config.ExistingServiceAccountJSONSecret
    89  	reconcilingGLClientIDKey := "reconciling.sso.gitlab.clientid"
    90  	secrets[reconcilingGLClientIDKey] = reconcilingSpec.Auth.GitlabConnector.Config.ClientID
    91  	existing[reconcilingGLClientIDKey] = reconcilingSpec.Auth.GitlabConnector.Config.ExistingClientIDSecret
    92  	reconcilingGLClientIDSecKey := "reconciling.sso.gitlab.clientsecret"
    93  	secrets[reconcilingGLClientIDSecKey] = reconcilingSpec.Auth.GitlabConnector.Config.ClientSecret
    94  	existing[reconcilingGLClientIDSecKey] = reconcilingSpec.Auth.GitlabConnector.Config.ExistingClientSecretSecret
    95  	reconcilingGHClientIDKey := "reconciling.sso.github.clientid"
    96  	secrets[reconcilingGHClientIDKey] = reconcilingSpec.Auth.GithubConnector.Config.ClientID
    97  	existing[reconcilingGHClientIDKey] = reconcilingSpec.Auth.GithubConnector.Config.ExistingClientIDSecret
    98  	reconcilingGHClientIDSecKey := "reconciling.sso.github.clientsecret"
    99  	secrets[reconcilingGHClientIDSecKey] = reconcilingSpec.Auth.GithubConnector.Config.ClientSecret
   100  	existing[reconcilingGHClientIDSecKey] = reconcilingSpec.Auth.GithubConnector.Config.ExistingClientSecretSecret
   101  	reconcilingOIDCClientIDKey := "reconciling.sso.oidc.clientid"
   102  	secrets[reconcilingOIDCClientIDKey] = reconcilingSpec.Auth.OIDC.ClientID
   103  	existing[reconcilingOIDCClientIDKey] = reconcilingSpec.Auth.OIDC.ExistingClientIDSecret
   104  	reconcilingOIDCClientIDSecKey := "reconciling.sso.oidc.clientsecret"
   105  	secrets[reconcilingOIDCClientIDSecKey] = reconcilingSpec.Auth.OIDC.ClientSecret
   106  	existing[reconcilingOIDCClientIDSecKey] = reconcilingSpec.Auth.OIDC.ExistingClientSecretSecret
   107  
   108  	if reconcilingSpec.Credentials != nil {
   109  		for _, value := range reconcilingSpec.Credentials {
   110  			base := strings.Join([]string{"reconciling", "credential", value.Name}, ".")
   111  
   112  			key := strings.Join([]string{base, "username"}, ".")
   113  			if value.Username == nil {
   114  				value.Username = &secret.Secret{}
   115  			}
   116  			secrets[key] = value.Username
   117  
   118  			key = strings.Join([]string{base, "password"}, ".")
   119  			if value.Password == nil {
   120  				value.Password = &secret.Secret{}
   121  			}
   122  			secrets[key] = value.Password
   123  
   124  			key = strings.Join([]string{base, "certificate"}, ".")
   125  			if value.Certificate == nil {
   126  				value.Certificate = &secret.Secret{}
   127  			}
   128  			secrets[key] = value.Certificate
   129  		}
   130  	}
   131  	if reconcilingSpec.Repositories != nil {
   132  		for _, value := range reconcilingSpec.Repositories {
   133  			base := strings.Join([]string{"reconciling", "repository", value.Name}, ".")
   134  
   135  			key := strings.Join([]string{base, "username"}, ".")
   136  			if value.Username == nil {
   137  				value.Username = &secret.Secret{}
   138  			}
   139  			secrets[key] = value.Username
   140  
   141  			key = strings.Join([]string{base, "password"}, ".")
   142  			if value.Password == nil {
   143  				value.Password = &secret.Secret{}
   144  			}
   145  			secrets[key] = value.Password
   146  
   147  			key = strings.Join([]string{base, "certificate"}, ".")
   148  			if value.Certificate == nil {
   149  				value.Certificate = &secret.Secret{}
   150  			}
   151  			secrets[key] = value.Certificate
   152  		}
   153  	}
   154  
   155  	if reconcilingSpec.CustomImage != nil && reconcilingSpec.CustomImage.GopassStores != nil {
   156  		for _, value := range reconcilingSpec.CustomImage.GopassStores {
   157  			base := strings.Join([]string{"reconciling", "gopass", value.StoreName}, ".")
   158  
   159  			key := strings.Join([]string{base, "ssh"}, ".")
   160  			if value.SSHKey == nil {
   161  				value.SSHKey = &secret.Secret{}
   162  			}
   163  			secrets[key] = value.SSHKey
   164  
   165  			key = strings.Join([]string{base, "gpg"}, ".")
   166  			if value.GPGKey == nil {
   167  				value.GPGKey = &secret.Secret{}
   168  			}
   169  			secrets[key] = value.GPGKey
   170  		}
   171  	}
   172  
   173  	return secrets, existing
   174  }