github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/internal/operator/boom/application/applications/reconciling/config/credential/credential.go

github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/internal/operator/boom/application/applications/reconciling/config/credential/credential.go (about)

     1  package credential
     2  
     3  import (
     4  	"strings"
     5  
     6  	"github.com/caos/orbos/pkg/secret/read"
     7  
     8  	"github.com/caos/orbos/internal/operator/boom/api/latest/reconciling"
     9  	"github.com/caos/orbos/internal/operator/boom/application/applications/reconciling/info"
    10  	"github.com/caos/orbos/internal/operator/boom/application/resources"
    11  	"github.com/caos/orbos/internal/operator/boom/labels"
    12  	"github.com/caos/orbos/mntr"
    13  )
    14  
    15  type Credential struct {
    16  	URL                 string
    17  	UsernameSecret      *secret `yaml:"usernameSecret,omitempty"`
    18  	PasswordSecret      *secret `yaml:"passwordSecret,omitempty"`
    19  	SSHPrivateKeySecret *secret `yaml:"sshPrivateKeySecret,omitempty"`
    20  }
    21  
    22  const (
    23  	cert = "certificate"
    24  	user = "username"
    25  	pw   = "password"
    26  )
    27  
    28  type secret struct {
    29  	Name string
    30  	Key  string
    31  }
    32  
    33  func getSecretName(name string, ty string) string {
    34  	return strings.Join([]string{info.GetName().String(), "cred", name, ty}, "-")
    35  }
    36  
    37  func getSecretKey(ty string) string {
    38  	return ty
    39  }
    40  
    41  func GetSecrets(spec *reconciling.Reconciling) []interface{} {
    42  	secrets := make([]interface{}, 0)
    43  	namespace := "caos-system"
    44  
    45  	for _, v := range spec.Credentials {
    46  		if read.IsCrdSecret(v.Username, v.ExistingUsernameSecret) {
    47  			data := map[string]string{
    48  				getSecretKey(user): v.Username.Value,
    49  			}
    50  
    51  			conf := &resources.SecretConfig{
    52  				Name:      getSecretName(v.Name, user),
    53  				Namespace: namespace,
    54  				Labels:    labels.GetAllApplicationLabels(info.GetName()),
    55  				Data:      data,
    56  			}
    57  			secretRes := resources.NewSecret(conf)
    58  			secrets = append(secrets, secretRes)
    59  		}
    60  		if read.IsCrdSecret(v.Password, v.ExistingPasswordSecret) {
    61  
    62  			data := map[string]string{
    63  				getSecretKey(pw): v.Password.Value,
    64  			}
    65  
    66  			conf := &resources.SecretConfig{
    67  				Name:      getSecretName(v.Name, pw),
    68  				Namespace: namespace,
    69  				Labels:    labels.GetAllApplicationLabels(info.GetName()),
    70  				Data:      data,
    71  			}
    72  			secretRes := resources.NewSecret(conf)
    73  			secrets = append(secrets, secretRes)
    74  		}
    75  		if read.IsCrdSecret(v.Certificate, v.ExistingCertificateSecret) {
    76  			data := map[string]string{
    77  				getSecretKey(cert): v.Certificate.Value,
    78  			}
    79  
    80  			conf := &resources.SecretConfig{
    81  				Name:      getSecretName(v.Name, cert),
    82  				Namespace: namespace,
    83  				Labels:    labels.GetAllApplicationLabels(info.GetName()),
    84  				Data:      data,
    85  			}
    86  			secretRes := resources.NewSecret(conf)
    87  			secrets = append(secrets, secretRes)
    88  		}
    89  	}
    90  
    91  	return secrets
    92  }
    93  
    94  func GetFromSpec(monitor mntr.Monitor, spec *reconciling.Reconciling) []*Credential {
    95  	credentials := make([]*Credential, 0)
    96  
    97  	if spec.Credentials == nil || len(spec.Credentials) == 0 {
    98  		return credentials
    99  	}
   100  
   101  	for _, v := range spec.Credentials {
   102  		var us, ps, ssh *secret
   103  		if read.IsCrdSecret(v.Username, v.ExistingUsernameSecret) {
   104  			us = &secret{
   105  				Name: getSecretName(v.Name, user),
   106  				Key:  getSecretKey(user),
   107  			}
   108  		} else if read.IsExistentSecret(v.Username, v.ExistingUsernameSecret) {
   109  			us = &secret{
   110  				Name: v.ExistingUsernameSecret.Name,
   111  				Key:  v.ExistingUsernameSecret.Key,
   112  			}
   113  		}
   114  
   115  		if read.IsCrdSecret(v.Password, v.ExistingPasswordSecret) {
   116  			ps = &secret{
   117  				Name: getSecretName(v.Name, pw),
   118  				Key:  getSecretKey(pw),
   119  			}
   120  		} else if read.IsExistentSecret(v.Password, v.ExistingPasswordSecret) {
   121  			ps = &secret{
   122  				Name: v.ExistingPasswordSecret.Name,
   123  				Key:  v.ExistingPasswordSecret.Key,
   124  			}
   125  		}
   126  
   127  		if read.IsCrdSecret(v.Certificate, v.ExistingCertificateSecret) {
   128  			ssh = &secret{
   129  				Name: getSecretName(v.Name, cert),
   130  				Key:  getSecretKey(cert),
   131  			}
   132  		} else if read.IsExistentSecret(v.Certificate, v.ExistingCertificateSecret) {
   133  			ssh = &secret{
   134  				Name: v.ExistingCertificateSecret.Name,
   135  				Key:  v.ExistingCertificateSecret.Key,
   136  			}
   137  		}
   138  
   139  		cred := &Credential{
   140  			URL:                 v.URL,
   141  			UsernameSecret:      us,
   142  			PasswordSecret:      ps,
   143  			SSHPrivateKeySecret: ssh,
   144  		}
   145  		credentials = append(credentials, cred)
   146  	}
   147  
   148  	return credentials
   149  }