github.com/jenkins-x/test-infra@v0.0.7/prow/config/secrets_agent.go

github.com/jenkins-x/test-infra@v0.0.7/prow/config/secrets_agent.go (about)

     1  /*
     2  Copyright 2018 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package config
    18  
    19  // Implements an agent to read and reload the secrets.
    20  
    21  import (
    22  	"os"
    23  	"sync"
    24  	"time"
    25  
    26  	"github.com/sirupsen/logrus"
    27  )
    28  
    29  // SecretAgent watches a path and automatically loads the secrets stored.
    30  type SecretAgent struct {
    31  	sync.RWMutex
    32  	secretsMap map[string][]byte
    33  }
    34  
    35  // Start creates goroutines to monitor the files that contain the secret value.
    36  func (sa *SecretAgent) Start(paths []string) error {
    37  	secretsMap, err := LoadSecrets(paths)
    38  	if err != nil {
    39  		return err
    40  	}
    41  
    42  	sa.secretsMap = secretsMap
    43  
    44  	// Start one goroutine for each file to monitor and update the secret's values.
    45  	for secretPath := range secretsMap {
    46  		go sa.reloadSecret(secretPath)
    47  	}
    48  
    49  	return nil
    50  }
    51  
    52  // reloadSecret will begin polling the secret file at the path. If the first load
    53  // fails, Start with return the error and abort. Future load failures will log
    54  // the failure message but continue attempting to load.
    55  func (sa *SecretAgent) reloadSecret(secretPath string) {
    56  	var lastModTime time.Time
    57  	logger := logrus.NewEntry(logrus.StandardLogger())
    58  
    59  	skips := 0
    60  	for range time.Tick(1 * time.Second) {
    61  		if skips < 600 {
    62  			// Check if the file changed to see if it needs to be re-read.
    63  			secretStat, err := os.Stat(secretPath)
    64  			if err != nil {
    65  				logger.WithField("secret-path", secretPath).
    66  					WithError(err).Error("Error loading secret file.")
    67  				continue
    68  			}
    69  
    70  			recentModTime := secretStat.ModTime()
    71  			if !recentModTime.After(lastModTime) {
    72  				skips++
    73  				continue // file hasn't been modified
    74  			}
    75  			lastModTime = recentModTime
    76  		}
    77  
    78  		if secretValue, err := LoadSingleSecret(secretPath); err != nil {
    79  			logger.WithField("secret-path: ", secretPath).
    80  				WithError(err).Error("Error loading secret.")
    81  		} else {
    82  			sa.setSecret(secretPath, secretValue)
    83  		}
    84  	}
    85  }
    86  
    87  // GetSecret returns the value of a secret stored in a map.
    88  func (sa *SecretAgent) GetSecret(secretPath string) []byte {
    89  	sa.RLock()
    90  	defer sa.RUnlock()
    91  	return sa.secretsMap[secretPath]
    92  }
    93  
    94  // setSecret sets a value in a map of secrets.
    95  func (sa *SecretAgent) setSecret(secretPath string, secretValue []byte) {
    96  	sa.Lock()
    97  	defer sa.Unlock()
    98  	sa.secretsMap[secretPath] = secretValue
    99  }
   100  
   101  // GetTokenGenerator returns a function that gets the value of a given secret.
   102  func (sa *SecretAgent) GetTokenGenerator(secretPath string) func() []byte {
   103  	return func() []byte {
   104  		return sa.GetSecret(secretPath)
   105  	}
   106  }