github.com/munnerz/test-infra@v0.0.0-20190108210205-ce3d181dc989/prow/config/secret/agent.go (about)

     1  /*
     2  Copyright 2018 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  // Package secret implements an agent to read and reload the secrets.
    18  package secret
    19  
    20  import (
    21  	"os"
    22  	"sync"
    23  	"time"
    24  
    25  	"github.com/sirupsen/logrus"
    26  )
    27  
    28  // Agent watches a path and automatically loads the secrets stored.
    29  type Agent struct {
    30  	sync.RWMutex
    31  	secretsMap map[string][]byte
    32  }
    33  
    34  // Start creates goroutines to monitor the files that contain the secret value.
    35  func (a *Agent) Start(paths []string) error {
    36  	secretsMap, err := LoadSecrets(paths)
    37  	if err != nil {
    38  		return err
    39  	}
    40  
    41  	a.secretsMap = secretsMap
    42  
    43  	// Start one goroutine for each file to monitor and update the secret's values.
    44  	for secretPath := range secretsMap {
    45  		go a.reloadSecret(secretPath)
    46  	}
    47  
    48  	return nil
    49  }
    50  
    51  // reloadSecret will begin polling the secret file at the path. If the first load
    52  // fails, Start with return the error and abort. Future load failures will log
    53  // the failure message but continue attempting to load.
    54  func (a *Agent) reloadSecret(secretPath string) {
    55  	var lastModTime time.Time
    56  	logger := logrus.NewEntry(logrus.StandardLogger())
    57  
    58  	skips := 0
    59  	for range time.Tick(1 * time.Second) {
    60  		if skips < 600 {
    61  			// Check if the file changed to see if it needs to be re-read.
    62  			secretStat, err := os.Stat(secretPath)
    63  			if err != nil {
    64  				logger.WithField("secret-path", secretPath).
    65  					WithError(err).Error("Error loading secret file.")
    66  				continue
    67  			}
    68  
    69  			recentModTime := secretStat.ModTime()
    70  			if !recentModTime.After(lastModTime) {
    71  				skips++
    72  				continue // file hasn't been modified
    73  			}
    74  			lastModTime = recentModTime
    75  		}
    76  
    77  		if secretValue, err := LoadSingleSecret(secretPath); err != nil {
    78  			logger.WithField("secret-path: ", secretPath).
    79  				WithError(err).Error("Error loading secret.")
    80  		} else {
    81  			a.setSecret(secretPath, secretValue)
    82  		}
    83  	}
    84  }
    85  
    86  // GetSecret returns the value of a secret stored in a map.
    87  func (a *Agent) GetSecret(secretPath string) []byte {
    88  	a.RLock()
    89  	defer a.RUnlock()
    90  	return a.secretsMap[secretPath]
    91  }
    92  
    93  // setSecret sets a value in a map of secrets.
    94  func (a *Agent) setSecret(secretPath string, secretValue []byte) {
    95  	a.Lock()
    96  	defer a.Unlock()
    97  	a.secretsMap[secretPath] = secretValue
    98  }
    99  
   100  // GetTokenGenerator returns a function that gets the value of a given secret.
   101  func (a *Agent) GetTokenGenerator(secretPath string) func() []byte {
   102  	return func() []byte {
   103  		return a.GetSecret(secretPath)
   104  	}
   105  }