github.com/olli-ai/jx/v2@v2.0.400-0.20210921045218-14731b4dd448/pkg/cloud/amazon/vault/vault_backend.go

github.com/olli-ai/jx/v2@v2.0.400-0.20210921045218-14731b4dd448/pkg/cloud/amazon/vault/vault_backend.go (about)

     1  package vault
     2  
     3  import (
     4  	"fmt"
     5  
     6  	v1 "k8s.io/api/core/v1"
     7  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
     8  	"k8s.io/client-go/kubernetes"
     9  )
    10  
    11  const (
    12  	awsServiceAccountSecretKey = "credentials"
    13  )
    14  
    15  // StoreAWSCredentialsIntoSecret stores AWS credentials into a secret
    16  func StoreAWSCredentialsIntoSecret(client kubernetes.Interface, awsAccessKeyID, awsSecretAccessKey, vaultName, namespace string) (string, error) {
    17  	credentialsFileContent := []byte(fmt.Sprintf(`[default]
    18  aws_access_key_id=%s
    19  aws_secret_access_key=%s
    20  `, awsAccessKeyID, awsSecretAccessKey))
    21  
    22  	secretName := AwsServiceAccountSecretName(vaultName)
    23  	secret := &v1.Secret{
    24  		ObjectMeta: metav1.ObjectMeta{
    25  			Name: secretName,
    26  		},
    27  		Data: map[string][]byte{
    28  			awsServiceAccountSecretKey: credentialsFileContent,
    29  		},
    30  	}
    31  
    32  	secrets := client.CoreV1().Secrets(namespace)
    33  	_, err := secrets.Get(secretName, metav1.GetOptions{})
    34  	if err != nil {
    35  		_, err = secrets.Create(secret)
    36  	} else {
    37  		_, err = secrets.Update(secret)
    38  	}
    39  	return secretName, nil
    40  }