github.com/redhat-appstudio/e2e-tests@v0.0.0-20230619105049-9a422b2094d7/pkg/utils/common/secret.go

github.com/redhat-appstudio/e2e-tests@v0.0.0-20230619105049-9a422b2094d7/pkg/utils/common/secret.go (about)

     1  package common
     2  
     3  import (
     4  	"context"
     5  	"encoding/base64"
     6  	"errors"
     7  	"time"
     8  
     9  	. "github.com/redhat-appstudio/e2e-tests/pkg/constants"
    10  	"github.com/redhat-appstudio/e2e-tests/pkg/utils"
    11  	corev1 "k8s.io/api/core/v1"
    12  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    13  	"k8s.io/apimachinery/pkg/util/wait"
    14  )
    15  
    16  // Creates a new secret in a specified namespace
    17  func (s *SuiteController) CreateSecret(ns string, secret *corev1.Secret) (*corev1.Secret, error) {
    18  	return s.KubeInterface().CoreV1().Secrets(ns).Create(context.TODO(), secret, metav1.CreateOptions{})
    19  }
    20  
    21  // Check if a secret exists, return secret and error
    22  func (s *SuiteController) GetSecret(ns string, name string) (*corev1.Secret, error) {
    23  	return s.KubeInterface().CoreV1().Secrets(ns).Get(context.TODO(), name, metav1.GetOptions{})
    24  }
    25  
    26  // Deleted a secret in a specified namespace
    27  func (s *SuiteController) DeleteSecret(ns string, name string) error {
    28  	return s.KubeInterface().CoreV1().Secrets(ns).Delete(context.TODO(), name, metav1.DeleteOptions{})
    29  }
    30  
    31  // Links a secret to a specified serviceaccount, if argument addImagePullSecrets is true secret will be added also to ImagePullSecrets of SA.
    32  func (s *SuiteController) LinkSecretToServiceAccount(ns, secret, serviceaccount string, addImagePullSecrets bool) error {
    33  	timeout := 20 * time.Second
    34  	return wait.PollImmediate(time.Second, timeout, func() (bool, error) {
    35  		serviceAccountObject, err := s.KubeInterface().CoreV1().ServiceAccounts(ns).Get(context.TODO(), serviceaccount, metav1.GetOptions{})
    36  		if err != nil {
    37  			return false, err
    38  		}
    39  		for _, credentialSecret := range serviceAccountObject.Secrets {
    40  			if credentialSecret.Name == secret {
    41  				// The secret is present in the service account, no updates needed
    42  				return true, nil
    43  			}
    44  		}
    45  		serviceAccountObject.Secrets = append(serviceAccountObject.Secrets, corev1.ObjectReference{Name: secret})
    46  		if addImagePullSecrets {
    47  			serviceAccountObject.ImagePullSecrets = append(serviceAccountObject.ImagePullSecrets, corev1.LocalObjectReference{Name: secret})
    48  		}
    49  		_, err = s.KubeInterface().CoreV1().ServiceAccounts(ns).Update(context.TODO(), serviceAccountObject, metav1.UpdateOptions{})
    50  		if err != nil {
    51  			return false, nil
    52  		}
    53  		return true, nil
    54  	})
    55  }
    56  
    57  // UnlinkSecretFromServiceAcocount unlinks secret from service account
    58  func (s *SuiteController) UnlinkSecretFromServiceAccount(namespace, secretName, serviceAccount string, rmImagePullSecrets bool) error {
    59  	serviceAccountObject, err := s.KubeInterface().CoreV1().ServiceAccounts(namespace).Get(context.TODO(), serviceAccount, metav1.GetOptions{})
    60  	if err != nil {
    61  		return err
    62  	}
    63  
    64  	for index, secret := range serviceAccountObject.Secrets {
    65  		if secret.Name == secretName {
    66  			serviceAccountObject.Secrets = append(serviceAccountObject.Secrets[:index], serviceAccountObject.Secrets[index+1:]...)
    67  			break
    68  		}
    69  	}
    70  
    71  	if rmImagePullSecrets {
    72  		for index, secret := range serviceAccountObject.ImagePullSecrets {
    73  			if secret.Name == secretName {
    74  				serviceAccountObject.ImagePullSecrets = append(serviceAccountObject.ImagePullSecrets[:index], serviceAccountObject.ImagePullSecrets[index+1:]...)
    75  				break
    76  			}
    77  		}
    78  	}
    79  	_, err = s.KubeInterface().CoreV1().ServiceAccounts(namespace).Update(context.TODO(), serviceAccountObject, metav1.UpdateOptions{})
    80  	if err != nil {
    81  		return err
    82  	}
    83  
    84  	return nil
    85  }
    86  
    87  // CreateRegistryAuthSecret create a docker registry secret in a given ns
    88  func (s *SuiteController) CreateRegistryAuthSecret(secretName, namespace, secretStringData string) (*corev1.Secret, error) {
    89  	rawDecodedTextStringData, err := base64.StdEncoding.DecodeString(secretStringData)
    90  	if err != nil {
    91  		return nil, err
    92  	}
    93  
    94  	secret := &corev1.Secret{
    95  		ObjectMeta: metav1.ObjectMeta{
    96  			Name:      secretName,
    97  			Namespace: namespace,
    98  		},
    99  		Type:       corev1.SecretTypeDockerConfigJson,
   100  		StringData: map[string]string{corev1.DockerConfigJsonKey: string(rawDecodedTextStringData)},
   101  	}
   102  	er := s.KubeRest().Create(context.TODO(), secret)
   103  	if er != nil {
   104  		return nil, er
   105  	}
   106  	return secret, nil
   107  }
   108  
   109  // AddRegistryAuthSecretToSA adds registry auth secret to service account
   110  func (s *SuiteController) AddRegistryAuthSecretToSA(registryAuth, namespace string) error {
   111  	quayToken := utils.GetEnv(registryAuth, "")
   112  	if quayToken == "" {
   113  		return errors.New("Failed to get registry auth secret")
   114  	}
   115  
   116  	_, err := s.CreateRegistryAuthSecret(RegistryAuthSecretName, namespace, quayToken)
   117  	if err != nil {
   118  		return err
   119  	}
   120  
   121  	err = s.LinkSecretToServiceAccount(namespace, RegistryAuthSecretName, DefaultPipelineServiceAccount, true)
   122  	if err != nil {
   123  		return err
   124  	}
   125  
   126  	return nil
   127  }