go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/_motor/discovery/k8s/creds_store.go

go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/_motor/discovery/k8s/creds_store.go (about)

     1  // Copyright (c) Mondoo, Inc.
     2  // SPDX-License-Identifier: BUSL-1.1
     3  
     4  package k8s
     5  
     6  import (
     7  	"fmt"
     8  
     9  	"github.com/rs/zerolog/log"
    10  	"go.mondoo.com/cnquery/motor/providers/k8s"
    11  	v1 "k8s.io/api/core/v1"
    12  )
    13  
    14  type cacheEntry struct {
    15  	secret *v1.Secret
    16  	err    error
    17  }
    18  
    19  type credsStore struct {
    20  	provider k8s.KubernetesProvider
    21  	cache    map[string]cacheEntry
    22  }
    23  
    24  func NewCredsStore(p k8s.KubernetesProvider) *credsStore {
    25  	return &credsStore{
    26  		provider: p,
    27  		cache:    make(map[string]cacheEntry),
    28  	}
    29  }
    30  
    31  // Get retrieves the secret with the provided namespace and name. The value is retrieved
    32  // once and is cached. All consecutive calls will retrieve the cached value. Note that the
    33  // implementation is not thread-safe.
    34  func (c *credsStore) Get(namespace, name string) (*v1.Secret, error) {
    35  	key := credsStoreKey(namespace, name)
    36  	if s, ok := c.cache[key]; ok {
    37  		return s.secret, s.err
    38  	}
    39  
    40  	s, err := c.provider.Secret(namespace, name)
    41  	// We log the warning here to make sure we don't log the same message for every pod that uses
    42  	// the same pull secret.
    43  	if err != nil {
    44  		log.Warn().Msgf(
    45  			"cannot read image pull secret %s/%s from cluster. Image pulling might now work", namespace, name)
    46  	}
    47  	c.cache[key] = cacheEntry{secret: s, err: err}
    48  	return s, err
    49  }
    50  
    51  func credsStoreKey(namespace, name string) string {
    52  	return fmt.Sprintf("%s:%s", namespace, name)
    53  }