kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5858 from justinsb/mirror_secrets_using_api 

Mirror secrets using API
This commit is contained in:
k8s-ci-robot 2018-10-03 08:37:16 -07:00 committed by GitHub
parent 2e9dd64c68 e8dcd9cb10
commit f67d6e86b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 36 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
upup/pkg/fi/secrets/vfs_secretstore.go
View File

@ -50,11 +50,42 @@ func (c *VFSSecretStore) VFSPath() vfs.Path {
func (c *VFSSecretStore) MirrorTo(basedir vfs.Path) error {
if basedir.Path() == c.basedir.Path() {
glog.V(2).Infof("Skipping mirror of secret store from %q to %q (same path)", c.basedir, basedir)
return nil
}
glog.V(2).Infof("Mirroring secret store from %q to %q", c.basedir, basedir)
return vfs.CopyTree(c.basedir, basedir, func(p vfs.Path) (vfs.ACL, error) { return acls.GetACL(p, c.cluster) })
secrets, err := c.ListSecrets()
if err != nil {
return fmt.Errorf("error listing secrets for mirror: %v", err)
}
for _, name := range secrets {
secret, err := c.FindSecret(name)
if err != nil {
return fmt.Errorf("error reading secret %q for mirror: %v", name, err)
}
if secret == nil {
return fmt.Errorf("unable to find secret %q for mirror", name)
}
p := BuildVfsSecretPath(basedir, name)
acl, err := acls.GetACL(p, c.cluster)
if err != nil {
return fmt.Errorf("error building acl for secret %q for mirror: %v", name, err)
}
glog.Infof("mirroring secret %s -> %s", name, p)
err = createSecret(secret, p, acl, true)
if err != nil {
return fmt.Errorf("error writing secret %q for mirror: %v", name, err)
}
}
return nil
}
func BuildVfsSecretPath(basedir vfs.Path, name string) vfs.Path {
@ -122,7 +153,7 @@ func (c *VFSSecretStore) GetOrCreateSecret(id string, secret *fi.Secret) (*fi.Se
return nil, false, err
}
err = c.createSecret(secret, p, acl, false)
err = createSecret(secret, p, acl, false)
if err != nil {
if os.IsExist(err) && i == 0 {
glog.Infof("Got already-exists error when writing secret; likely due to concurrent creation. Will retry")
@ -154,7 +185,7 @@ func (c *VFSSecretStore) ReplaceSecret(id string, secret *fi.Secret) (*fi.Secret
return nil, err
}
err = c.createSecret(secret, p, acl, true)
err = createSecret(secret, p, acl, true)
if err != nil {
return nil, fmt.Errorf("unable to write secret: %v", err)
}
@ -183,7 +214,7 @@ func (c *VFSSecretStore) loadSecret(p vfs.Path) (*fi.Secret, error) {
}
// createSecret will create the Secret, overwriting an existing secret if replace is true
func (c *VFSSecretStore) createSecret(s *fi.Secret, p vfs.Path, acl vfs.ACL, replace bool) error {
func createSecret(s *fi.Secret, p vfs.Path, acl vfs.ACL, replace bool) error {
data, err := json.Marshal(s)
if err != nil {
return fmt.Errorf("error serializing secret: %v", err)

1
upup/pkg/fi/vfs_castore.go
View File

@ -631,6 +631,7 @@ func (c *VFSCAStore) ListSSHCredentials() ([]*kops.SSHCredential, error) {
// MirrorTo will copy keys to a vfs.Path, which is often easier for a machine to read
func (c *VFSCAStore) MirrorTo(basedir vfs.Path) error {
if basedir.Path() == c.basedir.Path() {
glog.V(2).Infof("Skipping key store mirror from %q to %q (same paths)", c.basedir, basedir)
return nil
}
glog.V(2).Infof("Mirroring key store from %q to %q", c.basedir, basedir)