Merge pull request #259 from seans3/tls-secret
Kinflate add secret tls command.
This commit is contained in:
k8s-ci-robot
GitHub
commit
087c096eff
|
|
@ -75,6 +75,26 @@ func newCmdAddSecretGeneric(errOut io.Writer, fsys fs.FileSystem) *cobra.Command
|
||||||
return cmd
|
return cmd
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// NewCmdAddSecret returns a new Cobra command that wraps generic and tls secrets.
|
||||||
|
func NewCmdAddSecret(errOut io.Writer) *cobra.Command {
|
||||||
|
cmd := &cobra.Command{
|
||||||
|
Use: "secret",
|
||||||
|
Short: "Adds a secret using specified subcommand",
|
||||||
|
Example: `
|
||||||
|
# Adds a generic secret to the Manifest (with a specified key)
|
||||||
|
kinflate secret generic my-secret --from-file=my-key=file/path --from-literal=my-literal=12345
|
||||||
|
|
||||||
|
# Adds a TLS secret to the Manifest (with a specified key)
|
||||||
|
kinflate secret tls my-tls-secret --cert=cert/path.cert --key=key/path.key
|
||||||
|
`,
|
||||||
|
}
|
||||||
|
fsys := fs.MakeRealFS()
|
||||||
|
cmd.AddCommand(newCmdAddSecretGeneric(errOut, fsys))
|
||||||
|
cmd.AddCommand(newCmdAddSecretTLS(errOut, fsys))
|
||||||
|
|
||||||
|
return cmd
|
||||||
|
}
|
||||||
|
|
||||||
func addGenericSecret(m *manifest.Manifest, config dataConfig) error {
|
func addGenericSecret(m *manifest.Manifest, config dataConfig) error {
|
||||||
gs := getOrCreateGenericSecret(m, config.Name)
|
gs := getOrCreateGenericSecret(m, config.Name)
|
||||||
|
|
||||||
|
|
@ -130,7 +150,7 @@ func (a *addTLSSecret) Validate(args []string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// newCmdCreateSecretTLS is a macro command for creating secrets to work with Docker registries
|
// newCmdCreateSecretTLS is a macro command for creating secrets to work with Docker registries
|
||||||
func newCmdAddSecretTLS(errOut io.Writer) *cobra.Command {
|
func newCmdAddSecretTLS(errOut io.Writer, fsys fs.FileSystem) *cobra.Command {
|
||||||
var config addTLSSecret
|
var config addTLSSecret
|
||||||
cmd := &cobra.Command{
|
cmd := &cobra.Command{
|
||||||
Use: "tls NAME --cert=path/to/cert/file --key=path/to/key/file",
|
Use: "tls NAME --cert=path/to/cert/file --key=path/to/key/file",
|
||||||
|
|
@ -146,8 +166,18 @@ func newCmdAddSecretTLS(errOut io.Writer) *cobra.Command {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO(apelisse,droot): Do something with that config.
|
loader := kutil.ManifestLoader{FS: fsys}
|
||||||
return nil
|
m, err := loader.Read(constants.KubeManifestFileName)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
err = addTLSSecretToManifest(m, config)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return loader.Write(constants.KubeManifestFileName, m)
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -157,21 +187,35 @@ func newCmdAddSecretTLS(errOut io.Writer) *cobra.Command {
|
||||||
return cmd
|
return cmd
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewCmdAddSecret returns a new Cobra command that wraps generic and tls secrets.
|
// addTLSSecretToManifest appends the TLS secret to the manifest, or returns
|
||||||
func NewCmdAddSecret(errOut io.Writer) *cobra.Command {
|
// an error if the secret already exists.
|
||||||
cmd := &cobra.Command{
|
func addTLSSecretToManifest(m *manifest.Manifest, a addTLSSecret) error {
|
||||||
Use: "secret",
|
|
||||||
Short: "Adds a secret using specified subcommand",
|
|
||||||
Example: `
|
|
||||||
# Adds a generic secret to the Manifest (with a specified key)
|
|
||||||
kinflate secret generic my-secret --from-file=my-key=file/path --from-literal=my-literal=12345
|
|
||||||
|
|
||||||
# Adds a TLS secret to the Manifest (with a specified key)
|
if tlsSecretExists(m, a.Name) {
|
||||||
kinflate secret tls my-tls-secret --cert=cert/path.cert --key=key/path.key
|
return fmt.Errorf("TLS Secret already exists")
|
||||||
`,
|
|
||||||
}
|
}
|
||||||
cmd.AddCommand(newCmdAddSecretGeneric(errOut, fs.MakeRealFS()))
|
|
||||||
cmd.AddCommand(newCmdAddSecretTLS(errOut))
|
|
||||||
|
|
||||||
return cmd
|
tls := manifest.TLSSecret{
|
||||||
|
Name: a.Name,
|
||||||
|
CertFile: a.Cert,
|
||||||
|
KeyFile: a.Key,
|
||||||
|
}
|
||||||
|
m.TLSSecrets = append(m.TLSSecrets, tls)
|
||||||
|
|
||||||
|
// Validate manifest's TLS secret by creating a TLS secret.
|
||||||
|
_, _, err := configmapandsecret.MakeTLSSecretAndGenerateName(tls)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func tlsSecretExists(m *manifest.Manifest, name string) bool {
|
||||||
|
for _, s := range m.TLSSecrets {
|
||||||
|
if name == s.Name {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -31,34 +31,57 @@ func TestNewAddSecretIsNotNil(t *testing.T) {
|
||||||
func TestGetOrCreateGenericSecret(t *testing.T) {
|
func TestGetOrCreateGenericSecret(t *testing.T) {
|
||||||
gsName := "test-generic-secret"
|
gsName := "test-generic-secret"
|
||||||
|
|
||||||
manifest := &manifest.Manifest{
|
m := &manifest.Manifest{
|
||||||
NamePrefix: "test-name-prefix",
|
NamePrefix: "test-name-prefix",
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(manifest.GenericSecrets) != 0 {
|
if len(m.GenericSecrets) != 0 {
|
||||||
t.Fatal("Initial manifest should not have any genericsecrets")
|
t.Fatal("Initial manifest should not have any genericsecrets")
|
||||||
}
|
}
|
||||||
gs := getOrCreateGenericSecret(manifest, gsName)
|
|
||||||
|
|
||||||
|
gs := getOrCreateGenericSecret(m, gsName)
|
||||||
if gs == nil {
|
if gs == nil {
|
||||||
t.Fatalf("GenericSecret should always be non-nil")
|
t.Fatalf("GenericSecret should always be non-nil")
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(manifest.GenericSecrets) != 1 {
|
if len(m.GenericSecrets) != 1 {
|
||||||
t.Fatalf("Manifest should have newly created generic secret")
|
t.Fatalf("Manifest should have newly created generic secret")
|
||||||
}
|
}
|
||||||
|
|
||||||
if &manifest.GenericSecrets[len(manifest.GenericSecrets)-1] != gs {
|
if &m.GenericSecrets[len(m.GenericSecrets)-1] != gs {
|
||||||
t.Fatalf("Pointer address for newly inserted generic secret should be same")
|
t.Fatalf("Pointer address for newly inserted generic secret should be same")
|
||||||
}
|
}
|
||||||
|
|
||||||
existingGS := getOrCreateGenericSecret(manifest, gsName)
|
existingGS := getOrCreateGenericSecret(m, gsName)
|
||||||
|
|
||||||
if existingGS != gs {
|
if existingGS != gs {
|
||||||
t.Fatalf("should have returned an existing generic secret with name: %v", gsName)
|
t.Fatalf("should have returned an existing generic secret with name: %v", gsName)
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(manifest.GenericSecrets) != 1 {
|
if len(m.GenericSecrets) != 1 {
|
||||||
t.Fatalf("Should not insert generic secret for an existing name: %v", gsName)
|
t.Fatalf("Should not insert generic secret for an existing name: %v", gsName)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestTLSecretExists(t *testing.T) {
|
||||||
|
tlsName := "test-tls-secret"
|
||||||
|
|
||||||
|
m := &manifest.Manifest{
|
||||||
|
NamePrefix: "test-name-prefix",
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(m.TLSSecrets) != 0 {
|
||||||
|
t.Fatal("Initial manifest should not have any TLS secrets")
|
||||||
|
}
|
||||||
|
if tlsSecretExists(m, tlsName) {
|
||||||
|
t.Fatalf("TLS Secret should not exist in manifest")
|
||||||
|
}
|
||||||
|
|
||||||
|
m.TLSSecrets = append(m.TLSSecrets, manifest.TLSSecret{Name: tlsName})
|
||||||
|
|
||||||
|
if len(m.TLSSecrets) != 1 {
|
||||||
|
t.Fatal("Manifest should have one TLS secrets")
|
||||||
|
}
|
||||||
|
if !tlsSecretExists(m, tlsName) {
|
||||||
|
t.Fatalf("One TLS Secret should exist in manifest")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue