Kinflate add secret tls command.

2018-02-06 11:30:32 -08:00 · 2018-02-06 11:30:32 -08:00 · 5e9c1e231d
parent c82e0c3564
commit 5e9c1e231d
2 changed files with 92 additions and 25 deletions
--- a/pkg/kinflate/commands/secret.go
+++ b/pkg/kinflate/commands/secret.go
@ -75,6 +75,26 @@ func newCmdAddSecretGeneric(errOut io.Writer, fsys fs.FileSystem) *cobra.Command
 	return cmd
 }

+// NewCmdAddSecret returns a new Cobra command that wraps generic and tls secrets.
+func NewCmdAddSecret(errOut io.Writer) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "secret",
+		Short: "Adds a secret using specified subcommand",
+		Example: `
+	# Adds a generic secret to the Manifest (with a specified key)
+	kinflate secret generic my-secret --from-file=my-key=file/path --from-literal=my-literal=12345
+
+	# Adds a TLS secret to the Manifest (with a specified key)
+	kinflate secret tls my-tls-secret --cert=cert/path.cert --key=key/path.key
+`,
+	}
+	fsys := fs.MakeRealFS()
+	cmd.AddCommand(newCmdAddSecretGeneric(errOut, fsys))
+	cmd.AddCommand(newCmdAddSecretTLS(errOut, fsys))
+
+	return cmd
+}
+
 func addGenericSecret(m *manifest.Manifest, config dataConfig) error {
 	gs := getOrCreateGenericSecret(m, config.Name)

@ -130,7 +150,7 @@ func (a *addTLSSecret) Validate(args []string) error {
 }

 // newCmdCreateSecretTLS is a macro command for creating secrets to work with Docker registries
-func newCmdAddSecretTLS(errOut io.Writer) *cobra.Command {
+func newCmdAddSecretTLS(errOut io.Writer, fsys fs.FileSystem) *cobra.Command {
 	var config addTLSSecret
 	cmd := &cobra.Command{
 		Use:   "tls NAME --cert=path/to/cert/file --key=path/to/key/file",
@ -146,8 +166,18 @@ func newCmdAddSecretTLS(errOut io.Writer) *cobra.Command {
 				return err
 			}

-			// TODO(apelisse,droot): Do something with that config.
-			return nil
+			loader := kutil.ManifestLoader{FS: fsys}
+			m, err := loader.Read(constants.KubeManifestFileName)
+			if err != nil {
+				return err
+			}
+
+			err = addTLSSecretToManifest(m, config)
+			if err != nil {
+				return err
+			}
+
+			return loader.Write(constants.KubeManifestFileName, m)
 		},
 	}

@ -157,21 +187,35 @@ func newCmdAddSecretTLS(errOut io.Writer) *cobra.Command {
 	return cmd
 }

-// NewCmdAddSecret returns a new Cobra command that wraps generic and tls secrets.
-func NewCmdAddSecret(errOut io.Writer) *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "secret",
-		Short: "Adds a secret using specified subcommand",
-		Example: `
-	# Adds a generic secret to the Manifest (with a specified key)
-	kinflate secret generic my-secret --from-file=my-key=file/path --from-literal=my-literal=12345
+// addTLSSecretToManifest appends the TLS secret to the manifest, or returns
+// an error if the secret already exists.
+func addTLSSecretToManifest(m *manifest.Manifest, a addTLSSecret) error {

-	# Adds a TLS secret to the Manifest (with a specified key)
-	kinflate secret tls my-tls-secret --cert=cert/path.cert --key=key/path.key
-`,
+	if tlsSecretExists(m, a.Name) {
+		return fmt.Errorf("TLS Secret already exists")
 	}
-	cmd.AddCommand(newCmdAddSecretGeneric(errOut, fs.MakeRealFS()))
-	cmd.AddCommand(newCmdAddSecretTLS(errOut))

-	return cmd
+	tls := manifest.TLSSecret{
+		Name:     a.Name,
+		CertFile: a.Cert,
+		KeyFile:  a.Key,
+	}
+	m.TLSSecrets = append(m.TLSSecrets, tls)
+
+	// Validate manifest's TLS secret by creating a TLS secret.
+	_, _, err := configmapandsecret.MakeTLSSecretAndGenerateName(tls)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func tlsSecretExists(m *manifest.Manifest, name string) bool {
+	for _, s := range m.TLSSecrets {
+		if name == s.Name {
+			return true
+		}
+	}
+	return false
 }
--- a/pkg/kinflate/commands/secret_test.go
+++ b/pkg/kinflate/commands/secret_test.go
@ -31,34 +31,57 @@ func TestNewAddSecretIsNotNil(t *testing.T) {
 func TestGetOrCreateGenericSecret(t *testing.T) {
 	gsName := "test-generic-secret"

-	manifest := &manifest.Manifest{
+	m := &manifest.Manifest{
 		NamePrefix: "test-name-prefix",
 	}

-	if len(manifest.GenericSecrets) != 0 {
+	if len(m.GenericSecrets) != 0 {
 		t.Fatal("Initial manifest should not have any genericsecrets")
 	}
-	gs := getOrCreateGenericSecret(manifest, gsName)

+	gs := getOrCreateGenericSecret(m, gsName)
 	if gs == nil {
 		t.Fatalf("GenericSecret should always be non-nil")
 	}

-	if len(manifest.GenericSecrets) != 1 {
+	if len(m.GenericSecrets) != 1 {
 		t.Fatalf("Manifest should have newly created generic secret")
 	}

-	if &manifest.GenericSecrets[len(manifest.GenericSecrets)-1] != gs {
+	if &m.GenericSecrets[len(m.GenericSecrets)-1] != gs {
 		t.Fatalf("Pointer address for newly inserted generic secret should be same")
 	}

-	existingGS := getOrCreateGenericSecret(manifest, gsName)
-
+	existingGS := getOrCreateGenericSecret(m, gsName)
 	if existingGS != gs {
 		t.Fatalf("should have returned an existing generic secret with name: %v", gsName)
 	}

-	if len(manifest.GenericSecrets) != 1 {
+	if len(m.GenericSecrets) != 1 {
 		t.Fatalf("Should not insert generic secret for an existing name: %v", gsName)
 	}
 }
+
+func TestTLSecretExists(t *testing.T) {
+	tlsName := "test-tls-secret"
+
+	m := &manifest.Manifest{
+		NamePrefix: "test-name-prefix",
+	}
+
+	if len(m.TLSSecrets) != 0 {
+		t.Fatal("Initial manifest should not have any TLS secrets")
+	}
+	if tlsSecretExists(m, tlsName) {
+		t.Fatalf("TLS Secret should not exist in manifest")
+	}
+
+	m.TLSSecrets = append(m.TLSSecrets, manifest.TLSSecret{Name: tlsName})
+
+	if len(m.TLSSecrets) != 1 {
+		t.Fatal("Manifest should have one TLS secrets")
+	}
+	if !tlsSecretExists(m, tlsName) {
+		t.Fatalf("One TLS Secret should exist in manifest")
+	}
+}