annotations.put(AbstractKubernetesBasedManager.GENERATED_ANNOTATION, ZonedDateTime.now().format(DateTimeFormatter.ISO_INSTANT)); Secret topicSecret = new SecretBuilder().withNewMetadata() .withName(secretName) .withLabels(labels) .withAnnotations(annotations) .endMetadata() .withStringData(secretMap) .build();
.withName(endpointInfo.getCertSpec().getSecretName()) .withNamespace(namespace) .addToLabels(LabelKeys.INFRA_UUID, addressSpace.getAnnotation(AnnotationKeys.INFRA_UUID)) .addToLabels(LabelKeys.INFRA_TYPE, addressSpace.getSpec().getType()) .addToLabels("app", "enmasse") .endMetadata() .withType("kubernetes.io/tls") .withData(data)
protected static Secret forceReplacement(Secret caCert, Secret caKey, String key) { if (caCert != null && caKey != null && caKey.getData() != null && caKey.getData().containsKey(key)) { caKey = new SecretBuilder(caKey).editMetadata().addToAnnotations(ANNO_STRIMZI_IO_FORCE_REPLACE, "true").endMetadata().build(); } return caKey; }
SecretBuilder secretBuilder = new SecretBuilder() .editOrNewMetadata() .withName(getKeycloakCredentialsSecretName(env)) .addToLabels("app", "enmasse") .endMetadata() .addToData("admin.username", b64enc.encodeToString(adminUser)) .addToData("admin.password", b64enc.encodeToString(adminPassword))
.withName(name) .addToAnnotations(deploymentData.getAnnotations()) .addToLabels(deploymentData.getLabels()) .endMetadata() .withStringData(deploymentData.getSecret()) .build();
builder.addNewSecretItem() .withNewMetadata() .withName(pullSecretName) .endMetadata() .withData(data) .withType("kubernetes.io/dockerconfigjson")
.withName(secretName) .withAnnotations(annotations) .endMetadata() .withData(keys) .build();
secret = new SecretBuilder() .withNewMetadata() .withName(secretName) .endMetadata() .withType(KUBERNETES_DOCKERCFG) .withData(ImmutableMap.of(".dockercfg", base64encoded))
Secret secret = new SecretBuilder() .withNewMetadata() .withName(secretName) .withNamespace(kubernetesNamespace) .endMetadata() .withData(data) .withType("kubernetes.io/dockercfg")
.withName(name) .endMetadata() .withData(data) .done();
@Override public void provideCert(AddressSpace addressSpace, EndpointInfo endpointInfo) { Secret secret = client.secrets().inNamespace(namespace).withName(endpointInfo.getCertSpec().getSecretName()).get(); if (secret == null) { Secret wildcardSecret = null; if (wildcardSecretName != null) { wildcardSecret = client .secrets().withName(wildcardSecretName).get(); } if (wildcardSecret == null) { String message = String.format("Requested 'wildcard' certificate provider but no secret '%s' found", wildcardSecretName); throw new IllegalStateException(message); } log.info("Copying wildcard certificate for {}", endpointInfo.getServiceName()); Map<String, String> data = new LinkedHashMap<>(); data.put("tls.key", wildcardSecret.getData().get("tls.key")); data.put("tls.crt", wildcardSecret.getData().get("tls.crt")); client.secrets().inNamespace(namespace).createNew() .editOrNewMetadata() .withName(endpointInfo.getCertSpec().getSecretName()) .endMetadata() .withType("kubernetes.io/tls") .addToData(data) .done(); } } }
private Map.Entry<String, String> allocateUser(HasMetadata deployment) { Secret usernamePoolSecret = kubeClient().secrets().withName(usernamePoolSecretName).get(); Secret consumedUsersSecret = kubeClient().secrets().withName(consumedUsersSecretName).get(); Map<String, String> usernamePool = decodeMap(usernamePoolSecret.getData().get("username-pool")); Collection<String> consumedUsernames = decodeList(consumedUsersSecret.getData().get("consumed-usernames")); // How much of the pool is used userPoolAvailable = ((usernamePool.size() - consumedUsernames.size()) * 100) / usernamePool.size(); // Remove all consumed usernames consumedUsernames.forEach(k -> usernamePool.remove(k)); if (usernamePool.isEmpty()) { throw new IllegalStateException("Username pool is exhausted. Please check Secret " + usernamePoolSecretName + " and " + consumedUsersSecretName); } // Take first element Map.Entry<String, String> pair = usernamePool.entrySet().iterator().next(); consumedUsernames.add(pair.getKey()); Secret updatedSecret = new SecretBuilder() .withNewMetadata() .withAnnotations(consumedUsersSecret.getMetadata().getAnnotations()) .withLabels(consumedUsersSecret.getMetadata().getLabels()) .withName(consumedUsersSecret.getMetadata().getName()) .endMetadata() .withData(null) .withStringData(Collections.singletonMap("consumed-usernames", consumedUsernames.stream().collect(Collectors.joining("\n")))).build(); // TODO handle failure case kubeClient().secrets().createOrReplace(updatedSecret); return pair; }
static void upsertSecret(AccountDeploymentDetails<KubernetesAccount> details, Set<Pair<File, String>> files, String secretName, String namespace) { KubernetesClient client = getClient(details); if (client.secrets().inNamespace(namespace).withName(secretName).get() != null) { client.secrets().inNamespace(namespace).withName(secretName).delete(); } Map<String, String> secretContents = new HashMap<>(); files.forEach(pair -> { try { File file = pair.getLeft(); String name = pair.getRight(); String data = new String(Base64.getEncoder().encode(IOUtils.toByteArray(new FileInputStream(file)))); secretContents.putIfAbsent(name, data); } catch (IOException e) { throw new HalException(Severity.ERROR, "Unable to read contents of \"" + pair.getLeft() + "\": " + e); } }); SecretBuilder secretBuilder = new SecretBuilder(); secretBuilder = secretBuilder.withNewMetadata() .withName(secretName) .withNamespace(namespace) .endMetadata() .withData(secretContents); client.secrets().inNamespace(namespace).create(secretBuilder.build()); }
static void upsertSecret(AccountDeploymentDetails<KubernetesAccount> details, Set<Pair<File, String>> files, String secretName, String namespace) { KubernetesClient client = getClient(details); if (client.secrets().inNamespace(namespace).withName(secretName).get() != null) { client.secrets().inNamespace(namespace).withName(secretName).delete(); } Map<String, String> secretContents = new HashMap<>(); files.forEach(pair -> { try { File file = pair.getLeft(); String name = pair.getRight(); String data = new String(Base64.getEncoder().encode(IOUtils.toByteArray(new FileInputStream(file)))); secretContents.putIfAbsent(name, data); } catch (IOException e) { throw new HalException(Severity.ERROR, "Unable to read contents of \"" + pair.getLeft() + "\": " + e); } }); SecretBuilder secretBuilder = new SecretBuilder(); secretBuilder = secretBuilder.withNewMetadata() .withName(secretName) .withNamespace(namespace) .endMetadata() .withData(secretContents); client.secrets().inNamespace(namespace).create(secretBuilder.build()); }
/** * Create a Kubernetes secret containing the provided secret data section * * @param namespace Namespace * @param name Secret name * @param data Map with secret data / files * @param labels Labels to add to the Secret * @param annotations annotations to add to the Secret * @param ownerReference owner of the Secret * @return the Secret */ public Secret createSecret(String namespace, String name, Map<String, String> data, Map<String, String> labels, Map<String, String> annotations, OwnerReference ownerReference) { List<OwnerReference> or = ownerReference != null ? singletonList(ownerReference) : emptyList(); Secret secret = new SecretBuilder() .withNewMetadata() .withName(name) .withNamespace(namespace) .withLabels(labels) .withAnnotations(annotations) .withOwnerReferences(or) .endMetadata() .withData(data) .build(); return secret; }
@Override public Secret createSecret(Cert cert, Secret caSecret, Map<String, String> labels) { try { Map<String, String> data = new LinkedHashMap<>(); Base64.Encoder encoder = Base64.getEncoder(); data.put("tls.key", encoder.encodeToString(FileUtils.readFileToByteArray(cert.getKeyFile()))); data.put("tls.crt", encoder.encodeToString(FileUtils.readFileToByteArray(cert.getCertFile()))); data.put("ca.crt", caSecret.getData().get("tls.crt")); return client.secrets().inNamespace(namespace).createNew() .editOrNewMetadata() .withName(cert.getComponent().getSecretName()) .withLabels(labels) .endMetadata() .withType("kubernetes.io/tls") .addToData(data) .done(); } catch (IOException e) { throw new UncheckedIOException(e); } }
private Secret createSecretFromCertAndKeyFiles(final String secretName, final Map<String, String> secretLabels, final String keyKey, final String certKey, final File keyFile, final File certFile, final OpenShiftClient client) throws IOException { Map<String, String> data = new LinkedHashMap<>(); Base64.Encoder encoder = Base64.getEncoder(); data.put(keyKey, encoder.encodeToString(FileUtils.readFileToByteArray(keyFile))); data.put(certKey, encoder.encodeToString(FileUtils.readFileToByteArray(certFile))); return client.secrets().inNamespace(namespace).withName(secretName).createOrReplaceWithNew() .editOrNewMetadata() .withName(secretName) .withLabels(secretLabels) .endMetadata() .addToData(data) .done(); }
public static Secret createSecret(String name, String namespace, Labels labels, OwnerReference ownerReference, Map<String, String> data) { if (ownerReference == null) { return new SecretBuilder() .withNewMetadata() .withName(name) .withNamespace(namespace) .withLabels(labels.toMap()) .endMetadata() .withData(data).build(); } else { return new SecretBuilder() .withNewMetadata() .withName(name) .withOwnerReferences(ownerReference) .withNamespace(namespace) .withLabels(labels.toMap()) .endMetadata() .withData(data).build(); } }
private boolean updateSecret(OpenShiftClient client, String pullSecretName, Map<String, String> data) { if (!Objects.equals(data, client.secrets().withName(pullSecretName).get().getData())) { client.secrets().withName(pullSecretName).edit() .editMetadata() .withName(pullSecretName) .endMetadata() .withData(data) .withType("kubernetes.io/dockerconfigjson") .done(); log.info("Updating Secret %s", pullSecretName); } else { log.info("Using Secret %s", pullSecretName); } return true; }
private void generate(SecretModel secretModel) throws KubernetesPluginException { Secret secret = new SecretBuilder() .withNewMetadata() .withNamespace(dataHolder.getNamespace()) .withName(secretModel.getName()) .endMetadata() .withData(secretModel.getData()) .build(); try { String secretContent = SerializationUtils.dumpWithoutRuntimeStateAsYaml(secret); KubernetesUtils.writeToFile(secretContent, SECRET_FILE_POSTFIX + YAML); } catch (IOException e) { String errorMessage = "Error while generating yaml file for secret: " + secretModel.getName(); throw new KubernetesPluginException(errorMessage, e); } }