public SecretBuilder(SecretFluent<?> fluent,Secret instance,Boolean validationEnabled){ this.fluent = fluent; fluent.withApiVersion(instance.getApiVersion()); fluent.withData(instance.getData()); fluent.withKind(instance.getKind()); fluent.withMetadata(instance.getMetadata()); fluent.withStringData(instance.getStringData()); fluent.withType(instance.getType()); this.validationEnabled = validationEnabled; } public SecretBuilder(Secret instance){
static X509Certificate cert(Secret secret, String key) { if (secret == null || secret.getData() == null || secret.getData().get(key) == null) { return null; } Base64.Decoder decoder = Base64.getDecoder(); byte[] bytes = decoder.decode(secret.getData().get(key)); try { return x509Certificate(bytes); } catch (CertificateException e) { throw new RuntimeException("Certificate in data." + key.replace(".", "\\.") + " of Secret " + secret.getMetadata().getName(), e); } }
@Override Secret applyResource(Secret original, Secret current) { return client .secrets() .inNamespace(getNamespace()) .withName(current.getMetadata().getName()) .edit() .withMetadata(current.getMetadata()) .withData(current.getData()) .withStringData(current.getStringData()) .withType(current.getType()) .done(); }
private static EntityPatcher<Secret> secretPatcher() { return (KubernetesClient client, String namespace, Secret newObj, Secret oldObj) -> { if (UserConfigurationCompare.configEqual(newObj, oldObj)) { return oldObj; } DoneableSecret entity = client.secrets() .inNamespace(namespace) .withName(oldObj.getMetadata().getName()) .edit(); if (!UserConfigurationCompare.configEqual(newObj.getMetadata(), oldObj.getMetadata())) { entity.withMetadata(newObj.getMetadata()); } if(!UserConfigurationCompare.configEqual(newObj.getData(), oldObj.getData())) { entity.withData(newObj.getData()); } if(!UserConfigurationCompare.configEqual(newObj.getStringData(), oldObj.getStringData())) { entity.withStringData(newObj.getStringData()); } return entity.done(); }; }
/** * Find the first secret in the given secrets with the given name */ public static Secret findSecretWithName(List<Secret> secrets, String sname) { return secrets.stream().filter(s -> s.getMetadata().getName().equals(sname)).findFirst().orElse(null); }
public SecretBuilder(){ this(new Secret()); } public SecretBuilder( SecretFluent<?> fluent ){
throws IOException { final Secret secret = new Secret(); secret.setType("Opaque"); secret.setData(secretData); metadata.setName(SECRET_NAME); metadata.setLabels(normalizeLabels(labels)); secret.setMetadata(metadata);
public SecretBuilder(Secret instance,Boolean validationEnabled){ this.fluent = this; this.withApiVersion(instance.getApiVersion()); this.withData(instance.getData()); this.withKind(instance.getKind()); this.withMetadata(instance.getMetadata()); this.withStringData(instance.getStringData()); this.withType(instance.getType()); this.validationEnabled = validationEnabled; }
public String getServiceaccountToken(String name, String namespace) { return new String(Base64.getDecoder().decode(client.secrets().inNamespace(namespace).list().getItems().stream() .filter(secret -> secret.getMetadata().getName().contains(name + "-token")).collect(Collectors.toList()) .get(0).getData().get("token")), StandardCharsets.UTF_8); } }
private String serviceAccount(Secret secret) { return secret.getMetadata().getAnnotations().get(STYX_WORKFLOW_SA_ID_ANNOTATION); }
public SecretBuilder(Boolean validationEnabled){ this(new Secret(), validationEnabled); } public SecretBuilder(SecretFluent<?> fluent){
throws IOException { final Secret secret = new Secret(); secret.setType("Opaque"); secret.setData(secretData); metadata.setName(SECRET_NAME); metadata.setLabels(normalizeLabels(labels)); secret.setMetadata(metadata);
public SecretFluentImpl(Secret instance){ this.withApiVersion(instance.getApiVersion()); this.withData(instance.getData()); this.withKind(instance.getKind()); this.withMetadata(instance.getMetadata()); this.withStringData(instance.getStringData()); this.withType(instance.getType()); }
RenewalType renewalType = RenewalType.NOOP; if (caKeySecret == null || caKeySecret.getData().get(CA_KEY) == null) { reason = "CA key secret " + caKeySecretName + " is missing or lacking data." + CA_KEY.replace(".", "\\."); renewalType = RenewalType.CREATE; } else if (this.caCertSecret == null || this.caCertSecret.getData().get(CA_CRT) == null) { reason = "CA certificate secret " + caCertSecretName + " is missing or lacking data." + CA_CRT.replace(".", "\\."); renewalType = RenewalType.RENEW_CERT; } else if (this.caCertSecret.getMetadata() != null && Annotations.booleanAnnotation(this.caCertSecret, ANNO_STRIMZI_IO_FORCE_RENEW, false)) { reason = "CA certificate secret " + caCertSecretName + " is annotated with " + ANNO_STRIMZI_IO_FORCE_RENEW; renewalType = RenewalType.RENEW_CERT; } else if (this.caKeySecret.getMetadata() != null && Annotations.booleanAnnotation(this.caKeySecret, ANNO_STRIMZI_IO_FORCE_REPLACE, false)) { reason = "CA key secret " + caKeySecretName + " is annotated with " + ANNO_STRIMZI_IO_FORCE_REPLACE;
private String secretEpoch(Secret secret) { return secret.getMetadata().getAnnotations().get(STYX_WORKFLOW_SA_EPOCH_ANNOTATION); }
public SecretBuilder( SecretFluent<?> fluent ){ this(fluent, new Secret()); } public SecretBuilder( SecretFluent<?> fluent , Secret instance ){
public SecretBuilder( SecretFluent<?> fluent , Secret instance ){ this.fluent = fluent; fluent.withApiVersion(instance.getApiVersion()); fluent.withData(instance.getData()); fluent.withKind(instance.getKind()); fluent.withMetadata(instance.getMetadata()); fluent.withType(instance.getType()); } public SecretBuilder( Secret instance ){
/** * In Strimzi 0.6.0 the Secrets and keys used a different convention. * Here we adapt the keys in the {@code *-clients-ca} Secret to match what * 0.7.0 expects. */ public static Secret adapt060ClientsCaSecret(Secret clientsCaKey) { if (clientsCaKey != null && clientsCaKey.getData() != null) { String key = clientsCaKey.getData().get("clients-ca.key"); if (key != null) { clientsCaKey.getData().put("ca.key", key); } } return clientsCaKey; }