Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

code cleanup for consistency #546

Merged
merged 1 commit into from
Oct 17, 2023
Merged

code cleanup for consistency #546

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
142 changes: 91 additions & 51 deletions api/models/secret.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ func BuildSecrets(secretList []corev1.Secret, secretProviderClassList []secretss
secrets = append(secrets, getSecretsForVolumeMounts(secretList, rd)...)
secrets = append(secrets, getSecretsForAuthentication(secretList, rd)...)
secrets = append(secrets, getSecretsForSecretRefs(secretList, secretProviderClassList, rd)...)

return secrets
}

Expand All @@ -49,17 +50,15 @@ func getSecretsForDeployment(secretList []corev1.Secret, rd *radixv1.RadixDeploy
componentSecretsMap := make(map[string]map[string]bool)
for _, component := range rd.Spec.Components {
secrets := getSecretsForComponent(&component)
if len(secrets) <= 0 {
continue
if len(secrets) > 0 {
componentSecretsMap[component.Name] = secrets
}
componentSecretsMap[component.Name] = secrets
}
for _, job := range rd.Spec.Jobs {
secrets := getSecretsForComponent(&job)
if len(secrets) <= 0 {
continue
if len(secrets) > 0 {
componentSecretsMap[job.Name] = secrets
}
componentSecretsMap[job.Name] = secrets
}

var secretDTOsMap []secretModels.Secret
Expand All @@ -69,8 +68,13 @@ func getSecretsForDeployment(secretList []corev1.Secret, rd *radixv1.RadixDeploy
if !ok {
// Mark secrets as Pending (exist in config, does not exist in cluster) due to no secret object in the cluster
for secretName := range secretNamesMap {
secretDTO := secretModels.Secret{Name: secretName, DisplayName: secretName, Component: componentName, Status: secretModels.Pending.String(), Type: secretModels.SecretTypeGeneric}
secretDTOsMap = append(secretDTOsMap, secretDTO)
secretDTOsMap = append(secretDTOsMap, secretModels.Secret{
Name: secretName,
DisplayName: secretName,
Type: secretModels.SecretTypeGeneric,
Component: componentName,
Status: secretModels.Pending.String(),
})
}
continue
}
Expand All @@ -81,20 +85,26 @@ func getSecretsForDeployment(secretList []corev1.Secret, rd *radixv1.RadixDeploy
if _, exists := clusterSecretEntriesMap[secretName]; !exists {
status = secretModels.Pending.String()
}
secretDTO := secretModels.Secret{Name: secretName, DisplayName: secretName, Component: componentName, Status: status, Type: secretModels.SecretTypeGeneric}
secretDTOsMap = append(secretDTOsMap, secretDTO)

secretDTOsMap = append(secretDTOsMap, secretModels.Secret{
Name: secretName,
DisplayName: secretName,
Type: secretModels.SecretTypeGeneric,
Component: componentName,
Status: status,
})
}
}

return secretDTOsMap
}

func getSecretsForTLSCertificates(secretList []corev1.Secret, rd *radixv1.RadixDeployment, tlsValidator tlsvalidator.TLSSecretValidator) []secretModels.Secret {
var secrets []secretModels.Secret
if tlsValidator == nil {
tlsValidator = tlsvalidator.DefaultValidator()
}

var secrets []secretModels.Secret
for _, component := range rd.Spec.Components {
for _, externalAlias := range component.DNSExternalAlias {
var certData, keyData []byte
Expand Down Expand Up @@ -141,23 +151,23 @@ func getSecretsForTLSCertificates(secretList []corev1.Secret, rd *radixv1.RadixD
secretModels.Secret{
Name: externalAlias + suffix.ExternalDNSTLSCert,
DisplayName: "Certificate",
Resource: externalAlias,
Type: secretModels.SecretTypeClientCert,
Resource: externalAlias,
ID: secretModels.SecretIdCert,
Component: component.GetName(),
Status: certStatus.String(),
ID: secretModels.SecretIdCert,
StatusMessages: certStatusMessages,
TLSCertificates: tlsCerts,
},
secretModels.Secret{
Name: externalAlias + suffix.ExternalDNSTLSKey,
DisplayName: "Key",
Resource: externalAlias,
Type: secretModels.SecretTypeClientCert,
Resource: externalAlias,
Component: component.GetName(),
ID: secretModels.SecretIdKey,
Status: keyStatus.String(),
StatusMessages: keyStatusMessages,
ID: secretModels.SecretIdKey,
},
)
}
Expand All @@ -174,6 +184,7 @@ func getSecretsForVolumeMounts(secretList []corev1.Secret, rd *radixv1.RadixDepl
for _, job := range rd.Spec.Jobs {
secrets = append(secrets, getCredentialSecretsForBlobVolumes(secretList, &job)...)
}

return secrets
}

Expand All @@ -184,14 +195,13 @@ func getCredentialSecretsForBlobVolumes(secretList []corev1.Secret, component ra
switch volumeMountType {
case radixv1.MountTypeBlob:
accountKeySecret, accountNameSecret := getBlobFuseSecrets(secretList, component, volumeMount)
secrets = append(secrets, accountKeySecret)
secrets = append(secrets, accountNameSecret)
secrets = append(secrets, accountKeySecret, accountNameSecret)
case radixv1.MountTypeBlobFuse2FuseCsiAzure, radixv1.MountTypeBlobFuse2Fuse2CsiAzure, radixv1.MountTypeBlobFuse2NfsCsiAzure, radixv1.MountTypeAzureFileCsiAzure:
accountKeySecret, accountNameSecret := getCsiAzureSecrets(secretList, component, volumeMount)
secrets = append(secrets, accountKeySecret)
secrets = append(secrets, accountNameSecret)
secrets = append(secrets, accountKeySecret, accountNameSecret)
}
}

return secrets
}

Expand All @@ -203,7 +213,8 @@ func getBlobFuseSecrets(secretList []corev1.Secret, component radixv1.RadixCommo
defaults.BlobFuseCredsAccountKeyPart,
defaults.BlobFuseCredsAccountNamePartSuffix,
defaults.BlobFuseCredsAccountKeyPartSuffix,
secretModels.SecretTypeAzureBlobFuseVolume)
secretModels.SecretTypeAzureBlobFuseVolume,
)
}

func getCsiAzureSecrets(secretList []corev1.Secret, component radixv1.RadixCommonDeployComponent, volumeMount radixv1.RadixVolumeMount) (secretModels.Secret, secretModels.Secret) {
Expand All @@ -214,7 +225,8 @@ func getCsiAzureSecrets(secretList []corev1.Secret, component radixv1.RadixCommo
defaults.CsiAzureCredsAccountKeyPart,
defaults.CsiAzureCredsAccountNamePartSuffix,
defaults.CsiAzureCredsAccountKeyPartSuffix,
secretModels.SecretTypeCsiAzureBlobVolume)
secretModels.SecretTypeCsiAzureBlobVolume,
)
}

func getAzureVolumeMountSecrets(secretList []corev1.Secret, component radixv1.RadixCommonDeployComponent, secretName, volumeMountName, accountNamePart, accountKeyPart, accountNamePartSuffix, accountKeyPartSuffix string, secretType secretModels.SecretType) (secretModels.Secret, secretModels.Secret) {
Expand All @@ -226,6 +238,7 @@ func getAzureVolumeMountSecrets(secretList []corev1.Secret, component radixv1.Ra
if strings.EqualFold(accountkeyValue, secretDefaultData) {
accountkeyStatus = secretModels.Pending.String()
}

accountnameValue := strings.TrimSpace(string(secretValue.Data[accountNamePart]))
if strings.EqualFold(accountnameValue, secretDefaultData) {
accountnameStatus = secretModels.Pending.String()
Expand All @@ -234,30 +247,33 @@ func getAzureVolumeMountSecrets(secretList []corev1.Secret, component radixv1.Ra
accountkeyStatus = secretModels.Pending.String()
accountnameStatus = secretModels.Pending.String()
}

// "accountkey"
accountKeySecretDTO := secretModels.Secret{
Name: secretName + accountKeyPartSuffix,
DisplayName: "Account Key",
Type: secretType,
Resource: volumeMountName,
ID: secretModels.SecretIdAccountKey,
Component: component.GetName(),
Status: accountkeyStatus,
Type: secretType,
ID: secretModels.SecretIdAccountKey}
}
// "accountname"
accountNameSecretDTO := secretModels.Secret{
Name: secretName + accountNamePartSuffix,
DisplayName: "Account Name",
Type: secretType,
Resource: volumeMountName,
ID: secretModels.SecretIdAccountName,
Component: component.GetName(),
Status: accountnameStatus,
Type: secretType,
ID: secretModels.SecretIdAccountName}
}

return accountKeySecretDTO, accountNameSecretDTO
}

func getSecretsForAuthentication(secretList []corev1.Secret, activeDeployment *radixv1.RadixDeployment) []secretModels.Secret {
var secrets []secretModels.Secret

for _, component := range activeDeployment.Spec.Components {
authSecrets := getSecretsForComponentAuthentication(secretList, &component)
secrets = append(secrets, authSecrets...)
Expand All @@ -270,6 +286,7 @@ func getSecretsForComponentAuthentication(secretList []corev1.Secret, component
var secrets []secretModels.Secret
secrets = append(secrets, getSecretsForComponentAuthenticationClientCertificate(secretList, component)...)
secrets = append(secrets, getSecretsForComponentAuthenticationOAuth2(secretList, component)...)

return secrets
}

Expand All @@ -288,9 +305,13 @@ func getSecretsForComponentAuthenticationClientCertificate(secretList []corev1.S
secretStatus = secretModels.Pending.String()
}

secrets = append(secrets, secretModels.Secret{Name: secretName,
secrets = append(secrets, secretModels.Secret{
Name: secretName,
DisplayName: "",
Type: secretModels.SecretTypeClientCertificateAuth, Component: component.GetName(), Status: secretStatus})
Type: secretModels.SecretTypeClientCertificateAuth,
Component: component.GetName(),
Status: secretStatus,
})
}

return secrets
Expand Down Expand Up @@ -325,18 +346,29 @@ func getSecretsForComponentAuthenticationOAuth2(secretList []corev1.Secret, comp
redisPasswordStatus = secretModels.Pending.String()
}

secrets = append(secrets, secretModels.Secret{Name: component.GetName() + suffix.OAuth2ClientSecret,
secrets = append(secrets, secretModels.Secret{
Name: component.GetName() + suffix.OAuth2ClientSecret,
DisplayName: "Client Secret",
Type: secretModels.SecretTypeOAuth2Proxy, Component: component.GetName(),
Status: clientSecretStatus})
secrets = append(secrets, secretModels.Secret{Name: component.GetName() + suffix.OAuth2CookieSecret,
Type: secretModels.SecretTypeOAuth2Proxy,
Component: component.GetName(),
Status: clientSecretStatus,
})
secrets = append(secrets, secretModels.Secret{
Name: component.GetName() + suffix.OAuth2CookieSecret,
DisplayName: "Cookie Secret",
Type: secretModels.SecretTypeOAuth2Proxy, Component: component.GetName(), Status: cookieSecretStatus})
Type: secretModels.SecretTypeOAuth2Proxy,
Component: component.GetName(),
Status: cookieSecretStatus,
})

if oauth2.SessionStoreType == radixv1.SessionStoreRedis {
secrets = append(secrets, secretModels.Secret{Name: component.GetName() + suffix.OAuth2RedisPassword,
secrets = append(secrets, secretModels.Secret{
Name: component.GetName() + suffix.OAuth2RedisPassword,
DisplayName: "Redis Password",
Type: secretModels.SecretTypeOAuth2Proxy, Component: component.GetName(), Status: redisPasswordStatus})
Type: secretModels.SecretTypeOAuth2Proxy,
Component: component.GetName(),
Status: redisPasswordStatus,
})
}
}

Expand All @@ -363,7 +395,6 @@ func getSecretsForSecretRefs(secretList []corev1.Secret, secretProviderClassList
)

var secrets []secretModels.Secret

for _, component := range rd.Spec.Components {
secretRefs := component.GetSecretRefs()
componentSecrets := getComponentSecretRefsSecrets(secretList, component.GetName(), &secretRefs, secretProviderClassMapForDeployment, csiSecretStoreSecretMap)
Expand All @@ -374,6 +405,7 @@ func getSecretsForSecretRefs(secretList []corev1.Secret, secretProviderClassList
jobComponentSecrets := getComponentSecretRefsSecrets(secretList, jobComponent.GetName(), &secretRefs, secretProviderClassMapForDeployment, csiSecretStoreSecretMap)
secrets = append(secrets, jobComponentSecrets...)
}

return secrets
}

Expand All @@ -385,34 +417,38 @@ func getComponentSecretRefsSecrets(secretList []corev1.Secret, componentName str
credSecrets := getCredentialSecretsForSecretRefsAzureKeyVault(secretList, componentName, azureKeyVault.Name)
secrets = append(secrets, credSecrets...)
}

secretStatus := getAzureKeyVaultSecretStatus(componentName, azureKeyVault.Name, secretProviderClassMap, csiSecretStoreSecretMap)
for _, item := range azureKeyVault.Items {
secrets = append(secrets, secretModels.Secret{
Name: secret.GetSecretNameForAzureKeyVaultItem(componentName, azureKeyVault.Name, &item),
DisplayName: secret.GetSecretDisplayNameForAzureKeyVaultItem(&item),
Type: secretModels.SecretTypeCsiAzureKeyVaultItem,
Resource: azureKeyVault.Name,
ID: secret.GetSecretIdForAzureKeyVaultItem(&item),
Component: componentName,
Status: secretStatus,
ID: secret.GetSecretIdForAzureKeyVaultItem(&item),
})
}
}

return secrets
}

func getAzureKeyVaultSecretStatus(componentName, azureKeyVaultName string, secretProviderClassMap map[string]secretsstorev1.SecretProviderClass, csiSecretStoreSecretMap map[string]corev1.Secret) string {
secretStatus := secretModels.NotAvailable.String()
secretProviderClass := getComponentSecretProviderClassMapForAzureKeyVault(componentName, secretProviderClassMap, azureKeyVaultName)
if secretProviderClass != nil {
secretStatus = secretModels.Consistent.String()
for _, secretObject := range secretProviderClass.Spec.SecretObjects {
if _, ok := csiSecretStoreSecretMap[secretObject.SecretName]; !ok {
secretStatus = secretModels.NotAvailable.String() // Secrets does not exist for the secretProviderClass secret object
break
}
if secretProviderClass == nil {
return secretModels.NotAvailable.String()
}

secretStatus := secretModels.Consistent.String()
for _, secretObject := range secretProviderClass.Spec.SecretObjects {
if _, ok := csiSecretStoreSecretMap[secretObject.SecretName]; !ok {
secretStatus = secretModels.NotAvailable.String() // Secrets does not exist for the secretProviderClass secret object
break
}
}

return secretStatus
}

Expand All @@ -423,6 +459,7 @@ func getComponentSecretProviderClassMapForAzureKeyVault(componentName string, co
return &secretProviderClass
}
}

return nil
}

Expand All @@ -437,6 +474,7 @@ func getCredentialSecretsForSecretRefsAzureKeyVault(secretList []corev1.Secret,
if strings.EqualFold(clientIdValue, secretDefaultData) {
clientIdStatus = secretModels.Pending.String()
}

clientSecretValue := strings.TrimSpace(string(secretValue.Data[defaults.CsiAzureKeyVaultCredsClientSecretPart]))
if strings.EqualFold(clientSecretValue, secretDefaultData) {
clientSecretStatus = secretModels.Pending.String()
Expand All @@ -445,24 +483,26 @@ func getCredentialSecretsForSecretRefsAzureKeyVault(secretList []corev1.Secret,
clientIdStatus = secretModels.Pending.String()
clientSecretStatus = secretModels.Pending.String()
}

secrets = append(secrets, secretModels.Secret{
Name: secretName + defaults.CsiAzureKeyVaultCredsClientIdSuffix,
DisplayName: "Client ID",
Type: secretModels.SecretTypeCsiAzureKeyVaultCreds,
Resource: azureKeyVaultName,
ID: secretModels.SecretIdClientId,
Component: componentName,
Status: clientIdStatus,
Type: secretModels.SecretTypeCsiAzureKeyVaultCreds,
ID: secretModels.SecretIdClientId},
)
})
secrets = append(secrets, secretModels.Secret{
Name: secretName + defaults.CsiAzureKeyVaultCredsClientSecretSuffix,
DisplayName: "Client Secret",
Type: secretModels.SecretTypeCsiAzureKeyVaultCreds,
Resource: azureKeyVaultName,
ID: secretModels.SecretIdClientSecret,
Component: componentName,
Status: clientSecretStatus,
Type: secretModels.SecretTypeCsiAzureKeyVaultCreds,
ID: secretModels.SecretIdClientSecret},
)
})

return secrets
}

Expand Down