Add support of base64 secrets (#43)

mmatur · web-flow · commit 1b8580452887 · 2021-03-09T15:16:13.000+09:00
diff --git a/cmd/manager/main.go b/cmd/manager/main.go
@@ -51,7 +51,10 @@ func run() error {
 	}
 
 	// Become the leader before proceeding
-	leader.Become(context.TODO(), "aws-secret-operator-lock")
+	err = leader.Become(context.TODO(), "aws-secret-operator-lock")
+	if err != nil {
+		return errors.Wrap(err, "failed to became the leader")
+	}
 
 	// Create a new Cmd to provide shared dependencies and start components
 	mgr, err := manager.New(cfg, manager.Options{Namespace: namespace})
diff --git a/cmd/manager/root.go b/cmd/manager/root.go
@@ -1,8 +1,9 @@
 package main
 
 import (
-	"github.com/spf13/cobra"
 	"os"
+
+	"github.com/spf13/cobra"
 )
 
 type OperateOpts struct {
diff --git a/go.sum b/go.sum
diff --git a/pkg/apis/mumoshu/v1alpha1/awssecret_types.go b/pkg/apis/mumoshu/v1alpha1/awssecret_types.go
@@ -12,6 +12,12 @@ import (
 type AWSSecretSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file
+
+	// DataFrom data field is used to store arbitrary data, encoded using base64.
+	DataFrom DataFrom `json:"dataFrom,omitempty"`
+
+	// StringDataFrom stringData field is provided for convenience, and allows you to provide
+	// secret data as unencoded strings.
 	StringDataFrom StringDataFrom `json:"stringDataFrom,omitempty"`
 
 	// Used to facilitate programmatic handling of secret data.
@@ -24,6 +30,11 @@ type StringDataFrom struct {
 	SecretsManagerSecretRef SecretsManagerSecretRef `json:"secretsManagerSecretRef,omitempty"`
 }
 
+// DataFrom defines how the resulting Secret's `data` is built
+type DataFrom struct {
+	SecretsManagerSecretRef SecretsManagerSecretRef `json:"secretsManagerSecretRef,omitempty"`
+}
+
 // SecretsManagerSecretRef defines from which SecretsManager Secret the Kubernetes secret is built
 // See https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html for the concepts
 type SecretsManagerSecretRef struct {
diff --git a/pkg/apis/mumoshu/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/mumoshu/v1alpha1/zz_generated.deepcopy.go
diff --git a/pkg/controller/awssecret/awssecret_controller.go b/pkg/controller/awssecret/awssecret_controller.go
@@ -148,18 +148,37 @@ func (r *ReconcileAWSSecret) newSecretForCR(cr *mumoshuv1alpha1.AWSSecret) (*cor
 	if r.ctx == nil {
 		r.ctx = newContext(nil)
 	}
-	ref := cr.Spec.StringDataFrom.SecretsManagerSecretRef
-	data, err := r.ctx.SecretsManagerSecretToKubernetesStringData(ref)
-	if err != nil {
-		return nil, errs.Wrap(err, "failed to get json secret as map")
+
+	var err error
+	stringData := make(map[string]string)
+	if cr.Spec.StringDataFrom.SecretsManagerSecretRef.SecretId != "" &&
+		cr.Spec.StringDataFrom.SecretsManagerSecretRef.VersionId != "" {
+		ref := cr.Spec.StringDataFrom.SecretsManagerSecretRef
+		stringData, err = r.ctx.SecretsManagerSecretToKubernetesStringData(ref)
+		if err != nil {
+			return nil, errs.Wrap(err, "failed to get json secret as map")
+		}
 	}
+
+	data := make(map[string][]byte)
+	if cr.Spec.DataFrom.SecretsManagerSecretRef.SecretId != "" &&
+		cr.Spec.DataFrom.SecretsManagerSecretRef.VersionId != "" {
+		ref := cr.Spec.DataFrom.SecretsManagerSecretRef
+		data, err = r.ctx.SecretsManagerSecretToKubernetesData(ref)
+		if err != nil {
+			return nil, errs.Wrap(err, "failed to get json secret as map")
+		}
+	}
+
 	return &corev1.Secret{
+		TypeMeta: metav1.TypeMeta{},
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      cr.Name,
 			Namespace: cr.Namespace,
 			Labels:    labels,
 		},
+		Data:       data,
+		StringData: stringData,
 		Type:       cr.Spec.Type,
-		StringData: data,
 	}, nil
 }
diff --git a/pkg/controller/awssecret/secret.go b/pkg/controller/awssecret/secret.go
@@ -2,6 +2,7 @@ package awssecret
 
 import (
 	"encoding/json"
+
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/secretsmanager"
 	"github.com/mumoshu/aws-secret-operator/pkg/apis/mumoshu/v1alpha1"
@@ -64,6 +65,22 @@ func (c *Context) SecretsManagerSecretToKubernetesStringData(ref v1alpha1.Secret
 	return m, nil
 }
 
+func (c *Context) SecretsManagerSecretToKubernetesData(ref v1alpha1.SecretsManagerSecretRef) (map[string][]byte, error) {
+	sec, ver, err := c.String(ref.SecretId, ref.VersionId)
+	if err != nil {
+		return nil, err
+	}
+
+	m, err := awsSecretValueToMapBytes(*sec)
+	if err != nil {
+		return nil, err
+	}
+
+	m["AWSVersionId"] = []byte(*ver)
+
+	return m, nil
+}
+
 func awsSecretValueToMap(sec string) (map[string]string, error) {
 	m := map[string]string{}
 	jsonerr := json.Unmarshal([]byte(sec), &m)
@@ -80,3 +97,12 @@ func awsSecretValueToMap(sec string) (map[string]string, error) {
 	}
 	return m, nil
 }
+
+func awsSecretValueToMapBytes(sec string) (map[string][]byte, error) {
+	m := map[string][]byte{}
+	if err := json.Unmarshal([]byte(sec), &m); err != nil {
+		return nil, err
+	}
+
+	return m, nil
+}

Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,9 @@`
`1`	`1`	`package main`
`2`	`2`
`3`	`3`	`import (`
`4`		`- "github.com/spf13/cobra"`
`5`	`4`	`"os"`
	`5`	`+`
	`6`	`+ "github.com/spf13/cobra"`
`6`	`7`	`)`
`7`	`8`
`8`	`9`	`type OperateOpts struct {`