From 0dcba8de5721f59cad8e02ee8ec77b9d9f0c63d2 Mon Sep 17 00:00:00 2001 From: Fredrik Hatletvedt <32248439+Pespiri@users.noreply.github.com> Date: Tue, 17 Oct 2023 13:46:44 +0200 Subject: [PATCH] code cleanup for consistency (#546) --- api/models/secret.go | 142 +++++++++++++++++++++++++++---------------- 1 file changed, 91 insertions(+), 51 deletions(-) diff --git a/api/models/secret.go b/api/models/secret.go index 9942ed75..f5074128 100644 --- a/api/models/secret.go +++ b/api/models/secret.go @@ -28,6 +28,7 @@ func BuildSecrets(secretList []corev1.Secret, secretProviderClassList []secretss secrets = append(secrets, getSecretsForVolumeMounts(secretList, rd)...) secrets = append(secrets, getSecretsForAuthentication(secretList, rd)...) secrets = append(secrets, getSecretsForSecretRefs(secretList, secretProviderClassList, rd)...) + return secrets } @@ -49,17 +50,15 @@ func getSecretsForDeployment(secretList []corev1.Secret, rd *radixv1.RadixDeploy componentSecretsMap := make(map[string]map[string]bool) for _, component := range rd.Spec.Components { secrets := getSecretsForComponent(&component) - if len(secrets) <= 0 { - continue + if len(secrets) > 0 { + componentSecretsMap[component.Name] = secrets } - componentSecretsMap[component.Name] = secrets } for _, job := range rd.Spec.Jobs { secrets := getSecretsForComponent(&job) - if len(secrets) <= 0 { - continue + if len(secrets) > 0 { + componentSecretsMap[job.Name] = secrets } - componentSecretsMap[job.Name] = secrets } var secretDTOsMap []secretModels.Secret @@ -69,8 +68,13 @@ func getSecretsForDeployment(secretList []corev1.Secret, rd *radixv1.RadixDeploy if !ok { // Mark secrets as Pending (exist in config, does not exist in cluster) due to no secret object in the cluster for secretName := range secretNamesMap { - secretDTO := secretModels.Secret{Name: secretName, DisplayName: secretName, Component: componentName, Status: secretModels.Pending.String(), Type: secretModels.SecretTypeGeneric} - secretDTOsMap = append(secretDTOsMap, secretDTO) + secretDTOsMap = append(secretDTOsMap, secretModels.Secret{ + Name: secretName, + DisplayName: secretName, + Type: secretModels.SecretTypeGeneric, + Component: componentName, + Status: secretModels.Pending.String(), + }) } continue } @@ -81,8 +85,14 @@ func getSecretsForDeployment(secretList []corev1.Secret, rd *radixv1.RadixDeploy if _, exists := clusterSecretEntriesMap[secretName]; !exists { status = secretModels.Pending.String() } - secretDTO := secretModels.Secret{Name: secretName, DisplayName: secretName, Component: componentName, Status: status, Type: secretModels.SecretTypeGeneric} - secretDTOsMap = append(secretDTOsMap, secretDTO) + + secretDTOsMap = append(secretDTOsMap, secretModels.Secret{ + Name: secretName, + DisplayName: secretName, + Type: secretModels.SecretTypeGeneric, + Component: componentName, + Status: status, + }) } } @@ -90,11 +100,11 @@ func getSecretsForDeployment(secretList []corev1.Secret, rd *radixv1.RadixDeploy } func getSecretsForTLSCertificates(secretList []corev1.Secret, rd *radixv1.RadixDeployment, tlsValidator tlsvalidator.TLSSecretValidator) []secretModels.Secret { - var secrets []secretModels.Secret if tlsValidator == nil { tlsValidator = tlsvalidator.DefaultValidator() } + var secrets []secretModels.Secret for _, component := range rd.Spec.Components { for _, externalAlias := range component.DNSExternalAlias { var certData, keyData []byte @@ -141,23 +151,23 @@ func getSecretsForTLSCertificates(secretList []corev1.Secret, rd *radixv1.RadixD secretModels.Secret{ Name: externalAlias + suffix.ExternalDNSTLSCert, DisplayName: "Certificate", - Resource: externalAlias, Type: secretModels.SecretTypeClientCert, + Resource: externalAlias, + ID: secretModels.SecretIdCert, Component: component.GetName(), Status: certStatus.String(), - ID: secretModels.SecretIdCert, StatusMessages: certStatusMessages, TLSCertificates: tlsCerts, }, secretModels.Secret{ Name: externalAlias + suffix.ExternalDNSTLSKey, DisplayName: "Key", - Resource: externalAlias, Type: secretModels.SecretTypeClientCert, + Resource: externalAlias, Component: component.GetName(), + ID: secretModels.SecretIdKey, Status: keyStatus.String(), StatusMessages: keyStatusMessages, - ID: secretModels.SecretIdKey, }, ) } @@ -174,6 +184,7 @@ func getSecretsForVolumeMounts(secretList []corev1.Secret, rd *radixv1.RadixDepl for _, job := range rd.Spec.Jobs { secrets = append(secrets, getCredentialSecretsForBlobVolumes(secretList, &job)...) } + return secrets } @@ -184,14 +195,13 @@ func getCredentialSecretsForBlobVolumes(secretList []corev1.Secret, component ra switch volumeMountType { case radixv1.MountTypeBlob: accountKeySecret, accountNameSecret := getBlobFuseSecrets(secretList, component, volumeMount) - secrets = append(secrets, accountKeySecret) - secrets = append(secrets, accountNameSecret) + secrets = append(secrets, accountKeySecret, accountNameSecret) case radixv1.MountTypeBlobFuse2FuseCsiAzure, radixv1.MountTypeBlobFuse2Fuse2CsiAzure, radixv1.MountTypeBlobFuse2NfsCsiAzure, radixv1.MountTypeAzureFileCsiAzure: accountKeySecret, accountNameSecret := getCsiAzureSecrets(secretList, component, volumeMount) - secrets = append(secrets, accountKeySecret) - secrets = append(secrets, accountNameSecret) + secrets = append(secrets, accountKeySecret, accountNameSecret) } } + return secrets } @@ -203,7 +213,8 @@ func getBlobFuseSecrets(secretList []corev1.Secret, component radixv1.RadixCommo defaults.BlobFuseCredsAccountKeyPart, defaults.BlobFuseCredsAccountNamePartSuffix, defaults.BlobFuseCredsAccountKeyPartSuffix, - secretModels.SecretTypeAzureBlobFuseVolume) + secretModels.SecretTypeAzureBlobFuseVolume, + ) } func getCsiAzureSecrets(secretList []corev1.Secret, component radixv1.RadixCommonDeployComponent, volumeMount radixv1.RadixVolumeMount) (secretModels.Secret, secretModels.Secret) { @@ -214,7 +225,8 @@ func getCsiAzureSecrets(secretList []corev1.Secret, component radixv1.RadixCommo defaults.CsiAzureCredsAccountKeyPart, defaults.CsiAzureCredsAccountNamePartSuffix, defaults.CsiAzureCredsAccountKeyPartSuffix, - secretModels.SecretTypeCsiAzureBlobVolume) + secretModels.SecretTypeCsiAzureBlobVolume, + ) } func getAzureVolumeMountSecrets(secretList []corev1.Secret, component radixv1.RadixCommonDeployComponent, secretName, volumeMountName, accountNamePart, accountKeyPart, accountNamePartSuffix, accountKeyPartSuffix string, secretType secretModels.SecretType) (secretModels.Secret, secretModels.Secret) { @@ -226,6 +238,7 @@ func getAzureVolumeMountSecrets(secretList []corev1.Secret, component radixv1.Ra if strings.EqualFold(accountkeyValue, secretDefaultData) { accountkeyStatus = secretModels.Pending.String() } + accountnameValue := strings.TrimSpace(string(secretValue.Data[accountNamePart])) if strings.EqualFold(accountnameValue, secretDefaultData) { accountnameStatus = secretModels.Pending.String() @@ -234,30 +247,33 @@ func getAzureVolumeMountSecrets(secretList []corev1.Secret, component radixv1.Ra accountkeyStatus = secretModels.Pending.String() accountnameStatus = secretModels.Pending.String() } + // "accountkey" accountKeySecretDTO := secretModels.Secret{ Name: secretName + accountKeyPartSuffix, DisplayName: "Account Key", + Type: secretType, Resource: volumeMountName, + ID: secretModels.SecretIdAccountKey, Component: component.GetName(), Status: accountkeyStatus, - Type: secretType, - ID: secretModels.SecretIdAccountKey} + } // "accountname" accountNameSecretDTO := secretModels.Secret{ Name: secretName + accountNamePartSuffix, DisplayName: "Account Name", + Type: secretType, Resource: volumeMountName, + ID: secretModels.SecretIdAccountName, Component: component.GetName(), Status: accountnameStatus, - Type: secretType, - ID: secretModels.SecretIdAccountName} + } + return accountKeySecretDTO, accountNameSecretDTO } func getSecretsForAuthentication(secretList []corev1.Secret, activeDeployment *radixv1.RadixDeployment) []secretModels.Secret { var secrets []secretModels.Secret - for _, component := range activeDeployment.Spec.Components { authSecrets := getSecretsForComponentAuthentication(secretList, &component) secrets = append(secrets, authSecrets...) @@ -270,6 +286,7 @@ func getSecretsForComponentAuthentication(secretList []corev1.Secret, component var secrets []secretModels.Secret secrets = append(secrets, getSecretsForComponentAuthenticationClientCertificate(secretList, component)...) secrets = append(secrets, getSecretsForComponentAuthenticationOAuth2(secretList, component)...) + return secrets } @@ -288,9 +305,13 @@ func getSecretsForComponentAuthenticationClientCertificate(secretList []corev1.S secretStatus = secretModels.Pending.String() } - secrets = append(secrets, secretModels.Secret{Name: secretName, + secrets = append(secrets, secretModels.Secret{ + Name: secretName, DisplayName: "", - Type: secretModels.SecretTypeClientCertificateAuth, Component: component.GetName(), Status: secretStatus}) + Type: secretModels.SecretTypeClientCertificateAuth, + Component: component.GetName(), + Status: secretStatus, + }) } return secrets @@ -325,18 +346,29 @@ func getSecretsForComponentAuthenticationOAuth2(secretList []corev1.Secret, comp redisPasswordStatus = secretModels.Pending.String() } - secrets = append(secrets, secretModels.Secret{Name: component.GetName() + suffix.OAuth2ClientSecret, + secrets = append(secrets, secretModels.Secret{ + Name: component.GetName() + suffix.OAuth2ClientSecret, DisplayName: "Client Secret", - Type: secretModels.SecretTypeOAuth2Proxy, Component: component.GetName(), - Status: clientSecretStatus}) - secrets = append(secrets, secretModels.Secret{Name: component.GetName() + suffix.OAuth2CookieSecret, + Type: secretModels.SecretTypeOAuth2Proxy, + Component: component.GetName(), + Status: clientSecretStatus, + }) + secrets = append(secrets, secretModels.Secret{ + Name: component.GetName() + suffix.OAuth2CookieSecret, DisplayName: "Cookie Secret", - Type: secretModels.SecretTypeOAuth2Proxy, Component: component.GetName(), Status: cookieSecretStatus}) + Type: secretModels.SecretTypeOAuth2Proxy, + Component: component.GetName(), + Status: cookieSecretStatus, + }) if oauth2.SessionStoreType == radixv1.SessionStoreRedis { - secrets = append(secrets, secretModels.Secret{Name: component.GetName() + suffix.OAuth2RedisPassword, + secrets = append(secrets, secretModels.Secret{ + Name: component.GetName() + suffix.OAuth2RedisPassword, DisplayName: "Redis Password", - Type: secretModels.SecretTypeOAuth2Proxy, Component: component.GetName(), Status: redisPasswordStatus}) + Type: secretModels.SecretTypeOAuth2Proxy, + Component: component.GetName(), + Status: redisPasswordStatus, + }) } } @@ -363,7 +395,6 @@ func getSecretsForSecretRefs(secretList []corev1.Secret, secretProviderClassList ) var secrets []secretModels.Secret - for _, component := range rd.Spec.Components { secretRefs := component.GetSecretRefs() componentSecrets := getComponentSecretRefsSecrets(secretList, component.GetName(), &secretRefs, secretProviderClassMapForDeployment, csiSecretStoreSecretMap) @@ -374,6 +405,7 @@ func getSecretsForSecretRefs(secretList []corev1.Secret, secretProviderClassList jobComponentSecrets := getComponentSecretRefsSecrets(secretList, jobComponent.GetName(), &secretRefs, secretProviderClassMapForDeployment, csiSecretStoreSecretMap) secrets = append(secrets, jobComponentSecrets...) } + return secrets } @@ -385,6 +417,7 @@ func getComponentSecretRefsSecrets(secretList []corev1.Secret, componentName str credSecrets := getCredentialSecretsForSecretRefsAzureKeyVault(secretList, componentName, azureKeyVault.Name) secrets = append(secrets, credSecrets...) } + secretStatus := getAzureKeyVaultSecretStatus(componentName, azureKeyVault.Name, secretProviderClassMap, csiSecretStoreSecretMap) for _, item := range azureKeyVault.Items { secrets = append(secrets, secretModels.Secret{ @@ -392,27 +425,30 @@ func getComponentSecretRefsSecrets(secretList []corev1.Secret, componentName str DisplayName: secret.GetSecretDisplayNameForAzureKeyVaultItem(&item), Type: secretModels.SecretTypeCsiAzureKeyVaultItem, Resource: azureKeyVault.Name, + ID: secret.GetSecretIdForAzureKeyVaultItem(&item), Component: componentName, Status: secretStatus, - ID: secret.GetSecretIdForAzureKeyVaultItem(&item), }) } } + return secrets } func getAzureKeyVaultSecretStatus(componentName, azureKeyVaultName string, secretProviderClassMap map[string]secretsstorev1.SecretProviderClass, csiSecretStoreSecretMap map[string]corev1.Secret) string { - secretStatus := secretModels.NotAvailable.String() secretProviderClass := getComponentSecretProviderClassMapForAzureKeyVault(componentName, secretProviderClassMap, azureKeyVaultName) - if secretProviderClass != nil { - secretStatus = secretModels.Consistent.String() - for _, secretObject := range secretProviderClass.Spec.SecretObjects { - if _, ok := csiSecretStoreSecretMap[secretObject.SecretName]; !ok { - secretStatus = secretModels.NotAvailable.String() // Secrets does not exist for the secretProviderClass secret object - break - } + if secretProviderClass == nil { + return secretModels.NotAvailable.String() + } + + secretStatus := secretModels.Consistent.String() + for _, secretObject := range secretProviderClass.Spec.SecretObjects { + if _, ok := csiSecretStoreSecretMap[secretObject.SecretName]; !ok { + secretStatus = secretModels.NotAvailable.String() // Secrets does not exist for the secretProviderClass secret object + break } } + return secretStatus } @@ -423,6 +459,7 @@ func getComponentSecretProviderClassMapForAzureKeyVault(componentName string, co return &secretProviderClass } } + return nil } @@ -437,6 +474,7 @@ func getCredentialSecretsForSecretRefsAzureKeyVault(secretList []corev1.Secret, if strings.EqualFold(clientIdValue, secretDefaultData) { clientIdStatus = secretModels.Pending.String() } + clientSecretValue := strings.TrimSpace(string(secretValue.Data[defaults.CsiAzureKeyVaultCredsClientSecretPart])) if strings.EqualFold(clientSecretValue, secretDefaultData) { clientSecretStatus = secretModels.Pending.String() @@ -445,24 +483,26 @@ func getCredentialSecretsForSecretRefsAzureKeyVault(secretList []corev1.Secret, clientIdStatus = secretModels.Pending.String() clientSecretStatus = secretModels.Pending.String() } + secrets = append(secrets, secretModels.Secret{ Name: secretName + defaults.CsiAzureKeyVaultCredsClientIdSuffix, DisplayName: "Client ID", + Type: secretModels.SecretTypeCsiAzureKeyVaultCreds, Resource: azureKeyVaultName, + ID: secretModels.SecretIdClientId, Component: componentName, Status: clientIdStatus, - Type: secretModels.SecretTypeCsiAzureKeyVaultCreds, - ID: secretModels.SecretIdClientId}, - ) + }) secrets = append(secrets, secretModels.Secret{ Name: secretName + defaults.CsiAzureKeyVaultCredsClientSecretSuffix, DisplayName: "Client Secret", + Type: secretModels.SecretTypeCsiAzureKeyVaultCreds, Resource: azureKeyVaultName, + ID: secretModels.SecretIdClientSecret, Component: componentName, Status: clientSecretStatus, - Type: secretModels.SecretTypeCsiAzureKeyVaultCreds, - ID: secretModels.SecretIdClientSecret}, - ) + }) + return secrets }