Merge pull request #15 from nicolastakashi/reading-auth-from-secret

[FEAT] reading auth from secret
nicolastakashi · Dec 22, 2021 · 3c47cf9 · 3c47cf9
2 parents 68ecdce + 3b2de0a
commit 3c47cf9
Show file tree

Hide file tree

Showing 11 changed files with 84 additions and 12 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.1.0
+1.2.0
diff --git a/charts/gitana/Chart.yaml b/charts/gitana/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.1.0
+version: 1.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/gitana/templates/_helpers.tpl b/charts/gitana/templates/_helpers.tpl
@@ -65,4 +65,12 @@ Create the name of the service account to use
 {{- if .Values.flags.dashboard.labels }}
 {{- range .Values.flags.dashboard.labels }}{{(print .name "=" .value ) }},{{- end }}
 {{- end }}
-{{- end }}
+{{- end }}
+
+{{- define "gitana.authSecretName" -}}
+{{- if .Values.authSecret.secretname }}
+{{- .Values.authSecret.secretname }}
+{{- else }}
+{{- printf "%s-auth-secret" (include "gitana.fullname" .) }}
+{{- end }}
+{{- end }}
diff --git a/charts/gitana/templates/authsecret.yaml b/charts/gitana/templates/authsecret.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.authSecret.enabled .Values.authSecret.create }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "gitana.authSecretName" . }}
+  labels:
+    {{- include "gitana.labels" . | nindent 4 }}
+  {{- with .Values.authSecret.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+stringData:
+  auth.yaml: |-
+    username: {{ .Values.authSecret.username | quote }}
+    password: {{ .Values.authSecret.password | quote }}
+type: Opaque
+{{- end }}
diff --git a/charts/gitana/templates/deployment.yaml b/charts/gitana/templates/deployment.yaml
@@ -43,6 +43,9 @@ spec:
             - --repository.auth.user={{ .Values.flags.repository.auth }}
             - --repository.auth.user={{ .Values.flags.repository.password }}
             {{- end }}
+            {{- if .Values.authSecret.enabled }}
+            - --repository.auth.secretname={{ include "gitana.authSecretName" . }}
+            {{- end }}
             {{- if .Values.flags.repository.dashboardPath }}
             - --repository.dashboard-path={{ .Values.flags.repository.dashboardPath }}
             {{- end }}

diff --git a/charts/gitana/values.yaml b/charts/gitana/values.yaml
@@ -61,6 +61,14 @@ serviceMonitor:
   # ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
   scrapeTimeout: ""
 
+authSecret:
+  enabled: true
+  create: true
+  secretname: ""
+  annotations: {}
+  username: "cenas"
+  password: "123"
+
 flags:
   # (optional) absolute path to the kubeconfig file
   kubeconfig: ""

diff --git a/cmd/sync.go b/cmd/sync.go
@@ -159,6 +159,7 @@ func init() {
 	syncCmd.Flags().StringVar(&pcmd.Repository.Url, "repository.url", "", "git repository url")
 	syncCmd.Flags().StringVar(&pcmd.Repository.Path, "repository.path", "", "path to clone the git repository")
 	syncCmd.Flags().StringVar(&pcmd.Repository.DashboardPath, "repository.dashboard-path", "", "path where the dashboards are places in git repository")
+	syncCmd.Flags().StringVar(&pcmd.Repository.Auth.AuthSecretName, "repository.auth.secretname", "", "secret name that holds username and password")
 	syncCmd.Flags().StringVar(&pcmd.Repository.Auth.Username, "repository.auth.username", "", "username to perform authentication")
 	syncCmd.Flags().StringVar(&pcmd.Repository.Auth.Password, "repository.auth.password", "", "password to perform authentication")
 	syncCmd.Flags().StringVar(&pcmd.Repository.Branch, "repository.branch", "main", "path to clone the git repository")

diff --git a/go.mod b/go.mod
@@ -23,6 +23,7 @@ require (
 	golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6 // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.3.7 // indirect
+	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.22.2
 	k8s.io/apimachinery v0.22.2
 	k8s.io/client-go v0.22.2

diff --git a/internal/gitana/gitana.go b/internal/gitana/gitana.go
@@ -2,6 +2,7 @@ package gitana
 
 import (
 	"context"
+	"errors"
 	"time"
 
 	"github.com/gitana/internal/command"
@@ -10,6 +11,7 @@ import (
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promauto"
 	"github.com/sirupsen/logrus"
+	"gopkg.in/yaml.v2"
 	v1 "k8s.io/api/core/v1"
 )
 
@@ -71,7 +73,33 @@ func Start(ctx context.Context, pcmd command.Sync) error {
 func start(ctx context.Context, pcmd command.Sync) error {
 	timer := prometheus.NewTimer(syncLatency)
 
-	_, err := pcmd.Repository.Get(ctx)
+	client, err := k8sclient.New(pcmd.KubeConfig)
+
+	if err != nil {
+		return err
+	}
+
+	if pcmd.Repository.Auth.AuthSecretName != "" {
+		secret, err := client.GetSecret(pcmd.Namespace, pcmd.Repository.Auth.AuthSecretName)
+		if err != nil {
+			return err
+		}
+
+		secretData := secret.Data["auth.yaml"]
+
+		if secretData == nil {
+			return errors.New("auth secret there is no auth.yaml")
+		}
+
+		err = yaml.Unmarshal(secretData, &pcmd.Repository.Auth)
+
+		if err != nil {
+			logrus.Errorf("error to unmarshal auth secret %v", err)
+			return err
+		}
+	}
+
+	_, err = pcmd.Repository.Get(ctx)
 
 	if err != nil {
 		return err
@@ -88,12 +116,6 @@ func start(ctx context.Context, pcmd command.Sync) error {
 		return nil
 	}
 
-	client, err := k8sclient.New(pcmd.KubeConfig)
-
-	if err != nil {
-		return err
-	}
-
 	configMaps, err := client.GetConfigMaps(pcmd.Namespace)
 
 	if err != nil {

diff --git a/internal/gitmanager/gitmanager.go b/internal/gitmanager/gitmanager.go
@@ -22,8 +22,9 @@ type Repository struct {
 }
 
 type RepositoryAuth struct {
-	Username string
-	Password string
+	Username       string `yaml:"username"`
+	AuthSecretName string
+	Password       string `yaml:"password"`
 }
 
 func (r Repository) Validate() error {

diff --git a/internal/k8sclient/k8sclient.go b/internal/k8sclient/k8sclient.go
@@ -64,6 +64,17 @@ func (kc *K8sClient) GetConfigMaps(namespace string) (map[string]v1.ConfigMap, e
 	return cmMap, nil
 }
 
+func (kc *K8sClient) GetSecret(namespace string, name string) (*v1.Secret, error) {
+	secret, err := kc.client.CoreV1().Secrets(namespace).Get(context.TODO(), name, metav1.GetOptions{})
+
+	if err != nil {
+		logrus.Errorf("error to secret %v", err)
+		return nil, err
+	}
+
+	return secret, nil
+}
+
 func (kc *K8sClient) CreateConfigMap(cm v1.ConfigMap) (*v1.ConfigMap, error) {
 	ncm, err := kc.client.CoreV1().ConfigMaps(cm.Namespace).Create(context.TODO(), &cm, metav1.CreateOptions{})
 	if err != nil {