diff --git a/VERSION b/VERSION index 6c6aa7c..867e524 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.1.0 \ No newline at end of file +1.2.0 \ No newline at end of file diff --git a/charts/gitana/Chart.yaml b/charts/gitana/Chart.yaml index 1102a28..cf185a7 100644 --- a/charts/gitana/Chart.yaml +++ b/charts/gitana/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.1.0 +version: 1.2.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/gitana/templates/_helpers.tpl b/charts/gitana/templates/_helpers.tpl index ee2c4fa..2f364c0 100644 --- a/charts/gitana/templates/_helpers.tpl +++ b/charts/gitana/templates/_helpers.tpl @@ -65,4 +65,12 @@ Create the name of the service account to use {{- if .Values.flags.dashboard.labels }} {{- range .Values.flags.dashboard.labels }}{{(print .name "=" .value ) }},{{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} + +{{- define "gitana.authSecretName" -}} +{{- if .Values.authSecret.secretname }} +{{- .Values.authSecret.secretname }} +{{- else }} +{{- printf "%s-auth-secret" (include "gitana.fullname" .) }} +{{- end }} +{{- end }} diff --git a/charts/gitana/templates/authsecret.yaml b/charts/gitana/templates/authsecret.yaml new file mode 100644 index 0000000..d9856d6 --- /dev/null +++ b/charts/gitana/templates/authsecret.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.authSecret.enabled .Values.authSecret.create }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "gitana.authSecretName" . }} + labels: + {{- include "gitana.labels" . | nindent 4 }} + {{- with .Values.authSecret.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +stringData: + auth.yaml: |- + username: {{ .Values.authSecret.username | quote }} + password: {{ .Values.authSecret.password | quote }} +type: Opaque +{{- end }} diff --git a/charts/gitana/templates/deployment.yaml b/charts/gitana/templates/deployment.yaml index 67f9b4c..769474b 100644 --- a/charts/gitana/templates/deployment.yaml +++ b/charts/gitana/templates/deployment.yaml @@ -43,6 +43,9 @@ spec: - --repository.auth.user={{ .Values.flags.repository.auth }} - --repository.auth.user={{ .Values.flags.repository.password }} {{- end }} + {{- if .Values.authSecret.enabled }} + - --repository.auth.secretname={{ include "gitana.authSecretName" . }} + {{- end }} {{- if .Values.flags.repository.dashboardPath }} - --repository.dashboard-path={{ .Values.flags.repository.dashboardPath }} {{- end }} diff --git a/charts/gitana/values.yaml b/charts/gitana/values.yaml index 4879352..cc5905a 100644 --- a/charts/gitana/values.yaml +++ b/charts/gitana/values.yaml @@ -61,6 +61,14 @@ serviceMonitor: # ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint scrapeTimeout: "" +authSecret: + enabled: true + create: true + secretname: "" + annotations: {} + username: "cenas" + password: "123" + flags: # (optional) absolute path to the kubeconfig file kubeconfig: "" diff --git a/cmd/sync.go b/cmd/sync.go index 58cda23..c1991f0 100644 --- a/cmd/sync.go +++ b/cmd/sync.go @@ -159,6 +159,7 @@ func init() { syncCmd.Flags().StringVar(&pcmd.Repository.Url, "repository.url", "", "git repository url") syncCmd.Flags().StringVar(&pcmd.Repository.Path, "repository.path", "", "path to clone the git repository") syncCmd.Flags().StringVar(&pcmd.Repository.DashboardPath, "repository.dashboard-path", "", "path where the dashboards are places in git repository") + syncCmd.Flags().StringVar(&pcmd.Repository.Auth.AuthSecretName, "repository.auth.secretname", "", "secret name that holds username and password") syncCmd.Flags().StringVar(&pcmd.Repository.Auth.Username, "repository.auth.username", "", "username to perform authentication") syncCmd.Flags().StringVar(&pcmd.Repository.Auth.Password, "repository.auth.password", "", "password to perform authentication") syncCmd.Flags().StringVar(&pcmd.Repository.Branch, "repository.branch", "main", "path to clone the git repository") diff --git a/go.mod b/go.mod index 8fe6a28..f324818 100644 --- a/go.mod +++ b/go.mod @@ -23,6 +23,7 @@ require ( golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6 // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect + gopkg.in/yaml.v2 v2.4.0 k8s.io/api v0.22.2 k8s.io/apimachinery v0.22.2 k8s.io/client-go v0.22.2 diff --git a/internal/gitana/gitana.go b/internal/gitana/gitana.go index 72084c4..636bca1 100644 --- a/internal/gitana/gitana.go +++ b/internal/gitana/gitana.go @@ -2,6 +2,7 @@ package gitana import ( "context" + "errors" "time" "github.com/gitana/internal/command" @@ -10,6 +11,7 @@ import ( "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promauto" "github.com/sirupsen/logrus" + "gopkg.in/yaml.v2" v1 "k8s.io/api/core/v1" ) @@ -71,7 +73,33 @@ func Start(ctx context.Context, pcmd command.Sync) error { func start(ctx context.Context, pcmd command.Sync) error { timer := prometheus.NewTimer(syncLatency) - _, err := pcmd.Repository.Get(ctx) + client, err := k8sclient.New(pcmd.KubeConfig) + + if err != nil { + return err + } + + if pcmd.Repository.Auth.AuthSecretName != "" { + secret, err := client.GetSecret(pcmd.Namespace, pcmd.Repository.Auth.AuthSecretName) + if err != nil { + return err + } + + secretData := secret.Data["auth.yaml"] + + if secretData == nil { + return errors.New("auth secret there is no auth.yaml") + } + + err = yaml.Unmarshal(secretData, &pcmd.Repository.Auth) + + if err != nil { + logrus.Errorf("error to unmarshal auth secret %v", err) + return err + } + } + + _, err = pcmd.Repository.Get(ctx) if err != nil { return err @@ -88,12 +116,6 @@ func start(ctx context.Context, pcmd command.Sync) error { return nil } - client, err := k8sclient.New(pcmd.KubeConfig) - - if err != nil { - return err - } - configMaps, err := client.GetConfigMaps(pcmd.Namespace) if err != nil { diff --git a/internal/gitmanager/gitmanager.go b/internal/gitmanager/gitmanager.go index c08f4f4..48956fc 100644 --- a/internal/gitmanager/gitmanager.go +++ b/internal/gitmanager/gitmanager.go @@ -22,8 +22,9 @@ type Repository struct { } type RepositoryAuth struct { - Username string - Password string + Username string `yaml:"username"` + AuthSecretName string + Password string `yaml:"password"` } func (r Repository) Validate() error { diff --git a/internal/k8sclient/k8sclient.go b/internal/k8sclient/k8sclient.go index 807b717..71f83d5 100644 --- a/internal/k8sclient/k8sclient.go +++ b/internal/k8sclient/k8sclient.go @@ -64,6 +64,17 @@ func (kc *K8sClient) GetConfigMaps(namespace string) (map[string]v1.ConfigMap, e return cmMap, nil } +func (kc *K8sClient) GetSecret(namespace string, name string) (*v1.Secret, error) { + secret, err := kc.client.CoreV1().Secrets(namespace).Get(context.TODO(), name, metav1.GetOptions{}) + + if err != nil { + logrus.Errorf("error to secret %v", err) + return nil, err + } + + return secret, nil +} + func (kc *K8sClient) CreateConfigMap(cm v1.ConfigMap) (*v1.ConfigMap, error) { ncm, err := kc.client.CoreV1().ConfigMaps(cm.Namespace).Create(context.TODO(), &cm, metav1.CreateOptions{}) if err != nil {