-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
create StorageCluster peer token secret on the hub
Signed-off-by: Umanga Chapagain <[email protected]>
- Loading branch information
1 parent
6570168
commit 25fdcf2
Showing
3 changed files
with
155 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,106 @@ | ||
package addons | ||
|
||
import ( | ||
"context" | ||
"crypto/tls" | ||
"fmt" | ||
"io" | ||
"net/http" | ||
"os" | ||
|
||
"github.com/red-hat-storage/odf-multicluster-orchestrator/api/v1alpha1" | ||
multiclusterv1alpha1 "github.com/red-hat-storage/odf-multicluster-orchestrator/api/v1alpha1" | ||
"github.com/red-hat-storage/odf-multicluster-orchestrator/controllers/utils" | ||
corev1 "k8s.io/api/core/v1" | ||
"k8s.io/apimachinery/pkg/api/errors" | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
"k8s.io/apimachinery/pkg/runtime" | ||
"k8s.io/apimachinery/pkg/types" | ||
"sigs.k8s.io/controller-runtime/pkg/client" | ||
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" | ||
) | ||
|
||
func requestStorageClusterPeerToken(ctx context.Context, proxyServiceNamespace string) (string, error) { | ||
token, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/token") | ||
if err != nil { | ||
return "", err | ||
} | ||
url := fmt.Sprintf("https://ux-backend-proxy.%s.svc.cluster.local:8888/onboarding-tokens", proxyServiceNamespace) | ||
client := &http.Client{ | ||
Transport: &http.Transport{ | ||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, | ||
}, | ||
} | ||
|
||
req, err := http.NewRequestWithContext(ctx, "POST", url, nil) | ||
if err != nil { | ||
return "", err | ||
} | ||
|
||
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", string(token))) | ||
|
||
resp, err := client.Do(req) | ||
if err != nil { | ||
return "", err | ||
} | ||
defer resp.Body.Close() | ||
|
||
body, err := io.ReadAll(resp.Body) | ||
if err != nil { | ||
return "", err | ||
} | ||
|
||
if resp.StatusCode != http.StatusOK { | ||
return "", fmt.Errorf(http.StatusText(resp.StatusCode)) | ||
} | ||
|
||
return string(body), nil | ||
} | ||
|
||
func createStorageClusterPeerTokenSecret(ctx context.Context, client client.Client, scheme *runtime.Scheme, spokeClusterName string, odfOperatorNamespace string, mirrorPeer multiclusterv1alpha1.MirrorPeer, storageClusterRef *v1alpha1.StorageClusterRef) error { | ||
uniqueSecretName := string(mirrorPeer.GetUID()) | ||
var storageClusterPeerTokenSecret corev1.Secret | ||
err := client.Get(ctx, types.NamespacedName{Namespace: spokeClusterName, Name: uniqueSecretName}, &storageClusterPeerTokenSecret) | ||
if err != nil && !errors.IsNotFound(err) { | ||
return fmt.Errorf("got an error. %w", err) | ||
} | ||
if err == nil { | ||
return errors.NewAlreadyExists(corev1.Resource("string"), uniqueSecretName) | ||
} | ||
|
||
token, err := requestStorageClusterPeerToken(ctx, odfOperatorNamespace) | ||
if err != nil { | ||
return fmt.Errorf("unable to generate StorageClusterPeer token. %w", err) | ||
} | ||
|
||
customData := make(map[string][]byte, 2) | ||
customData["storagecluster-peer-token"] = []byte(token) | ||
customData[utils.NamespaceKey] = []byte(storageClusterRef.Namespace) | ||
|
||
expectedStorageClusterPeerTokenSecret, err := generateBlueSecret(corev1.Secret{}, utils.InternalLabel, uniqueSecretName, storageClusterRef.Name, spokeClusterName, customData) | ||
if err != nil { | ||
return fmt.Errorf("unable to generate secret from StorageClusterPeer token. %w", err) | ||
} | ||
|
||
err = controllerutil.SetOwnerReference(&mirrorPeer, expectedStorageClusterPeerTokenSecret, scheme) | ||
if err != nil { | ||
return fmt.Errorf("unable to generate secret from StorageClusterPeer token. %w", err) | ||
} | ||
|
||
return client.Create(ctx, expectedStorageClusterPeerTokenSecret) | ||
} | ||
|
||
func deleteStorageClusterPeerTokenSecret(ctx context.Context, client client.Client, tokenNamespace string, tokenName string) error { | ||
token := &corev1.Secret{ | ||
ObjectMeta: metav1.ObjectMeta{ | ||
Name: tokenName, | ||
Namespace: tokenNamespace, | ||
}, | ||
} | ||
|
||
err := client.Delete(ctx, token) | ||
if err != nil && !errors.IsNotFound(err) { | ||
return err | ||
} | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters