This commit is contained in:
93
pkg/controller/secret/controller.go
Normal file
93
pkg/controller/secret/controller.go
Normal file
@@ -0,0 +1,93 @@
|
||||
package secret
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
|
||||
zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1"
|
||||
builder "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/builder"
|
||||
"github.com/sethvargo/go-password/password"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
"sigs.k8s.io/controller-runtime/pkg/client"
|
||||
)
|
||||
|
||||
type SecretReconciler struct {
|
||||
client.Client
|
||||
Builder *builder.Builder
|
||||
}
|
||||
|
||||
func NewSecretReconciler(client client.Client, builder *builder.Builder) *SecretReconciler {
|
||||
return &SecretReconciler{
|
||||
Client: client,
|
||||
Builder: builder,
|
||||
}
|
||||
}
|
||||
|
||||
func (r *SecretReconciler) ReconcileRandomPassword(ctx context.Context, key types.NamespacedName, secretKey string,
|
||||
zitadel *zitadelv1alpha1.Cluster) (string, error) {
|
||||
var existingSecret corev1.Secret
|
||||
if err := r.Get(ctx, key, &existingSecret); err == nil {
|
||||
return string(existingSecret.Data[secretKey]), nil
|
||||
}
|
||||
password, err := password.Generate(32, 4, 2, false, false)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("error generating replication password: %v", err)
|
||||
}
|
||||
opts := builder.SecretOpts{
|
||||
Zitadel: zitadel,
|
||||
Key: key,
|
||||
Immutable: true,
|
||||
Data: map[string][]byte{
|
||||
secretKey: []byte(password),
|
||||
},
|
||||
}
|
||||
secret, err := r.Builder.BuildSecret(opts, zitadel)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("error building replication password Secret: %v", err)
|
||||
}
|
||||
if err := r.Create(ctx, secret); err != nil {
|
||||
return "", fmt.Errorf("error creating replication password Secret: %v", err)
|
||||
}
|
||||
|
||||
return password, nil
|
||||
}
|
||||
|
||||
func (r *SecretReconciler) ReconcileRandomPrivateRSA(ctx context.Context, key types.NamespacedName, secretKey string,
|
||||
zitadel *zitadelv1alpha1.Cluster) (string, error) {
|
||||
var existingSecret corev1.Secret
|
||||
if err := r.Get(ctx, key, &existingSecret); err == nil {
|
||||
return string(existingSecret.Data[secretKey]), nil
|
||||
}
|
||||
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("error generating replication private key: %v", err)
|
||||
}
|
||||
privkeyPem := pem.EncodeToMemory(
|
||||
&pem.Block{
|
||||
Type: "RSA PRIVATE KEY",
|
||||
Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
|
||||
},
|
||||
)
|
||||
opts := builder.SecretOpts{
|
||||
Zitadel: zitadel,
|
||||
Key: key,
|
||||
Immutable: true,
|
||||
Data: map[string][]byte{
|
||||
secretKey: privkeyPem,
|
||||
},
|
||||
}
|
||||
secret, err := r.Builder.BuildSecret(opts, zitadel)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("error building replication password Secret: %v", err)
|
||||
}
|
||||
if err := r.Create(ctx, secret); err != nil {
|
||||
return "", fmt.Errorf("error creating replication password Secret: %v", err)
|
||||
}
|
||||
|
||||
return string(privkeyPem), nil
|
||||
}
|
||||
Reference in New Issue
Block a user