software-engineering/zitadel-k8s-operator
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
14463a5dbeb648f617bc47c0283778a65e602c7e
zitadel-k8s-operator/pkg/controller/secret/controller.go
HaimKortovich da5d944430
Some checks failed
Build and Publish / build-release (push) Failing after 26s
Details
divide operators
2026-04-07 13:41:25 -05:00

94 lines
2.6 KiB
Go
Raw Blame History

package secret
import (
"context"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"fmt"
zitadelv1alpha1 "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/api/v1alpha1"
builder "gitea.corredorconect.com/software-engineering/zitadel-k8s-operator/pkg/builder"
"github.com/sethvargo/go-password/password"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/types"
"sigs.k8s.io/controller-runtime/pkg/client"
)
type SecretReconciler struct {
client.Client
Builder *builder.Builder
}
func NewSecretReconciler(client client.Client, builder *builder.Builder) *SecretReconciler {
return &SecretReconciler{
Client: client,
Builder: builder,
}
}
func (r *SecretReconciler) ReconcileRandomPassword(ctx context.Context, key types.NamespacedName, secretKey string,
zitadel *zitadelv1alpha1.Cluster) (string, error) {
var existingSecret corev1.Secret
if err := r.Get(ctx, key, &existingSecret); err == nil {
return string(existingSecret.Data[secretKey]), nil
}
password, err := password.Generate(32, 4, 2, false, false)
if err != nil {
return "", fmt.Errorf("error generating replication password: %v", err)
}
opts := builder.SecretOpts{
Zitadel: zitadel,
Key: key,
Immutable: true,
Data: map[string][]byte{
secretKey: []byte(password),
},
}
secret, err := r.Builder.BuildSecret(opts, zitadel)
if err != nil {
return "", fmt.Errorf("error building replication password Secret: %v", err)
}
if err := r.Create(ctx, secret); err != nil {
return "", fmt.Errorf("error creating replication password Secret: %v", err)
}
return password, nil
}
func (r *SecretReconciler) ReconcileRandomPrivateRSA(ctx context.Context, key types.NamespacedName, secretKey string,
zitadel *zitadelv1alpha1.Cluster) (string, error) {
var existingSecret corev1.Secret
if err := r.Get(ctx, key, &existingSecret); err == nil {
return string(existingSecret.Data[secretKey]), nil
}
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return "", fmt.Errorf("error generating replication private key: %v", err)
}
privkeyPem := pem.EncodeToMemory(
&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
},
)
opts := builder.SecretOpts{
Zitadel: zitadel,
Key: key,
Immutable: true,
Data: map[string][]byte{
secretKey: privkeyPem,
},
}
secret, err := r.Builder.BuildSecret(opts, zitadel)
if err != nil {
return "", fmt.Errorf("error building replication password Secret: %v", err)
}
if err := r.Create(ctx, secret); err != nil {
return "", fmt.Errorf("error creating replication password Secret: %v", err)
}
return string(privkeyPem), nil
}
Reference in New Issue View Git Blame Copy Permalink