Merge pull request #77211 from dixudx/bootstrap_token_refactor
Bootstrap token refactor
This commit is contained in:
Kubernetes Prow Robot
@@ -26,6 +26,7 @@ go_library(
|
||||
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
|
||||
"//staging/src/k8s.io/cluster-bootstrap/token/api:go_default_library",
|
||||
"//staging/src/k8s.io/cluster-bootstrap/token/util:go_default_library",
|
||||
"//staging/src/k8s.io/cluster-bootstrap/util/secrets:go_default_library",
|
||||
"//vendor/github.com/pkg/errors:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
@@ -27,6 +27,7 @@ import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
bootstrapapi "k8s.io/cluster-bootstrap/token/api"
|
||||
bootstraputil "k8s.io/cluster-bootstrap/token/util"
|
||||
bootstrapsecretutil "k8s.io/cluster-bootstrap/util/secrets"
|
||||
)
|
||||
|
||||
// ToSecret converts the given BootstrapToken object to its Secret representation that
|
||||
@@ -55,7 +56,7 @@ func encodeTokenSecretData(token *BootstrapToken, now time.Time) map[string][]by
|
||||
}
|
||||
|
||||
// If for some strange reason both token.TTL and token.Expires would be set
|
||||
// (they are mutually exlusive in validation so this shouldn't be the case),
|
||||
// (they are mutually exclusive in validation so this shouldn't be the case),
|
||||
// token.Expires has higher priority, as can be seen in the logic here.
|
||||
if token.Expires != nil {
|
||||
// Format the expiration date accordingly
|
||||
@@ -83,7 +84,7 @@ func encodeTokenSecretData(token *BootstrapToken, now time.Time) map[string][]by
|
||||
// BootstrapTokenFromSecret returns a BootstrapToken object from the given Secret
|
||||
func BootstrapTokenFromSecret(secret *v1.Secret) (*BootstrapToken, error) {
|
||||
// Get the Token ID field from the Secret data
|
||||
tokenID := getSecretString(secret, bootstrapapi.BootstrapTokenIDKey)
|
||||
tokenID := bootstrapsecretutil.GetData(secret, bootstrapapi.BootstrapTokenIDKey)
|
||||
if len(tokenID) == 0 {
|
||||
return nil, errors.Errorf("bootstrap Token Secret has no token-id data: %s", secret.Name)
|
||||
}
|
||||
@@ -94,7 +95,7 @@ func BootstrapTokenFromSecret(secret *v1.Secret) (*BootstrapToken, error) {
|
||||
bootstrapapi.BootstrapTokenSecretPrefix, secret.Name, bootstraputil.BootstrapTokenSecretName(tokenID))
|
||||
}
|
||||
|
||||
tokenSecret := getSecretString(secret, bootstrapapi.BootstrapTokenSecretKey)
|
||||
tokenSecret := bootstrapsecretutil.GetData(secret, bootstrapapi.BootstrapTokenSecretKey)
|
||||
if len(tokenSecret) == 0 {
|
||||
return nil, errors.Errorf("bootstrap Token Secret has no token-secret data: %s", secret.Name)
|
||||
}
|
||||
@@ -106,11 +107,11 @@ func BootstrapTokenFromSecret(secret *v1.Secret) (*BootstrapToken, error) {
|
||||
}
|
||||
|
||||
// Get the description (if any) from the Secret
|
||||
description := getSecretString(secret, bootstrapapi.BootstrapTokenDescriptionKey)
|
||||
description := bootstrapsecretutil.GetData(secret, bootstrapapi.BootstrapTokenDescriptionKey)
|
||||
|
||||
// Expiration time is optional, if not specified this implies the token
|
||||
// never expires.
|
||||
secretExpiration := getSecretString(secret, bootstrapapi.BootstrapTokenExpirationKey)
|
||||
secretExpiration := bootstrapsecretutil.GetData(secret, bootstrapapi.BootstrapTokenExpirationKey)
|
||||
var expires *metav1.Time
|
||||
if len(secretExpiration) > 0 {
|
||||
expTime, err := time.Parse(time.RFC3339, secretExpiration)
|
||||
@@ -142,7 +143,7 @@ func BootstrapTokenFromSecret(secret *v1.Secret) (*BootstrapToken, error) {
|
||||
// It's done this way to make .Groups be nil in case there is no items, rather than an
|
||||
// empty slice or an empty slice with a "" string only
|
||||
var groups []string
|
||||
groupsString := getSecretString(secret, bootstrapapi.BootstrapTokenExtraGroupsKey)
|
||||
groupsString := bootstrapsecretutil.GetData(secret, bootstrapapi.BootstrapTokenExtraGroupsKey)
|
||||
g := strings.Split(groupsString, ",")
|
||||
if len(g) > 0 && len(g[0]) > 0 {
|
||||
groups = g
|
||||
@@ -156,14 +157,3 @@ func BootstrapTokenFromSecret(secret *v1.Secret) (*BootstrapToken, error) {
|
||||
Groups: groups,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// getSecretString returns the string value for the given key in the specified Secret
|
||||
func getSecretString(secret *v1.Secret, key string) string {
|
||||
if secret.Data == nil {
|
||||
return ""
|
||||
}
|
||||
if val, ok := secret.Data[key]; ok {
|
||||
return string(val)
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
@@ -454,55 +454,3 @@ func jsonMarshal(bt *BootstrapToken) string {
|
||||
b, _ := json.Marshal(*bt)
|
||||
return string(b)
|
||||
}
|
||||
|
||||
func TestGetSecretString(t *testing.T) {
|
||||
var tests = []struct {
|
||||
name string
|
||||
secret *v1.Secret
|
||||
key string
|
||||
expectedVal string
|
||||
}{
|
||||
{
|
||||
name: "existing key",
|
||||
secret: &v1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
|
||||
Data: map[string][]byte{
|
||||
"foo": []byte("bar"),
|
||||
},
|
||||
},
|
||||
key: "foo",
|
||||
expectedVal: "bar",
|
||||
},
|
||||
{
|
||||
name: "non-existing key",
|
||||
secret: &v1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
|
||||
Data: map[string][]byte{
|
||||
"foo": []byte("bar"),
|
||||
},
|
||||
},
|
||||
key: "baz",
|
||||
expectedVal: "",
|
||||
},
|
||||
{
|
||||
name: "no data",
|
||||
secret: &v1.Secret{
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "foo"},
|
||||
},
|
||||
key: "foo",
|
||||
expectedVal: "",
|
||||
},
|
||||
}
|
||||
for _, rt := range tests {
|
||||
t.Run(rt.name, func(t *testing.T) {
|
||||
actual := getSecretString(rt.secret, rt.key)
|
||||
if actual != rt.expectedVal {
|
||||
t.Errorf(
|
||||
"failed getSecretString:\n\texpected: %s\n\t actual: %s",
|
||||
rt.expectedVal,
|
||||
actual,
|
||||
)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user