private async Task HandleModify(KamusSecret kamusSecret)
{
var secret = await CreateSecret(kamusSecret);
var secretPatch = new JsonPatchDocument <V1Secret>();
secretPatch.Replace(e => e.Data, secret.Data);
secretPatch.Replace(e => e.StringData, secret.StringData);
try
{
var createdSecret = await mKubernetes.PatchNamespacedSecretAsync(
new V1Patch(secretPatch),
kamusSecret.Metadata.Name,
secret.Metadata.NamespaceProperty
);
}
catch (HttpOperationException httpOperationException)
{
var phase = httpOperationException.Response.ReasonPhrase;
var content = httpOperationException.Response.Content;
mLogger.Warning(
"PatchNamespacedSecretAsync failed, reason {reason}, error {error}",
phase,
content);
}
mAuditLogger.Information("Updated a secret from KamusSecret {name} in namespace {namespace} successfully.",
kamusSecret.Metadata.Name,
secret.Metadata.NamespaceProperty);
}
private async Task <V1Secret> CreateSecret(KamusSecret kamusSecret)
{
var @namespace = kamusSecret.Metadata.NamespaceProperty ?? "default";
var serviceAccount = kamusSecret.ServiceAccount;
var id = $"{@namespace}:{serviceAccount}";
mLogger.Debug("Starting decrypting KamusSecret items. KamusSecret {name} in namespace {namespace}",
kamusSecret.Metadata.Name,
@namespace);
Action <Exception, string> errorHandler = (e, key) => mLogger.Error(e,
"Failed to decrypt KamusSecret key {key}. KamusSecret {name} in namespace {namespace}",
key,
kamusSecret.Metadata.Name,
@namespace);
var decryptedData = await mKeyManagement.DecryptItems(kamusSecret.Data, id, errorHandler, Convert.FromBase64String);
var decryptedStringData = await mKeyManagement.DecryptItems(kamusSecret.StringData, id, errorHandler, x => x);
mLogger.Debug("KamusSecret items decrypted successfully. KamusSecret {name} in namespace {namespace}",
kamusSecret.Metadata.Name,
@namespace);
var ownerReference = !mSetOwnerReference ? new V1OwnerReference[0] : new[]
{
new V1OwnerReference
{
ApiVersion = kamusSecret.ApiVersion,
Kind = kamusSecret.Kind,
Name = kamusSecret.Metadata.Name,
Uid = kamusSecret.Metadata.Uid,
Controller = true,
BlockOwnerDeletion = true,
}
};
IDictionary <string, string> annotations = null;
if (kamusSecret.PropagateAnnotations)
{
annotations = kamusSecret.Metadata.Annotations;
annotations.Remove("kubectl.kubernetes.io/last-applied-configuration");
}
return(new V1Secret
{
Metadata = new V1ObjectMeta
{
Name = kamusSecret.Metadata.Name,
NamespaceProperty = @namespace,
Labels = kamusSecret.Metadata.Labels,
Annotations = annotations,
OwnerReferences = ownerReference
},
Type = kamusSecret.Type,
StringData = decryptedStringData,
Data = decryptedData
});
}
private async Task HandleAdd(KamusSecret kamusSecret, bool isUpdate = false)
{
var secret = await CreateSecret(kamusSecret);
try
{
var createdSecret =
await mKubernetes.CreateNamespacedSecretAsync(secret, secret.Metadata.NamespaceProperty);
}
catch (HttpOperationException httpOperationException)
{
// Usually happens on controller start when enumerating all existing KamusSecret and validating their secret existence
if (httpOperationException.Response.StatusCode == HttpStatusCode.Conflict)
{
mLogger.Debug("Cannot CreateNamespacedSecretAsync, secret already exists");
return;
}
var phase = httpOperationException.Response.ReasonPhrase;
var content = httpOperationException.Response.Content;
mLogger.Warning(
"CreateNamespacedSecretAsync failed, reason {reason}, error {error}",
phase,
content);
}
mAuditLogger.Information("Created a secret from KamusSecret {name} in namespace {namespace} successfully.",
kamusSecret.Metadata.Name,
secret.Metadata.NamespaceProperty);
}
private async Task <V1Secret> CreateSecret(KamusSecret kamusSecret)
{
var @namespace = kamusSecret.Metadata.NamespaceProperty ?? "default";
var serviceAccount = kamusSecret.ServiceAccount;
var id = $"{@namespace}:{serviceAccount}";
mLogger.Debug("Starting decrypting KamusSecret items. KamusSecret {name} in namespace {namespace}",
kamusSecret.Metadata.Name,
@namespace);
Action <Exception, string> errorHandler = (e, key) => mLogger.Error(e,
"Failed to decrypt KamusSecret key {key}. KamusSecret {name} in namespace {namespace}",
key,
kamusSecret.Metadata.Name,
@namespace);
var decryptedStrings = await mKeyManagement.DecryptItems(kamusSecret.Data, id, errorHandler, x => x);
mLogger.Debug("KamusSecret items decrypted successfully. KamusSecret {name} in namespace {namespace}",
kamusSecret.Metadata.Name,
@namespace);
return(new V1Secret
{
Metadata = new V1ObjectMeta
{
Name = kamusSecret.Metadata.Name,
NamespaceProperty = @namespace
},
Type = kamusSecret.Type,
StringData = decryptedStrings
});
}
private async Task HandleAdd(KamusSecret kamusSecret, bool isUpdate = false)
{
var secret = await CreateSecret(kamusSecret);
var createdSecret =
await mKubernetes.CreateNamespacedSecretAsync(secret, secret.Metadata.NamespaceProperty);
mAuditLogger.Information("Created a secret from KamusSecret {name} in namespace {namespace} successfully.",
kamusSecret.Metadata.Name,
secret.Metadata.NamespaceProperty);
}
private async Task HandleAdd(KamusSecret kamusSecret)
{
var @namespace = kamusSecret.Metadata.NamespaceProperty ?? "default";
var serviceAccount = kamusSecret.ServiceAccount;
var id = $"{@namespace}:{serviceAccount}";
var decryptedItems = new Dictionary <string, string>();
mLogger.Debug("Starting decrypting KamusSecret items. KamusSecret {name} in namesapce {namespace}",
kamusSecret.Metadata.Name,
@namespace);
foreach (var item in kamusSecret.Data)
{
try
{
var decrypted = await mKeyManagement.Decrypt(item.Value, id);
decryptedItems.Add(item.Key, decrypted);
}
catch (Exception e)
{
Log.Error(e, "Failed to decrypt KamusSecret key {key}. KamusSecret {name} in namesapce {namespace}",
item.Key,
kamusSecret.Metadata.Name,
@namespace);
return;
}
}
mLogger.Debug("KamusSecret items decrypted successfully. KamusSecret {name} in namesapce {namespace}",
kamusSecret.Metadata.Name,
@namespace);
var secret = new V1Secret
{
Metadata = new V1ObjectMeta
{
Name = kamusSecret.Metadata.Name,
NamespaceProperty = @namespace
},
Type = kamusSecret.Type,
StringData = decryptedItems
};
await mKubernetes.CreateNamespacedSecretAsync(secret, @namespace);
mAuditLogger.Information("Created a secret from KamusSecret {name} in namesapce {namespace successfully.",
kamusSecret.Metadata.Name,
@namespace);
}
private async Task <V1Secret> CreateSecret(KamusSecret kamusSecret)
{
var @namespace = kamusSecret.Metadata.NamespaceProperty ?? "default";
var serviceAccount = kamusSecret.ServiceAccount;
var id = $"{@namespace}:{serviceAccount}";
mLogger.Debug("Starting decrypting KamusSecret items. KamusSecret {name} in namespace {namespace}",
kamusSecret.Metadata.Name,
@namespace);
Action <Exception, string> errorHandler = (e, key) => mLogger.Error(e,
"Failed to decrypt KamusSecret key {key}. KamusSecret {name} in namespace {namespace}",
key,
kamusSecret.Metadata.Name,
@namespace);
var decryptedData = await mKeyManagement.DecryptItems(kamusSecret.Data, id, errorHandler, Convert.FromBase64String);
var decryptedStringData = await mKeyManagement.DecryptItems(kamusSecret.StringData, id, errorHandler, x => x);
mLogger.Debug("KamusSecret items decrypted successfully. KamusSecret {name} in namespace {namespace}",
kamusSecret.Metadata.Name,
@namespace);
var ownerReference = !this.mSetOwnerReference ? new V1OwnerReference[0] : new[]
{
new V1OwnerReference
{
ApiVersion = kamusSecret.ApiVersion,
Kind = kamusSecret.Kind,
Name = kamusSecret.Metadata.Name,
Uid = kamusSecret.Metadata.Uid,
Controller = true,
BlockOwnerDeletion = true,
}
};
return(new V1Secret
{
Metadata = new V1ObjectMeta
{
Name = kamusSecret.Metadata.Name,
NamespaceProperty = @namespace,
OwnerReferences = ownerReference
},
Type = kamusSecret.Type,
StringData = decryptedStringData,
Data = decryptedData
});
}
private async Task HandleModify(KamusSecret kamusSecret)
{
var secret = await CreateSecret(kamusSecret);
var secretPatch = new JsonPatchDocument <V1Secret>();
secretPatch.Replace(e => e.StringData, secret.StringData);
var createdSecret = await mKubernetes.PatchNamespacedSecretAsync(
new V1Patch(secretPatch),
kamusSecret.Metadata.Name,
secret.Metadata.NamespaceProperty
);
mAuditLogger.Information("Updated a secret from KamusSecret {name} in namespace {namespace} successfully.",
kamusSecret.Metadata.Name,
secret.Metadata.NamespaceProperty);
}
private async Task <V1Secret> CreateSecret(KamusSecret kamusSecret)
{
var @namespace = kamusSecret.Metadata.NamespaceProperty ?? "default";
var serviceAccount = kamusSecret.ServiceAccount;
var id = $"{@namespace}:{serviceAccount}";
var decryptedItems = new Dictionary <string, string>();
mLogger.Debug("Starting decrypting KamusSecret items. KamusSecret {name} in namespace {namespace}",
kamusSecret.Metadata.Name,
@namespace);
foreach (var(key, value) in kamusSecret.Data)
{
try
{
var decrypted = await mKeyManagement.Decrypt(value, id);
decryptedItems.Add(key, decrypted);
}
catch (Exception e)
{
mLogger.Error(e,
"Failed to decrypt KamusSecret key {key}. KamusSecret {name} in namespace {namespace}",
key,
kamusSecret.Metadata.Name,
@namespace);
}
}
mLogger.Debug("KamusSecret items decrypted successfully. KamusSecret {name} in namespace {namespace}",
kamusSecret.Metadata.Name,
@namespace);
return(new V1Secret
{
Metadata = new V1ObjectMeta
{
Name = kamusSecret.Metadata.Name,
NamespaceProperty = @namespace
},
Type = kamusSecret.Type,
StringData = decryptedItems
});
}
private async Task HandleEvent(WatchEventType @event, KamusSecret kamusSecret)
{
try
{
mLogger.Information("Handling event of type {type}. KamusSecret {name} in namespace {namespace}",
@event.ToString(),
kamusSecret.Metadata.Name,
kamusSecret.Metadata.NamespaceProperty ?? "default");
switch (@event)
{
case WatchEventType.Added:
await HandleAdd(kamusSecret);
return;
case WatchEventType.Deleted:
await HandleDelete(kamusSecret);
return;
case WatchEventType.Modified:
await HandleModify(kamusSecret);
return;
default:
mLogger.Warning(
"Event of type {type} is not supported. KamusSecret {name} in namespace {namespace}",
@event.ToString(),
kamusSecret.Metadata.Name,
kamusSecret.Metadata.NamespaceProperty ?? "default");
return;
}
}
catch (Exception e)
{
mLogger.Error(e,
"Error while handling KamusSecret event of type {eventType}, for KamusSecret {name} on namespace {namespace}",
@event.ToString(),
kamusSecret.Metadata.Name,
kamusSecret.Metadata.NamespaceProperty ?? "default");
}
}
private async Task HandleEvent(WatchEventType @event, KamusSecret kamusSecret)
{
try
{
mLogger.Information("Handling event of type {type}. KamusSecret {name} in namespace {namespace}",
@event.ToString(),
kamusSecret.Metadata.Name,
kamusSecret.Metadata.NamespaceProperty ?? "default");
mMetrics.Measure.Counter.Increment(Counters.EventReceived, new MetricTags(new[] { "event_type", "controller" }, new[] { @event.ToString(), "V1Alpha2" }));
switch (@event)
{
case WatchEventType.Added:
await HandleAdd(kamusSecret);
return;
case WatchEventType.Deleted:
//Ignore delete event - it's handled by k8s GC;
return;
case WatchEventType.Modified:
await HandleModify(kamusSecret);
return;
default:
mLogger.Warning(
"Event of type {type} is not supported. KamusSecret {name} in namespace {namespace}",
@event.ToString(),
kamusSecret.Metadata.Name,
kamusSecret.Metadata.NamespaceProperty ?? "default");
return;
}
}
catch (Exception e)
{
mLogger.Error(e,
"Error while handling KamusSecret event of type {eventType}, for KamusSecret {name} on namespace {namespace}",
@event.ToString(),
kamusSecret.Metadata.Name,
kamusSecret.Metadata.NamespaceProperty ?? "default");
}
}
private async Task HandleAdd(KamusSecret kamusSecret, bool isUpdate = false)
{
var secret = await CreateSecret(kamusSecret);
try
{
var createdSecret =
await mKubernetes.CreateNamespacedSecretAsync(secret, secret.Metadata.NamespaceProperty);
}
catch (Microsoft.Rest.HttpOperationException httpOperationException)
{
var phase = httpOperationException.Response.ReasonPhrase;
var content = httpOperationException.Response.Content;
mLogger.Warning(
"CreateNamespacedSecretAsync failed, reason {reason}, error {error}",
phase,
content);
}
mAuditLogger.Information("Created a secret from KamusSecret {name} in namespace {namespace} successfully.",
kamusSecret.Metadata.Name,
secret.Metadata.NamespaceProperty);
}
private async Task HandleDelete(KamusSecret kamusSecret)
{
var @namespace = kamusSecret.Metadata.NamespaceProperty ?? "default";
await mKubernetes.DeleteNamespacedSecretAsync(kamusSecret.Metadata.Name, @namespace);
}
