/// <summary>
/// Find the server's associated Secret for credentials.
/// </summary>
/// <returns>
/// The Secret, or <c>null</c> if it was not found.
/// </returns>
public async Task <SecretV1> FindCredentialsSecret()
{
RequireCurrentState();
List <SecretV1> matchingSecrets = await KubeClient.SecretsV1().List(
labelSelector: $"cloud.dimensiondata.daas.server-id = {State.Id}, cloud.dimensiondata.daas.secret-type = credentials",
kubeNamespace: KubeOptions.KubeNamespace
);
if (matchingSecrets.Count == 0)
{
return(null);
}
return(matchingSecrets[matchingSecrets.Count - 1]);
}
/// <summary>
/// Ensure that a Secret for credentials does not exist for the specified database server.
/// </summary>
/// <returns>
/// <c>true</c>, if the controller is now absent; otherwise, <c>false</c>.
/// </returns>
public async Task <bool> EnsureCredentialsSecretAbsent()
{
RequireCurrentState();
SecretV1 credentialsSecret = await FindCredentialsSecret();
if (credentialsSecret == null)
{
return(true);
}
Log.LogInformation("Deleting credentials secret {SecretName} for server {ServerId}...",
credentialsSecret.Metadata.Name,
State.Id
);
try
{
await KubeClient.SecretsV1().Delete(
name: credentialsSecret.Metadata.Name,
kubeNamespace: KubeOptions.KubeNamespace
);
}
catch (HttpRequestException <StatusV1> deleteFailed)
{
Log.LogError("Failed to delete credentials secret {SecretName} for server {ServerId} (Message:{FailureMessage}, Reason:{FailureReason}).",
credentialsSecret.Metadata.Name,
State.Id,
deleteFailed.Response.Message,
deleteFailed.Response.Reason
);
return(false);
}
Log.LogInformation("Deleted credentials secret {SecretName} for server {ServerId}.",
credentialsSecret.Metadata.Name,
State.Id
);
return(true);
}
/// <summary>
/// Ensure that a Secret for data exists for the specified database server.
/// </summary>
/// <returns>
/// The Secret resource, as a <see cref="SecretV1"/>.
/// </returns>
public async Task <SecretV1> EnsureCredentialsSecretPresent()
{
RequireCurrentState();
SecretV1 existingSecret = await FindCredentialsSecret();
if (existingSecret != null)
{
Log.LogInformation("Found existing credentials secret {SecretName} for server {ServerId}.",
existingSecret.Metadata.Name,
State.Id
);
return(existingSecret);
}
Log.LogInformation("Creating credentials secret for server {ServerId}...",
State.Id
);
Log.LogInformation("Requesting X.509 certificate...");
CertificateCredentials serverCertificate = await RequestServerCertificate();
SecretV1 createdSecret = await KubeClient.SecretsV1().Create(
KubeResources.CredentialsSecret(State, serverCertificate,
kubeNamespace: KubeOptions.KubeNamespace
)
);
Log.LogInformation("Successfully created credentials secret {SecretName} for server {ServerId}.",
createdSecret.Metadata.Name,
State.Id
);
return(createdSecret);
}