private void EnsureServiceAccountToken(User user) { var groupNamespaceName = user.Spec.GetGroupNamespace(); var tokenName = $"{user.Metadata.Name}-token"; var tokens = _client.ListNamespacedSecret(groupNamespaceName, fieldSelector: $"metadata.name={tokenName}"); if (!tokens.Items.Any()) { var secret = new V1Secret { Metadata = new V1ObjectMeta { Name = tokenName, Labels = new Dictionary <string, string>() { { "kiamol", "ch20" }, }, Annotations = new Dictionary <string, string>() { { "kubernetes.io/service-account.name", user.Metadata.Name }, } }, Type = "kubernetes.io/service-account-token" }; _client.CreateNamespacedSecret(secret, groupNamespaceName); Console.WriteLine($"** Created token: {tokenName}, in group namespace: {groupNamespaceName}"); } else { Console.WriteLine($"** Token exists: {tokenName}, in group namespace: {groupNamespaceName}"); } }
public bool SetPassword(string asset, string account, string password) { if (_client == null) { _logger.Error("No vault connection. Make sure that the plugin has been configured."); return(false); } var vaultNamespace = _defaultNamespace; if (_configuration != null && _configuration.ContainsKey(VaultNamespaceName)) { vaultNamespace = _configuration[VaultNamespaceName]; } var passwordData = new Dictionary <string, string> { { "password", password } }; var data = new Dictionary <string, byte[]>(); V1Secret secret = null; try { secret = _client.ReadNamespacedSecret($"{asset}-{account}", vaultNamespace); } catch (Exception) { // ignored } try { if (secret == null) { secret = new V1Secret() { ApiVersion = "v1", Kind = "Secret", Type = "Opaque", Data = data, StringData = passwordData, Metadata = new V1ObjectMeta() { Name = $"{asset}-{account}", NamespaceProperty = vaultNamespace } }; _client.CreateNamespacedSecret(secret, vaultNamespace); } else { secret.StringData = passwordData; _client.ReplaceNamespacedSecret(secret, $"{asset}-{account}", vaultNamespace); } _logger.Information($"Password for {asset}-{account} has been successfully stored in the vault."); return(true); } catch (Exception ex) { _logger.Error($"Failed to set the secret for {asset}-{account}: {ex.Message}."); return(false); } }