private async Task HandleModify(KamusSecret kamusSecret) { var secret = await CreateSecret(kamusSecret); var secretPatch = new JsonPatchDocument <V1Secret>(); secretPatch.Replace(e => e.Data, secret.Data); secretPatch.Replace(e => e.StringData, secret.StringData); try { var createdSecret = await mKubernetes.PatchNamespacedSecretAsync( new V1Patch(secretPatch), kamusSecret.Metadata.Name, secret.Metadata.NamespaceProperty ); } catch (HttpOperationException httpOperationException) { var phase = httpOperationException.Response.ReasonPhrase; var content = httpOperationException.Response.Content; mLogger.Warning( "PatchNamespacedSecretAsync failed, reason {reason}, error {error}", phase, content); } mAuditLogger.Information("Updated a secret from KamusSecret {name} in namespace {namespace} successfully.", kamusSecret.Metadata.Name, secret.Metadata.NamespaceProperty); }
private async Task <V1Secret> CreateSecret(KamusSecret kamusSecret) { var @namespace = kamusSecret.Metadata.NamespaceProperty ?? "default"; var serviceAccount = kamusSecret.ServiceAccount; var id = $"{@namespace}:{serviceAccount}"; mLogger.Debug("Starting decrypting KamusSecret items. KamusSecret {name} in namespace {namespace}", kamusSecret.Metadata.Name, @namespace); Action <Exception, string> errorHandler = (e, key) => mLogger.Error(e, "Failed to decrypt KamusSecret key {key}. KamusSecret {name} in namespace {namespace}", key, kamusSecret.Metadata.Name, @namespace); var decryptedData = await mKeyManagement.DecryptItems(kamusSecret.Data, id, errorHandler, Convert.FromBase64String); var decryptedStringData = await mKeyManagement.DecryptItems(kamusSecret.StringData, id, errorHandler, x => x); mLogger.Debug("KamusSecret items decrypted successfully. KamusSecret {name} in namespace {namespace}", kamusSecret.Metadata.Name, @namespace); var ownerReference = !mSetOwnerReference ? new V1OwnerReference[0] : new[] { new V1OwnerReference { ApiVersion = kamusSecret.ApiVersion, Kind = kamusSecret.Kind, Name = kamusSecret.Metadata.Name, Uid = kamusSecret.Metadata.Uid, Controller = true, BlockOwnerDeletion = true, } }; IDictionary <string, string> annotations = null; if (kamusSecret.PropagateAnnotations) { annotations = kamusSecret.Metadata.Annotations; annotations.Remove("kubectl.kubernetes.io/last-applied-configuration"); } return(new V1Secret { Metadata = new V1ObjectMeta { Name = kamusSecret.Metadata.Name, NamespaceProperty = @namespace, Labels = kamusSecret.Metadata.Labels, Annotations = annotations, OwnerReferences = ownerReference }, Type = kamusSecret.Type, StringData = decryptedStringData, Data = decryptedData }); }
private async Task HandleAdd(KamusSecret kamusSecret, bool isUpdate = false) { var secret = await CreateSecret(kamusSecret); try { var createdSecret = await mKubernetes.CreateNamespacedSecretAsync(secret, secret.Metadata.NamespaceProperty); } catch (HttpOperationException httpOperationException) { // Usually happens on controller start when enumerating all existing KamusSecret and validating their secret existence if (httpOperationException.Response.StatusCode == HttpStatusCode.Conflict) { mLogger.Debug("Cannot CreateNamespacedSecretAsync, secret already exists"); return; } var phase = httpOperationException.Response.ReasonPhrase; var content = httpOperationException.Response.Content; mLogger.Warning( "CreateNamespacedSecretAsync failed, reason {reason}, error {error}", phase, content); } mAuditLogger.Information("Created a secret from KamusSecret {name} in namespace {namespace} successfully.", kamusSecret.Metadata.Name, secret.Metadata.NamespaceProperty); }
private async Task <V1Secret> CreateSecret(KamusSecret kamusSecret) { var @namespace = kamusSecret.Metadata.NamespaceProperty ?? "default"; var serviceAccount = kamusSecret.ServiceAccount; var id = $"{@namespace}:{serviceAccount}"; mLogger.Debug("Starting decrypting KamusSecret items. KamusSecret {name} in namespace {namespace}", kamusSecret.Metadata.Name, @namespace); Action <Exception, string> errorHandler = (e, key) => mLogger.Error(e, "Failed to decrypt KamusSecret key {key}. KamusSecret {name} in namespace {namespace}", key, kamusSecret.Metadata.Name, @namespace); var decryptedStrings = await mKeyManagement.DecryptItems(kamusSecret.Data, id, errorHandler, x => x); mLogger.Debug("KamusSecret items decrypted successfully. KamusSecret {name} in namespace {namespace}", kamusSecret.Metadata.Name, @namespace); return(new V1Secret { Metadata = new V1ObjectMeta { Name = kamusSecret.Metadata.Name, NamespaceProperty = @namespace }, Type = kamusSecret.Type, StringData = decryptedStrings }); }
private async Task HandleAdd(KamusSecret kamusSecret, bool isUpdate = false) { var secret = await CreateSecret(kamusSecret); var createdSecret = await mKubernetes.CreateNamespacedSecretAsync(secret, secret.Metadata.NamespaceProperty); mAuditLogger.Information("Created a secret from KamusSecret {name} in namespace {namespace} successfully.", kamusSecret.Metadata.Name, secret.Metadata.NamespaceProperty); }
private async Task HandleAdd(KamusSecret kamusSecret) { var @namespace = kamusSecret.Metadata.NamespaceProperty ?? "default"; var serviceAccount = kamusSecret.ServiceAccount; var id = $"{@namespace}:{serviceAccount}"; var decryptedItems = new Dictionary <string, string>(); mLogger.Debug("Starting decrypting KamusSecret items. KamusSecret {name} in namesapce {namespace}", kamusSecret.Metadata.Name, @namespace); foreach (var item in kamusSecret.Data) { try { var decrypted = await mKeyManagement.Decrypt(item.Value, id); decryptedItems.Add(item.Key, decrypted); } catch (Exception e) { Log.Error(e, "Failed to decrypt KamusSecret key {key}. KamusSecret {name} in namesapce {namespace}", item.Key, kamusSecret.Metadata.Name, @namespace); return; } } mLogger.Debug("KamusSecret items decrypted successfully. KamusSecret {name} in namesapce {namespace}", kamusSecret.Metadata.Name, @namespace); var secret = new V1Secret { Metadata = new V1ObjectMeta { Name = kamusSecret.Metadata.Name, NamespaceProperty = @namespace }, Type = kamusSecret.Type, StringData = decryptedItems }; await mKubernetes.CreateNamespacedSecretAsync(secret, @namespace); mAuditLogger.Information("Created a secret from KamusSecret {name} in namesapce {namespace successfully.", kamusSecret.Metadata.Name, @namespace); }
private async Task <V1Secret> CreateSecret(KamusSecret kamusSecret) { var @namespace = kamusSecret.Metadata.NamespaceProperty ?? "default"; var serviceAccount = kamusSecret.ServiceAccount; var id = $"{@namespace}:{serviceAccount}"; mLogger.Debug("Starting decrypting KamusSecret items. KamusSecret {name} in namespace {namespace}", kamusSecret.Metadata.Name, @namespace); Action <Exception, string> errorHandler = (e, key) => mLogger.Error(e, "Failed to decrypt KamusSecret key {key}. KamusSecret {name} in namespace {namespace}", key, kamusSecret.Metadata.Name, @namespace); var decryptedData = await mKeyManagement.DecryptItems(kamusSecret.Data, id, errorHandler, Convert.FromBase64String); var decryptedStringData = await mKeyManagement.DecryptItems(kamusSecret.StringData, id, errorHandler, x => x); mLogger.Debug("KamusSecret items decrypted successfully. KamusSecret {name} in namespace {namespace}", kamusSecret.Metadata.Name, @namespace); var ownerReference = !this.mSetOwnerReference ? new V1OwnerReference[0] : new[] { new V1OwnerReference { ApiVersion = kamusSecret.ApiVersion, Kind = kamusSecret.Kind, Name = kamusSecret.Metadata.Name, Uid = kamusSecret.Metadata.Uid, Controller = true, BlockOwnerDeletion = true, } }; return(new V1Secret { Metadata = new V1ObjectMeta { Name = kamusSecret.Metadata.Name, NamespaceProperty = @namespace, OwnerReferences = ownerReference }, Type = kamusSecret.Type, StringData = decryptedStringData, Data = decryptedData }); }
private async Task HandleModify(KamusSecret kamusSecret) { var secret = await CreateSecret(kamusSecret); var secretPatch = new JsonPatchDocument <V1Secret>(); secretPatch.Replace(e => e.StringData, secret.StringData); var createdSecret = await mKubernetes.PatchNamespacedSecretAsync( new V1Patch(secretPatch), kamusSecret.Metadata.Name, secret.Metadata.NamespaceProperty ); mAuditLogger.Information("Updated a secret from KamusSecret {name} in namespace {namespace} successfully.", kamusSecret.Metadata.Name, secret.Metadata.NamespaceProperty); }
private async Task <V1Secret> CreateSecret(KamusSecret kamusSecret) { var @namespace = kamusSecret.Metadata.NamespaceProperty ?? "default"; var serviceAccount = kamusSecret.ServiceAccount; var id = $"{@namespace}:{serviceAccount}"; var decryptedItems = new Dictionary <string, string>(); mLogger.Debug("Starting decrypting KamusSecret items. KamusSecret {name} in namespace {namespace}", kamusSecret.Metadata.Name, @namespace); foreach (var(key, value) in kamusSecret.Data) { try { var decrypted = await mKeyManagement.Decrypt(value, id); decryptedItems.Add(key, decrypted); } catch (Exception e) { mLogger.Error(e, "Failed to decrypt KamusSecret key {key}. KamusSecret {name} in namespace {namespace}", key, kamusSecret.Metadata.Name, @namespace); } } mLogger.Debug("KamusSecret items decrypted successfully. KamusSecret {name} in namespace {namespace}", kamusSecret.Metadata.Name, @namespace); return(new V1Secret { Metadata = new V1ObjectMeta { Name = kamusSecret.Metadata.Name, NamespaceProperty = @namespace }, Type = kamusSecret.Type, StringData = decryptedItems }); }
private async Task HandleEvent(WatchEventType @event, KamusSecret kamusSecret) { try { mLogger.Information("Handling event of type {type}. KamusSecret {name} in namespace {namespace}", @event.ToString(), kamusSecret.Metadata.Name, kamusSecret.Metadata.NamespaceProperty ?? "default"); switch (@event) { case WatchEventType.Added: await HandleAdd(kamusSecret); return; case WatchEventType.Deleted: await HandleDelete(kamusSecret); return; case WatchEventType.Modified: await HandleModify(kamusSecret); return; default: mLogger.Warning( "Event of type {type} is not supported. KamusSecret {name} in namespace {namespace}", @event.ToString(), kamusSecret.Metadata.Name, kamusSecret.Metadata.NamespaceProperty ?? "default"); return; } } catch (Exception e) { mLogger.Error(e, "Error while handling KamusSecret event of type {eventType}, for KamusSecret {name} on namespace {namespace}", @event.ToString(), kamusSecret.Metadata.Name, kamusSecret.Metadata.NamespaceProperty ?? "default"); } }
private async Task HandleEvent(WatchEventType @event, KamusSecret kamusSecret) { try { mLogger.Information("Handling event of type {type}. KamusSecret {name} in namespace {namespace}", @event.ToString(), kamusSecret.Metadata.Name, kamusSecret.Metadata.NamespaceProperty ?? "default"); mMetrics.Measure.Counter.Increment(Counters.EventReceived, new MetricTags(new[] { "event_type", "controller" }, new[] { @event.ToString(), "V1Alpha2" })); switch (@event) { case WatchEventType.Added: await HandleAdd(kamusSecret); return; case WatchEventType.Deleted: //Ignore delete event - it's handled by k8s GC; return; case WatchEventType.Modified: await HandleModify(kamusSecret); return; default: mLogger.Warning( "Event of type {type} is not supported. KamusSecret {name} in namespace {namespace}", @event.ToString(), kamusSecret.Metadata.Name, kamusSecret.Metadata.NamespaceProperty ?? "default"); return; } } catch (Exception e) { mLogger.Error(e, "Error while handling KamusSecret event of type {eventType}, for KamusSecret {name} on namespace {namespace}", @event.ToString(), kamusSecret.Metadata.Name, kamusSecret.Metadata.NamespaceProperty ?? "default"); } }
private async Task HandleAdd(KamusSecret kamusSecret, bool isUpdate = false) { var secret = await CreateSecret(kamusSecret); try { var createdSecret = await mKubernetes.CreateNamespacedSecretAsync(secret, secret.Metadata.NamespaceProperty); } catch (Microsoft.Rest.HttpOperationException httpOperationException) { var phase = httpOperationException.Response.ReasonPhrase; var content = httpOperationException.Response.Content; mLogger.Warning( "CreateNamespacedSecretAsync failed, reason {reason}, error {error}", phase, content); } mAuditLogger.Information("Created a secret from KamusSecret {name} in namespace {namespace} successfully.", kamusSecret.Metadata.Name, secret.Metadata.NamespaceProperty); }
private async Task HandleDelete(KamusSecret kamusSecret) { var @namespace = kamusSecret.Metadata.NamespaceProperty ?? "default"; await mKubernetes.DeleteNamespacedSecretAsync(kamusSecret.Metadata.Name, @namespace); }