Java Code Examples for io.fabric8.kubernetes.api.model.Secret#getData()
The following examples show how to use
io.fabric8.kubernetes.api.model.Secret#getData() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ModelUtils.java From strimzi-kafka-operator with Apache License 2.0 | 6 votes |
|
/**
* Compares two Secrets with certificates and checks whether any value for a key which exists in both Secrets
* changed. This method is used to evaluate whether rolling update of existing brokers is needed when secrets with
* certificates change. It separates changes for existing certificates with other changes to the secret such as
* added or removed certificates (scale-up or scale-down).
*
* @param current Existing secret
* @param desired Desired secret
*
* @return True if there is a key which exists in the data sections of both secrets and which changed.
*/
public static boolean doExistingCertificatesDiffer(Secret current, Secret desired) {
Map<String, String> currentData = current.getData();
Map<String, String> desiredData = desired.getData();
for (Map.Entry<String, String> entry : currentData.entrySet()) {
String desiredValue = desiredData.get(entry.getKey());
if (entry.getValue() != null
&& desiredValue != null
&& !entry.getValue().equals(desiredValue)) {
return true;
}
}
return false;
}
Example 2
| Source File: Ca.java From strimzi-kafka-operator with Apache License 2.0 | 6 votes |
|
/**
* Returns the given {@code cert} and {@code key} values from the given {@code Secret} as a {@code CertAndKey},
* or null if the given {@code secret} is null.
* An exception is thrown if the given {@code secret} is non-null, but does not contain the given
* entries in its {@code data}.
* @param secret The secret.
* @param key The key.
* @param cert The cert.
* @param keyStore The keyStore.
* @param keyStorePassword The store password.
* @return The CertAndKey.
*/
public static CertAndKey asCertAndKey(Secret secret, String key, String cert, String keyStore, String keyStorePassword) {
Base64.Decoder decoder = Base64.getDecoder();
if (secret == null || secret.getData() == null) {
return null;
} else {
String keyData = secret.getData().get(key);
if (keyData == null) {
throw new RuntimeException("The Secret " + secret.getMetadata().getNamespace() + "/" + secret.getMetadata().getName() + " is missing the key " + key);
}
String certData = secret.getData().get(cert);
if (certData == null) {
throw new RuntimeException("The Secret " + secret.getMetadata().getNamespace() + "/" + secret.getMetadata().getName() + " is missing the key " + cert);
}
return new CertAndKey(
decoder.decode(keyData),
decoder.decode(certData),
null,
decoder.decode(secret.getData().get(keyStore)),
new String(decoder.decode(secret.getData().get(keyStorePassword)), StandardCharsets.US_ASCII));
}
}
Example 3
| Source File: SecretsPropertySource.java From spring-cloud-kubernetes with Apache License 2.0 | 5 votes |
|
private static void putAll(Secret secret, Map<String, Object> result) {
if (secret != null && secret.getData() != null) {
secret.getData().forEach((k, v) -> result.put(
k,
new String(Base64.getDecoder().decode(v)).trim())
);
}
}
Example 4
| Source File: ClusterCa.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
/**
* In Strimzi 0.6.0 the Secrets and keys used a different convention.
* Here we adapt the keys in the {@code *-cluster-ca} Secret to match what
* 0.7.0 expects.
* @param clusterCaKey The cluster CA key Secret
* @return The same Secret.
*/
public static Secret adapt060ClusterCaSecret(Secret clusterCaKey) {
if (clusterCaKey != null && clusterCaKey.getData() != null) {
String key = clusterCaKey.getData().get("cluster-ca.key");
if (key != null) {
clusterCaKey.getData().put("ca.key", key);
}
}
return clusterCaKey;
}
Example 5
| Source File: Ca.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
/**
* Set the {@code strimzi.io/force-renew} annotation on the given {@code caCert} if the given {@code caKey} has
* the given {@code key}.
*
* This is used to force certificate renewal when upgrading from a Strimzi 0.6.0 Secret.
*/
protected static Secret forceRenewal(Secret caCert, Secret caKey, String key) {
if (caCert != null && caKey != null && caKey.getData() != null && caKey.getData().containsKey(key)) {
caCert = new SecretBuilder(caCert).editMetadata().addToAnnotations(ANNO_STRIMZI_IO_FORCE_RENEW, "true").endMetadata().build();
}
return caCert;
}
Example 6
| Source File: Ca.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
public static X509Certificate cert(Secret secret, String key) {
if (secret == null || secret.getData() == null || secret.getData().get(key) == null) {
return null;
}
Base64.Decoder decoder = Base64.getDecoder();
byte[] bytes = decoder.decode(secret.getData().get(key));
try {
return x509Certificate(bytes);
} catch (CertificateException e) {
throw new RuntimeException("Failed to decode certificate in data." + key.replace(".", "\\.") + " of Secret " + secret.getMetadata().getName(), e);
}
}
Example 7
| Source File: ClientsCa.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
/**
* In Strimzi 0.6.0 the Secrets and keys used a different convention.
* Here we adapt the keys in the {@code *-clients-ca} Secret to match what
* 0.7.0 expects.
* @param clientsCaKey The secret to adapt.
* @return The same Secret instance.
*/
public static Secret adapt060ClientsCaSecret(Secret clientsCaKey) {
if (clientsCaKey != null && clientsCaKey.getData() != null) {
String key = clientsCaKey.getData().get("clients-ca.key");
if (key != null) {
clientsCaKey.getData().put("ca.key", key);
}
}
return clientsCaKey;
}
Example 8
| Source File: KubeAuthApi.java From enmasse with Apache License 2.0 | 5 votes |
|
@Override
public String getCert(String secretName) {
Secret secret = client.secrets().inNamespace(namespace).withName(secretName).get();
if (secret == null) {
throw new InternalServerErrorException("Cannot get secret " + secretName);
}
Map<String, String> caData = secret.getData();
return new String(Base64.getDecoder().decode(caData.get("tls.crt")), StandardCharsets.UTF_8);
}
Example 9
| Source File: ArtemisUtils.java From enmasse with Apache License 2.0 | 5 votes |
|
public static UserCredentials getSupportCredentials(AddressSpace addressSpace) {
Map<String, String> secretLabels = new HashMap<>();
secretLabels.put(LabelKeys.INFRA_UUID, AddressSpaceUtils.getAddressSpaceInfraUuid(addressSpace));
secretLabels.put(LabelKeys.ROLE, "support-credentials");
Secret supportSecret = Kubernetes.getInstance().listSecrets(secretLabels).get(0);
Map<String, String> data = supportSecret.getData();
String supportUser = new String(Base64.getDecoder().decode(data.get("username")), StandardCharsets.UTF_8);
String supportPassword = new String(Base64.getDecoder().decode(data.get("password")), StandardCharsets.UTF_8);
return new UserCredentials(supportUser, supportPassword);
}
Example 10
| Source File: SecretsPropertySource.java From spring-cloud-kubernetes with Apache License 2.0 | 4 votes |
|
private static void putAll(Secret secret, Map<String, Object> result) {
if (secret != null && secret.getData() != null) {
secret.getData().forEach((k, v) -> result.put(k,
new String(Base64.getDecoder().decode(v)).trim()));
}
}
Example 11
| Source File: CertificateRenewalTest.java From strimzi-kafka-operator with Apache License 2.0 | 4 votes |
|
private void assertNoCertsGetGeneratedOutsideRenewalPeriod(VertxTestContext context, boolean generateCertificateAuthority)
throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
CertificateAuthority certificateAuthority = new CertificateAuthorityBuilder()
.withValidityDays(100)
.withRenewalDays(10)
.withGenerateCertificateAuthority(generateCertificateAuthority)
.build();
List<Secret> clusterCaSecrets = initialClusterCaSecrets(certificateAuthority);
Secret initialClusterCaKeySecret = clusterCaSecrets.get(0);
Secret initialClusterCaCertSecret = clusterCaSecrets.get(1);
Map<String, String> clusterCaCertData = initialClusterCaCertSecret.getData();
assertThat(clusterCaCertData.keySet(), is(set(CA_CRT, CA_STORE, CA_STORE_PASSWORD)));
assertThat(clusterCaCertData.get(CA_CRT), is(notNullValue()));
assertThat(clusterCaCertData.get(CA_STORE), is(notNullValue()));
assertThat(clusterCaCertData.get(CA_STORE_PASSWORD), is(notNullValue()));
assertThat(isCertInTrustStore(CA_CRT, initialClusterCaCertSecret.getData()), is(true));
Map<String, String> clusterCaKeyData = initialClusterCaKeySecret.getData();
assertThat(clusterCaKeyData.keySet(), is(singleton(CA_KEY)));
assertThat(clusterCaKeyData.get(CA_KEY), is(notNullValue()));
List<Secret> clientsCaSecrets = initialClientsCaSecrets(certificateAuthority);
Secret initialClientsCaKeySecret = clientsCaSecrets.get(0);
Secret initialClientsCaCertSecret = clientsCaSecrets.get(1);
Map<String, String> clientsCaCertData = initialClientsCaCertSecret.getData();
assertThat(clientsCaCertData.keySet(), is(set(CA_CRT, CA_STORE, CA_STORE_PASSWORD)));
assertThat(clientsCaCertData.get(CA_CRT), is(notNullValue()));
assertThat(clientsCaCertData.get(CA_STORE), is(notNullValue()));
assertThat(clientsCaCertData.get(CA_STORE_PASSWORD), is(notNullValue()));
assertThat(isCertInTrustStore(CA_CRT, initialClientsCaCertSecret.getData()), is(true));
Map<String, String> clientsCaKeyData = initialClientsCaKeySecret.getData();
assertThat(clientsCaKeyData.keySet(), is(singleton(CA_KEY)));
assertThat(clientsCaKeyData.get(CA_KEY), is(notNullValue()));
secrets.add(initialClusterCaCertSecret);
secrets.add(initialClusterCaKeySecret);
secrets.add(initialClientsCaCertSecret);
secrets.add(initialClientsCaKeySecret);
Checkpoint async = context.checkpoint();
reconcileCa(context, certificateAuthority, certificateAuthority)
.onComplete(context.succeeding(c -> context.verify(() -> {
assertThat(c.getAllValues().get(0).getData().keySet(), is(set(CA_CRT, CA_STORE, CA_STORE_PASSWORD)));
assertThat(c.getAllValues().get(0).getData().get(CA_CRT), is(initialClusterCaCertSecret.getData().get(CA_CRT)));
assertDoesNotThrow(() -> {
assertThat(x509Certificate(initialClusterCaCertSecret.getData().get(CA_CRT)),
is(getCertificateFromTrustStore(CA_CRT, c.getAllValues().get(0).getData())));
});
assertThat(c.getAllValues().get(1).getData().keySet(), is(set(CA_KEY)));
assertThat(c.getAllValues().get(1).getData().get(CA_KEY), is(initialClusterCaKeySecret.getData().get(CA_KEY)));
assertThat(c.getAllValues().get(2).getData().keySet(), is(set(CA_CRT, CA_STORE, CA_STORE_PASSWORD)));
assertThat(c.getAllValues().get(2).getData().get(CA_CRT), is(initialClientsCaCertSecret.getData().get(CA_CRT)));
assertDoesNotThrow(() -> {
assertThat(x509Certificate(initialClientsCaCertSecret.getData().get(CA_CRT)),
is(getCertificateFromTrustStore(CA_CRT, c.getAllValues().get(2).getData())));
});
assertThat(c.getAllValues().get(3).getData().keySet(), is(set(CA_KEY)));
assertThat(c.getAllValues().get(3).getData().get(CA_KEY), is(initialClientsCaKeySecret.getData().get(CA_KEY)));
async.flag();
})));
}
Example 12
| Source File: Ca.java From strimzi-kafka-operator with Apache License 2.0 | 4 votes |
|
protected static Secret forceReplacement(Secret caCert, Secret caKey, String key) {
if (caCert != null && caKey != null && caKey.getData() != null && caKey.getData().containsKey(key)) {
caKey = new SecretBuilder(caKey).editMetadata().addToAnnotations(ANNO_STRIMZI_IO_FORCE_REPLACE, "true").endMetadata().build();
}
return caKey;
}
