mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-12-22 13:00:19 +00:00
59 lines
2.3 KiB
Go
59 lines
2.3 KiB
Go
|
/*
|
||
|
Copyright 2018 The Kubernetes Authors.
|
||
|
|
||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
you may not use this file except in compliance with the License.
|
||
|
You may obtain a copy of the License at
|
||
|
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||
|
|
||
|
Unless required by applicable law or agreed to in writing, software
|
||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
See the License for the specific language governing permissions and
|
||
|
limitations under the License.
|
||
|
*/
|
||
|
|
||
|
package secrets
|
||
|
|
||
|
import (
|
||
|
"encoding/json"
|
||
|
|
||
|
"k8s.io/api/core/v1"
|
||
|
"k8s.io/kubernetes/pkg/credentialprovider"
|
||
|
)
|
||
|
|
||
|
// MakeDockerKeyring inspects the passedSecrets to see if they contain any DockerConfig secrets. If they do,
|
||
|
// then a DockerKeyring is built based on every hit and unioned with the defaultKeyring.
|
||
|
// If they do not, then the default keyring is returned
|
||
|
func MakeDockerKeyring(passedSecrets []v1.Secret, defaultKeyring credentialprovider.DockerKeyring) (credentialprovider.DockerKeyring, error) {
|
||
|
passedCredentials := []credentialprovider.DockerConfig{}
|
||
|
for _, passedSecret := range passedSecrets {
|
||
|
if dockerConfigJSONBytes, dockerConfigJSONExists := passedSecret.Data[v1.DockerConfigJsonKey]; (passedSecret.Type == v1.SecretTypeDockerConfigJson) && dockerConfigJSONExists && (len(dockerConfigJSONBytes) > 0) {
|
||
|
dockerConfigJSON := credentialprovider.DockerConfigJson{}
|
||
|
if err := json.Unmarshal(dockerConfigJSONBytes, &dockerConfigJSON); err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
passedCredentials = append(passedCredentials, dockerConfigJSON.Auths)
|
||
|
} else if dockercfgBytes, dockercfgExists := passedSecret.Data[v1.DockerConfigKey]; (passedSecret.Type == v1.SecretTypeDockercfg) && dockercfgExists && (len(dockercfgBytes) > 0) {
|
||
|
dockercfg := credentialprovider.DockerConfig{}
|
||
|
if err := json.Unmarshal(dockercfgBytes, &dockercfg); err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
passedCredentials = append(passedCredentials, dockercfg)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if len(passedCredentials) > 0 {
|
||
|
basicKeyring := &credentialprovider.BasicDockerKeyring{}
|
||
|
for _, currCredentials := range passedCredentials {
|
||
|
basicKeyring.Add(currCredentials)
|
||
|
}
|
||
|
return credentialprovider.UnionDockerKeyring{basicKeyring, defaultKeyring}, nil
|
||
|
}
|
||
|
|
||
|
return defaultKeyring, nil
|
||
|
}
|