velero/pkg/restic/repository_keys.go

package restic

import (
	"github.com/pkg/errors"
	corev1api "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
	corev1listers "k8s.io/client-go/listers/core/v1"
)

const (
	CredentialsSecretName = "ark-restic-credentials"
	CredentialsKey        = "ark-restic-credentials"
)

func NewRepositoryKey(secretClient corev1client.SecretsGetter, namespace string, data []byte) error {
	secret := &corev1api.Secret{
		ObjectMeta: metav1.ObjectMeta{
			Namespace: namespace,
			Name:      CredentialsSecretName,
		},
		Type: corev1api.SecretTypeOpaque,
		Data: map[string][]byte{
			CredentialsKey: data,
		},
	}

	_, err := secretClient.Secrets(namespace).Create(secret)
	if err != nil {
		return errors.WithStack(err)
	}

	return nil
}

type SecretGetter interface {
	GetSecret(namespace, name string) (*corev1api.Secret, error)
}

type clientSecretGetter struct {
	client corev1client.SecretsGetter
}

func NewClientSecretGetter(client corev1client.SecretsGetter) SecretGetter {
	return &clientSecretGetter{client: client}
}

func (c *clientSecretGetter) GetSecret(namespace, name string) (*corev1api.Secret, error) {
	secret, err := c.client.Secrets(namespace).Get(name, metav1.GetOptions{})
	if err != nil {
		return nil, errors.WithStack(err)
	}
	return secret, nil
}

type listerSecretGetter struct {
	lister corev1listers.SecretLister
}

func NewListerSecretGetter(lister corev1listers.SecretLister) SecretGetter {
	return &listerSecretGetter{lister: lister}
}

func (l *listerSecretGetter) GetSecret(namespace, name string) (*corev1api.Secret, error) {
	secret, err := l.lister.Secrets(namespace).Get(name)
	if err != nil {
		return nil, errors.WithStack(err)
	}
	return secret, nil
}

func GetRepositoryKey(secretGetter SecretGetter, namespace string) ([]byte, error) {
	secret, err := secretGetter.GetSecret(namespace, CredentialsSecretName)
	if err != nil {
		return nil, err
	}

	key, found := secret.Data[CredentialsKey]
	if !found {
		return nil, errors.Errorf("%q secret is missing data for key %q", CredentialsSecretName, CredentialsKey)
	}

	return key, nil
}
add restic integration for doing pod volume backups/restores Signed-off-by: Steve Kriss <steve@heptio.com> 2018-02-28 01:35:35 +00:00			`package restic`

			`import (`
			`"github.com/pkg/errors"`
			`corev1api "k8s.io/api/core/v1"`
			`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
			`corev1client "k8s.io/client-go/kubernetes/typed/core/v1"`
			`corev1listers "k8s.io/client-go/listers/core/v1"`
			`)`

			`const (`
			`CredentialsSecretName = "ark-restic-credentials"`
			`CredentialsKey = "ark-restic-credentials"`
			`)`

			`func NewRepositoryKey(secretClient corev1client.SecretsGetter, namespace string, data []byte) error {`
			`secret := &corev1api.Secret{`
			`ObjectMeta: metav1.ObjectMeta{`
			`Namespace: namespace,`
			`Name: CredentialsSecretName,`
			`},`
			`Type: corev1api.SecretTypeOpaque,`
			`Data: map[string][]byte{`
			`CredentialsKey: data,`
			`},`
			`}`

			`_, err := secretClient.Secrets(namespace).Create(secret)`
			`if err != nil {`
			`return errors.WithStack(err)`
			`}`

			`return nil`
			`}`

			`type SecretGetter interface {`
			`GetSecret(namespace, name string) (*corev1api.Secret, error)`
			`}`

			`type clientSecretGetter struct {`
			`client corev1client.SecretsGetter`
			`}`

			`func NewClientSecretGetter(client corev1client.SecretsGetter) SecretGetter {`
			`return &clientSecretGetter{client: client}`
			`}`

			`func (c clientSecretGetter) GetSecret(namespace, name string) (corev1api.Secret, error) {`
			`secret, err := c.client.Secrets(namespace).Get(name, metav1.GetOptions{})`
			`if err != nil {`
			`return nil, errors.WithStack(err)`
			`}`
			`return secret, nil`
			`}`

			`type listerSecretGetter struct {`
			`lister corev1listers.SecretLister`
			`}`

			`func NewListerSecretGetter(lister corev1listers.SecretLister) SecretGetter {`
			`return &listerSecretGetter{lister: lister}`
			`}`

			`func (l listerSecretGetter) GetSecret(namespace, name string) (corev1api.Secret, error) {`
			`secret, err := l.lister.Secrets(namespace).Get(name)`
			`if err != nil {`
			`return nil, errors.WithStack(err)`
			`}`
			`return secret, nil`
			`}`

			`func GetRepositoryKey(secretGetter SecretGetter, namespace string) ([]byte, error) {`
			`secret, err := secretGetter.GetSecret(namespace, CredentialsSecretName)`
			`if err != nil {`
			`return nil, err`
			`}`

			`key, found := secret.Data[CredentialsKey]`
			`if !found {`
			`return nil, errors.Errorf("%q secret is missing data for key %q", CredentialsSecretName, CredentialsKey)`
			`}`

			`return key, nil`
			`}`