feat: adds secret cloner hook (#7)

* feat: adds secret cloner hook

* fix: review comments addressed

* fix: review comments addressed

.gitignore

@@ -6,5 +6,3 @@
 
 # Desktop Services Store - Mac.
 .DS_Store
-
-

hooks/secret_cloner/.gitignore

@@ -0,0 +1,31 @@
+# JetBrains project folders.
+.idea/
+
+# VSCode folder.
+.vscode/*
+
+# Desktop Services Store - Mac.
+.DS_Store
+
+# Vendor modules.
+vendor/*
+
+# App Binaries.
+bin/*
+
+# App builds
+build/*
+
+# Dont ignore any .gitkeep files, please.a
+!*.gitkeep
+
+dump.rdb
+.tmp
+
+# This needs to be sourced from the proto repo.
+proto
+
+
+# Generated protobuf files.
+#rpc/*
+

hooks/secret_cloner/Dockerfile

@@ -0,0 +1,15 @@
+FROM golang:1.15-alpine
+# enable Go modules support
+ENV GO111MODULE=on
+RUN mkdir /src
+WORKDIR /src
+COPY ./tools/hooks/secret_cloner/go.mod .
+COPY ./tools/hooks/secret_cloner/go.sum .
+RUN go mod download
+ADD ./tools/hooks/secret_cloner/ /src/
+RUN CGO_ENABLED=0 GOOS=linux go build -a -o bin/sec main.go
+RUN chmod +x ./entrypoint.sh
+RUN addgroup -S secc
+RUN adduser -S secc -G secc
+USER secc
+ENTRYPOINT ["./entrypoint.sh"]

hooks/secret_cloner/config/app.yaml

@@ -0,0 +1,5 @@
+action: clone
+namespace: demo
+secretName: demo
+secretSuffix: webapp-demo
+ttl: 6h

hooks/secret_cloner/config/test-clone.yaml

@@ -0,0 +1,5 @@
+action: clone
+namespace: demo
+secretName: demo
+secretSuffix: webapp-demo
+ttl: 6h

hooks/secret_cloner/config/test-update.yaml

@@ -0,0 +1,8 @@
+action: update=
+namespace: demo
+secretName: demo-webapp
+ttl: 6h
+updateEntries:
+  secret1:
+    key: KEY
+    value: VALUE

hooks/secret_cloner/controllers/kubernetes.go

@@ -0,0 +1,93 @@
+package controllers
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	_ "k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
+	metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/clientcmd"
+	"os"
+	"path/filepath"
+)
+
+var (
+	clientSet *kubernetes.Clientset
+	err error
+)
+
+//New initializes the client with the given namespace and secret
+func New(isLocal bool) (error) {
+	//to-do move clientset initization to common layer
+	var config *rest.Config
+	if isLocal {
+		home, exists := os.LookupEnv("HOME")
+		if !exists {
+			home = "/root"
+		}
+		configPath := filepath.Join(home, ".kube", "config")
+		config, _ = clientcmd.BuildConfigFromFlags("", configPath)
+	} else  {
+		config, _ = rest.InClusterConfig()
+	}
+
+	clientSet, err = kubernetes.NewForConfig(config)
+	if err != nil {
+		return errors.New("Failed to create kubernetes client.  " +err.Error())
+	}
+	return nil
+}
+
+//UpdateSecret updates the secret with the key value for the given secret in the namespace
+func UpdateSecret( namespace , secretName , key, value string ) ( error) {
+	secretsClient := clientSet.CoreV1().Secrets(namespace)
+	sec,_ := GetSecret(namespace,secretName)
+	fmt.Println("Adding new key/value pair to secret as a string (StringData)")
+	sec.Data[key] = []byte(value)
+
+	_, err := secretsClient.Update(context.Background(),sec,metaV1.UpdateOptions{})
+
+	if err != nil {
+		return  err
+	}
+
+	return nil
+}
+
+//CreateSecret creates a new secret
+func CreateSecret( namespace string , secret *v1.Secret) (error) {
+	secretsClient := clientSet.CoreV1().Secrets(namespace)
+	_, err := secretsClient.Create(context.Background(),secret,metaV1.CreateOptions{})
+
+	if err != nil {
+		return  err
+	}
+	return nil
+}
+
+//DeleteSecret deletes a secret with the given name
+func DeleteSecret( namespace string , secretName string ) (error) {
+	secretsClient := clientSet.CoreV1().Secrets(namespace)
+	err := secretsClient.Delete(context.Background(),secretName,metaV1.DeleteOptions{})
+
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// GetSecret gets a secret with the name
+func GetSecret( namespace string , name string ) (*v1.Secret,error) {
+	secretsClient := clientSet.CoreV1().Secrets(namespace)
+	secret,err := secretsClient.Get(context.Background(),name,metaV1.GetOptions{})
+
+	if err != nil {
+		return nil,err
+	}
+
+	return secret,nil
+}
+

hooks/secret_cloner/entrypoint.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+#Running IRC command
+#The values file needs to be mounted
+bin/sec
+

hooks/secret_cloner/flow.txt

@@ -0,0 +1,8 @@
+* Get all the secrets for the application from kubestash table
+* add it back in the dev specific entry
+
+table - kubestash-stage
+namespace - namespace
+secret_name - secret name
+values
+secret_suffix - the suffix for the secret to be generated (the dev name)

hooks/secret_cloner/go.mod

@@ -0,0 +1,16 @@
+module github.com/razorpay/devstack/hooks/secret_cloner
+
+go 1.15
+
+require (
+	github.com/apex/log v1.9.0 // indirect
+	github.com/olekukonko/tablewriter v0.0.5 // indirect
+	github.com/spf13/viper v1.8.0
+	github.com/versent/unicreds v1.5.0 // indirect
+	go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee // indirect
+	go.uber.org/zap v1.17.0
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	k8s.io/api v0.20.5
+	k8s.io/apimachinery v0.20.5
+	k8s.io/client-go v0.20.5
+)