Fork: 0
yangyangxie / AnthosCertManager
Transfer to URL with SHA Find file
Newer
Older
AnthosCertManager / pkg / util / kube / pki.go
@Yangyang Xie Yangyang Xie on 24 Nov 2022 1 KB add cr controller && keymanager && cr request
Raw Blame History 
package kube

import (
	"context"
	"crypto"

	corev1 "k8s.io/api/core/v1"

	"gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util/errors"
	"gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/util/pki"
	corelisters "k8s.io/client-go/listers/core/v1"
)

func SecretTLSKey(ctx context.Context, secretLister corelisters.SecretLister, namespace, name string) (crypto.Signer, error) {
	return SecretTLSKeyRef(ctx, secretLister, namespace, name, corev1.TLSPrivateKeyKey)
}

//SecretTLSKeyRef will fetch the key from the secret.
func SecretTLSKeyRef(ctx context.Context, secretLister corelisters.SecretLister, namespace, name, keyName string) (crypto.Signer, error) {
	secret, err := secretLister.Secrets(namespace).Get(name)
	if err != nil {
		return nil, err
	}

	key, _, err := ParseTLSKeyFromSecret(secret, keyName)
	if err != nil {
		return nil, err
	}
	return key, nil
}

func ParseTLSKeyFromSecret(secret *corev1.Secret, keyName string) (crypto.Signer, []byte, error) {
	keyBytes, ok := secret.Data[keyName]
	if !ok {
		return nil, nil, errors.NewInvalidData("no data for %q in secret '%s/%s'", keyName, secret.Namespace, secret.Name)
	}

	key, err := pki.DecodePrivateKeyBytes(keyBytes)
	if err != nil {
		return nil, keyBytes, errors.NewInvalidData(err.Error())
	}
	return key, keyBytes, nil
}