package secrets
import (
"errors"
"fmt"
"io"
"io/ioutil"
"k8s.io/kubernetes/pkg/api"
client "k8s.io/kubernetes/pkg/client/unversioned"
kcmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
"github.com/openshift/origin/pkg/cmd/templates"
"github.com/spf13/cobra"
)
// CreateSSHAuthSecretRecommendedCommandName represents name of subcommand for `oc secrets` command
const CreateSSHAuthSecretRecommendedCommandName = "new-sshauth"
var (
createSSHAuthSecretLong = templates.LongDesc(`
Create a new SSH authentication secret
SSH authentication secrets are used to authenticate against SCM servers.
When creating applications, you may have a SCM server that requires SSH authentication - private SSH key.
In order for the nodes to clone source code on your behalf, they have to have the credentials. You can
provide this information by creating a 'sshauth' secret and attaching it to your service account.`)
createSSHAuthSecretExample = templates.Examples(`
# If your SSH authentication method requires only private SSH key, add it by using:
%[1]s SECRET --ssh-privatekey=FILENAME
# If your SSH authentication method requires also CA certificate, add it by using:
%[1]s SECRET --ssh-privatekey=FILENAME --ca-cert=FILENAME
# If you do already have a .gitconfig file needed for authentication, you can create a gitconfig secret by using:
%[2]s SECRET path/to/.gitconfig`)
)
// CreateSSHAuthSecretOptions holds the credential needed to authenticate against SCM servers.
type CreateSSHAuthSecretOptions struct {
SecretName string
PrivateKeyPath string
CertificatePath string
GitConfigPath string
PromptForPassword bool
Out io.Writer
SecretsInterface client.SecretsInterface
}
// NewCmdCreateSSHAuthSecret implements the OpenShift cli secrets new-sshauth subcommand
func NewCmdCreateSSHAuthSecret(name, fullName string, f *kcmdutil.Factory, out io.Writer, newSecretFullName, ocEditFullName string) *cobra.Command {
o := &CreateSSHAuthSecretOptions{
Out: out,
}
cmd := &cobra.Command{
Use: fmt.Sprintf("%s SECRET --ssh-privatekey=FILENAME [--ca-cert=FILENAME] [--gitconfig=FILENAME]", name),
Short: "Create a new secret for SSH authentication",
Long: createSSHAuthSecretLong,
Example: fmt.Sprintf(createSSHAuthSecretExample, fullName, newSecretFullName, ocEditFullName),
Run: func(c *cobra.Command, args []string) {
if err := o.Complete(f, args); err != nil {
kcmdutil.CheckErr(kcmdutil.UsageError(c, err.Error()))
}
if err := o.Validate(); err != nil {
kcmdutil.CheckErr(kcmdutil.UsageError(c, err.Error()))
}
if len(kcmdutil.GetFlagString(c, "output")) != 0 {
secret, err := o.NewSSHAuthSecret()
kcmdutil.CheckErr(err)
mapper, _ := f.Object(false)
kcmdutil.CheckErr(f.PrintObject(c, mapper, secret, out))
return
}
if err := o.CreateSSHAuthSecret(); err != nil {
kcmdutil.CheckErr(err)
}
},
}
cmd.Flags().StringVar(&o.PrivateKeyPath, "ssh-privatekey", "", "Path to a SSH private key file")
cmd.MarkFlagFilename("ssh-privatekey")
cmd.Flags().StringVar(&o.CertificatePath, "ca-cert", "", "Path to a certificate file")
cmd.MarkFlagFilename("ca-cert")
cmd.Flags().StringVar(&o.GitConfigPath, "gitconfig", "", "Path to a .gitconfig file")
cmd.MarkFlagFilename("gitconfig")
kcmdutil.AddPrinterFlags(cmd)
return cmd
}
// CreateSSHAuthSecret saves created Secret structure and prints the secret name to the output on success.
func (o *CreateSSHAuthSecretOptions) CreateSSHAuthSecret() error {
secret, err := o.NewSSHAuthSecret()
if err != nil {
return err
}
if _, err := o.SecretsInterface.Create(secret); err != nil {
return err
}
fmt.Fprintf(o.GetOut(), "secret/%s\n", secret.Name)
return nil
}
// NewSSHAuthSecret builds up the Secret structure containing secret name, type and data structure
// containing desired credentials.
func (o *CreateSSHAuthSecretOptions) NewSSHAuthSecret() (*api.Secret, error) {
secret := &api.Secret{}
secret.Name = o.SecretName
secret.Type = api.SecretTypeSSHAuth
secret.Data = map[string][]byte{}
if len(o.PrivateKeyPath) != 0 {
privateKeyContent, err := ioutil.ReadFile(o.PrivateKeyPath)
if err != nil {
return nil, err
}
secret.Data[SourcePrivateKey] = privateKeyContent
}
if len(o.CertificatePath) != 0 {
caContent, err := ioutil.ReadFile(o.CertificatePath)
if err != nil {
return nil, err
}
secret.Data[SourceCertificate] = caContent
}
if len(o.GitConfigPath) != 0 {
gitConfig, err := ioutil.ReadFile(o.GitConfigPath)
if err != nil {
return nil, err
}
secret.Data[SourceGitConfig] = gitConfig
}
return secret, nil
}
// Complete fills CreateSSHAuthSecretOptions fields with data and checks whether necessary
// arguments were provided.
func (o *CreateSSHAuthSecretOptions) Complete(f *kcmdutil.Factory, args []string) error {
if len(args) != 1 {
return errors.New("must have exactly one argument: secret name")
}
o.SecretName = args[0]
if f != nil {
client, err := f.Client()
if err != nil {
return err
}
namespace, _, err := f.DefaultNamespace()
if err != nil {
return err
}
o.SecretsInterface = client.Secrets(namespace)
}
return nil
}
// Validate check if all necessary fields from CreateSSHAuthSecretOptions are present.
func (o CreateSSHAuthSecretOptions) Validate() error {
if len(o.SecretName) == 0 {
return errors.New("basic authentication secret name must be present")
}
if len(o.PrivateKeyPath) == 0 {
return errors.New("must provide SSH private key")
}
return nil
}
// GetOut check if the CreateSSHAuthSecretOptions Out Writer is set. Returns it if the Writer
// is present, if not returns Writer on which all Write calls succeed without doing anything.
func (o CreateSSHAuthSecretOptions) GetOut() io.Writer {
if o.Out == nil {
return ioutil.Discard
}
return o.Out
}