-
Notifications
You must be signed in to change notification settings - Fork 54
/
Copy pathsm_utils.go
84 lines (69 loc) · 3.11 KB
/
sm_utils.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
package utils
import (
"context"
"fmt"
"github.com/SAP/sap-btp-service-operator/client/sm"
v1 "k8s.io/api/core/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
)
func GetSMClient(ctx context.Context, secretResolver *SecretResolver, resourceNamespace, btpAccessSecretName string) (sm.Client, error) {
log := GetLogger(ctx)
if len(btpAccessSecretName) > 0 {
return getBTPAccessClient(ctx, secretResolver, btpAccessSecretName)
}
secret, err := secretResolver.GetSecretForResource(ctx, resourceNamespace, SAPBTPOperatorSecretName)
if err != nil {
return nil, err
}
clientConfig := &sm.ClientConfig{
ClientID: string(secret.Data["clientid"]),
ClientSecret: string(secret.Data["clientsecret"]),
URL: string(secret.Data["sm_url"]),
TokenURL: string(secret.Data["tokenurl"]),
TokenURLSuffix: string(secret.Data["tokenurlsuffix"]),
TLSPrivateKey: string(secret.Data[v1.TLSPrivateKeyKey]),
TLSCertKey: string(secret.Data[v1.TLSCertKey]),
SSLDisabled: false,
}
if len(clientConfig.ClientID) == 0 || len(clientConfig.URL) == 0 || len(clientConfig.TokenURL) == 0 {
log.Info("credentials secret found but did not contain all the required data")
return nil, fmt.Errorf("invalid Service-Manager credentials, contact your cluster administrator")
}
//backward compatibility (tls data in a dedicated secret)
if len(clientConfig.ClientSecret) == 0 && (len(clientConfig.TLSPrivateKey) == 0 || len(clientConfig.TLSCertKey) == 0) {
tlsSecret, err := secretResolver.GetSecretForResource(ctx, resourceNamespace, SAPBTPOperatorTLSSecretName)
if client.IgnoreNotFound(err) != nil {
return nil, err
}
if tlsSecret == nil || len(tlsSecret.Data) == 0 || len(tlsSecret.Data[v1.TLSCertKey]) == 0 || len(tlsSecret.Data[v1.TLSPrivateKeyKey]) == 0 {
log.Info("clientsecret not found in SM credentials, and tls secret is invalid")
return nil, fmt.Errorf("invalid Service-Manager credentials, contact your cluster administrator")
}
log.Info("found tls configuration")
clientConfig.TLSCertKey = string(tlsSecret.Data[v1.TLSCertKey])
clientConfig.TLSPrivateKey = string(tlsSecret.Data[v1.TLSPrivateKeyKey])
}
return sm.NewClient(ctx, clientConfig, nil)
}
func getBTPAccessClient(ctx context.Context, secretResolver *SecretResolver, secretName string) (sm.Client, error) {
log := GetLogger(ctx)
secret, err := secretResolver.GetSecretFromManagementNamespace(ctx, secretName)
if err != nil {
return nil, err
}
clientConfig := &sm.ClientConfig{
ClientID: string(secret.Data["clientid"]),
ClientSecret: string(secret.Data["clientsecret"]),
URL: string(secret.Data["sm_url"]),
TokenURL: string(secret.Data["tokenurl"]),
TokenURLSuffix: string(secret.Data["tokenurlsuffix"]),
TLSPrivateKey: string(secret.Data[v1.TLSPrivateKeyKey]),
TLSCertKey: string(secret.Data[v1.TLSCertKey]),
SSLDisabled: false,
}
if !clientConfig.IsValid() {
log.Info("btpAccess secret found but did not contain all the required data")
return nil, fmt.Errorf("invalid Service-Manager credentials, contact your cluster administrator")
}
return sm.NewClient(ctx, clientConfig, nil)
}