istioctl/pkg/util/configdump/secret.go - dubbo-go-pixiu - Git at Google

 // Copyright Istio Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package configdump

 import (
 	"encoding/base64"
 	"fmt"
 )

 import (
 	adminapi "github.com/envoyproxy/go-control-plane/envoy/admin/v3"
 	extapi "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
 	any "google.golang.org/protobuf/types/known/anypb"
 )

 // GetSecretsConfigDump retrieves a secret dump from a config dump wrapper
 func (w *Wrapper) GetSecretConfigDump() (*adminapi.SecretsConfigDump, error) {
 	secretDumpAny, err := w.getSection(secrets)
 	if err != nil {
 		return nil, err
 	}
 	secretDump := &adminapi.SecretsConfigDump{}
 	err = secretDumpAny.UnmarshalTo(secretDump)
 	if err != nil {
 		return nil, err
 	}
 	return secretDump, nil
 }

 // GetRootCAFromSecretConfigDump retrieves root CA from a secret config dump wrapper
 func (w *Wrapper) GetRootCAFromSecretConfigDump(anySec *any.Any) (string, error) {
 	var secret extapi.Secret
 	if err := anySec.UnmarshalTo(&secret); err != nil {
 		return "", fmt.Errorf("failed to unmarshall ROOTCA secret: %v", err)
 	}
 	var returnStr string
 	var returnErr error
 	rCASecret := secret.GetValidationContext()
 	if rCASecret != nil {
 		trustCA := rCASecret.GetTrustedCa()
 		if trustCA != nil {
 			inlineBytes := trustCA.GetInlineBytes()
 			if inlineBytes != nil {
 				returnStr = base64.StdEncoding.EncodeToString(inlineBytes)
 				returnErr = nil
 			} else {
 				returnStr = ""
 				returnErr = fmt.Errorf("can not retrieve inlineBytes from trustCA section")
 			}
 		} else {
 			returnStr = ""
 			returnErr = fmt.Errorf("can not retrieve trustedCa from secret ROOTCA")
 		}
 	} else {
 		returnStr = ""
 		returnErr = fmt.Errorf("can not find ROOTCA from secret config dump")
 	}
 	return returnStr, returnErr
 }
	// Copyright Istio Authors
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package configdump

	import (
	"encoding/base64"
	"fmt"
	)

	import (
	adminapi "github.com/envoyproxy/go-control-plane/envoy/admin/v3"
	extapi "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
	any "google.golang.org/protobuf/types/known/anypb"
	)

	// GetSecretsConfigDump retrieves a secret dump from a config dump wrapper
	func (w Wrapper) GetSecretConfigDump() (adminapi.SecretsConfigDump, error) {
	secretDumpAny, err := w.getSection(secrets)
	if err != nil {
	return nil, err
	}
	secretDump := &adminapi.SecretsConfigDump{}
	err = secretDumpAny.UnmarshalTo(secretDump)
	if err != nil {
	return nil, err
	}
	return secretDump, nil
	}

	// GetRootCAFromSecretConfigDump retrieves root CA from a secret config dump wrapper
	func (w Wrapper) GetRootCAFromSecretConfigDump(anySec any.Any) (string, error) {
	var secret extapi.Secret
	if err := anySec.UnmarshalTo(&secret); err != nil {
	return "", fmt.Errorf("failed to unmarshall ROOTCA secret: %v", err)
	}
	var returnStr string
	var returnErr error
	rCASecret := secret.GetValidationContext()
	if rCASecret != nil {
	trustCA := rCASecret.GetTrustedCa()
	if trustCA != nil {
	inlineBytes := trustCA.GetInlineBytes()
	if inlineBytes != nil {
	returnStr = base64.StdEncoding.EncodeToString(inlineBytes)
	returnErr = nil
	} else {
	returnStr = ""
	returnErr = fmt.Errorf("can not retrieve inlineBytes from trustCA section")
	}
	} else {
	returnStr = ""
	returnErr = fmt.Errorf("can not retrieve trustedCa from secret ROOTCA")
	}
	} else {
	returnStr = ""
	returnErr = fmt.Errorf("can not find ROOTCA from secret config dump")
	}
	return returnStr, returnErr
	}