security/pkg/k8s/controller/casecret.go - dubbo-go-pixiu - Git at Google

 // Copyright Istio Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package controller

 import (
 	"context"
 	"time"
 )

 import (
 	"istio.io/pkg/log"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
 )

 var k8sControllerLog = log.RegisterScope("secretcontroller", "Citadel kubernetes controller log", 0)

 // CaSecretController manages the self-signed signing CA secret.
 type CaSecretController struct {
 	client corev1.CoreV1Interface
 }

 // NewCaSecretController returns a pointer to a newly constructed SecretController instance.
 func NewCaSecretController(core corev1.CoreV1Interface) *CaSecretController {
 	cs := &CaSecretController{
 		client: core,
 	}
 	return cs
 }

 // LoadCASecretWithRetry reads CA secret with retries until timeout.
 func (csc *CaSecretController) LoadCASecretWithRetry(secretName, namespace string,
 	retryInterval, timeout time.Duration) (*v1.Secret, error) {
 	start := time.Now()
 	var caSecret *v1.Secret
 	var scrtErr error
 	for {
 		caSecret, scrtErr = csc.client.Secrets(namespace).Get(context.TODO(), secretName, metav1.GetOptions{})
 		if scrtErr == nil {
 			return caSecret, nil
 		}
 		k8sControllerLog.Errorf("Failed on loading CA secret %s:%s.",
 			namespace, secretName)

 		if time.Since(start) > timeout {
 			k8sControllerLog.Errorf("Timeout on loading CA secret %s:%s.",
 				namespace, secretName)
 			return caSecret, scrtErr
 		}
 		time.Sleep(retryInterval)
 	}
 }

 // UpdateCASecretWithRetry updates CA secret with retries until timeout.
 func (csc *CaSecretController) UpdateCASecretWithRetry(caSecret *v1.Secret,
 	retryInterval, timeout time.Duration) error {
 	start := time.Now()
 	for {
 		_, scrtErr := csc.client.Secrets(caSecret.Namespace).Update(context.TODO(), caSecret, metav1.UpdateOptions{})
 		if scrtErr == nil {
 			return nil
 		}
 		k8sControllerLog.Errorf("Failed on updating CA secret %s:%s.",
 			caSecret.Namespace, caSecret.Name)

 		if time.Since(start) > timeout {
 			k8sControllerLog.Errorf("Timeout on updating CA secret %s:%s.",
 				caSecret.Namespace, caSecret.Name)
 			return scrtErr
 		}
 		time.Sleep(retryInterval)
 	}
 }
	// Copyright Istio Authors
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package controller

	import (
	"context"
	"time"
	)

	import (
	"istio.io/pkg/log"
	v1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
	)

	var k8sControllerLog = log.RegisterScope("secretcontroller", "Citadel kubernetes controller log", 0)

	// CaSecretController manages the self-signed signing CA secret.
	type CaSecretController struct {
	client corev1.CoreV1Interface
	}

	// NewCaSecretController returns a pointer to a newly constructed SecretController instance.
	func NewCaSecretController(core corev1.CoreV1Interface) *CaSecretController {
	cs := &CaSecretController{
	client: core,
	}
	return cs
	}

	// LoadCASecretWithRetry reads CA secret with retries until timeout.
	func (csc *CaSecretController) LoadCASecretWithRetry(secretName, namespace string,
	retryInterval, timeout time.Duration) (*v1.Secret, error) {
	start := time.Now()
	var caSecret *v1.Secret
	var scrtErr error
	for {
	caSecret, scrtErr = csc.client.Secrets(namespace).Get(context.TODO(), secretName, metav1.GetOptions{})
	if scrtErr == nil {
	return caSecret, nil
	}
	k8sControllerLog.Errorf("Failed on loading CA secret %s:%s.",
	namespace, secretName)

	if time.Since(start) > timeout {
	k8sControllerLog.Errorf("Timeout on loading CA secret %s:%s.",
	namespace, secretName)
	return caSecret, scrtErr
	}
	time.Sleep(retryInterval)
	}
	}

	// UpdateCASecretWithRetry updates CA secret with retries until timeout.
	func (csc CaSecretController) UpdateCASecretWithRetry(caSecret v1.Secret,
	retryInterval, timeout time.Duration) error {
	start := time.Now()
	for {
	_, scrtErr := csc.client.Secrets(caSecret.Namespace).Update(context.TODO(), caSecret, metav1.UpdateOptions{})
	if scrtErr == nil {
	return nil
	}
	k8sControllerLog.Errorf("Failed on updating CA secret %s:%s.",
	caSecret.Namespace, caSecret.Name)

	if time.Since(start) > timeout {
	k8sControllerLog.Errorf("Timeout on updating CA secret %s:%s.",
	caSecret.Namespace, caSecret.Name)
	return scrtErr
	}
	time.Sleep(retryInterval)
	}
	}