blob: ef4b7b6c5b0297429fc01d5eda7e25fe650344eb [file] [log] [blame]
// Copyright Istio Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package secret
import (
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
const (
// caCertID is the CA certificate chain file.
caCertID = "ca-cert.pem"
// caPrivateKeyID is the private key file of CA.
caPrivateKeyID = "ca-key.pem"
// certChainID is the ID/name for the certificate chain file.
certChainID = "cert-chain.pem"
// privateKeyID is the ID/name for the private key file.
privateKeyID = "key.pem"
// rootCertID is the ID/name for the CA root certificate file.
rootCertID = "root-cert.pem"
// serviceAccountNameAnnotationKey is the key to specify corresponding service account in the annotation of K8s secrets.
serviceAccountNameAnnotationKey = "istio.io/service-account.name"
)
// BuildSecret returns a secret struct, contents of which are filled with parameters passed in.
func BuildSecret(saName, scrtName, namespace string, certChain, privateKey, rootCert, caCert, caPrivateKey []byte, secretType v1.SecretType) *v1.Secret {
var ServiceAccountNameAnnotation map[string]string
if saName == "" {
ServiceAccountNameAnnotation = nil
} else {
ServiceAccountNameAnnotation = map[string]string{serviceAccountNameAnnotationKey: saName}
}
return &v1.Secret{
Data: map[string][]byte{
certChainID: certChain,
privateKeyID: privateKey,
rootCertID: rootCert,
caCertID: caCert,
caPrivateKeyID: caPrivateKey,
},
ObjectMeta: metav1.ObjectMeta{
Annotations: ServiceAccountNameAnnotation,
Name: scrtName,
Namespace: namespace,
},
Type: secretType,
}
}