khuedoan-homelab/platform/global-secrets/files/secret-generator/main.go

package main

import (
	"context"
	"fmt"
	"log"
	"math"
	"os"

	"github.com/sethvargo/go-password/password"
	"gopkg.in/yaml.v2"
	v1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/client-go/kubernetes"
	"k8s.io/client-go/tools/clientcmd"
)

const namespace = "global-secrets"

type RandomSecret struct {
	Name string
	Data []struct {
		Key     string
		Length  int
		Special bool
	}
}

func getClient() (*kubernetes.Clientset, error) {
	rules := clientcmd.NewDefaultClientConfigLoadingRules()
	overrides := &clientcmd.ConfigOverrides{}

	config, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(rules, overrides).ClientConfig()
	if err != nil {
		return nil, fmt.Errorf("Error building client config: %v", err)
	}

	return kubernetes.NewForConfig(config)
}

func generateRandomPassword(length int, special bool) (string, error) {
	numDigits := int(math.Ceil(float64(length) * 0.2))
	numSymbols := 0

	if special {
		numSymbols = int(math.Ceil(float64(length) * 0.2))
	}

	return password.Generate(length, numDigits, numSymbols, false, true)
}

func readConfigFile(filename string) ([]RandomSecret, error) {
	data, err := os.ReadFile(filename)
	if err != nil {
		return nil, fmt.Errorf("Unable to read config file: %v", err)
	}

	var randomSecrets []RandomSecret
	err = yaml.Unmarshal(data, &randomSecrets)
	if err != nil {
		return nil, fmt.Errorf("Error parsing config file: %v", err)
	}

	return randomSecrets, nil
}

func createOrUpdateSecret(client *kubernetes.Clientset, name string, randomSecret RandomSecret) error {
	secret, err := client.CoreV1().Secrets(namespace).Get(context.Background(), name, metav1.GetOptions{})

	if err != nil {
		// Secret not found, create a new one
		secretData := map[string][]byte{}

		for _, randomPassword := range randomSecret.Data {
			password, err := generateRandomPassword(randomPassword.Length, randomPassword.Special)
			if err != nil {
				log.Printf("Error generating password for key '%s': %v", randomPassword.Key, err)
				continue
			}

			secretData[randomPassword.Key] = []byte(password)
		}

		newSecret := &v1.Secret{
			ObjectMeta: metav1.ObjectMeta{
				Name:      name,
				Namespace: namespace,
			},
			Data: secretData,
		}

		_, err := client.CoreV1().Secrets(namespace).Create(context.Background(), newSecret, metav1.CreateOptions{})
		if err != nil {
			return fmt.Errorf("Unable to create secret: %v", err)
		}
		log.Printf("Secret '%s' created successfully.", name)
	} else {
		// Secret exists, check for new keys
		for _, randomKey := range randomSecret.Data {
			if _, exists := secret.Data[randomKey.Key]; !exists {
				// New key found, generate new password
				log.Printf("New key '%s' found in config for secret '%s', generating new password", randomKey.Key, name)
				password, err := generateRandomPassword(randomKey.Length, randomKey.Special)
				if err != nil {
					log.Printf("Error generating password for key '%s': %v", randomKey.Key, err)
					continue
				}
				secret.Data[randomKey.Key] = []byte(password)
			}
		}

		// Update the secret
		_, err := client.CoreV1().Secrets(namespace).Update(context.Background(), secret, metav1.UpdateOptions{})
		if err != nil {
			return fmt.Errorf("Unable to update secret: %v", err)
		}
	}

	return nil
}

func main() {
	configFilename := "./config.yaml"
	randomSecrets, err := readConfigFile(configFilename)
	if err != nil {
		log.Fatalf("Error reading config file: %v", err)
	}

	client, err := getClient()
	if err != nil {
		log.Fatalf("Unable to create Kubernetes client: %v", err)
	}

	for _, randomSecret := range randomSecrets {
		err := createOrUpdateSecret(client, randomSecret.Name, randomSecret)
		if err != nil {
			log.Printf("Error processing secret %s: %v", randomSecret.Name, err)
		}
	}
}
refactor!: make secret generator write to k8s Secrets instead of Vault 2023-11-26 02:09:21 +07:00			`package main`

			`import (`
			`"context"`
			`"fmt"`
			`"log"`
			`"math"`
			`"os"`

			`"github.com/sethvargo/go-password/password"`
			`"gopkg.in/yaml.v2"`
			`v1 "k8s.io/api/core/v1"`
			`metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"`
			`"k8s.io/client-go/kubernetes"`
			`"k8s.io/client-go/tools/clientcmd"`
			`)`

			`const namespace = "global-secrets"`

			`type RandomSecret struct {`
			`Name string`
			`Data []struct {`
			`Key string`
			`Length int`
			`Special bool`
			`}`
			`}`

			`func getClient() (*kubernetes.Clientset, error) {`
			`rules := clientcmd.NewDefaultClientConfigLoadingRules()`
			`overrides := &clientcmd.ConfigOverrides{}`

			`config, err := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(rules, overrides).ClientConfig()`
			`if err != nil {`
			`return nil, fmt.Errorf("Error building client config: %v", err)`
			`}`

			`return kubernetes.NewForConfig(config)`
			`}`

			`func generateRandomPassword(length int, special bool) (string, error) {`
			`numDigits := int(math.Ceil(float64(length) * 0.2))`
			`numSymbols := 0`

			`if special {`
			`numSymbols = int(math.Ceil(float64(length) * 0.2))`
			`}`

			`return password.Generate(length, numDigits, numSymbols, false, true)`
			`}`

			`func readConfigFile(filename string) ([]RandomSecret, error) {`
			`data, err := os.ReadFile(filename)`
			`if err != nil {`
			`return nil, fmt.Errorf("Unable to read config file: %v", err)`
			`}`

			`var randomSecrets []RandomSecret`
			`err = yaml.Unmarshal(data, &randomSecrets)`
			`if err != nil {`
			`return nil, fmt.Errorf("Error parsing config file: %v", err)`
			`}`

			`return randomSecrets, nil`
			`}`

			`func createOrUpdateSecret(client *kubernetes.Clientset, name string, randomSecret RandomSecret) error {`
			`secret, err := client.CoreV1().Secrets(namespace).Get(context.Background(), name, metav1.GetOptions{})`

			`if err != nil {`
			`// Secret not found, create a new one`
			`secretData := map[string][]byte{}`

			`for _, randomPassword := range randomSecret.Data {`
			`password, err := generateRandomPassword(randomPassword.Length, randomPassword.Special)`
			`if err != nil {`
			`log.Printf("Error generating password for key '%s': %v", randomPassword.Key, err)`
			`continue`
			`}`

			`secretData[randomPassword.Key] = []byte(password)`
			`}`

			`newSecret := &v1.Secret{`
			`ObjectMeta: metav1.ObjectMeta{`
			`Name: name,`
			`Namespace: namespace,`
			`},`
			`Data: secretData,`
			`}`

			`_, err := client.CoreV1().Secrets(namespace).Create(context.Background(), newSecret, metav1.CreateOptions{})`
			`if err != nil {`
			`return fmt.Errorf("Unable to create secret: %v", err)`
			`}`
			`log.Printf("Secret '%s' created successfully.", name)`
			`} else {`
			`// Secret exists, check for new keys`
			`for _, randomKey := range randomSecret.Data {`
			`if _, exists := secret.Data[randomKey.Key]; !exists {`
			`// New key found, generate new password`
			`log.Printf("New key '%s' found in config for secret '%s', generating new password", randomKey.Key, name)`
			`password, err := generateRandomPassword(randomKey.Length, randomKey.Special)`
			`if err != nil {`
			`log.Printf("Error generating password for key '%s': %v", randomKey.Key, err)`
			`continue`
			`}`
			`secret.Data[randomKey.Key] = []byte(password)`
			`}`
			`}`

			`// Update the secret`
			`_, err := client.CoreV1().Secrets(namespace).Update(context.Background(), secret, metav1.UpdateOptions{})`
			`if err != nil {`
			`return fmt.Errorf("Unable to update secret: %v", err)`
			`}`
			`}`

			`return nil`
			`}`

			`func main() {`
			`configFilename := "./config.yaml"`
			`randomSecrets, err := readConfigFile(configFilename)`
			`if err != nil {`
			`log.Fatalf("Error reading config file: %v", err)`
			`}`

			`client, err := getClient()`
			`if err != nil {`
			`log.Fatalf("Unable to create Kubernetes client: %v", err)`
			`}`

			`for _, randomSecret := range randomSecrets {`
			`err := createOrUpdateSecret(client, randomSecret.Name, randomSecret)`
			`if err != nil {`
			`log.Printf("Error processing secret %s: %v", randomSecret.Name, err)`
			`}`
			`}`
			`}`