Skip to content

Commit

Permalink
Make secrets configurable via env variable
Browse files Browse the repository at this point in the history
  • Loading branch information
@janboll
janboll committed Dec 11, 2024
1 parent 0df9876 commit 49e98fe
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 5 deletions.
9 changes: 6 additions & 3 deletions tooling/image-sync/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,18 +10,21 @@ The main configuration looks like this:
repositories:
- registry.k8s.io/external-dns/external-dns
numberOfTags: 3
quaySecretfile: /var/run/quay-secret.json
acrRegistry: someregistry.azurecr.io
acrTargetRegistry: someregistry.azurecr.io
tenantId: 1ab61791-4b66-4ea4-85ff-aa2c0bf37e57
secrets:
- registry: registry.k8s.io
secretFile: /secret.txt
```
Explanation:
- `repositories` - list of repositories to sync. Do not specify tags, since this utility will sync only the latest tags.
- `numberOfTags` - number of tags to sync. The utility will sync the latest `numberOfTags` tags.
- `quaySecretfile` - path to the secret file for the Quay registry.
- `acrRegistry` - the target registry.
- `acrTargetRegistry` - the target registry.
- `tenantId` - the tenant ID used for authentication with Azure.
- `RequestTimeout` - the timeout for the HTTP requests. Default is 10 seconds.
- `secrets` - Array of secrets used for API authentitcation


### quaySecretfile
Expand Down
20 changes: 18 additions & 2 deletions tooling/image-sync/main.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package main

import (
"encoding/json"
defaultlog "log"
"os"
"time"
Expand Down Expand Up @@ -64,8 +65,7 @@ func newSyncConfig() *internal.SyncConfig {
"RequestTimeout": "REQUEST_TIMEOUT",
"AddLatest": "ADD_LATEST",
"Repositories": "REPOSITORIES",
"QuaySecretFile": "QUAY_SECRET_FILE",
"AcrRegistry": "ACR_REGISTRY",
"AcrTargetRegistry": "ACR_TARGET_REGISTRY",
"TenantId": "TENANT_ID",
"ManagedIdentityClientID": "MANAGED_IDENTITY_CLIENT_ID",
}
Expand All @@ -78,6 +78,22 @@ func newSyncConfig() *internal.SyncConfig {
if err := v.Unmarshal(&sc); err != nil {
Log().Fatalw("Error while unmarshalling configuration %s", err.Error())
}

if secretEnv := os.Getenv("SECRETS"); secretEnv != "" {
type listOfSecrets struct {
Secrets []internal.Secrets

Check failure on line 84 in tooling/image-sync/main.go

View workflow job for this annotation

GitHub Actions / test 

undefined: internal.Secrets

Check failure on line 84 in tooling/image-sync/main.go

View workflow job for this annotation

GitHub Actions / lint 

undefined: internal.Secrets
}
var s listOfSecrets
err := json.Unmarshal([]byte(secretEnv), &s)
if err != nil {
Log().Fatal("Error unmarshalling configuration")
}

for _, sec := range s.Secrets {
sc.Secrets = append(sc.Secrets, sec)

Check failure on line 93 in tooling/image-sync/main.go

View workflow job for this annotation

GitHub Actions / test 

sc.Secrets undefined (type *"github.com/Azure/ARO-HCP/tooling/image-sync/internal".SyncConfig has no field or method Secrets)

Check failure on line 93 in tooling/image-sync/main.go

View workflow job for this annotation

GitHub Actions / lint 

sc.Secrets undefined (type *"github.com/Azure/ARO-HCP/tooling/image-sync/internal".SyncConfig has no field or method Secrets) (typecheck)
}
}

Log().Debugw("Using configuration", "config", sc)
return sc
}
Expand Down

0 comments on commit 49e98fe

Please sign in to comment.