-
Notifications
You must be signed in to change notification settings - Fork 1
/
node_secrets.go
48 lines (40 loc) · 1.56 KB
/
node_secrets.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package peirates
import (
"strings"
"time"
)
// When run from a node, we gather non-token secrets.
//
// If we allow the user to gather secrets from container breakouts, we will
// need to track metadata of some sort to distinguish the path to read the data
// or simply store the entire contents.
type SecretFromPodViaNodeFS struct {
secretName string
secretPath string
podName string // Pod the secret was found in, if its name can be discovered.
DiscoveryTime time.Time // Time the secret was found on the node's filesystem.
DiscoveryMethod string
}
// AddNewSecretFromPodViaNodeFS adds a new service account to the existing slice, but only if the the new one is unique
// Return whether one was added - if it wasn't, it's a duplicate.
func AddNewSecretFromPodViaNodeFS(secretName, secretPath, podName string, secretsFromPodsViaNodeFS *[]SecretFromPodViaNodeFS) bool {
// Confirm we don't have this secret already.
// If this were likely to be large, we could use a map keyed on secretName, but this seems an unlikely problem.
for _, secret := range *secretsFromPodsViaNodeFS {
if strings.TrimSpace(secret.secretName) == strings.TrimSpace(secretName) {
return false
}
}
*secretsFromPodsViaNodeFS = append(*secretsFromPodsViaNodeFS,
SecretFromPodViaNodeFS{
secretName: secretName,
secretPath: secretPath,
podName: podName,
DiscoveryTime: time.Now(),
DiscoveryMethod: "gathered from node filesystem",
})
return true
}
//
//certificateSecrets *[]CertSecret, nonTokenNonCertSecrets *[]nonTokenNonCertSecrets,
//