From fbcac700c46c8dde5fd9fce7c06af6a8e9235951 Mon Sep 17 00:00:00 2001 From: Daniel Olshansky Date: Wed, 12 Jul 2023 17:08:52 -0700 Subject: [PATCH 1/5] Retrieve keys for all actors from k8s secrets --- shared/k8s/debug.go | 60 +++++++++++++++++++++++++++++++++++++++------ 1 file changed, 52 insertions(+), 8 deletions(-) diff --git a/shared/k8s/debug.go b/shared/k8s/debug.go index bfb966e04..f38f4f4d7 100644 --- a/shared/k8s/debug.go +++ b/shared/k8s/debug.go @@ -16,9 +16,14 @@ import ( ) //nolint:gosec // G101 Not a credential -const privateKeysSecretResourceName = "validators-private-keys" -const kubernetesServiceAccountNamespaceFile = "/var/run/secrets/kubernetes.io/serviceaccount/namespace" -const defaultNamespace = "default" +const ( + privateKeysSecretResourceNameValidators = "validators-private-keys" + privateKeysSecretResourceNameServicers = "servicers-private-keys" + privateKeysSecretResourceNameFisherman = "fisherman-private-keys" + privateKeysSecretResourceNameApplications = "applications-private-keys" + kubernetesServiceAccountNamespaceFile = "/var/run/secrets/kubernetes.io/serviceaccount/namespace" + defaultNamespace = "default" +) var CurrentNamespace = "" @@ -34,9 +39,47 @@ func init() { } // FetchValidatorPrivateKeys returns a map corresponding to the data section of -// the validator private keys k8s secret (yaml), located at `privateKeysSecretResourceName`. +// the validator private keys Kubernetes secret. func FetchValidatorPrivateKeys(clientset *kubernetes.Clientset) (map[string]string, error) { - validatorKeysMap := make(map[string]string) + return fetchPrivateKeys(clientset, privateKeysSecretResourceNameValidators, "validators") +} + +// FetchServicerPrivateKeys returns a map corresponding to the data section of +// the servicer private keys Kubernetes secret. +func FetchServicerPrivateKeys(clientset *kubernetes.Clientset) (map[string]string, error) { + return fetchPrivateKeys(clientset, privateKeysSecretResourceNameServicers, "servicers") +} + +// FetchFishermanPrivateKeys returns a map corresponding to the data section of +// the fisherman private keys Kubernetes secret. +func FetchFishermanPrivateKeys(clientset *kubernetes.Clientset) (map[string]string, error) { + return fetchPrivateKeys(clientset, privateKeysSecretResourceNameFisherman, "fisherman") +} + +// FetchApplicationPrivateKeys returns a map corresponding to the data section of +// the application private keys Kubernetes secret. +func FetchApplicationPrivateKeys(clientset *kubernetes.Clientset) (map[string]string, error) { + return fetchPrivateKeys(clientset, privateKeysSecretResourceNameApplications, "applications") +} + +// fetchPrivateKeys returns a map corresponding to the data section of +// the private keys Kubernetes secret for the specified resource name and actor. +func fetchPrivateKeys(clientset *kubernetes.Clientset, resourceName string, actor string) (map[string]string, error) { + privateKeysMap := make(map[string]string) + + privateKeysSecretResourceName := "" + switch actor { + case "validators": + privateKeysSecretResourceName = privateKeysSecretResourceNameValidators + case "servicers": + privateKeysSecretResourceName = privateKeysSecretResourceNameServicers + case "fisherman": + privateKeysSecretResourceName = privateKeysSecretResourceNameFisherman + case "applications": + privateKeysSecretResourceName = privateKeysSecretResourceNameApplications + default: + return nil, fmt.Errorf("unknown actor: %s", actor) + } privateKeysSecret, err := clientset.CoreV1().Secrets(CurrentNamespace).Get(context.TODO(), privateKeysSecretResourceName, metav1.GetOptions{}) if err != nil { @@ -44,10 +87,11 @@ func FetchValidatorPrivateKeys(clientset *kubernetes.Clientset) (map[string]stri } for id, privHexString := range privateKeysSecret.Data { - // it's safe to cast []byte to string here - validatorKeysMap[id] = string(privHexString) + // It's safe to cast []byte to string here + privateKeysMap[id] = string(privHexString) } - return validatorKeysMap, nil + + return privateKeysMap, nil } func getNamespace() (string, error) { From c12575dc55ad53acf0024f9bf8564d31cefada24 Mon Sep 17 00:00:00 2001 From: Daniel Olshansky Date: Thu, 13 Jul 2023 11:18:03 -0700 Subject: [PATCH 2/5] Fix linter error --- shared/k8s/debug.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/k8s/debug.go b/shared/k8s/debug.go index f38f4f4d7..7535e0904 100644 --- a/shared/k8s/debug.go +++ b/shared/k8s/debug.go @@ -64,7 +64,7 @@ func FetchApplicationPrivateKeys(clientset *kubernetes.Clientset) (map[string]st // fetchPrivateKeys returns a map corresponding to the data section of // the private keys Kubernetes secret for the specified resource name and actor. -func fetchPrivateKeys(clientset *kubernetes.Clientset, resourceName string, actor string) (map[string]string, error) { +func fetchPrivateKeys(clientset *kubernetes.Clientset, resourceName, actor string) (map[string]string, error) { privateKeysMap := make(map[string]string) privateKeysSecretResourceName := "" From a18e42d6820cb0d85d1dd98294d543ea5132fde7 Mon Sep 17 00:00:00 2001 From: Daniel Olshansky Date: Thu, 13 Jul 2023 14:12:58 -0700 Subject: [PATCH 3/5] Fix linter errors and shorten code --- shared/k8s/debug.go | 31 +++++++------------------------ 1 file changed, 7 insertions(+), 24 deletions(-) diff --git a/shared/k8s/debug.go b/shared/k8s/debug.go index 7535e0904..6bd34bca1 100644 --- a/shared/k8s/debug.go +++ b/shared/k8s/debug.go @@ -41,56 +41,39 @@ func init() { // FetchValidatorPrivateKeys returns a map corresponding to the data section of // the validator private keys Kubernetes secret. func FetchValidatorPrivateKeys(clientset *kubernetes.Clientset) (map[string]string, error) { - return fetchPrivateKeys(clientset, privateKeysSecretResourceNameValidators, "validators") + return fetchPrivateKeys(clientset, privateKeysSecretResourceNameValidators) } // FetchServicerPrivateKeys returns a map corresponding to the data section of // the servicer private keys Kubernetes secret. func FetchServicerPrivateKeys(clientset *kubernetes.Clientset) (map[string]string, error) { - return fetchPrivateKeys(clientset, privateKeysSecretResourceNameServicers, "servicers") + return fetchPrivateKeys(clientset, privateKeysSecretResourceNameServicers) } // FetchFishermanPrivateKeys returns a map corresponding to the data section of // the fisherman private keys Kubernetes secret. func FetchFishermanPrivateKeys(clientset *kubernetes.Clientset) (map[string]string, error) { - return fetchPrivateKeys(clientset, privateKeysSecretResourceNameFisherman, "fisherman") + return fetchPrivateKeys(clientset, privateKeysSecretResourceNameFisherman) } // FetchApplicationPrivateKeys returns a map corresponding to the data section of // the application private keys Kubernetes secret. func FetchApplicationPrivateKeys(clientset *kubernetes.Clientset) (map[string]string, error) { - return fetchPrivateKeys(clientset, privateKeysSecretResourceNameApplications, "applications") + return fetchPrivateKeys(clientset, privateKeysSecretResourceNameApplications) } // fetchPrivateKeys returns a map corresponding to the data section of // the private keys Kubernetes secret for the specified resource name and actor. -func fetchPrivateKeys(clientset *kubernetes.Clientset, resourceName, actor string) (map[string]string, error) { +func fetchPrivateKeys(clientset *kubernetes.Clientset, resourceName string) (map[string]string, error) { privateKeysMap := make(map[string]string) - - privateKeysSecretResourceName := "" - switch actor { - case "validators": - privateKeysSecretResourceName = privateKeysSecretResourceNameValidators - case "servicers": - privateKeysSecretResourceName = privateKeysSecretResourceNameServicers - case "fisherman": - privateKeysSecretResourceName = privateKeysSecretResourceNameFisherman - case "applications": - privateKeysSecretResourceName = privateKeysSecretResourceNameApplications - default: - return nil, fmt.Errorf("unknown actor: %s", actor) - } - - privateKeysSecret, err := clientset.CoreV1().Secrets(CurrentNamespace).Get(context.TODO(), privateKeysSecretResourceName, metav1.GetOptions{}) + privateKeysSecret, err := clientset.CoreV1().Secrets(CurrentNamespace).Get(context.TODO(), resourceName, metav1.GetOptions{}) if err != nil { - panic(err) + return nil, err } - for id, privHexString := range privateKeysSecret.Data { // It's safe to cast []byte to string here privateKeysMap[id] = string(privHexString) } - return privateKeysMap, nil } From 2843075129aa304eda4c6166de34bc0262f4a76f Mon Sep 17 00:00:00 2001 From: Daniel Olshansky Date: Fri, 14 Jul 2023 16:04:20 -0700 Subject: [PATCH 4/5] Update shared/k8s/debug.go Co-authored-by: Dima Kniazev --- shared/k8s/debug.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/k8s/debug.go b/shared/k8s/debug.go index 6bd34bca1..990b3c23a 100644 --- a/shared/k8s/debug.go +++ b/shared/k8s/debug.go @@ -19,7 +19,7 @@ import ( const ( privateKeysSecretResourceNameValidators = "validators-private-keys" privateKeysSecretResourceNameServicers = "servicers-private-keys" - privateKeysSecretResourceNameFisherman = "fisherman-private-keys" + privateKeysSecretResourceNameFishermen = "fishermen-private-keys" privateKeysSecretResourceNameApplications = "applications-private-keys" kubernetesServiceAccountNamespaceFile = "/var/run/secrets/kubernetes.io/serviceaccount/namespace" defaultNamespace = "default" From 49aa4169071f461cec20207808184a6b23eedd20 Mon Sep 17 00:00:00 2001 From: Daniel Olshansky Date: Fri, 14 Jul 2023 16:17:26 -0700 Subject: [PATCH 5/5] Fix typo after rename --- shared/k8s/debug.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/k8s/debug.go b/shared/k8s/debug.go index 990b3c23a..a340fcfda 100644 --- a/shared/k8s/debug.go +++ b/shared/k8s/debug.go @@ -53,7 +53,7 @@ func FetchServicerPrivateKeys(clientset *kubernetes.Clientset) (map[string]strin // FetchFishermanPrivateKeys returns a map corresponding to the data section of // the fisherman private keys Kubernetes secret. func FetchFishermanPrivateKeys(clientset *kubernetes.Clientset) (map[string]string, error) { - return fetchPrivateKeys(clientset, privateKeysSecretResourceNameFisherman) + return fetchPrivateKeys(clientset, privateKeysSecretResourceNameFishermen) } // FetchApplicationPrivateKeys returns a map corresponding to the data section of