本文整理汇总了Golang中github.com/openshift/origin/pkg/serviceaccounts/util.GetDockercfgSecretNamePrefix函数的典型用法代码示例。如果您正苦于以下问题:Golang GetDockercfgSecretNamePrefix函数的具体用法?Golang GetDockercfgSecretNamePrefix怎么用?Golang GetDockercfgSecretNamePrefix使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了GetDockercfgSecretNamePrefix函数的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: createDockerPullSecret
// createDockerPullSecret creates a dockercfg secret based on the token secret
func (e *DockercfgController) createDockerPullSecret(serviceAccount *api.ServiceAccount) (*api.Secret, error) {
glog.V(4).Infof("Creating secret for %s/%s", serviceAccount.Namespace, serviceAccount.Name)
tokenSecret, err := e.createTokenSecret(serviceAccount)
if err != nil {
return nil, err
}
dockercfgSecret := &api.Secret{
ObjectMeta: api.ObjectMeta{
Name: secret.Strategy.GenerateName(osautil.GetDockercfgSecretNamePrefix(serviceAccount)),
Namespace: tokenSecret.Namespace,
Annotations: map[string]string{
api.ServiceAccountNameKey: serviceAccount.Name,
api.ServiceAccountUIDKey: string(serviceAccount.UID),
ServiceAccountTokenSecretNameKey: string(tokenSecret.Name),
ServiceAccountTokenValueAnnotation: string(tokenSecret.Data[api.ServiceAccountTokenKey]),
},
},
Type: api.SecretTypeDockercfg,
Data: map[string][]byte{},
}
// prevent updating the DockerURL until we've created the secret
e.dockerURLLock.Lock()
defer e.dockerURLLock.Unlock()
dockercfg := credentialprovider.DockerConfig{}
for _, dockerURL := range e.dockerURLs {
dockercfg[dockerURL] = credentialprovider.DockerConfigEntry{
Username: "serviceaccount",
Password: string(tokenSecret.Data[api.ServiceAccountTokenKey]),
Email: "[email protected]",
}
}
dockercfgContent, err := json.Marshal(&dockercfg)
if err != nil {
return nil, err
}
dockercfgSecret.Data[api.DockerConfigKey] = dockercfgContent
// Save the secret
createdSecret, err := e.client.Secrets(tokenSecret.Namespace).Create(dockercfgSecret)
if err != nil {
// Clean up the generated token secret if we're not going to use it
glog.V(2).Infof("deleting unused token secret %s/%s, error creating dockercfgSecret: %v", tokenSecret.Namespace, tokenSecret.Name, err)
if deleteErr := e.client.Secrets(tokenSecret.Namespace).Delete(tokenSecret.Name); (deleteErr != nil) && !kapierrors.IsNotFound(deleteErr) {
utilruntime.HandleError(deleteErr)
}
return nil, err
}
return createdSecret, err
}
示例2: createDockerPullSecret
// createDockerPullSecret creates a dockercfg secret based on the token secret
func (e *DockercfgController) createDockerPullSecret(serviceAccount *api.ServiceAccount) (*api.Secret, bool, error) {
tokenSecret, isPopulated, err := e.createTokenSecret(serviceAccount)
if err != nil {
return nil, false, err
}
if !isPopulated {
glog.V(5).Infof("Token secret for service account %s/%s is not populated yet", serviceAccount.Namespace, serviceAccount.Name)
return nil, false, nil
}
dockercfgSecret := &api.Secret{
ObjectMeta: api.ObjectMeta{
Name: secret.Strategy.GenerateName(osautil.GetDockercfgSecretNamePrefix(serviceAccount)),
Namespace: tokenSecret.Namespace,
Annotations: map[string]string{
api.ServiceAccountNameKey: serviceAccount.Name,
api.ServiceAccountUIDKey: string(serviceAccount.UID),
ServiceAccountTokenSecretNameKey: string(tokenSecret.Name),
ServiceAccountTokenValueAnnotation: string(tokenSecret.Data[api.ServiceAccountTokenKey]),
},
},
Type: api.SecretTypeDockercfg,
Data: map[string][]byte{},
}
glog.V(4).Infof("Creating dockercfg secret %q for service account %s/%s", dockercfgSecret.Name, serviceAccount.Namespace, serviceAccount.Name)
// prevent updating the DockerURL until we've created the secret
e.dockerURLLock.Lock()
defer e.dockerURLLock.Unlock()
dockercfg := credentialprovider.DockerConfig{}
for _, dockerURL := range e.dockerURLs {
dockercfg[dockerURL] = credentialprovider.DockerConfigEntry{
Username: "serviceaccount",
Password: string(tokenSecret.Data[api.ServiceAccountTokenKey]),
Email: "[email protected]",
}
}
dockercfgContent, err := json.Marshal(&dockercfg)
if err != nil {
return nil, false, err
}
dockercfgSecret.Data[api.DockerConfigKey] = dockercfgContent
// Save the secret
createdSecret, err := e.client.Core().Secrets(tokenSecret.Namespace).Create(dockercfgSecret)
return createdSecret, err == nil, err
}
示例3: getGeneratedDockercfgSecretNames
func getGeneratedDockercfgSecretNames(serviceAccount *api.ServiceAccount) (sets.String, sets.String) {
mountableDockercfgSecrets := sets.String{}
imageDockercfgPullSecrets := sets.String{}
secretNamePrefix := osautil.GetDockercfgSecretNamePrefix(serviceAccount)
for _, s := range serviceAccount.Secrets {
if strings.HasPrefix(s.Name, secretNamePrefix) {
mountableDockercfgSecrets.Insert(s.Name)
}
}
for _, s := range serviceAccount.ImagePullSecrets {
if strings.HasPrefix(s.Name, secretNamePrefix) {
imageDockercfgPullSecrets.Insert(s.Name)
}
}
return mountableDockercfgSecrets, imageDockercfgPullSecrets
}
示例4: createDockerPullSecret
// createDockerPullSecret creates a dockercfg secret based on the token secret
func (e *DockercfgController) createDockerPullSecret(serviceAccount *api.ServiceAccount) (*api.Secret, error) {
tokenSecret, err := e.createTokenSecret(serviceAccount)
if err != nil {
return nil, err
}
dockercfgSecret := &api.Secret{
ObjectMeta: api.ObjectMeta{
Name: secret.Strategy.GenerateName(osautil.GetDockercfgSecretNamePrefix(serviceAccount)),
Namespace: tokenSecret.Namespace,
Annotations: map[string]string{
api.ServiceAccountNameKey: serviceAccount.Name,
api.ServiceAccountUIDKey: string(serviceAccount.UID),
ServiceAccountTokenSecretNameKey: string(tokenSecret.Name),
},
},
Type: api.SecretTypeDockercfg,
Data: map[string][]byte{},
}
// prevent updating the DockerURL until we've created the secret
e.dockerURLLock.Lock()
defer e.dockerURLLock.Unlock()
dockercfg := &credentialprovider.DockerConfig{
e.dockerURL: credentialprovider.DockerConfigEntry{
Username: "serviceaccount",
Password: string(tokenSecret.Data[api.ServiceAccountTokenKey]),
Email: "[email protected]",
},
}
dockercfgContent, err := json.Marshal(dockercfg)
if err != nil {
return nil, err
}
dockercfgSecret.Data[api.DockerConfigKey] = dockercfgContent
// Save the secret
createdSecret, err := e.client.Secrets(tokenSecret.Namespace).Create(dockercfgSecret)
return createdSecret, err
}
示例5: Export
func (e *DefaultExporter) Export(obj runtime.Object, exact bool) error {
if meta, err := kapi.ObjectMetaFor(obj); err == nil {
exportObjectMeta(meta, exact)
} else {
glog.V(4).Infof("Object of type %v does not have ObjectMeta: %v", reflect.TypeOf(obj), err)
}
ctx := kapi.NewContext()
switch t := obj.(type) {
case *kapi.Endpoints:
endpoint.Strategy.PrepareForCreate(ctx, obj)
case *kapi.ResourceQuota:
resourcequota.Strategy.PrepareForCreate(ctx, obj)
case *kapi.LimitRange:
// TODO: this needs to be fixed
// limitrange.Strategy.PrepareForCreate(obj)
case *kapi.Node:
node.Strategy.PrepareForCreate(ctx, obj)
if exact {
return nil
}
// Nodes are the only resources that allow direct status edits, therefore
// we clear that without exact so that the node value can be reused.
t.Status = kapi.NodeStatus{}
case *kapi.Namespace:
namespace.Strategy.PrepareForCreate(ctx, obj)
case *kapi.PersistentVolumeClaim:
persistentvolumeclaim.Strategy.PrepareForCreate(ctx, obj)
case *kapi.PersistentVolume:
persistentvolume.Strategy.PrepareForCreate(ctx, obj)
case *kapi.ReplicationController:
controller.Strategy.PrepareForCreate(ctx, obj)
case *kapi.Pod:
pod.Strategy.PrepareForCreate(ctx, obj)
case *kapi.PodTemplate:
case *kapi.Service:
// TODO: service does not yet have a strategy
t.Status = kapi.ServiceStatus{}
if exact {
return nil
}
if t.Spec.ClusterIP != kapi.ClusterIPNone {
t.Spec.ClusterIP = ""
}
if t.Spec.Type == kapi.ServiceTypeNodePort {
for i := range t.Spec.Ports {
t.Spec.Ports[i].NodePort = 0
}
}
case *kapi.Secret:
secret.Strategy.PrepareForCreate(ctx, obj)
if exact {
return nil
}
// secrets that are tied to the UID of a service account cannot be exported anyway
if t.Type == kapi.SecretTypeServiceAccountToken || len(t.Annotations[kapi.ServiceAccountUIDKey]) > 0 {
return ErrExportOmit
}
case *kapi.ServiceAccount:
serviceaccount.Strategy.PrepareForCreate(ctx, obj)
if exact {
return nil
}
dockercfgSecretPrefix := osautil.GetDockercfgSecretNamePrefix(t)
newImagePullSecrets := []kapi.LocalObjectReference{}
for _, secretRef := range t.ImagePullSecrets {
if strings.HasPrefix(secretRef.Name, dockercfgSecretPrefix) {
continue
}
newImagePullSecrets = append(newImagePullSecrets, secretRef)
}
t.ImagePullSecrets = newImagePullSecrets
tokenSecretPrefix := osautil.GetTokenSecretNamePrefix(t)
newMountableSecrets := []kapi.ObjectReference{}
for _, secretRef := range t.Secrets {
if strings.HasPrefix(secretRef.Name, dockercfgSecretPrefix) ||
strings.HasPrefix(secretRef.Name, tokenSecretPrefix) {
continue
}
newMountableSecrets = append(newMountableSecrets, secretRef)
}
t.Secrets = newMountableSecrets
case *deployapi.DeploymentConfig:
return deployrest.Strategy.Export(ctx, obj, exact)
case *buildapi.BuildConfig:
buildconfigrest.Strategy.PrepareForCreate(ctx, obj)
// TODO: should be handled by prepare for create
t.Status.LastVersion = 0
for i := range t.Spec.Triggers {
if p := t.Spec.Triggers[i].ImageChange; p != nil {
p.LastTriggeredImageID = ""
}
}
case *buildapi.Build:
buildrest.Strategy.PrepareForCreate(ctx, obj)
// TODO: should be handled by prepare for create
//.........这里部分代码省略.........
示例6: TestExport
func TestExport(t *testing.T) {
exporter := &defaultExporter{}
baseSA := &kapi.ServiceAccount{}
baseSA.Name = "my-sa"
tests := []struct {
name string
object runtime.Object
exact bool
expectedObj runtime.Object
expectedErr error
}{
{
name: "export deploymentConfig",
object: deploytest.OkDeploymentConfig(1),
expectedObj: &deployapi.DeploymentConfig{
ObjectMeta: kapi.ObjectMeta{
Name: "config",
},
LatestVersion: 0,
Triggers: []deployapi.DeploymentTriggerPolicy{
deploytest.OkImageChangeTrigger(),
},
Template: deploytest.OkDeploymentTemplate(),
},
expectedErr: nil,
},
{
name: "export imageStream",
object: &imageapi.ImageStream{
ObjectMeta: kapi.ObjectMeta{
Name: "test",
Namespace: "other",
},
Spec: imageapi.ImageStreamSpec{
Tags: map[string]imageapi.TagReference{
"v1": {
Annotations: map[string]string{"an": "annotation"},
},
},
},
Status: imageapi.ImageStreamStatus{
DockerImageRepository: "foo/bar",
Tags: map[string]imageapi.TagEventList{
"v1": {
Items: []imageapi.TagEvent{{Image: "the image"}},
},
},
},
},
expectedObj: &imageapi.ImageStream{
ObjectMeta: kapi.ObjectMeta{
Name: "test",
Namespace: "",
},
Spec: imageapi.ImageStreamSpec{
Tags: map[string]imageapi.TagReference{
"v1": {
From: &kapi.ObjectReference{
Kind: "DockerImage",
Name: "foo/bar:v1",
},
Annotations: map[string]string{"an": "annotation"},
},
},
},
Status: imageapi.ImageStreamStatus{
Tags: map[string]imageapi.TagEventList{},
},
},
expectedErr: nil,
},
{
name: "remove unexportable SA secrets",
object: &kapi.ServiceAccount{
ObjectMeta: kapi.ObjectMeta{
Name: baseSA.Name,
},
ImagePullSecrets: []kapi.LocalObjectReference{
{Name: osautil.GetDockercfgSecretNamePrefix(baseSA) + "-foo"},
{Name: "another-pull-secret"},
},
Secrets: []kapi.ObjectReference{
{Name: osautil.GetDockercfgSecretNamePrefix(baseSA) + "-foo"},
{Name: osautil.GetTokenSecretNamePrefix(baseSA) + "-foo"},
{Name: "another-mountable-secret"},
},
},
expectedObj: &kapi.ServiceAccount{
ObjectMeta: kapi.ObjectMeta{
Name: baseSA.Name,
},
ImagePullSecrets: []kapi.LocalObjectReference{
{Name: "another-pull-secret"},
},
Secrets: []kapi.ObjectReference{
{Name: "another-mountable-secret"},
},
},
//.........这里部分代码省略.........