-
Notifications
You must be signed in to change notification settings - Fork 69
Expand file tree
/
Copy pathgitconfig.go
More file actions
151 lines (132 loc) · 5.08 KB
/
gitconfig.go
File metadata and controls
151 lines (132 loc) · 5.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
// Copyright (c) 2019-2025 Red Hat, Inc.
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package automount
import (
"github.com/devfile/devworkspace-operator/pkg/constants"
"github.com/devfile/devworkspace-operator/pkg/dwerrors"
"github.com/devfile/devworkspace-operator/pkg/provision/sync"
corev1 "k8s.io/api/core/v1"
k8sErrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/types"
k8sclient "sigs.k8s.io/controller-runtime/pkg/client"
)
const mergedGitCredentialsMountPath = "/.git-credentials/"
// ProvisionGitConfiguration takes care of mounting git credentials and a gitconfig into a devworkspace.
func ProvisionGitConfiguration(api sync.ClusterAPI, namespace string, isWorkspaceStarted bool) (*Resources, error) {
credentialsSecrets, tlsConfigMaps, err := getGitResources(api, namespace, isWorkspaceStarted)
if err != nil {
return nil, err
}
baseGitConfig, err := findGitconfigAutomount(api, namespace)
if err != nil {
return nil, err
}
if len(credentialsSecrets) == 0 && len(tlsConfigMaps) == 0 && baseGitConfig == nil {
// Remove any existing git configuration
err := cleanupGitConfig(api, namespace)
return nil, err
}
mergedCredentialsSecret, err := mergeGitCredentials(namespace, credentialsSecrets)
if err != nil {
return nil, &dwerrors.FailError{Message: "Failed to collect git credentials secrets", Err: err}
}
gitConfigMap, err := constructGitConfig(namespace, mergedGitCredentialsMountPath, tlsConfigMaps, baseGitConfig)
if err != nil {
return nil, &dwerrors.FailError{Message: "Failed to prepare git config for workspace", Err: err}
}
if _, err = sync.SyncObjectWithCluster(mergedCredentialsSecret, api); err != nil {
return nil, dwerrors.WrapSyncError(err)
}
if _, err = sync.SyncObjectWithCluster(gitConfigMap, api); err != nil {
return nil, dwerrors.WrapSyncError(err)
}
resources := flattenAutomountResources([]Resources{
getAutomountSecret(mergedGitCredentialsMountPath, constants.DevWorkspaceMountAsFile, defaultAccessMode, mergedCredentialsSecret),
getAutomountConfigmap("/etc/", constants.DevWorkspaceMountAsSubpath, defaultAccessMode, gitConfigMap),
})
return &resources, nil
}
func getGitResources(api sync.ClusterAPI, namespace string, isWorkspaceStarted bool) (credentialSecrets []corev1.Secret, tlsConfigMaps []corev1.ConfigMap, err error) {
credentialsLabelSelector := k8sclient.MatchingLabels{
constants.DevWorkspaceGitCredentialLabel: "true",
}
tlsLabelSelector := k8sclient.MatchingLabels{
constants.DevWorkspaceGitTLSLabel: "true",
}
secretList := &corev1.SecretList{}
if err := api.Client.List(api.Ctx, secretList, k8sclient.InNamespace(namespace), credentialsLabelSelector); err != nil {
return nil, nil, err
}
var secrets []corev1.Secret
for _, secret := range secretList.Items {
// Skip mounting if mount-on-start-only is set to "true" and workspace has been already started
mountOnStartOnly := secret.Annotations[constants.MountOnStartOnlyAttribute] == "true"
if isWorkspaceStarted && mountOnStartOnly {
continue
}
secrets = append(secrets, secret)
}
sortSecrets(secrets)
configmapList := &corev1.ConfigMapList{}
if err := api.Client.List(api.Ctx, configmapList, k8sclient.InNamespace(namespace), tlsLabelSelector); err != nil {
return nil, nil, err
}
var configmaps []corev1.ConfigMap
for _, configmap := range configmapList.Items {
// Skip mounting if mount-on-start-only is set to "true" and workspace has been already started
mountOnStartOnly := configmap.Annotations[constants.MountOnStartOnlyAttribute] == "true"
if isWorkspaceStarted && mountOnStartOnly {
continue
}
configmaps = append(configmaps, configmap)
}
sortConfigmaps(configmaps)
return secrets, configmaps, nil
}
func cleanupGitConfig(api sync.ClusterAPI, namespace string) error {
secretNN := types.NamespacedName{
Name: constants.GitCredentialsMergedSecretName,
Namespace: namespace,
}
tlsSecret := &corev1.Secret{}
err := api.Client.Get(api.Ctx, secretNN, tlsSecret)
switch {
case err == nil:
err := api.Client.Delete(api.Ctx, tlsSecret)
if err != nil && !k8sErrors.IsNotFound(err) {
return err
}
case k8sErrors.IsNotFound(err):
break
default:
return err
}
configmapNN := types.NamespacedName{
Name: constants.GitCredentialsConfigMapName,
Namespace: namespace,
}
credentialsConfigMap := &corev1.ConfigMap{}
err = api.Client.Get(api.Ctx, configmapNN, credentialsConfigMap)
switch {
case err == nil:
err := api.Client.Delete(api.Ctx, credentialsConfigMap)
if err != nil && !k8sErrors.IsNotFound(err) {
return err
}
case k8sErrors.IsNotFound(err):
break
default:
return err
}
return nil
}