Skip to content

Commit

Permalink
controller: reconcile ext filter secrets
Browse files Browse the repository at this point in the history 
This adds logic to reconcile secrets found in ext filters. If they are
not found or invalid then no secrets are reconciled and added
to the snapshots.

Signed-off-by: Lance Austin <laustin@datawire.io>
  • Loading branch information
Lance Austin committed May 10, 2023
1 parent 3ecb197 commit c03d010
Show file tree
Hide file tree
Showing 3 changed files with 155 additions and 0 deletions.
54 changes: 54 additions & 0 deletions cmd/entrypoint/secrets.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -350,6 +350,7 @@ func findFilterSecret(filter *unstructured.Unstructured, action func(snapshotTyp

findOAuthFilterSecret(mapFilters, filter.GetNamespace(), action)
findAPIKeyFilterSecret(mapFilters, filter.GetNamespace(), action)
findExternalFilterSecret(mapFilters, filter.GetNamespace(), action)
}
return nil
}
Expand Down Expand Up @@ -435,6 +436,59 @@ func findAPIKeyFilterSecret(
}
}

// findExternalFilterSecret will find and capture secret references found in an ExternalFilter.
func findExternalFilterSecret(
mapFilters map[string]interface{},
filterNamespace string,
action func(snapshotTypes.SecretRef),
) {

type externalConfig struct {
TLS bool `json:"tls"`
TLSConfig *struct {
Certificate *struct {
FromSecret struct {
Name string `json:"name"`
} `json:"fromSecret"`
} `json:"certificate"`
CACertificate *struct {
FromSecret struct {
Name string `json:"name"`
} `json:"fromSecret"`
} `json:"caCertificate"`
} `json:"tlsConfig"`
}

extConfig := mapFilters["External"]
if extConfig == nil {
return
}

jsonStr, err := json.Marshal(extConfig)
if err != nil {
return
}

var config externalConfig
if err := json.Unmarshal([]byte(jsonStr), &config); err != nil {
return
}

if config.TLSConfig == nil {
return
}

if config.TLSConfig.Certificate != nil {
secretName := config.TLSConfig.Certificate.FromSecret.Name
secretRef(filterNamespace, secretName, false, action)
}

if config.TLSConfig.CACertificate != nil {
secretName := config.TLSConfig.CACertificate.FromSecret.Name
secretRef(filterNamespace, secretName, false, action)
}
}

// Find all the secrets a given Ambassador resource references.
func findSecretRefs(ctx context.Context, resource kates.Object, secretNamespacing bool, action func(snapshotTypes.SecretRef)) {
switch r := resource.(type) {
Expand Down
59 changes: 59 additions & 0 deletions cmd/entrypoint/testdata/reconcile-secrets/reconcile-filters-aes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,31 @@ input:
APIKey:
keys:
- secretName: "my-secret-api-keys"
- apiVersion: getambassador.io/v3alpha1
kind: Filter
metadata:
name: "ext-filter-1"
namespace: "default"
spec:
External:
tls: true
tlsConfig:
certificate:
fromSecret:
name: ext-tls-1
caCertificate:
fromSecret:
name: ca-tls-1
- apiVersion: getambassador.io/v3alpha1
kind: Filter
metadata:
name: "ext-filter-2"
namespace: "default"
spec:
External:
auth_service: "https://example-auth:3000"
proto: http
timeout_ms: 5000
k8sSecrets:
- apiVersion: v1
kind: Secret
Expand All @@ -55,6 +80,23 @@ input:
data:
key-one: bXktZmlyc3QtYXBpLWtleQ==
key-two: bXktc2Vjb25kLWFwaS1rZXk=
- apiVersion: v1
kind: Secret
metadata:
name: ca-tls-1
namespace: default
type: kubernetes.io/tls
data:
tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNxRENDQVpBQ0NRQ2x1dWt3c3FHeSt6QU5CZ2txaGtpRzl3MEJBUXNGQURBV01SUXdFZ1lEVlFRRERBdG0KYjI4dVltRnlMbU52YlRBZUZ3MHlNekExTURneE9UQTNOVE5hRncweU5EQTFNRGN4T1RBM05UTmFNQll4RkRBUwpCZ05WQkFNTUMyWnZieTVpWVhJdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUE1bER5YWZjclJ2cnBXUHVPMHc0amx2NElUNUhjTDhKbWdmYVRnRk85UmdQalg3YWNaN25FSzNlVUFLTXcKVFBSdUNDNGpwTVVmSkVYVnQwTUk0MlB3UFpoWTlqODBWVHEzUDViUjJYRGFGLzZlZkxZOWIxQ2o0SFBueVBFMApnQlNHaVlDTm9ndGFEbnh3TEFZU0p6K3dqaUF0Tmk0a0FsS2taYy9QWEE3UHdwVmZMdVRYTmh1d05sblU1SkpQCmkwOGxsN2hXMHc4Q3lOTVBpTHY1WnhRY1F5eUdmQjB4djVXTEtQZGZFSGJrVXQzRllYMFVUOXNYSVljaGJZR1EKU0pIQVRwVTBLQzVDMFhUa20yQ0tpUGZCVmdHR2x1L2tQeTZsdHpmU0VjdUYvdlRSbGZFYXdFY0o4ZEhQaVd6TQpKTmZWTG9MT0tjTC9kb0hkSWxKd1pqcDlpUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQzM3TkM5Ck83VC9HWHB4K3JIRXZzd2NTTG5CYWQvUVZFeTY3cExseUdDZ21UaXBLUGI1YWN1aWk3SWZDM1UrT1BvUFBKQjgKL0JrZHBxNlh3b2NScWdzejFjTnkxY2xCUDhjRGpwVFJEUHRvdk91RmZYamk0T3BMN2psMHBZbEVubTM4SVZlUApyWE5jRFhTV3pzekFsb1U5TjJ0VFFPallXMzhRRE90KytyZ0p1ZlJyMmJWZE8yalU1V3NzZmluNGl3SHk1TVI3ClJwSUdrNHR6K2lvUlJlWkJrQUpDZHozL2JQRjR1ODNiM0szVVR2VGZTcDFmRWZQSnJiZTJ1SFpNdHdBdWZoek4KeXNwTitpVDVJZ2dkZjVSRGhCRlRpckEwNFZhRllzRS9XOHNERTZMMmsxSEZ5TloyZ1JLY0ZLMlJpU0NEdURyQwpMN1h6UmliTHZONElXOEpJCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
tls.key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRG1VUEpwOXl0Ryt1bFkKKzQ3VERpT1cvZ2hQa2R3dndtYUI5cE9BVTcxR0ErTmZ0cHhudWNRcmQ1UUFvekJNOUc0SUxpT2t4UjhrUmRXMwpRd2pqWS9BOW1GajJQelJWT3JjL2x0SFpjTm9YL3A1OHRqMXZVS1BnYytmSThUU0FGSWFKZ0kyaUMxb09mSEFzCkJoSW5QN0NPSUMwMkxpUUNVcVJsejg5Y0RzL0NsVjh1NU5jMkc3QTJXZFRra2srTFR5V1h1RmJURHdMSTB3K0kKdS9sbkZCeERMSVo4SFRHL2xZc285MThRZHVSUzNjVmhmUlJQMnhjaGh5RnRnWkJJa2NCT2xUUW9Ma0xSZE9TYgpZSXFJOThGV0FZYVc3K1EvTHFXM045SVJ5NFgrOU5HVjhSckFSd254MGMrSmJNd2sxOVV1Z3M0cHd2OTJnZDBpClVuQm1PbjJKQWdNQkFBRUNnZ0VBS2t0bEtPWjE4UlAwdEIyR0RlWUR6UitiWVJsVkNRUTNGTmkySDVQQkoxRmgKZU5zcy83TlNmZlQ0bmVGWjVsZmd1T25ZSzlMek5CTUsreHQ1VDJDejVtdktzblhLNDNmajNPNlNYTTduamc1NQpCa2ZsSWtMNXhTY2p3bmZnLzBCRnNJeUY5ZU1GeDdFOFhDbEZQaVhwQTBDUGJPcXVQQ3IyKzZkYzJmZnlXVFlCCnZMTTUwb1FucmJ0VFVLWlkyU3Y0Y1JJRFE1Q0JzMWE3RTV5L0paQzVWSnZsTTh5RUU1ZFIyazFxOTg5eGk1V3MKZXFSRkxjUitmK3pGV0luc3ljV2lReFo1eGZOMjE3T2sxYXpKM3BIOUJxdkxlMS9obDdWbVN4KzNVVlgzZU53SgpGd0tPbDJrNzczdFNRZFVnTlhQSDFSN05yeXpPL3N1bTdPTUNLRU84Y1FLQmdRRCtUSDlCWE5LMFl4V2hjemJrCmRxMGpQU3B5aTM5ZnNXUityOVRLR3FGUDdVdHZ1aEdXN3Y1WUNVbzRUUzBKbFU0eXNTQXV4UldQUG40dWx3aTkKUnpJZDQvTDJzSEx0SllPTlkxZmwwM1RDMExjby9RZ05TcDF0VEdOOFF1R2tmM0Zma1NHOXRDUVhQbmw5OXBudgpiNDhmdTZvMG9iSzdMYXhRQnkxdFc1VjE5UUtCZ1FEbjIyREp4d2pwRVA3Z2RzblpKZ1B0M2x6Z0pBQVh2eUFtCnAxZy9Mb0JPdzVJTWZZN0psbzNhSjJuU2NFZDI2ZWdsTXVqK1FpMzlDa3ZHK0VRcnUvKzRzWWxiREFlNWFNSDEKUjNFemxLYU1FU3lnQnlCQWVEeWFaeXVxYktKWmZqOW1UQjV2OVZEdDRNWm5OQUpuRU1zWWd0bVBwQXZMei9UNQpqcEJqYi9EWXhRS0JnUURrM0NtbXhJZ29xZ2ZjamxrM2tZck9iUXpYbTYzZGpFTzZORHBZVFZFaUlwaENpLzJxCmpaby8xdFNDQ1FyZ1ZndlRXVTl5YUJLNElQRGtzeTY5VWViTHVjdCtzbHdzQ3hmeTFoWlVFMU5BeFNBaDlsOFoKdnk0aElKOWtSTGpZRjQ0TUNReUpzeWJMK0lEVW1XditiYk1zUnZPdWZGdmpVdjZCNDRQQnFLdkJSUUtCZ1FDOQo0bXYxTkwxMmEwWGlQVWI0UVdzTVg0VSt5QjBQVmFjV0lRMWp5VWlwdVArZW5TSFl0U1Y5bWJQUDljYUJlL1YwCnFhb3B1YmVDT2ZGdmhab0hHMVBHUmhnUTZkeFZtNWJsczFuaGZZZWN4T0FBTzNYTmR1dGpKTVdkTUpVUnFCUnkKU2pyUFJHREFRTXNjY0hyYlArU2xNVnpPaC9KbE8rNE1pQloyYVpJZFpRS0JnRzVaNmF2MGNqcDhaVG5QcEFDeQpwSGk0ZDJUbGFoZGxRLzRZKzhHR01OZU4zWnNvVWE3NzBVWmtTVGVzV0ExV3AybWRMUTIzTG10R240MmQxRGtKCm1LcUxBanVsWXltUkFDWFNROVFBYSswbzNjRGF0OU94UXN5T1lBWW9JQmVQbi9oM0FUVWQvaGs4OXJKcjZBbVEKMzA2eE9LRnN4YVN2S1dPemtNb1J3SVgrCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K"
- apiVersion: v1
kind: Secret
metadata:
name: ext-tls-1
namespace: default
type: kubernetes.io/tls
data:
tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNxRENDQVpBQ0NRQ2x1dWt3c3FHeSt6QU5CZ2txaGtpRzl3MEJBUXNGQURBV01SUXdFZ1lEVlFRRERBdG0KYjI4dVltRnlMbU52YlRBZUZ3MHlNekExTURneE9UQTNOVE5hRncweU5EQTFNRGN4T1RBM05UTmFNQll4RkRBUwpCZ05WQkFNTUMyWnZieTVpWVhJdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUE1bER5YWZjclJ2cnBXUHVPMHc0amx2NElUNUhjTDhKbWdmYVRnRk85UmdQalg3YWNaN25FSzNlVUFLTXcKVFBSdUNDNGpwTVVmSkVYVnQwTUk0MlB3UFpoWTlqODBWVHEzUDViUjJYRGFGLzZlZkxZOWIxQ2o0SFBueVBFMApnQlNHaVlDTm9ndGFEbnh3TEFZU0p6K3dqaUF0Tmk0a0FsS2taYy9QWEE3UHdwVmZMdVRYTmh1d05sblU1SkpQCmkwOGxsN2hXMHc4Q3lOTVBpTHY1WnhRY1F5eUdmQjB4djVXTEtQZGZFSGJrVXQzRllYMFVUOXNYSVljaGJZR1EKU0pIQVRwVTBLQzVDMFhUa20yQ0tpUGZCVmdHR2x1L2tQeTZsdHpmU0VjdUYvdlRSbGZFYXdFY0o4ZEhQaVd6TQpKTmZWTG9MT0tjTC9kb0hkSWxKd1pqcDlpUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQzM3TkM5Ck83VC9HWHB4K3JIRXZzd2NTTG5CYWQvUVZFeTY3cExseUdDZ21UaXBLUGI1YWN1aWk3SWZDM1UrT1BvUFBKQjgKL0JrZHBxNlh3b2NScWdzejFjTnkxY2xCUDhjRGpwVFJEUHRvdk91RmZYamk0T3BMN2psMHBZbEVubTM4SVZlUApyWE5jRFhTV3pzekFsb1U5TjJ0VFFPallXMzhRRE90KytyZ0p1ZlJyMmJWZE8yalU1V3NzZmluNGl3SHk1TVI3ClJwSUdrNHR6K2lvUlJlWkJrQUpDZHozL2JQRjR1ODNiM0szVVR2VGZTcDFmRWZQSnJiZTJ1SFpNdHdBdWZoek4KeXNwTitpVDVJZ2dkZjVSRGhCRlRpckEwNFZhRllzRS9XOHNERTZMMmsxSEZ5TloyZ1JLY0ZLMlJpU0NEdURyQwpMN1h6UmliTHZONElXOEpJCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
expected:
secrets:
- apiVersion: v1
Expand Down Expand Up @@ -82,3 +124,20 @@ expected:
data:
key-one: bXktZmlyc3QtYXBpLWtleQ==
key-two: bXktc2Vjb25kLWFwaS1rZXk=
- apiVersion: v1
kind: Secret
metadata:
name: ca-tls-1
namespace: default
type: kubernetes.io/tls
data:
tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNxRENDQVpBQ0NRQ2x1dWt3c3FHeSt6QU5CZ2txaGtpRzl3MEJBUXNGQURBV01SUXdFZ1lEVlFRRERBdG0KYjI4dVltRnlMbU52YlRBZUZ3MHlNekExTURneE9UQTNOVE5hRncweU5EQTFNRGN4T1RBM05UTmFNQll4RkRBUwpCZ05WQkFNTUMyWnZieTVpWVhJdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUE1bER5YWZjclJ2cnBXUHVPMHc0amx2NElUNUhjTDhKbWdmYVRnRk85UmdQalg3YWNaN25FSzNlVUFLTXcKVFBSdUNDNGpwTVVmSkVYVnQwTUk0MlB3UFpoWTlqODBWVHEzUDViUjJYRGFGLzZlZkxZOWIxQ2o0SFBueVBFMApnQlNHaVlDTm9ndGFEbnh3TEFZU0p6K3dqaUF0Tmk0a0FsS2taYy9QWEE3UHdwVmZMdVRYTmh1d05sblU1SkpQCmkwOGxsN2hXMHc4Q3lOTVBpTHY1WnhRY1F5eUdmQjB4djVXTEtQZGZFSGJrVXQzRllYMFVUOXNYSVljaGJZR1EKU0pIQVRwVTBLQzVDMFhUa20yQ0tpUGZCVmdHR2x1L2tQeTZsdHpmU0VjdUYvdlRSbGZFYXdFY0o4ZEhQaVd6TQpKTmZWTG9MT0tjTC9kb0hkSWxKd1pqcDlpUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQzM3TkM5Ck83VC9HWHB4K3JIRXZzd2NTTG5CYWQvUVZFeTY3cExseUdDZ21UaXBLUGI1YWN1aWk3SWZDM1UrT1BvUFBKQjgKL0JrZHBxNlh3b2NScWdzejFjTnkxY2xCUDhjRGpwVFJEUHRvdk91RmZYamk0T3BMN2psMHBZbEVubTM4SVZlUApyWE5jRFhTV3pzekFsb1U5TjJ0VFFPallXMzhRRE90KytyZ0p1ZlJyMmJWZE8yalU1V3NzZmluNGl3SHk1TVI3ClJwSUdrNHR6K2lvUlJlWkJrQUpDZHozL2JQRjR1ODNiM0szVVR2VGZTcDFmRWZQSnJiZTJ1SFpNdHdBdWZoek4KeXNwTitpVDVJZ2dkZjVSRGhCRlRpckEwNFZhRllzRS9XOHNERTZMMmsxSEZ5TloyZ1JLY0ZLMlJpU0NEdURyQwpMN1h6UmliTHZONElXOEpJCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
tls.key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRG1VUEpwOXl0Ryt1bFkKKzQ3VERpT1cvZ2hQa2R3dndtYUI5cE9BVTcxR0ErTmZ0cHhudWNRcmQ1UUFvekJNOUc0SUxpT2t4UjhrUmRXMwpRd2pqWS9BOW1GajJQelJWT3JjL2x0SFpjTm9YL3A1OHRqMXZVS1BnYytmSThUU0FGSWFKZ0kyaUMxb09mSEFzCkJoSW5QN0NPSUMwMkxpUUNVcVJsejg5Y0RzL0NsVjh1NU5jMkc3QTJXZFRra2srTFR5V1h1RmJURHdMSTB3K0kKdS9sbkZCeERMSVo4SFRHL2xZc285MThRZHVSUzNjVmhmUlJQMnhjaGh5RnRnWkJJa2NCT2xUUW9Ma0xSZE9TYgpZSXFJOThGV0FZYVc3K1EvTHFXM045SVJ5NFgrOU5HVjhSckFSd254MGMrSmJNd2sxOVV1Z3M0cHd2OTJnZDBpClVuQm1PbjJKQWdNQkFBRUNnZ0VBS2t0bEtPWjE4UlAwdEIyR0RlWUR6UitiWVJsVkNRUTNGTmkySDVQQkoxRmgKZU5zcy83TlNmZlQ0bmVGWjVsZmd1T25ZSzlMek5CTUsreHQ1VDJDejVtdktzblhLNDNmajNPNlNYTTduamc1NQpCa2ZsSWtMNXhTY2p3bmZnLzBCRnNJeUY5ZU1GeDdFOFhDbEZQaVhwQTBDUGJPcXVQQ3IyKzZkYzJmZnlXVFlCCnZMTTUwb1FucmJ0VFVLWlkyU3Y0Y1JJRFE1Q0JzMWE3RTV5L0paQzVWSnZsTTh5RUU1ZFIyazFxOTg5eGk1V3MKZXFSRkxjUitmK3pGV0luc3ljV2lReFo1eGZOMjE3T2sxYXpKM3BIOUJxdkxlMS9obDdWbVN4KzNVVlgzZU53SgpGd0tPbDJrNzczdFNRZFVnTlhQSDFSN05yeXpPL3N1bTdPTUNLRU84Y1FLQmdRRCtUSDlCWE5LMFl4V2hjemJrCmRxMGpQU3B5aTM5ZnNXUityOVRLR3FGUDdVdHZ1aEdXN3Y1WUNVbzRUUzBKbFU0eXNTQXV4UldQUG40dWx3aTkKUnpJZDQvTDJzSEx0SllPTlkxZmwwM1RDMExjby9RZ05TcDF0VEdOOFF1R2tmM0Zma1NHOXRDUVhQbmw5OXBudgpiNDhmdTZvMG9iSzdMYXhRQnkxdFc1VjE5UUtCZ1FEbjIyREp4d2pwRVA3Z2RzblpKZ1B0M2x6Z0pBQVh2eUFtCnAxZy9Mb0JPdzVJTWZZN0psbzNhSjJuU2NFZDI2ZWdsTXVqK1FpMzlDa3ZHK0VRcnUvKzRzWWxiREFlNWFNSDEKUjNFemxLYU1FU3lnQnlCQWVEeWFaeXVxYktKWmZqOW1UQjV2OVZEdDRNWm5OQUpuRU1zWWd0bVBwQXZMei9UNQpqcEJqYi9EWXhRS0JnUURrM0NtbXhJZ29xZ2ZjamxrM2tZck9iUXpYbTYzZGpFTzZORHBZVFZFaUlwaENpLzJxCmpaby8xdFNDQ1FyZ1ZndlRXVTl5YUJLNElQRGtzeTY5VWViTHVjdCtzbHdzQ3hmeTFoWlVFMU5BeFNBaDlsOFoKdnk0aElKOWtSTGpZRjQ0TUNReUpzeWJMK0lEVW1XditiYk1zUnZPdWZGdmpVdjZCNDRQQnFLdkJSUUtCZ1FDOQo0bXYxTkwxMmEwWGlQVWI0UVdzTVg0VSt5QjBQVmFjV0lRMWp5VWlwdVArZW5TSFl0U1Y5bWJQUDljYUJlL1YwCnFhb3B1YmVDT2ZGdmhab0hHMVBHUmhnUTZkeFZtNWJsczFuaGZZZWN4T0FBTzNYTmR1dGpKTVdkTUpVUnFCUnkKU2pyUFJHREFRTXNjY0hyYlArU2xNVnpPaC9KbE8rNE1pQloyYVpJZFpRS0JnRzVaNmF2MGNqcDhaVG5QcEFDeQpwSGk0ZDJUbGFoZGxRLzRZKzhHR01OZU4zWnNvVWE3NzBVWmtTVGVzV0ExV3AybWRMUTIzTG10R240MmQxRGtKCm1LcUxBanVsWXltUkFDWFNROVFBYSswbzNjRGF0OU94UXN5T1lBWW9JQmVQbi9oM0FUVWQvaGs4OXJKcjZBbVEKMzA2eE9LRnN4YVN2S1dPemtNb1J3SVgrCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K"
- apiVersion: v1
kind: Secret
metadata:
name: ext-tls-1
namespace: default
type: kubernetes.io/tls
data:
tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNxRENDQVpBQ0NRQ2x1dWt3c3FHeSt6QU5CZ2txaGtpRzl3MEJBUXNGQURBV01SUXdFZ1lEVlFRRERBdG0KYjI4dVltRnlMbU52YlRBZUZ3MHlNekExTURneE9UQTNOVE5hRncweU5EQTFNRGN4T1RBM05UTmFNQll4RkRBUwpCZ05WQkFNTUMyWnZieTVpWVhJdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUE1bER5YWZjclJ2cnBXUHVPMHc0amx2NElUNUhjTDhKbWdmYVRnRk85UmdQalg3YWNaN25FSzNlVUFLTXcKVFBSdUNDNGpwTVVmSkVYVnQwTUk0MlB3UFpoWTlqODBWVHEzUDViUjJYRGFGLzZlZkxZOWIxQ2o0SFBueVBFMApnQlNHaVlDTm9ndGFEbnh3TEFZU0p6K3dqaUF0Tmk0a0FsS2taYy9QWEE3UHdwVmZMdVRYTmh1d05sblU1SkpQCmkwOGxsN2hXMHc4Q3lOTVBpTHY1WnhRY1F5eUdmQjB4djVXTEtQZGZFSGJrVXQzRllYMFVUOXNYSVljaGJZR1EKU0pIQVRwVTBLQzVDMFhUa20yQ0tpUGZCVmdHR2x1L2tQeTZsdHpmU0VjdUYvdlRSbGZFYXdFY0o4ZEhQaVd6TQpKTmZWTG9MT0tjTC9kb0hkSWxKd1pqcDlpUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQzM3TkM5Ck83VC9HWHB4K3JIRXZzd2NTTG5CYWQvUVZFeTY3cExseUdDZ21UaXBLUGI1YWN1aWk3SWZDM1UrT1BvUFBKQjgKL0JrZHBxNlh3b2NScWdzejFjTnkxY2xCUDhjRGpwVFJEUHRvdk91RmZYamk0T3BMN2psMHBZbEVubTM4SVZlUApyWE5jRFhTV3pzekFsb1U5TjJ0VFFPallXMzhRRE90KytyZ0p1ZlJyMmJWZE8yalU1V3NzZmluNGl3SHk1TVI3ClJwSUdrNHR6K2lvUlJlWkJrQUpDZHozL2JQRjR1ODNiM0szVVR2VGZTcDFmRWZQSnJiZTJ1SFpNdHdBdWZoek4KeXNwTitpVDVJZ2dkZjVSRGhCRlRpckEwNFZhRllzRS9XOHNERTZMMmsxSEZ5TloyZ1JLY0ZLMlJpU0NEdURyQwpMN1h6UmliTHZONElXOEpJCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
42 changes: 42 additions & 0 deletions cmd/entrypoint/testdata/reconcile-secrets/reconcile-filters-emissary.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,31 @@ input:
APIKey:
keys:
- secretName: "my-secret-api-keys"
- apiVersion: getambassador.io/v3alpha1
kind: Filter
metadata:
name: "ext-filter-1"
namespace: "default"
spec:
External:
tls: true
tlsConfig:
certificate:
fromSecret:
name: ext-tls-1
caCertificate:
fromSecret:
name: ca-tls-1
- apiVersion: getambassador.io/v3alpha1
kind: Filter
metadata:
name: "ext-filter-2"
namespace: "default"
spec:
External:
auth_service: "https://example-auth:3000"
proto: http
timeout_ms: 5000
k8sSecrets:
- apiVersion: v1
kind: Secret
Expand All @@ -54,5 +79,22 @@ input:
data:
key-one: bXktZmlyc3QtYXBpLWtleQ==
key-two: bXktc2Vjb25kLWFwaS1rZXk=
- apiVersion: v1
kind: Secret
metadata:
name: ca-tls-1
namespace: default
type: kubernetes.io/tls
data:
tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNxRENDQVpBQ0NRQ2x1dWt3c3FHeSt6QU5CZ2txaGtpRzl3MEJBUXNGQURBV01SUXdFZ1lEVlFRRERBdG0KYjI4dVltRnlMbU52YlRBZUZ3MHlNekExTURneE9UQTNOVE5hRncweU5EQTFNRGN4T1RBM05UTmFNQll4RkRBUwpCZ05WQkFNTUMyWnZieTVpWVhJdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUE1bER5YWZjclJ2cnBXUHVPMHc0amx2NElUNUhjTDhKbWdmYVRnRk85UmdQalg3YWNaN25FSzNlVUFLTXcKVFBSdUNDNGpwTVVmSkVYVnQwTUk0MlB3UFpoWTlqODBWVHEzUDViUjJYRGFGLzZlZkxZOWIxQ2o0SFBueVBFMApnQlNHaVlDTm9ndGFEbnh3TEFZU0p6K3dqaUF0Tmk0a0FsS2taYy9QWEE3UHdwVmZMdVRYTmh1d05sblU1SkpQCmkwOGxsN2hXMHc4Q3lOTVBpTHY1WnhRY1F5eUdmQjB4djVXTEtQZGZFSGJrVXQzRllYMFVUOXNYSVljaGJZR1EKU0pIQVRwVTBLQzVDMFhUa20yQ0tpUGZCVmdHR2x1L2tQeTZsdHpmU0VjdUYvdlRSbGZFYXdFY0o4ZEhQaVd6TQpKTmZWTG9MT0tjTC9kb0hkSWxKd1pqcDlpUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQzM3TkM5Ck83VC9HWHB4K3JIRXZzd2NTTG5CYWQvUVZFeTY3cExseUdDZ21UaXBLUGI1YWN1aWk3SWZDM1UrT1BvUFBKQjgKL0JrZHBxNlh3b2NScWdzejFjTnkxY2xCUDhjRGpwVFJEUHRvdk91RmZYamk0T3BMN2psMHBZbEVubTM4SVZlUApyWE5jRFhTV3pzekFsb1U5TjJ0VFFPallXMzhRRE90KytyZ0p1ZlJyMmJWZE8yalU1V3NzZmluNGl3SHk1TVI3ClJwSUdrNHR6K2lvUlJlWkJrQUpDZHozL2JQRjR1ODNiM0szVVR2VGZTcDFmRWZQSnJiZTJ1SFpNdHdBdWZoek4KeXNwTitpVDVJZ2dkZjVSRGhCRlRpckEwNFZhRllzRS9XOHNERTZMMmsxSEZ5TloyZ1JLY0ZLMlJpU0NEdURyQwpMN1h6UmliTHZONElXOEpJCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
tls.key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRG1VUEpwOXl0Ryt1bFkKKzQ3VERpT1cvZ2hQa2R3dndtYUI5cE9BVTcxR0ErTmZ0cHhudWNRcmQ1UUFvekJNOUc0SUxpT2t4UjhrUmRXMwpRd2pqWS9BOW1GajJQelJWT3JjL2x0SFpjTm9YL3A1OHRqMXZVS1BnYytmSThUU0FGSWFKZ0kyaUMxb09mSEFzCkJoSW5QN0NPSUMwMkxpUUNVcVJsejg5Y0RzL0NsVjh1NU5jMkc3QTJXZFRra2srTFR5V1h1RmJURHdMSTB3K0kKdS9sbkZCeERMSVo4SFRHL2xZc285MThRZHVSUzNjVmhmUlJQMnhjaGh5RnRnWkJJa2NCT2xUUW9Ma0xSZE9TYgpZSXFJOThGV0FZYVc3K1EvTHFXM045SVJ5NFgrOU5HVjhSckFSd254MGMrSmJNd2sxOVV1Z3M0cHd2OTJnZDBpClVuQm1PbjJKQWdNQkFBRUNnZ0VBS2t0bEtPWjE4UlAwdEIyR0RlWUR6UitiWVJsVkNRUTNGTmkySDVQQkoxRmgKZU5zcy83TlNmZlQ0bmVGWjVsZmd1T25ZSzlMek5CTUsreHQ1VDJDejVtdktzblhLNDNmajNPNlNYTTduamc1NQpCa2ZsSWtMNXhTY2p3bmZnLzBCRnNJeUY5ZU1GeDdFOFhDbEZQaVhwQTBDUGJPcXVQQ3IyKzZkYzJmZnlXVFlCCnZMTTUwb1FucmJ0VFVLWlkyU3Y0Y1JJRFE1Q0JzMWE3RTV5L0paQzVWSnZsTTh5RUU1ZFIyazFxOTg5eGk1V3MKZXFSRkxjUitmK3pGV0luc3ljV2lReFo1eGZOMjE3T2sxYXpKM3BIOUJxdkxlMS9obDdWbVN4KzNVVlgzZU53SgpGd0tPbDJrNzczdFNRZFVnTlhQSDFSN05yeXpPL3N1bTdPTUNLRU84Y1FLQmdRRCtUSDlCWE5LMFl4V2hjemJrCmRxMGpQU3B5aTM5ZnNXUityOVRLR3FGUDdVdHZ1aEdXN3Y1WUNVbzRUUzBKbFU0eXNTQXV4UldQUG40dWx3aTkKUnpJZDQvTDJzSEx0SllPTlkxZmwwM1RDMExjby9RZ05TcDF0VEdOOFF1R2tmM0Zma1NHOXRDUVhQbmw5OXBudgpiNDhmdTZvMG9iSzdMYXhRQnkxdFc1VjE5UUtCZ1FEbjIyREp4d2pwRVA3Z2RzblpKZ1B0M2x6Z0pBQVh2eUFtCnAxZy9Mb0JPdzVJTWZZN0psbzNhSjJuU2NFZDI2ZWdsTXVqK1FpMzlDa3ZHK0VRcnUvKzRzWWxiREFlNWFNSDEKUjNFemxLYU1FU3lnQnlCQWVEeWFaeXVxYktKWmZqOW1UQjV2OVZEdDRNWm5OQUpuRU1zWWd0bVBwQXZMei9UNQpqcEJqYi9EWXhRS0JnUURrM0NtbXhJZ29xZ2ZjamxrM2tZck9iUXpYbTYzZGpFTzZORHBZVFZFaUlwaENpLzJxCmpaby8xdFNDQ1FyZ1ZndlRXVTl5YUJLNElQRGtzeTY5VWViTHVjdCtzbHdzQ3hmeTFoWlVFMU5BeFNBaDlsOFoKdnk0aElKOWtSTGpZRjQ0TUNReUpzeWJMK0lEVW1XditiYk1zUnZPdWZGdmpVdjZCNDRQQnFLdkJSUUtCZ1FDOQo0bXYxTkwxMmEwWGlQVWI0UVdzTVg0VSt5QjBQVmFjV0lRMWp5VWlwdVArZW5TSFl0U1Y5bWJQUDljYUJlL1YwCnFhb3B1YmVDT2ZGdmhab0hHMVBHUmhnUTZkeFZtNWJsczFuaGZZZWN4T0FBTzNYTmR1dGpKTVdkTUpVUnFCUnkKU2pyUFJHREFRTXNjY0hyYlArU2xNVnpPaC9KbE8rNE1pQloyYVpJZFpRS0JnRzVaNmF2MGNqcDhaVG5QcEFDeQpwSGk0ZDJUbGFoZGxRLzRZKzhHR01OZU4zWnNvVWE3NzBVWmtTVGVzV0ExV3AybWRMUTIzTG10R240MmQxRGtKCm1LcUxBanVsWXltUkFDWFNROVFBYSswbzNjRGF0OU94UXN5T1lBWW9JQmVQbi9oM0FUVWQvaGs4OXJKcjZBbVEKMzA2eE9LRnN4YVN2S1dPemtNb1J3SVgrCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K"
- apiVersion: v1
kind: Secret
metadata:
name: ext-tls-1
namespace: default
type: kubernetes.io/tls
data:
tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNxRENDQVpBQ0NRQ2x1dWt3c3FHeSt6QU5CZ2txaGtpRzl3MEJBUXNGQURBV01SUXdFZ1lEVlFRRERBdG0KYjI4dVltRnlMbU52YlRBZUZ3MHlNekExTURneE9UQTNOVE5hRncweU5EQTFNRGN4T1RBM05UTmFNQll4RkRBUwpCZ05WQkFNTUMyWnZieTVpWVhJdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDCkFRRUE1bER5YWZjclJ2cnBXUHVPMHc0amx2NElUNUhjTDhKbWdmYVRnRk85UmdQalg3YWNaN25FSzNlVUFLTXcKVFBSdUNDNGpwTVVmSkVYVnQwTUk0MlB3UFpoWTlqODBWVHEzUDViUjJYRGFGLzZlZkxZOWIxQ2o0SFBueVBFMApnQlNHaVlDTm9ndGFEbnh3TEFZU0p6K3dqaUF0Tmk0a0FsS2taYy9QWEE3UHdwVmZMdVRYTmh1d05sblU1SkpQCmkwOGxsN2hXMHc4Q3lOTVBpTHY1WnhRY1F5eUdmQjB4djVXTEtQZGZFSGJrVXQzRllYMFVUOXNYSVljaGJZR1EKU0pIQVRwVTBLQzVDMFhUa20yQ0tpUGZCVmdHR2x1L2tQeTZsdHpmU0VjdUYvdlRSbGZFYXdFY0o4ZEhQaVd6TQpKTmZWTG9MT0tjTC9kb0hkSWxKd1pqcDlpUUlEQVFBQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQzM3TkM5Ck83VC9HWHB4K3JIRXZzd2NTTG5CYWQvUVZFeTY3cExseUdDZ21UaXBLUGI1YWN1aWk3SWZDM1UrT1BvUFBKQjgKL0JrZHBxNlh3b2NScWdzejFjTnkxY2xCUDhjRGpwVFJEUHRvdk91RmZYamk0T3BMN2psMHBZbEVubTM4SVZlUApyWE5jRFhTV3pzekFsb1U5TjJ0VFFPallXMzhRRE90KytyZ0p1ZlJyMmJWZE8yalU1V3NzZmluNGl3SHk1TVI3ClJwSUdrNHR6K2lvUlJlWkJrQUpDZHozL2JQRjR1ODNiM0szVVR2VGZTcDFmRWZQSnJiZTJ1SFpNdHdBdWZoek4KeXNwTitpVDVJZ2dkZjVSRGhCRlRpckEwNFZhRllzRS9XOHNERTZMMmsxSEZ5TloyZ1JLY0ZLMlJpU0NEdURyQwpMN1h6UmliTHZONElXOEpJCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
expected:
secrets: []

0 comments on commit c03d010

Please sign in to comment.