Mirror/k3s
1
0
Fork 0
mirror of https://github.com/k3s-io/k3s.git synced 2024-06-07 19:41:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add --json flag for k3s secrets-encrypt status (#5127)

Browse Source 
* Add json flag for secrets-encrypt status

Signed-off-by: Derek Nola <derek.nola@suse.com>
This commit is contained in:
Derek Nola 2022-02-28 09:14:32 -08:00 committed by GitHub
parent 40a46e1412
commit a698ece9c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 33 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/cli/cmds/secrets_encrypt.go
View File

@ -38,7 +38,11 @@ func NewSecretsEncryptSubcommands(status, enable, disable, prepare, rotate, reen
SkipFlagParsing: false, SkipFlagParsing: false,
SkipArgReorder: true, SkipArgReorder: true,
Action: status, Action: status,
Flags: EncryptFlags, Flags: append(EncryptFlags, &cli.StringFlag{
Name: "output,o",
Usage: "Status format. Default: text. Optional: json",
Destination: &ServerConfig.EncryptOutput,
}),
}, },
{ {
Name: "enable", Name: "enable",

1
pkg/cli/cmds/server.go
View File

@ -76,6 +76,7 @@ type Server struct {
ClusterResetRestorePath string ClusterResetRestorePath string
EncryptSecrets bool EncryptSecrets bool
EncryptForce bool EncryptForce bool
EncryptOutput string
EncryptSkip bool EncryptSkip bool
SystemDefaultRegistry string SystemDefaultRegistry string
StartupHooks []StartupHook StartupHooks []StartupHook

55
pkg/cli/secretsencrypt/secrets_encrypt.go
View File

@ -7,12 +7,12 @@ import (
"io/ioutil" "io/ioutil"
"os" "os"
"path/filepath" "path/filepath"
"strings"
"text/tabwriter" "text/tabwriter"
"github.com/erikdubbelboer/gspt" "github.com/erikdubbelboer/gspt"
"github.com/rancher/k3s/pkg/cli/cmds" "github.com/rancher/k3s/pkg/cli/cmds"
"github.com/rancher/k3s/pkg/clientaccess" "github.com/rancher/k3s/pkg/clientaccess"
"github.com/rancher/k3s/pkg/daemons/config"
"github.com/rancher/k3s/pkg/secretsencrypt" "github.com/rancher/k3s/pkg/secretsencrypt"
"github.com/rancher/k3s/pkg/server" "github.com/rancher/k3s/pkg/server"
"github.com/rancher/k3s/pkg/version" "github.com/rancher/k3s/pkg/version"
@ -20,35 +20,25 @@ import (
"k8s.io/utils/pointer" "k8s.io/utils/pointer"
) )
func commandPrep(app *cli.Context, cfg *cmds.Server) (config.Control, *clientaccess.Info, error) { func commandPrep(app *cli.Context, cfg *cmds.Server) (*clientaccess.Info, error) {
var controlConfig config.Control
var err error
// hide process arguments from ps output, since they may contain // hide process arguments from ps output, since they may contain
// database credentials or other secrets. // database credentials or other secrets.
gspt.SetProcTitle(os.Args[0] + " secrets-encrypt") gspt.SetProcTitle(os.Args[0] + " secrets-encrypt")
controlConfig.DataDir, err = server.ResolveDataDir(cfg.DataDir) dataDir, err := server.ResolveDataDir(cfg.DataDir)
if err != nil { if err != nil {
return controlConfig, nil, err return nil, err
} }
if cfg.Token == "" { if cfg.Token == "" {
fp := filepath.Join(controlConfig.DataDir, "token") fp := filepath.Join(dataDir, "token")
tokenByte, err := ioutil.ReadFile(fp) tokenByte, err := ioutil.ReadFile(fp)
if err != nil { if err != nil {
return controlConfig, nil, err return nil, err
} }
controlConfig.Token = string(bytes.TrimRight(tokenByte, "\n")) cfg.Token = string(bytes.TrimRight(tokenByte, "\n"))
} else {
controlConfig.Token = cfg.Token
} }
controlConfig.EncryptForce = cfg.EncryptForce return clientaccess.ParseAndValidateTokenForUser(cmds.ServerConfig.ServerURL, cfg.Token, "server")
controlConfig.EncryptSkip = cfg.EncryptSkip
info, err := clientaccess.ParseAndValidateTokenForUser(cmds.ServerConfig.ServerURL, controlConfig.Token, "server")
if err != nil {
return controlConfig, nil, err
}
return controlConfig, info, nil
} }
func Enable(app *cli.Context) error { func Enable(app *cli.Context) error {
@ -56,7 +46,7 @@ func Enable(app *cli.Context) error {
if err = cmds.InitLogging(); err != nil { if err = cmds.InitLogging(); err != nil {
return err return err
} }
_, info, err := commandPrep(app, &cmds.ServerConfig) info, err := commandPrep(app, &cmds.ServerConfig)
if err != nil { if err != nil {
return err return err
} }
@ -76,7 +66,7 @@ func Disable(app *cli.Context) error {
if err := cmds.InitLogging(); err != nil { if err := cmds.InitLogging(); err != nil {
return err return err
} }
_, info, err := commandPrep(app, &cmds.ServerConfig) info, err := commandPrep(app, &cmds.ServerConfig)
if err != nil { if err != nil {
return err return err
} }
@ -95,7 +85,7 @@ func Status(app *cli.Context) error {
if err := cmds.InitLogging(); err != nil { if err := cmds.InitLogging(); err != nil {
return err return err
} }
_, info, err := commandPrep(app, &cmds.ServerConfig) info, err := commandPrep(app, &cmds.ServerConfig)
if err != nil { if err != nil {
return err return err
} }
@ -108,6 +98,15 @@ func Status(app *cli.Context) error {
return err return err
} }
if strings.ToLower(cmds.ServerConfig.EncryptOutput) == "json" {
json, err := json.MarshalIndent(status, "", "\t")
if err != nil {
return err
}
fmt.Println(string(json))
return nil
}
if status.Enable == nil { if status.Enable == nil {
fmt.Println("Encryption Status: Disabled, no configuration file found") fmt.Println("Encryption Status: Disabled, no configuration file found")
return nil return nil
@ -148,13 +147,13 @@ func Prepare(app *cli.Context) error {
if err = cmds.InitLogging(); err != nil { if err = cmds.InitLogging(); err != nil {
return err return err
} }
controlConfig, info, err := commandPrep(app, &cmds.ServerConfig) info, err := commandPrep(app, &cmds.ServerConfig)
if err != nil { if err != nil {
return err return err
} }
b, err := json.Marshal(server.EncryptionRequest{ b, err := json.Marshal(server.EncryptionRequest{
Stage: pointer.StringPtr(secretsencrypt.EncryptionPrepare), Stage: pointer.StringPtr(secretsencrypt.EncryptionPrepare),
Force: controlConfig.EncryptForce, Force: cmds.ServerConfig.EncryptForce,
}) })
if err != nil { if err != nil {
return err return err
@ -170,13 +169,13 @@ func Rotate(app *cli.Context) error {
if err := cmds.InitLogging(); err != nil { if err := cmds.InitLogging(); err != nil {
return err return err
} }
controlConfig, info, err := commandPrep(app, &cmds.ServerConfig) info, err := commandPrep(app, &cmds.ServerConfig)
if err != nil { if err != nil {
return err return err
} }
b, err := json.Marshal(server.EncryptionRequest{ b, err := json.Marshal(server.EncryptionRequest{
Stage: pointer.StringPtr(secretsencrypt.EncryptionRotate), Stage: pointer.StringPtr(secretsencrypt.EncryptionRotate),
Force: controlConfig.EncryptForce, Force: cmds.ServerConfig.EncryptForce,
}) })
if err != nil { if err != nil {
return err return err
@ -193,14 +192,14 @@ func Reencrypt(app *cli.Context) error {
if err = cmds.InitLogging(); err != nil { if err = cmds.InitLogging(); err != nil {
return err return err
} }
controlConfig, info, err := commandPrep(app, &cmds.ServerConfig) info, err := commandPrep(app, &cmds.ServerConfig)
if err != nil { if err != nil {
return err return err
} }
b, err := json.Marshal(server.EncryptionRequest{ b, err := json.Marshal(server.EncryptionRequest{
Stage: pointer.StringPtr(secretsencrypt.EncryptionReencryptActive), Stage: pointer.StringPtr(secretsencrypt.EncryptionReencryptActive),
Force: controlConfig.EncryptForce, Force: cmds.ServerConfig.EncryptForce,
Skip: controlConfig.EncryptSkip, Skip: cmds.ServerConfig.EncryptSkip,
}) })
if err != nil { if err != nil {
return err return err