in pkg/controller/keyvault/kv_util.go [46:108]
func buildSPC(spc *secv1.SecretProviderClass, spcConfig spcConfig) error {
certURI := spcConfig.KeyvaultCertUri
uri, err := url.Parse(certURI)
if err != nil {
return util.NewUserError(err, fmt.Sprintf("unable to parse certificate uri: %s", certURI))
}
vaultName := strings.Split(uri.Host, ".")[0]
chunks := strings.Split(uri.Path, "/")
if len(chunks) < 3 {
return util.NewUserError(fmt.Errorf("uri Path contains too few segments: has: %d requires greater than: %d uri path: %s", len(chunks), 3, uri.Path), fmt.Sprintf("invalid secret uri: %s", certURI))
}
secretName := chunks[2]
p := map[string]interface{}{
"objectName": secretName,
"objectType": "secret",
}
if len(chunks) > 3 {
p["objectVersion"] = chunks[3]
}
params, err := json.Marshal(p)
if err != nil {
return err
}
objects, err := json.Marshal(map[string]interface{}{"array": []string{string(params)}})
if err != nil {
return err
}
spc.Spec = secv1.SecretProviderClassSpec{
Provider: secv1.Provider("azure"),
SecretObjects: []*secv1.SecretObject{{
SecretName: spcConfig.Name,
Type: "kubernetes.io/tls",
Data: []*secv1.SecretObjectData{
{
ObjectName: secretName,
Key: "tls.key",
},
{
ObjectName: secretName,
Key: "tls.crt",
},
},
}},
// https://azure.github.io/secrets-store-csi-driver-provider-azure/docs/getting-started/usage/#create-your-own-secretproviderclass-object
Parameters: map[string]string{
"keyvaultName": vaultName,
"useVMManagedIdentity": "true",
"userAssignedIdentityID": spcConfig.ClientId,
"tenantId": spcConfig.TenantId,
"objects": string(objects),
},
}
if spcConfig.Cloud != "" {
spc.Spec.Parameters[kvcsi.CloudNameParameter] = spcConfig.Cloud
}
return nil
}