in kubernetes/k8skeystore/kubernetes_keystore.go [99:133]
func (k *KubernetesSecretsKeystore) Retrieve(key string) (*keystore.SecureString, error) {
// key = "kubernetes.somenamespace.somesecret.value"
tokens := strings.Split(key, ".")
if len(tokens) > 0 && tokens[0] != "kubernetes" {
return nil, keystore.ErrKeyDoesntExists
}
if len(tokens) != 4 {
k.logger.Debugf(
"not valid secret key: %v. Secrets should be of the following format %v",
key,
"kubernetes.somenamespace.somesecret.value",
)
return nil, keystore.ErrKeyDoesntExists
}
ns := tokens[1]
secretName := tokens[2]
secretVar := tokens[3]
if ns != k.namespace {
k.logger.Debugf("cannot access Kubernetes secrets from a different namespace (%v) than: %v", ns, k.namespace)
return nil, keystore.ErrKeyDoesntExists
}
secretIntefrace := k.client.CoreV1().Secrets(ns)
ctx := context.TODO()
secret, err := secretIntefrace.Get(ctx, secretName, metav1.GetOptions{})
if err != nil {
k.logger.Errorf("Could not retrieve secret from k8s API: %v", err)
return nil, keystore.ErrKeyDoesntExists
}
if _, ok := secret.Data[secretVar]; !ok {
k.logger.Errorf("Could not retrieve value %v for secret %v", secretVar, secretName)
return nil, keystore.ErrKeyDoesntExists
}
secretString := secret.Data[secretVar]
return keystore.NewSecureString(secretString), nil
}