func createPullSecret()

in pkg/addons/addons_gcpauth.go [140:247]

• 92 lines of code
• 25 McCabe index (conditional complexity)

func createPullSecret(cc *config.ClusterConfig, creds *google.Credentials) error {
	if creds == nil {
		return errors.New("no credentials, skipping creating pull secret")
	}

	token, err := creds.TokenSource.Token()
	// Only try to add secret if Token was found
	if err == nil {
		client, err := service.K8s.GetCoreClient(cc.Name)
		if err != nil {
			return err
		}

		namespaces, err := client.Namespaces().List(context.TODO(), metav1.ListOptions{})
		if err != nil {
			return err
		}

		dockercfg := ""
		registries := append(gcr_config.DefaultGCRRegistries[:], gcr_config.DefaultARRegistries[:]...)
		for _, reg := range registries {
			dockercfg += fmt.Sprintf(`"https://%s":{"username":"oauth2accesstoken","password":"%s","email":"none"},`, reg, token.AccessToken)
		}

		dockercfg = strings.TrimSuffix(dockercfg, ",")

		data := map[string][]byte{
			".dockercfg": []byte(fmt.Sprintf(`{%s}`, dockercfg)),
		}

		for _, n := range namespaces.Items {
			if skipNamespace(n.Name) {
				continue
			}
			secrets := client.Secrets(n.Name)

			exists := false
			secList, err := secrets.List(context.TODO(), metav1.ListOptions{})
			if err != nil {
				return err
			}
			for _, s := range secList.Items {
				if s.Name == secretName {
					exists = true
					break
				}
			}

			if !exists || Refresh {
				secretObj := &corev1.Secret{
					ObjectMeta: metav1.ObjectMeta{
						Name: secretName,
					},
					Data: data,
					Type: "kubernetes.io/dockercfg",
				}

				if exists && Refresh {
					_, err := secrets.Update(context.TODO(), secretObj, metav1.UpdateOptions{})
					if err != nil {
						return err
					}
				} else {
					_, err = secrets.Create(context.TODO(), secretObj, metav1.CreateOptions{})
					if err != nil {
						return err
					}
				}
			}

			// Now patch the secret into all the service accounts we can find
			serviceaccounts := client.ServiceAccounts(n.Name)
			salist, err := serviceaccounts.List(context.TODO(), metav1.ListOptions{})
			if err != nil {
				return err
			}

			// Let's make sure we at least find the default service account
			for len(salist.Items) == 0 {
				salist, err = serviceaccounts.List(context.TODO(), metav1.ListOptions{})
				if err != nil {
					return err
				}
				time.Sleep(1 * time.Second)
			}

			ips := corev1.LocalObjectReference{Name: secretName}
			for _, sa := range salist.Items {
				add := true
				for _, ps := range sa.ImagePullSecrets {
					if ps.Name == secretName {
						add = false
						break
					}
				}
				if add {
					sa.ImagePullSecrets = append(sa.ImagePullSecrets, ips)
					_, err := serviceaccounts.Update(context.TODO(), &sa, metav1.UpdateOptions{})
					if err != nil {
						return err
					}
				}
			}

		}
	}
	return nil
}