moresandeep commented on code in PR #1279:
URL: https://github.com/apache/knox/pull/1279#discussion_r3480704011
##########
gateway-server/src/main/java/org/apache/knox/gateway/util/KnoxCLI.java:
##########
@@ -1029,6 +1058,77 @@ public String getUsage() {
}
}
+ public class K8sAliasCreateCommand extends Command {
+
+ public static final String USAGE = "create-k8s-alias secret-name
[secret-name ...] [--namespace namespace]";
+ public static final String DESC = "The create-k8s-alias command reads one
or more Kubernetes\n"
+ + "Secrets and creates a Knox alias for
each. The namespace\n"
+ + "defaults to 'knox' and can be overridden
with --namespace.\n"
+ + "Every Secret must contain 'alias.name'
(the alias name)\n"
+ + "and 'alias.value' (the secret value);
'topology' is optional\n"
+ + "and defaults to the gateway-level
credential store ('__gateway').\n"
+ + "Uses in-cluster Kubernetes config.";
+
+ private static final String DEFAULT_NAMESPACE = "knox";
+ private static final String ENTRY_NAME = "alias.name";
+ private static final String ENTRY_TOPOLOGY = "topology";
+ private static final String ENTRY_KEY = "alias.value";
+ private static final String DEFAULT_TOPOLOGY = "__gateway";
+
+ private final List<String> secretNames;
+
+ public K8sAliasCreateCommand(List<String> secretNames) {
+ this.secretNames = secretNames;
+ }
+
+ @Override
+ public void execute() throws Exception {
+ AliasService as = getAliasService();
+ String ns = (namespace == null || namespace.isEmpty()) ?
DEFAULT_NAMESPACE : namespace;
+ try (KubernetesClient client = buildKubernetesClient()) {
+ for (String secretName : secretNames) {
+ Secret secret =
client.secrets().inNamespace(ns).withName(secretName).get();
+ if (secret == null) {
+ throw new IllegalStateException(
+ "Secret '" + secretName + "' not found in namespace '" + ns +
"'.");
+ }
+ String aliasName = requireEntry(secret, secretName, ENTRY_NAME);
+ String aliasValue = requireEntry(secret, secretName, ENTRY_KEY);
+ String topology = optionalEntry(secret, ENTRY_TOPOLOGY);
+ if (topology == null || topology.isEmpty()) {
+ topology = DEFAULT_TOPOLOGY;
+ }
+
+ as.addAliasForCluster(topology, aliasName, aliasValue);
+ out.println(aliasName + " has been successfully created in topology "
+ topology
+ + " (from secret " + secretName + ").");
+ }
+ }
+ }
+
+ private String requireEntry(Secret secret, String secretName, String
entryKey) {
+ String entry = optionalEntry(secret, entryKey);
+ if (entry == null || entry.isEmpty()) {
+ throw new IllegalStateException(
+ "Secret '" + secretName + "' is missing required entry '" +
entryKey + "'.");
+ }
+ return entry;
+ }
+
+ private String optionalEntry(Secret secret, String entryKey) {
+ if (secret.getData() != null && secret.getData().containsKey(entryKey)) {
Review Comment:
Okay, as long as this is understood and verified I am good with it. thanks!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
