fix: secret data use base64 en-decode

whg517 · whg517 · commit dd4cb332c0be · 2024-02-19T10:12:58.000+08:00
diff --git a/go.mod b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/go-logr/logr v1.3.0
 	github.com/onsi/ginkgo/v2 v2.13.0
 	github.com/onsi/gomega v1.29.0
-	github.com/zncdata-labs/operator-go v0.3.0
+	github.com/zncdata-labs/operator-go v0.3.1-0.20240207065046-99c633403e4b
 	k8s.io/api v0.29.0
 	k8s.io/apimachinery v0.29.0
 	k8s.io/client-go v0.29.0
diff --git a/go.sum b/go.sum
@@ -118,8 +118,8 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/zncdata-labs/operator-go v0.3.0 h1:INrKbnRaAUh3aGPiDF40pqabNgJKRmclEwost06yw5A=
-github.com/zncdata-labs/operator-go v0.3.0/go.mod h1:y5EDDKn3tt5X9RiO+xsVAw26Xk65bdO1j3R0w1MA5d4=
+github.com/zncdata-labs/operator-go v0.3.1-0.20240207065046-99c633403e4b h1:YjnntAZRmmDDe9eCYdSOZUTqTW3jMz7jK2S5Aqn+3Zw=
+github.com/zncdata-labs/operator-go v0.3.1-0.20240207065046-99c633403e4b/go.mod h1:y5EDDKn3tt5X9RiO+xsVAw26Xk65bdO1j3R0w1MA5d4=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
diff --git a/internal/controller/database.go b/internal/controller/database.go
@@ -3,6 +3,7 @@ package controller
 import (
 	stackv1alpha1 "github.com/zncdata-labs/hive-operator/api/v1alpha1"
 	commonsv1alph1 "github.com/zncdata-labs/operator-go/pkg/apis/commons/v1alpha1"
+	"github.com/zncdata-labs/operator-go/pkg/util"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"strconv"
@@ -91,9 +92,19 @@ func (d *DatabaseConfiguration) GetCredential(name string) (*DatabaseCredential,
 		return nil, err
 	}
 
+	username, err := util.Base64[[]byte]{Data: secret.Data[DbUsernameName]}.Decode()
+	if err != nil {
+		return nil, err
+	}
+
+	password, err := util.Base64[[]byte]{Data: secret.Data[DbPasswordName]}.Decode()
+	if err != nil {
+		return nil, err
+	}
+
 	return &DatabaseCredential{
-		Username: string(secret.Data[DbUsernameName]),
-		Password: string(secret.Data[DbPasswordName]),
+		Username: string(username),
+		Password: string(password),
 	}, nil
 }
 
diff --git a/internal/controller/s3.go b/internal/controller/s3.go
@@ -3,6 +3,7 @@ package controller
 import (
 	stackv1alpha1 "github.com/zncdata-labs/hive-operator/api/v1alpha1"
 	commonsv1alpha1 "github.com/zncdata-labs/operator-go/pkg/apis/commons/v1alpha1"
+	"github.com/zncdata-labs/operator-go/pkg/util"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -81,14 +82,20 @@ func (s *S3Configuration) GetCredential(name string) (*S3Credential, error) {
 			Name:      name,
 		},
 	}
-	// Get Secret from the reference
 	if err := s.ResourceClient.Get(secret); err != nil {
 		return nil, err
 	}
-
+	ak, err := util.Base64[[]byte]{Data: secret.Data[S3AccessKeyName]}.Decode()
+	if err != nil {
+		return nil, err
+	}
+	sk, err := util.Base64[[]byte]{Data: secret.Data[S3SecretKeyName]}.Decode()
+	if err != nil {
+		return nil, err
+	}
 	return &S3Credential{
-		AccessKey: string(secret.Data[S3AccessKeyName]),
-		SecretKey: string(secret.Data[S3SecretKeyName]),
+		AccessKey: string(ak),
+		SecretKey: string(sk),
 	}, nil
 }
 
@@ -105,11 +112,11 @@ func (s *S3Configuration) GetS3ParamsFromResource() (*S3Params, error) {
 	credential := &S3Credential{}
 
 	if s3BucketCR.Spec.Credential.ExistSecret != "" {
-		exist, err := s.GetCredential(s3BucketCR.Spec.Credential.ExistSecret)
+		existCredential, err := s.GetCredential(s3BucketCR.Spec.Credential.ExistSecret)
 		if err != nil {
 			return nil, err
 		}
-		credential = exist
+		credential = existCredential
 	} else {
 		credential.AccessKey = s3BucketCR.Spec.Credential.AccessKey
 		credential.SecretKey = s3BucketCR.Spec.Credential.SecretKey
diff --git a/internal/controller/secret.go b/internal/controller/secret.go
@@ -3,6 +3,7 @@ package controller
 import (
 	"context"
 	stackv1alpha1 "github.com/zncdata-labs/hive-operator/api/v1alpha1"
+	"github.com/zncdata-labs/operator-go/pkg/util"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -72,7 +73,7 @@ func (r *EnvSecret) Reconcile(ctx context.Context) (ctrl.Result, error) {
 }
 
 func (r *EnvSecret) apply(ctx context.Context) (ctrl.Result, error) {
-	var data = make(map[string][]byte)
+	var data = make(map[string]string)
 	if r.s3.Enabled() {
 		s3Data, err := r.s3SecretData()
 		if err != nil {
@@ -115,16 +116,16 @@ func (r *EnvSecret) apply(ctx context.Context) (ctrl.Result, error) {
 	return ctrl.Result{Requeue: false}, nil
 }
 
-func (r *EnvSecret) s3SecretData() (map[string][]byte, error) {
+func (r *EnvSecret) s3SecretData() (map[string]string, error) {
 	if r.s3.ExistingS3Bucket() {
 		params, err := r.s3.GetS3ParamsFromResource()
 		if err != nil {
 			return nil, err
 		}
-		return map[string][]byte{
-			"AWS_ACCESS_KEY":     []byte(params.AccessKey),
-			"AWS_SECRET_KEY":     []byte(params.SecretKey),
-			"AWS_DEFAULT_REGION": []byte(params.Region),
+		return map[string]string{
+			"AWS_ACCESS_KEY":     params.AccessKey,
+			"AWS_SECRET_KEY":     params.SecretKey,
+			"AWS_DEFAULT_REGION": params.Region,
 		}, nil
 	}
 
@@ -133,23 +134,23 @@ func (r *EnvSecret) s3SecretData() (map[string][]byte, error) {
 		return nil, err
 	}
 
-	return map[string][]byte{
-		"AWS_ACCESS_KEY":     []byte(params.AccessKey),
-		"AWS_SECRET_KEY":     []byte(params.SecretKey),
-		"AWS_DEFAULT_REGION": []byte(params.Region),
+	return map[string]string{
+		"AWS_ACCESS_KEY":     params.AccessKey,
+		"AWS_SECRET_KEY":     params.SecretKey,
+		"AWS_DEFAULT_REGION": params.Region,
 	}, nil
 
 }
 
 // databaseValuesFromCR Get database values from the CR.
-func (r *EnvSecret) databaseSecretData() (map[string][]byte, error) {
+func (r *EnvSecret) databaseSecretData() (map[string]string, error) {
 
-	dataBuilder := func(params *DatabaseParams) map[string][]byte {
+	dataBuilder := func(params *DatabaseParams) map[string]string {
 		serviceOpts := serviceOptsBuilder(params.Driver, params.Username, params.Password, params.Host, params.Port, params.DbName)
 
-		data := map[string][]byte{
-			"SERVICE_OPTS": []byte(serviceOpts),
-			"DB_DRIVER":    []byte(params.Driver),
+		data := map[string]string{
+			"SERVICE_OPTS": serviceOpts,
+			"DB_DRIVER":    params.Driver,
 		}
 		if params.Driver == "derby" {
 			log.Info("Hive metastore is using derby, no need to set database connection info.")
@@ -176,14 +177,18 @@ func (r *EnvSecret) databaseSecretData() (map[string][]byte, error) {
 }
 
 // makeSecret Make secret object from data, and set the owner reference.
-func (r *EnvSecret) make(data map[string][]byte) (corev1.Secret, error) {
+func (r *EnvSecret) make(data map[string]string) (corev1.Secret, error) {
+	encodedData := make(map[string][]byte)
+	for k, v := range data {
+		encodedData[k] = []byte(util.Base64[string]{Data: v}.Encode())
+	}
 	obj := corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      HiveEnvSecretName(r.cr),
 			Namespace: r.NameSpace(),
 			Labels:    r.Labels(),
 		},
-		Data: data,
+		Data: encodedData,
 	}
 
 	if err := ctrl.SetControllerReference(r.cr, &obj, r.scheme); err != nil {
