soteria/internal/k8s/state.go

package k8s

import (
	"context"
	"fmt"

	corev1 "k8s.io/api/core/v1"
	apierrors "k8s.io/apimachinery/pkg/api/errors"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func (c *Client) LoadSecretData(ctx context.Context, namespace, secretName, key string) ([]byte, error) {
	secret, err := c.Clientset.CoreV1().Secrets(namespace).Get(ctx, secretName, metav1.GetOptions{})
	if err != nil {
		if apierrors.IsNotFound(err) {
			return nil, nil
		}
		return nil, fmt.Errorf("get secret %s/%s: %w", namespace, secretName, err)
	}
	if secret.Data == nil {
		return nil, nil
	}
	value, ok := secret.Data[key]
	if !ok || len(value) == 0 {
		return nil, nil
	}
	out := make([]byte, len(value))
	copy(out, value)
	return out, nil
}

func (c *Client) SaveSecretData(ctx context.Context, namespace, secretName, key string, value []byte, labels map[string]string) error {
	secretClient := c.Clientset.CoreV1().Secrets(namespace)
	secret, err := secretClient.Get(ctx, secretName, metav1.GetOptions{})
	if err != nil {
		if !apierrors.IsNotFound(err) {
			return fmt.Errorf("get secret %s/%s: %w", namespace, secretName, err)
		}
		secret = &corev1.Secret{
			ObjectMeta: metav1.ObjectMeta{
				Name:      secretName,
				Namespace: namespace,
				Labels:    map[string]string{},
			},
			Type: corev1.SecretTypeOpaque,
			Data: map[string][]byte{},
		}
	}

	if secret.Data == nil {
		secret.Data = map[string][]byte{}
	}
	secret.Data[key] = value

	if secret.Labels == nil {
		secret.Labels = map[string]string{}
	}
	for labelKey, labelValue := range labels {
		secret.Labels[labelKey] = labelValue
	}

	if secret.ResourceVersion == "" {
		if _, err := secretClient.Create(ctx, secret, metav1.CreateOptions{}); err != nil {
			return fmt.Errorf("create secret %s/%s: %w", namespace, secretName, err)
		}
		return nil
	}

	if _, err := secretClient.Update(ctx, secret, metav1.UpdateOptions{}); err != nil {
		return fmt.Errorf("update secret %s/%s: %w", namespace, secretName, err)
	}
	return nil
}