From 4b09d3f89c1037e495c582e733024006ec8d5c43 Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Fri, 4 Aug 2023 07:28:16 +0200
Subject: Add kubectl-secret util

---
 .local/bin/kubectl-secret | 76 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)
 create mode 100755 .local/bin/kubectl-secret

(limited to '.local/bin')

diff --git a/.local/bin/kubectl-secret b/.local/bin/kubectl-secret
new file mode 100755
index 0000000..ab2e924
--- /dev/null
+++ b/.local/bin/kubectl-secret
@@ -0,0 +1,76 @@
+#!/usr/bin/env python3
+
+# This program is free software: you can redistribute it and/or modify it under
+# the terms of the GNU Affero General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or (at your option) any
+# later version.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+# details.
+
+import argparse
+import base64
+import sys
+
+import ruamel.yaml
+import ruamel.yaml.scalarstring
+
+def main():
+    argparser = argparse.ArgumentParser(description="Encode or decode Kubernetes Secrets.")
+    argparser.add_argument("mode", help="Mode of operation, either encode or decode.", choices=["encode", "decode"])
+    argparser.add_argument("path", help="Path to the file to operate on. If set to -, STDIN will be used instead.", default="-", nargs="?")
+
+    args = argparser.parse_args()
+    yaml = ruamel.yaml.YAML()
+
+    # Deduce whether to read from STDIN or open a file handle to a given path
+    if args.path == "-":
+        buffer = sys.stdin
+    else:
+        buffer = open(args.path)
+
+    # Load the manifest
+    manifest = yaml.load(buffer.read())
+
+    # Handle any known potential issues
+    if not "kind" in manifest:
+        print("No kind in manifest", file=sys.stderr)
+        return 3
+
+    if manifest["kind"] != "Secret":
+        print("Not a secret", file=sys.stderr)
+        return 4
+
+    if not "data" in manifest:
+        manifest["data"] = {}
+
+    # Call appropriate function with the manifest
+    manifest = globals()["secret_" + args.mode](manifest)
+
+    # Write the processed manifest back as yaml
+    yaml.dump(manifest, sys.stdout)
+
+    return 0
+
+def secret_decode(manifest):
+    for key in manifest["data"].keys():
+        # Decode the data
+        manifest["data"][key] = base64.b64decode(manifest["data"][key]).decode("utf-8")
+
+        # Turn this element into a block quoted string if there are newlines
+        if "\n" in manifest["data"][key]:
+            manifest["data"][key] = ruamel.yaml.scalarstring.LiteralScalarString(manifest["data"][key])
+
+    return manifest
+
+def secret_encode(manifest):
+    for key in manifest["data"].keys():
+        # Encode the data
+        manifest["data"][key] = base64.b64encode(str(manifest["data"][key]).encode("utf-8")).decode("utf-8")
+
+    return manifest
+
+if __name__ == '__main__':
+    sys.exit(main())
-- 
cgit v1.1