Add secret support for credentials

When flags are not given for username/password, the code will now
read this from Kubernetes secrets on disk.

Signed-off-by: Alex Ellis <[email protected]>

Author: alexellis

Gopkg.toml

@@ -1,30 +1,3 @@
-# Gopkg.toml example
-#
-# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html
-# for detailed Gopkg.toml documentation.
-#
-# required = ["github.com/user/thing/cmd/thing"]
-# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
-#
-# [[constraint]]
-#   name = "github.com/user/project"
-#   version = "1.0.0"
-#
-# [[constraint]]
-#   name = "github.com/user/project2"
-#   branch = "dev"
-#   source = "github.com/myfork/project2"
-#
-# [[override]]
-#   name = "github.com/x/y"
-#   version = "2.4.0"
-#
-# [prune]
-#   non-go = false
-#   go-tests = true
-#   unused-packages = true
-
-
 [prune]
   go-tests = true
   unused-packages = true
@@ -36,3 +9,7 @@
 [[constraint]]
   name = "github.com/vmware/govmomi"
   version = "0.19.0"
+
+[[constraint]]
+  name = "github.com/openfaas/openfaas-cloud"
+  version = "0.9.4"

README.md

@@ -26,6 +26,30 @@ The following event types (incl. their subtypes) are supported and can be used t
 
 For further details and naming see the [vSphere Web Services API](https://code.vmware.com/apis/358/vsphere#/doc/vim.event.Event.html) documentation.
 
+## Other configuration
+
+### Credentials
+
+You can pass credentials via arguments (not recommended).
+
+Or use a secret and pass the name:
+
+```sh
+./vcenter-connector \
+  -vc-user-secret-name=vcenter1-username \
+  -vc-password-secret-name=vcenter1-password
+```
+
+Use `kubectl` to create the secrets you need ahead of time in the namespace where you deploy the connector.
+
+```sh
+kubectl create secret generic vcenter-secrets \
+  --from-literal vcenter1-username=admin \
+  --from-literal vcenter1-password=test1234
+```
+
+Now mount your secret at `/var/openfaas/secrets/` in your Kubernetes Deployment YAML file.
+
 ## Example
 
 You can find a detailed example using vSphere tags for `VmPoweredOnEvent` [here](docs/example.md). You might also want to check out Robert Guske's [blog](https://rguske.github.io/post/event-driven-interactions-with-vsphere-using-functions-as-a-service/) post on how he automated the integration between several VMware products with OpenFaaS and this vcenter-connector.

main.go

@@ -13,27 +13,51 @@ import (
 
 	"github.com/openfaas-incubator/connector-sdk/types"
 	"github.com/openfaas/faas-provider/auth"
+	"github.com/openfaas/openfaas-cloud/sdk"
 )
 
 func main() {
 	var gatewayURL string
 	var vcenterURL string
 	var vcUser string
 	var vcPass string
+	var vcUserSecret string
+	var vcPasswordSecret string
+
 	var insecure bool
 
 	// TODO: add secrets management, verbosity level
 	flag.StringVar(&gatewayURL, "gateway", "http://127.0.0.1:8080", "URL for OpenFaaS gateway")
 	flag.StringVar(&vcenterURL, "vcenter", "http://127.0.0.1:8989/sdk", "URL for vCenter")
 	flag.StringVar(&vcUser, "vc-user", "", "User to connect to vCenter")
 	flag.StringVar(&vcPass, "vc-pass", "", "Password to connect to vCenter")
+
+	flag.StringVar(&vcUserSecret, "vc-user-secret-name", "", "Secret file to use for username")
+	flag.StringVar(&vcPasswordSecret, "vc-pass-secret-name", "", "Secret file to use for password")
+
 	flag.BoolVar(&insecure, "insecure", false, "use an insecure connection to vCenter (default false)")
 	flag.Parse()
 
 	if len(vcenterURL) == 0 {
 		log.Fatal("vcenterURL not provided")
 	}
 
+	if len(vcUserSecret) > 0 {
+		val, err := sdk.ReadSecret("vc-secret-user")
+		if err != nil {
+			panic(err.Error())
+		}
+		vcUser = val
+	}
+
+	if len(vcPasswordSecret) > 0 {
+		val, err := sdk.ReadSecret("vc-secret-pass")
+		if err != nil {
+			panic(err.Error())
+		}
+		vcPass = val
+	}
+
 	vcenterClient, err := events.NewVCenterClient(context.Background(), vcUser, vcPass, vcenterURL, insecure)
 	if err != nil {
 		log.Fatalf("could not connect to vCenter: %v", err)