pullsecret

package
v0.0.0-...-fab66a0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 30, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

README

Pull Secret Validation Package

Validates cluster pull secrets against OCM account data.

Overview

This package is ported from osdctl's validate-pull-secret-ext (command), adapted for CAD's automated investigation workflow.

Checks Performed

  1. Email validation: Compares cloud.openshift.com email in cluster pull secret against OCM account email
  2. Registry credentials validation: For each OCM registry credential, validates email and token match the cluster pull secret

Note: osdctl's Access Token validation is not included as it requires Region Lead permissions.

Usage

// Email validation
result := pullsecret.ValidateEmail(k8sClient, ocmAccountEmail)

// Registry credentials validation
result, registryResults := pullsecret.ValidateRegistryCredentials(
    k8sClient, ocmConnection, accountID, ocmEmail)

// Check results
for _, warning := range result.Warnings {
    notes.AppendWarning("%s", warning)
}

Documentation

Overview

Package pullsecret provides pull secret validation functionality This package validates cluster pull secrets against OCM account data, similar to osdctl's validate-pull-secret-ext command.

Index

Constants

View Source
const (
	PullSecretName           = "pull-secret"
	PullSecretNamespace      = "openshift-config" // #nosec G101
	CloudOpenShiftComAuthKey = "cloud.openshift.com"
)

Variables

View Source
var ErrSecretDataEmpty = errors.New("pull secret data is empty")
View Source
var ErrSecretMissingDockerConfigJson = errors.New("secret missing '.dockerconfigjson'")

Functions

func GetAuthEmail

func GetAuthEmail(secret *corev1.Secret, authKey string) (string, error)

GetAuthEmail extracts the email from a specific auth entry in the pull secret

func GetPullSecret

func GetPullSecret(k8scli client.Client) (*corev1.Secret, error)

GetPullSecret retrieves the pull secret from the cluster

func ValidateRegistryCredentials

func ValidateRegistryCredentials(k8scli client.Client, ocmConn *sdk.Connection, accountID string, ocmEmail string) (*ValidationResult, []RegistryValidationResult)

ValidateRegistryCredentials validates the cluster pull secret against OCM registry credentials

Types

type AuthEmailNotFoundError

type AuthEmailNotFoundError struct {
	Auth string
}

func (*AuthEmailNotFoundError) Error

func (e *AuthEmailNotFoundError) Error() string

type ParseSecretError

type ParseSecretError struct {
	Err error
}

func (*ParseSecretError) Error

func (e *ParseSecretError) Error() string

func (*ParseSecretError) Unwrap

func (e *ParseSecretError) Unwrap() error

type RegistryValidationResult

type RegistryValidationResult struct {
	Registry     string
	EmailMatch   bool
	TokenMatch   bool
	EmailCluster string
	Error        error
}

type SecretAuthNotFoundError

type SecretAuthNotFoundError struct {
	Auth string
}

func (*SecretAuthNotFoundError) Error

func (e *SecretAuthNotFoundError) Error() string

type ValidationResult

type ValidationResult struct {
	IsValid  bool
	Warnings []string
}

func ValidateEmail

func ValidateEmail(k8scli client.Client, ocmEmail string) *ValidationResult

ValidateEmail validates the pull secret email against the OCM account email

func ValidateEmailWithSecret

func ValidateEmailWithSecret(secret *corev1.Secret, ocmEmail string) *ValidationResult

ValidateEmailWithSecret compares the email in the pull secret against the OCM account email

func (*ValidationResult) AddWarning

func (v *ValidationResult) AddWarning(format string, args ...any)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL