use std::collections::BTreeMap;
use async_trait::async_trait;
use base64::{engine::general_purpose, Engine};
use chrono::Utc;
use k8s_openapi::{api::core::v1::Secret, ByteString};
use ratatui::{
layout::Rect,
widgets::{Cell, Row},
Frame,
};
use super::{
models::{AppResource, KubeResource, Named},
utils::{self},
ActiveBlock, App,
};
use crate::{
draw_resource_tab,
network::Network,
ui::utils::{
describe_yaml_decode_and_esc_hint, draw_describe_block, draw_resource_block, draw_yaml_block,
get_describe_active, get_resource_title, help_bold_line, responsive_columns, style_primary,
title_with_dual_style, ColumnDef, ResourceTableProps, ViewTier,
},
};
#[derive(Clone, Debug, Default, PartialEq)]
pub struct KubeSecret {
pub name: String,
pub namespace: String,
pub type_: String,
pub data: BTreeMap<String, ByteString>,
pub age: String,
k8s_obj: Secret,
}
impl KubeSecret {
pub fn decode_secret(&self) -> String {
let mut out = String::new();
out.push_str(format!("Name: {}\n", self.name).as_str());
out.push_str(format!("Namespace: {}\n", self.namespace).as_str());
out.push_str("\nData\n====\n\n");
// decode each of the key/values in the secret
for (key_name, encoded_bytes) in self.data.iter() {
let decoded_str = match serde_yaml::to_string(encoded_bytes) {
Ok(encoded_str) => match general_purpose::STANDARD.decode(encoded_str.trim()) {
Ok(decoded_bytes) => String::from_utf8_lossy(&decoded_bytes).into_owned(),
Err(_) => format!("cannot decode value: {}", encoded_str.trim()),
},
Err(_) => String::from("cannot deserialize value"),
};
let decoded_kv = format!("{}: {}\n", key_name, decoded_str);
out.push_str(decoded_kv.as_str());
}
out
}
}
impl From<Secret> for KubeSecret {
fn from(secret: Secret) -> Self {
KubeSecret {
name: secret.metadata.name.clone().unwrap_or_default(),
namespace: secret.metadata.namespace.clone().unwrap_or_default(),
type_: secret.type_.clone().unwrap_or_default(),
age: utils::to_age(secret.metadata.creation_timestamp.as_ref(), Utc::now()),
data: secret.data.clone().unwrap_or_default(),
k8s_obj: utils::sanitize_obj(secret),
}
}
}
impl Named for KubeSecret {
fn get_name(&self) -> &String {
&self.name
}
}
impl KubeResource<Secret> for KubeSecret {
fn get_k8s_obj(&self) -> &Secret {
&self.k8s_obj
}
}
static SECRETS_TITLE: &str = "Secrets";
pub struct SecretResource {}
#[async_trait]
impl AppResource for SecretResource {
fn render(block: ActiveBlock, f: &mut Frame<'_>, app: &mut App, area: Rect) {
draw_resource_tab!(
SECRETS_TITLE,
block,
f,
app,
area,
Self::render,
draw_block,
app.data.secrets
);
}
async fn get_resource(nw: &Network<'_>) {
let items: Vec<KubeSecret> = nw.get_namespaced_resources(Secret::into).await;
let mut app = nw.app.lock().await;
app.data.secrets.set_items(items);
}
}
const SECRET_COLUMNS: [ColumnDef; 5] = [
ColumnDef::all("Namespace", 25, 25, 25),
ColumnDef::all("Name", 30, 30, 30),
ColumnDef::all("Type", 25, 25, 25),
ColumnDef::all("Data", 10, 10, 10),
ColumnDef::all("Age", 10, 10, 10),
];
fn draw_block(f: &mut Frame<'_>, app: &mut App, area: Rect) {
let is_loading = app.is_loading();
let title = get_resource_title(app, SECRETS_TITLE, "", app.data.secrets.items.len());
let (headers, widths) = responsive_columns(&SECRET_COLUMNS, ViewTier::Compact);
draw_resource_block(
f,
area,
ResourceTableProps {
title,
inline_help: help_bold_line(describe_yaml_decode_and_esc_hint(), app.light_theme),
resource: &mut app.data.secrets,
table_headers: headers,
column_widths: widths,
},
|c| {
Row::new(vec![
Cell::from(c.namespace.to_owned()),
Cell::from(c.name.to_owned()),
Cell::from(c.type_.to_owned()),
Cell::from(c.data.len().to_string()),
Cell::from(c.age.to_owned()),
])
.style(style_primary(app.light_theme))
},
app.light_theme,
is_loading,
);
}
#[cfg(test)]
mod tests {
use chrono::Utc;
use super::*;
use crate::{app::test_utils::*, map_string_object};
#[test]
fn test_config_map_from_api() {
let (secrets, secret_list): (Vec<KubeSecret>, Vec<_>) = convert_resource_from_file("secrets");
assert_eq!(secrets.len(), 2);
assert_eq!(
secrets[0],
KubeSecret {
name: "default-token-rxd8v".into(),
namespace: "kube-public".into(),
type_: "kubernetes.io/service-account-token".into(),
data: map_string_object! {
"ca.crt" => ByteString("-----BEGIN CERTIFICATE-----\nMIIBeDCCAR2gAwIBAgIBADAKBggqhkjOPQQDAjAjMSEwHwYDVQQDDBhrM3Mtc2Vy\ndmVyLWNhQDE2MjU0Nzc3NTkwHhcNMjEwNzA1MDkzNTU5WhcNMzEwNzAzMDkzNTU5\nWjAjMSEwHwYDVQQDDBhrM3Mtc2VydmVyLWNhQDE2MjU0Nzc3NTkwWTATBgcqhkjO\nPQIBBggqhkjOPQMBBwNCAARI13csf0c5dEbU/0cnZipIrttsmn5UJFUwdLy8ONw0\nFUoK57PeVI6gmqNtnoycpja9n/SuJA+lWqqPNogbiQO7o0IwQDAOBgNVHQ8BAf8E\nBAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUQJAgrpGYs7lMKt9PWrjh\nyRuhaKwwCgYIKoZIzj0EAwIDSQAwRgIhAIS7h2bW4seeELupl6JhXWgicJK15Jbl\nAAdjs5mfHccqAiEAmaVLQt2V50C8ZLOsR5Lf3FlFH7qpFt3RMto0peGFqB4=\n-----END CERTIFICATE-----\n".as_bytes().into()),
"namespace" => ByteString("kube-public".as_bytes().into()),
"token" => ByteString("eyJhbGciOiJSUzI1NiIsImtpZCI6Imp0U29OeTE4V0FrdC1FUDU5N05RaUdBQVZkdHdZT1k3dW5rbGVLWDhjME0ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXB1YmxpYyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkZWZhdWx0LXRva2VuLXJ4ZDh2Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkNGJjYjVkOC1jYjU1LTRiYzEtYTdmZC0xNzNlOTIwOTc2MDIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1wdWJsaWM6ZGVmYXVsdCJ9.Hmq3BhdapUIds2MKpTNtnl_yq5jTYpodeJ-MJD6IpdsWLUnhvktLuDy-yfDgMo_55XOOSp4MaTqbt07unh_yGrGacmd8o7PzMTiPDkONnGjN3XJUB2jg5ww9XQ0C5C_wcOzgOO4nrPMisYDsDGc_DNzZf5FwBM6z-x93OLq2URVfv-vv4ceC05d-1TSDLEyT51LqvJ9u0M7qinYbzJsizdW8UM6mc56Ma52gSELC5DljZVugXL9Hoj7nD6ZAUHdjrxdrqk0mVKNeZQKEmbLJXsGGg3c-fv6EO462AvlQvE0gXa-TrwIUvesAxG4fT6D1c0O17n0RNp76meAfCGOu0w".as_bytes().into()),
},
age: utils::to_age(Some(&get_time("2021-07-05T09:36:17Z")), Utc::now()),
k8s_obj: secret_list[0].clone()
}
);
assert_eq!(
secrets[1],
KubeSecret {
name: "default-token-rrxdm".into(),
namespace: "default".into(),
type_: "kubernetes.io/service-account-token".into(),
data: map_string_object! {
"ca.crt" => ByteString("-----BEGIN CERTIFICATE-----\nMIIBeDCCAR2gAwIBAgIBADAKBggqhkjOPQQDAjAjMSEwHwYDVQQDDBhrM3Mtc2Vy\ndmVyLWNhQDE2MjU0Nzc3NTkwHhcNMjEwNzA1MDkzNTU5WhcNMzEwNzAzMDkzNTU5\nWjAjMSEwHwYDVQQDDBhrM3Mtc2VydmVyLWNhQDE2MjU0Nzc3NTkwWTATBgcqhkjO\nPQIBBggqhkjOPQMBBwNCAARI13csf0c5dEbU/0cnZipIrttsmn5UJFUwdLy8ONw0\nFUoK57PeVI6gmqNtnoycpja9n/SuJA+lWqqPNogbiQO7o0IwQDAOBgNVHQ8BAf8E\nBAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUQJAgrpGYs7lMKt9PWrjh\nyRuhaKwwCgYIKoZIzj0EAwIDSQAwRgIhAIS7h2bW4seeELupl6JhXWgicJK15Jbl\nAAdjs5mfHccqAiEAmaVLQt2V50C8ZLOsR5Lf3FlFH7qpFt3RMto0peGFqB4=\n-----END CERTIFICATE-----\n".as_bytes().into()),
"namespace" => ByteString("default".as_bytes().into()),
"token" => ByteString("eyJhbGciOiJSUzI1NiIsImtpZCI6Imp0U29OeTE4V0FrdC1FUDU5N05RaUdBQVZkdHdZT1k3dW5rbGVLWDhjME0ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tcnJ4ZG0iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjFmZDFiOTc1LTlmZTEtNDdiOC1iNzE3LTIwZmY5ODI5OTBlMyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.6Tccp-EaoyVcP6y3VaJLGSDpYtYdXBdwhO26G7FxdIksRrRPAi6CgQw52FO8-mvJP3L3GRpbs34yzMBYmoYeVwjZ3UFL51I8exL332g9PbEs85Fafq8WkhNylnsYnZk0nJ81Wj-53_AkRl0Bt0f4Q4tU9EJUOl2uRjZWYyQmB91M_8vzCNSKNjUMwjRabPVXJzg8sY8JR0xuY7dZlc5h7gNP7HJFX0AyqKuFTqsG8Crb3tixC0bXhyXa_dM04SjXz_OCfLC-vZBOzQ5E1lPBzm3nhuZIQrr_eZaJJYgw7CieYe2qq2QmwXTve-0_n3LgUNDUcKMp-BUQbm6zxXJqBA".as_bytes().into()),
},
age: utils::to_age(Some(&get_time("2021-07-05T09:36:17Z")), Utc::now()),
k8s_obj: secret_list[1].clone()
}
);
}
#[test]
fn test_decode_secret_valid_utf8() {
// Secrets with valid UTF-8 values should decode correctly
let secret = KubeSecret {
name: "my-secret".into(),
namespace: "default".into(),
type_: "Opaque".into(),
data: map_string_object! {
"username" => ByteString("admin".as_bytes().into())
},
age: String::new(),
k8s_obj: Secret::default(),
};
let decoded = secret.decode_secret();
assert!(decoded.contains("Name: my-secret"));
assert!(decoded.contains("Namespace: default"));
assert!(decoded.contains("username:"));
}
#[test]
fn test_decode_secret_non_utf8_binary() {
// Secrets containing non-UTF8 binary data should not panic (uses from_utf8_lossy)
let binary_data: Vec<u8> = vec![0xFF, 0xFE, 0x00, 0x01, 0x80, 0x90];
let secret = KubeSecret {
name: "binary-secret".into(),
namespace: "default".into(),
type_: "Opaque".into(),
data: map_string_object! {
"binary-key" => ByteString(binary_data)
},
age: String::new(),
k8s_obj: Secret::default(),
};
// This should not panic — from_utf8_lossy replaces invalid bytes with U+FFFD
let decoded = secret.decode_secret();
assert!(decoded.contains("binary-key:"));
assert!(decoded.contains("Name: binary-secret"));
}
#[test]
fn test_decode_secret_empty_data() {
let secret = KubeSecret {
name: "empty-secret".into(),
namespace: "test-ns".into(),
type_: "Opaque".into(),
data: BTreeMap::new(),
age: String::new(),
k8s_obj: Secret::default(),
};
let decoded = secret.decode_secret();
assert!(decoded.contains("Name: empty-secret"));
assert!(decoded.contains("Namespace: test-ns"));
assert!(decoded.contains("Data\n===="));
}
}