Functions/Get-KubernetesSecretMetadata.ps1
function Get-KubernetesSecretMetadata { <# .SYNOPSIS Gets a Kubernetes secret metadata. .DESCRIPTION Obtains a subset of Kubernetes secret metadata including annoations and create/update date times. .PARAMETER Namespace The Kubernetes namespace that the secret will be created in. .PARAMETER SecretName The name of the Kubernetes secret. .PARAMETER All Tells the function to obtain all secrets across all authorized namespaces. .PARAMETER AsJson Returns the results as a serialized JSON string as opposed to the default object type. .EXAMPLE Get-KubernetesSecretMetadata -Namespace "apps" Gets Kubernetes secret metadata for all secrets in the 'apps' namespace. .EXAMPLE Get-KubernetesSecretMetadata -SecretName "my-secret" Gets Kubernetes secret metadata for the secret 'my-secret' in the default namespace. .EXAMPLE Get-KubernetesSecretMetadata -Namespace "apps" -SecretName "my-secret" Gets Kubernetes secret metadata for the secret 'my-secret' in the 'apps' namespace. .EXAMPLE Get-KubernetesSecretMetadata -All Gets Kubernetes secret metadata all secrets across all authorized namespaces. .EXAMPLE Get-KubernetesSecretMetadata -All -AsJson Gets Kubernetes secret metadata all secrets across all authorized namespaces with the results returned as a JSON string. .EXAMPLE gksm -n "apps" Gets Kubernetes secret metadata for all secrets in the 'apps' namespace. .EXAMPLE gksm -s "my-secret" Gets Kubernetes secret metadata for the secret 'my-secret' in the default namespace. .EXAMPLE gksm -n "apps" -s "my-secret" Gets Kubernetes secret metadata for the secret 'my-secret' in the 'apps' namespace. .EXAMPLE gksm -a Gets Kubernetes secret metadata all secrets across all authorized namespaces. .EXAMPLE gksm -a -json Gets Kubernetes secret metadata all secrets across all authorized namespaces with the results returned as a JSON string. .INPUTS System.String A string value is received by the Namespace parameter .OUTPUTS System.Management.Automation.PSCustomObject or System.String #> [CmdletBinding()] [Alias('gksm', 'gksd')] [OutputType([System.Management.Automation.PSCustomObject], [System.String])] Param ( [Parameter(Mandatory = $false, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)][Alias('ns', 'n')][String]$Namespace = 'default', [Parameter(Mandatory = $false)][Alias('s')][String]$SecretName, [Parameter(Mandatory = $false, ParameterSetName = "All")][Alias('a')][Switch]$All, [Parameter(Mandatory = $false)][Alias('json', 'j')][Switch]$AsJson ) BEGIN { if (-not(Test-KubernetesNamespaceAccess -Namespace $Namespace)) { $ArgumentException = [Security.SecurityException]::new("The following namespace was either not found or inaccessible: $Namespace") Write-Error -Exception $ArgumentException -ErrorAction Stop } function _getK8sSecretMetadata([string]$targetNamespace, [string]$targetSecretName) { try { [PSCustomObject]$secretGetResult = $(kubectl get secrets --namespace=$targetNamespace $targetSecretName --output=json 2>&1) | ConvertFrom-Json -ErrorAction Stop [PSCustomObject]$managedFieldValues = ($(kubectl get secrets --namespace=$targetNamespace $targetSecretName --show-managed-fields --output=json 2>&1) | ConvertFrom-Json -ErrorAction Stop).metadata.managedFields $dataKeys = $null if ($null -ne $secretGetResult.data) { $dataKeys = $secretGetResult.data | Get-Member | Where-Object -Property MemberType -eq NoteProperty | Select-Object -ExpandProperty Name } $deserializedGetOutput = [PSCustomObject]@{ Name = $secretGetResult.metadata.name Namespace = $secretGetResult.metadata.namespace Type = $secretGetResult.type DataCount = $dataKeys.Count DataKeys = $dataKeys CreatedOn = $secretGetResult.metadata.creationTimestamp UpdatedOn = $managedFieldValues | Where-Object -Property Operation -eq Update | Sort-Object -Property time -Descending | Select-Object -ExpandProperty time -First 1 Annotations = $null -ne $secretGetResult.metadata.annotations ? $secretGetResult.metadata.annotations : "" } return $deserializedGetOutput } catch { $argExceptionMessage = "The following secret was not found {0}:{1}" -f $targetNamespace, $targetSecretName $ArgumentException = [ArgumentException]::new($argExceptionMessage) Write-Error -Exception $ArgumentException -ErrorAction Stop } } } PROCESS { $targetSecretNames = @() $targetNamespace = $Namespace if ($PSBoundParameters.ContainsKey("SecretName")) { if (-not(Test-KubernetesSecretExistence -Namespace $targetNamespace -SecretName $SecretName)) { $secretArgExceptionMessage = "The following secret was either not found or inaccessible. Check secret name, access rights for the specific secret and/or namespace, and try again: {0}:{1}" -f $targetNamespace, $SecretName $SecretArgumentException = [ArgumentException]::new($secretArgExceptionMessage) Write-Error -Exception $SecretArgumentException -ErrorAction Stop } $targetSecretNames += $SecretName } else { try { [PSCustomObject]$secretGetAllResults = $(kubectl get secrets --namespace=$targetNamespace --output=json 2>&1) | ConvertFrom-Json -ErrorAction Stop $targetSecretNames += ($secretGetAllResults.items.metadata | Select-Object -ExpandProperty name) } catch { $ArgumentException = [ArgumentException]::new("Unable to get secrets in the $targetNamespace namespace.") Write-Error -Exception $ArgumentException -ErrorAction Stop } } if ($PSBoundParameters.ContainsKey("All")) { try { $allSecretObjects = @() $(kubectl get secrets -A --output=json 2>&1 | ConvertFrom-Json -ErrorAction Stop).items.metadata | ForEach-Object { $k8sd = _getK8sSecretMetadata -targetNamespace $_.namespace -targetSecretName $_.name $allSecretObjects += $k8sd } if ($PSBoundParameters.ContainsKey("AsJson")) { ($allSecretObjects | ConvertTo-Json -AsArray) } else { ($allSecretObjects) } } catch { Write-Error -Exception $_-ErrorAction Stop } } else { foreach ($targetSecretName in $targetSecretNames) { try { $k8sd = _getK8sSecretMetadata -targetNamespace $targetNamespace -targetSecretName $targetSecretName if ($PSBoundParameters.ContainsKey("AsJson")) { ($k8sd | ConvertTo-Json -AsArray) } else { ($k8sd) } } catch { Write-Error -Exception $_-ErrorAction Stop } } } } } |