def get_es_conn_attrs(self, k8s_connection: client.CoreV1Api, debug: bool = False): if debug: self.es_params = {'host': 'localhost', 'port': '9200'} else: # Password sec = str( k8s_connection.read_namespaced_secret( name="quickstart-es-elastic-user", namespace="default").data) password = base64.b64decode(sec.strip().split()[1]).decode("utf-8") # Certificate sec = k8s_connection.read_namespaced_secret( name="quickstart-es-http-certs-public", namespace="default").data cert = base64.b64decode(sec["tls.crt"]).decode("utf-8") context = create_default_context(cadata=cert) self.es_params = { 'host': 'quickstart-es-http', 'port': '9200', 'http_auth': ('elastic', password), 'scheme': 'https', 'ssl_context': context }
def is_secret_present(v1: CoreV1Api, name, namespace) -> bool: """ Check if a namespace has a secret. :param v1: CoreV1Api :param name: :param namespace: :return: bool """ try: v1.read_namespaced_secret(name, namespace) except ApiException as ex: if ex.status == 404: print(f"No secret '{name}' found.") return False return True
def is_secret_present(v1: CoreV1Api, name, namespace) -> bool: """ Check if a namespace has a secret. :param v1: CoreV1Api :param name: :param namespace: :return: bool """ try: v1.read_namespaced_secret(name, namespace) except ApiException as ex: if ex.status == 404: print(f"No secret '{name}' found.") return False return True
def _wait_for_token_secret( core_api: CoreV1Api, token_name: str, token_namespace: str, retries: int = 3, interval: int = 5, ) -> typing.Union[V1Secret, None]: new_access_token = core_api.read_namespaced_secret( name=token_name, namespace=token_namespace, ) if not new_access_token.data: logger.info( 'Access token was not yet populated with required information.') if retries > 0: logger.info( f'Will sleep for {interval} seconds and try again {retries} more times.' ) time.sleep(interval) return _wait_for_token_secret( core_api=core_api, token_name=token_name, token_namespace=token_namespace, retries=retries - 1, interval=interval, ) else: return None return new_access_token
def ensure_node_key(hostname, node_type, kubernetes_api: client.CoreV1Api): private_key_name = f"{hostname}-node-key" try: secret = kubernetes_api.read_namespaced_secret(name=private_key_name, namespace="default") except client.rest.ApiException as api_exception: if api_exception.status != 404: raise secret = create_node_key(private_key_name, node_type, kubernetes_api) node_key_bytes = bytearray.fromhex( base64.b64decode(secret.data['node_key_file']).decode('utf-8')) public_key = base64.b64decode(secret.data['public_key']).decode('utf-8') return (node_key_bytes, public_key)
def register_admin_key(api: client.CoreV1Api): """ Register the admin key from the administrator secret. :api (client.CoreV1Api) The api client to use to execute the request. """ namespace = utils.envvar('RATING_NAMESPACE') secret_name = f'{namespace}-admin' try: secret_encoded_bytes = api.read_namespaced_secret(secret_name, namespace).data except ApiException as exc: raise exc rating_admin_api_key = list(secret_encoded_bytes.keys())[0] os.environ[rating_admin_api_key] = b64decode( secret_encoded_bytes[rating_admin_api_key]).decode('utf-8')
def find_bearer_token(api: client.CoreV1Api, svc_acc: str, namespace: str = 'default') -> str: """Get the bearer token. Used when odin is running locally on a cluster with RBAC. :param api: The k8s api client :param svc_acc: The name of the service account :param namespace: The namespace of the service account :returns: The bearer token. Returns an empty string if not found. """ try: sa = api.read_namespaced_service_account(svc_acc, namespace=namespace) secret = api.read_namespaced_secret(sa.secrets[0].name, namespace=namespace) token = b64decode(secret.data['token']).decode('utf-8') return f"bearer {token}" except client.rest.ApiException: return ""
def get_username_password(ref: SecretRef, api: CoreV1Api): secret = api.read_namespaced_secret(namespace=ref.namespace, name=ref.name, exact=True, export=True) raw = None if ref.password_ref is not None: raw = secret.data[ref.password_ref] elif "mongodb-root-password" in secret.data: raw = secret.data["mongodb-root-password"] elif "mongodb-password" in secret.data: raw = secret.data["mongodb-password"] elif "password" in secret.data: raw = secret.data["passsword"] if raw is None: raise RuntimeError( "Invalid secret, must have key mongodb-root-password, mongodb-password or passsword" ) password = b64decode(raw).decode("utf-8") raw = None if ref.user_ref is not None: raw = secret.data[ref.user_ref] if "mongodb-root-user" in secret.data: raw = secret.data["mongodb-root-user"] elif "mongodb-user" in secret.data: raw = secret.data["mongodb-user"] elif "user" in secret.data: raw = secret.data["user"] if raw is None: return (None, password) # raise RuntimeError("Invalid secret, must have key mongodb-root-user, mongodb-user or user") user = b64decode(raw).decode("utf-8") return (user, password)