def write_output_to_vault(dry_run, vault_path, account, secret_data, name):
integration_name = QONTRACT_INTEGRATION
secret_path = f"{vault_path}/{integration_name}/{account}/{name}"
secret = {"path": secret_path, "data": secret_data}
logging.info(["write_secret", secret_path])
vault_client = VaultClient()
if not dry_run:
vault_client.write(secret)
def write_outputs_to_vault(vault_path, ri):
integration_name = QONTRACT_INTEGRATION.replace('_', '-')
vault_client = VaultClient()
for cluster, namespace, _, data in ri:
for name, d_item in data['desired'].items():
secret_path = \
f"{vault_path}/{integration_name}/{cluster}/{namespace}/{name}"
secret = {'path': secret_path, 'data': d_item.body['data']}
vault_client.write(secret)
def write_outputs_to_vault(vault_path, ri):
integration_name = QONTRACT_INTEGRATION.replace("_", "-")
vault_client = VaultClient()
for cluster, namespace, _, data in ri:
for name, d_item in data["desired"].items():
body_data = d_item.body["data"]
# write secret to per-namespace location
secret_path = (f"{vault_path}/{integration_name}/" +
f"{cluster}/{namespace}/{name}")
secret = {"path": secret_path, "data": body_data}
vault_client.write(secret)
# write secret to shared-resources location
secret_path = (f"{vault_path}/{integration_name}/" +
f"shared-resources/{name}")
secret = {"path": secret_path, "data": body_data}
vault_client.write(secret)
def run(dry_run, vault_output_path):
"""Get Hive ClusterDeployments from clusters and save mapping to Vault"""
if not vault_output_path:
logging.error("must supply vault output path")
sys.exit(ExitCodes.ERROR)
clusters = queries.get_clusters()
settings = queries.get_app_interface_settings()
oc_map = OC_Map(
clusters=clusters,
integration=QONTRACT_INTEGRATION,
thread_pool_size=1,
settings=settings,
init_api_resources=True,
)
results = []
for c in clusters:
name = c["name"]
oc = oc_map.get(name)
if not oc:
continue
if "ClusterDeployment" not in oc.api_resources:
continue
logging.info(f"[{name}] getting ClusterDeployments")
cds = oc.get_all("ClusterDeployment", all_namespaces=True)["items"]
for cd in cds:
try:
item = {
"id": cd["spec"]["clusterMetadata"]["clusterID"],
"cluster": name,
}
results.append(item)
except KeyError:
pass
if not dry_run:
logging.info("writing ClusterDeployments to vault")
vault_client = VaultClient()
secret = {
"path": f"{vault_output_path}/{QONTRACT_INTEGRATION}",
"data": {
"map": "\n".join(f"{item['id']}: {item['cluster']}" for item in results)
},
}
vault_client.write(secret, decode_base64=False)
def run(dry_run, vault_output_path):
"""Get Hive ClusterDeployments from clusters and save mapping to Vault"""
if not vault_output_path:
logging.error('must supply vault output path')
sys.exit(ExitCodes.ERROR)
clusters = queries.get_clusters()
settings = queries.get_app_interface_settings()
oc_map = OC_Map(clusters=clusters,
integration=QONTRACT_INTEGRATION,
thread_pool_size=1,
settings=settings,
init_api_resources=True)
results = []
for c in clusters:
name = c['name']
oc = oc_map.get(name)
if not oc:
continue
if 'ClusterDeployment' not in oc.api_resources:
continue
logging.info(f'[{name}] getting ClusterDeployments')
cds = oc.get_all('ClusterDeployment', all_namespaces=True)['items']
for cd in cds:
try:
item = {
'id': cd['spec']['clusterMetadata']['clusterID'],
'cluster': name,
}
results.append(item)
except KeyError:
pass
if not dry_run:
logging.info('writing ClusterDeployments to vault')
vault_client = VaultClient()
secret = {
'path': f"{vault_output_path}/{QONTRACT_INTEGRATION}",
'data': {
'map':
'\n'.join(f"{item['id']}: {item['cluster']}"
for item in results)
}
}
vault_client.write(secret, decode_base64=False)
def write_outputs_to_vault(vault_path, ri):
integration_name = QONTRACT_INTEGRATION.replace('_', '-')
vault_client = VaultClient()
for cluster, namespace, _, data in ri:
for name, d_item in data['desired'].items():
body_data = d_item.body['data']
# write secret to per-namespace location
secret_path = \
f"{vault_path}/{integration_name}/" + \
f"{cluster}/{namespace}/{name}"
secret = {'path': secret_path, 'data': body_data}
vault_client.write(secret)
# write secret to shared-resources location
secret_path = \
f"{vault_path}/{integration_name}/" + \
f"shared-resources/{name}"
secret = {'path': secret_path, 'data': body_data}
vault_client.write(secret)
def write_output_to_vault(vault_path, name, data):
integration_name = QONTRACT_INTEGRATION
vault_client = VaultClient()
secret_path = f"{vault_path}/{integration_name}/{name}"
secret = {'path': secret_path, 'data': data}
vault_client.write(secret)
