def _get_or_create_migration_db_passwords(migration_name,
                                          create_if_not_exists=True,
                                          skip_keys=None):
    passwords = []
    errors = []
    for password_config_key in [
            'database-password', 'datastore-password',
            'datastore-readonly-password'
    ]:
        if skip_keys is not None and password_config_key not in skip_keys:
            passwords.append(None)
            continue
        password = crds_manager.config_get(CRD_SINGULAR,
                                           migration_name,
                                           key=password_config_key,
                                           is_secret=True,
                                           required=False)
        if create_if_not_exists:
            if password:
                logs.info(f'Password already exists: {password_config_key}')
                errors.append(f'password-exists: {password_config_key}')
            else:
                logs.info(f'Generating new password for {password_config_key}')
                password = _generate_password()
                crds_manager.config_set(CRD_SINGULAR,
                                        migration_name,
                                        key=password_config_key,
                                        value=password,
                                        is_secret=True)
        passwords.append(password)
    return [errors] + passwords
def get_dbs_passwords(migration_name, required=False):
    database_password, datastore_password, datastore_readonly_password = [
        crds_manager.config_get(CRD_SINGULAR,
                                migration_name,
                                key=key,
                                is_secret=True,
                                required=required) for key in [
                                    'database-password', 'datastore-password',
                                    'datastore-readonly-password'
                                ]
    ]
    return database_password, datastore_password, datastore_readonly_password
def load(cluster_id):
    cluster = crds_manager.get(
        'kamateracluster',
        crds_manager.get_resource_name('kamateracluster', cluster_id))['spec']
    cluster['servers'] = []
    servers_path = os.path.expanduser(f'~/cluster-{cluster_id}-servers')
    os.makedirs(servers_path, exist_ok=True)
    for server_name in cluster['server_names']:
        server = crds_manager.get(
            'kamateraserver',
            crds_manager.get_resource_name('kamateraserver',
                                           server_name))['spec']
        server_secrets = crds_manager.config_get('kamateraserver',
                                                 server_name,
                                                 is_secret=True)
        password_filename = f'{servers_path}/server_{server_name}_password.txt'
        private_key_filename = f'{servers_path}/server_{server_name}_id_rsa'
        public_key_filename = private_key_filename + '.pub'
        with open(password_filename, 'w') as f:
            f.write(server_secrets['password'])
        with open(private_key_filename, 'w') as f:
            f.write(server_secrets['private_key'])
        with open(public_key_filename, 'w') as f:
            f.write(server_secrets['public_key'])
        server['passwordfile'] = password_filename
        server['keyfile'] = private_key_filename
        cluster['servers'].append(server)
    del cluster['server_names']
    cluster_path = get_cluster_path(cluster_id)
    os.makedirs(cluster_path, exist_ok=True)
    with open(f'{cluster_path}/cluster.json', 'w') as f:
        json.dump(cluster, f)
    cluster_secrets = crds_manager.config_get('kamateracluster',
                                              cluster_id,
                                              is_secret=True)
    with open(f'{cluster_path}/kube_config_rke-cluster.yml', 'w') as f:
        f.write(cluster_secrets['kube_config_rke-cluster.yml'])
def _get_or_create_datastore_readonly_user_name(migration_name,
                                                datastore_name):
    name = crds_manager.config_get(CRD_SINGULAR,
                                   migration_name,
                                   key='datastore-readonly-user-name',
                                   is_secret=True,
                                   required=False)
    if not name:
        name = f'{datastore_name}-ro'
        crds_manager.config_set(CRD_SINGULAR,
                                migration_name,
                                key='datastore-readonly-user-name',
                                value=name,
                                is_secret=True)
    return name
def delete(name, delete_dbs=False):
    migration = crds_manager.get(CRD_SINGULAR, name=name, required=False) or {}
    if delete_dbs:
        admin_connection_string = db_manager.get_external_admin_connection_string(
        )
        db_name = migration.get('spec', {}).get('datastore-name')
        datastore_name = migration.get('spec', {}).get('db-name')
        datastore_ro_name = crds_manager.config_get(
            CRD_SINGULAR,
            name,
            key='datastore-readonly-user-name',
            is_secret=True,
            required=False)
        if db_name or datastore_name or datastore_ro_name:
            with postgres_driver.connect(
                    admin_connection_string) as admin_conn:
                _delete_dbs(admin_conn, db_name, datastore_name,
                            datastore_ro_name)
    crds_manager.delete(CRD_SINGULAR, name)
def get_datastore_raedonly_user_name(migration_name, required=False):
    return crds_manager.config_get(CRD_SINGULAR,
                                   migration_name,
                                   key='datastore-readonly-user-name',
                                   is_secret=True,
                                   required=required)