def request_aws_credentials(self):
"""
Uses a CredentialsRequest CR to create an AWS IAM that allows the program
to interact with S3
Returns:
OCS: The CredentialsRequest resource
"""
awscreds_data = templating.load_yaml(constants.MCG_AWS_CREDS_YAML)
req_name = create_unique_resource_name("awscredreq",
"credentialsrequests")
awscreds_data["metadata"]["name"] = req_name
awscreds_data["metadata"]["namespace"] = self.namespace
awscreds_data["spec"]["secretRef"]["name"] = req_name
awscreds_data["spec"]["secretRef"]["namespace"] = self.namespace
creds_request = create_resource(**awscreds_data)
sleep(5)
secret_ocp_obj = OCP(kind="secret", namespace=self.namespace)
try:
cred_req_secret_dict = secret_ocp_obj.get(
resource_name=creds_request.name, retry=5)
except CommandFailed:
logger.error("Failed to retrieve credentials request secret")
raise CredReqSecretNotFound(
"Please make sure that the cluster used is an AWS cluster, "
"or that the `platform` var in your config is correct.")
aws_access_key_id = base64.b64decode(
cred_req_secret_dict.get("data").get("aws_access_key_id")).decode(
"utf-8")
aws_access_key = base64.b64decode(
cred_req_secret_dict.get("data").get(
"aws_secret_access_key")).decode("utf-8")
def _check_aws_credentials():
try:
sts = boto3.client(
"sts",
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_access_key,
)
sts.get_caller_identity()
return True
except ClientError:
logger.info("Credentials are still not active. Retrying...")
return False
try:
for api_test_result in TimeoutSampler(120, 5,
_check_aws_credentials):
if api_test_result:
logger.info("AWS credentials created successfully.")
break
except TimeoutExpiredError:
logger.error("Failed to create credentials")
assert False
return creds_request, aws_access_key_id, aws_access_key
def request_aws_credentials(self):
"""
Uses a CredentialsRequest CR to create an AWS IAM that allows the program
to interact with S3
Returns:
OCS: The CredentialsRequest resource
"""
awscreds_data = templating.load_yaml(constants.MCG_AWS_CREDS_YAML)
req_name = create_unique_resource_name('awscredreq',
'credentialsrequests')
awscreds_data['metadata']['name'] = req_name
awscreds_data['metadata']['namespace'] = self.namespace
awscreds_data['spec']['secretRef']['name'] = req_name
awscreds_data['spec']['secretRef']['namespace'] = self.namespace
creds_request = create_resource(**awscreds_data)
sleep(5)
secret_ocp_obj = OCP(kind='secret', namespace=self.namespace)
try:
cred_req_secret_dict = secret_ocp_obj.get(
resource_name=creds_request.name, retry=5)
except CommandFailed:
logger.error('Failed to retrieve credentials request secret')
raise CredReqSecretNotFound(
'Please make sure that the cluster used is an AWS cluster, '
'or that the `platform` var in your config is correct.')
aws_access_key_id = base64.b64decode(
cred_req_secret_dict.get('data').get('aws_access_key_id')).decode(
'utf-8')
aws_access_key = base64.b64decode(
cred_req_secret_dict.get('data').get(
'aws_secret_access_key')).decode('utf-8')
def _check_aws_credentials():
try:
s3_res = boto3.resource(
's3',
endpoint_url="https://s3.amazonaws.com",
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_access_key)
test_bucket = s3_res.create_bucket(
Bucket=create_unique_resource_name('cred-verify',
's3-bucket'))
test_bucket.delete()
return True
except ClientError:
logger.info('Credentials are still not active. Retrying...')
return False
try:
for api_test_result in TimeoutSampler(40, 5,
_check_aws_credentials):
if api_test_result:
logger.info('AWS credentials created successfully.')
break
except TimeoutExpiredError:
logger.error('Failed to create credentials')
assert False
return creds_request, aws_access_key_id, aws_access_key