def remove_cluster(event, context):
"""Remove cluster and all associated credentials"""
"""{ "cluster_name": "foo-prod-cluster.com" }"""
validate_config_input(event['body'])
post_body = json.loads(event['body'])
cluster_name = post_body['cluster_name']
if validate_unique_cluster_name(cluster_name, CLUSTER_TABLE) is not None:
# Remove associated user secrets
delete_secrets(cluster_name)
# Remove cluster
CLUSTER_TABLE.delete_item(Key={'id': cluster_name})
return {
"statusCode":
200,
"body":
json.dumps({
"message":
f'Cluster and associated secrets removed for: {cluster_name}'
}),
}
return {
"statusCode": 404,
"body":
json.dumps({"message": f'Cluster {cluster_name} does not exist'})
}
def add_cluster(event, context):
"""Add cluster and initial credentials. Handler function for lambda (entry point)"""
validate_config_input(event['body'])
cluster_config = json.loads(event['body'])
cluster_users = cluster_config['users']
for cluster in get_clusters(cluster_config):
try:
cluster_name = cluster['name']
cluster_server = cluster['cluster']['server']
if 'certificate-authority-data' in cluster['cluster']:
cluster_authority = cluster['cluster'][
'certificate-authority-data']
else:
cluster_authority = "NA"
except KeyError as err:
print(f'Invalid cluster config: {err}')
raise err
# Put into dynamodb cluster info
if validate_unique_cluster_name(cluster_name, CLUSTER_TABLE) is None:
names = [user['name'] for user in get_users(cluster_config)]
for name in get_users(cluster_config):
for user_data, secret in name['user'].items():
save_creds(cluster_name, name['name'], user_data, secret)
update_cluster_users_secret_name(cluster_name,
name['name'], user_data,
cluster_users)
CLUSTER_TABLE.put_item(
Item={
'id': cluster_name,
'server': cluster_server,
'certificate-authority-data': cluster_authority,
'users': [names],
'users_config': cluster_users
})
return {
"statusCode":
200,
"body":
json.dumps(
{"message": f'Cluster and config added {cluster_name}'}),
}
return {
"statusCode":
404,
"body":
json.dumps({"message": f'Cluster {cluster_name} already exists'})
}
def get_k8_config(event, context):
"""Generate k8 config object from list of clusters as query input"""
# /get_k8_config?cloud-infra.cloud&cloud-infra-2.net
clusters = event['queryStringParameters']
config = {
"apiVersion": "v1",
"kind": "Config",
"preferences": {},
"clusters": [],
"users": [],
"contexts": [],
"current-context": ""
}
for cluster in clusters:
if validate_unique_cluster_name(cluster, CLUSTER_TABLE) is not None:
cluster_item = CLUSTER_TABLE.get_item(Key={"id": cluster})
cluster_item = cluster_item['Item']
config["clusters"].append({
"cluster": {
"certificate-authority-data":
cluster_item['certificate-authority-data'],
"server":
cluster_item['server']
},
"name": cluster_item['id']
})
for user in cluster_item['users_config']:
for user_key, secret in user['user'].items():
secret_response = SECRETS_CLIENT.get_secret_value(
SecretId=secret)
user['user'][user_key] = secret_response['SecretString']
for user in cluster_item['users_config']:
config["users"].append(user)
config["contexts"].append({
"context": {
"cluster": cluster_item['id'],
"user": cluster_item['id']
},
"name": cluster_item['id']
})
# Last item processed will become the current-context in response
config["current-context"] = cluster_item['id']
else:
return {
"statusCode":
404,
"body":
json.dumps({
"message":
f'Unable to process cluster config for {cluster}, confirm cluster is in list endpoint output'
})
}
return {"statusCode": 200, "body": json.dumps(config)}
def _generate_cluster_config(clusters):
CLUSTER_TABLE = storage.get_cluster_table()
config = {
"apiVersion": "v1",
"kind": "Config",
"preferences": {},
"clusters": [],
"users": [],
"contexts": [],
"current-context": ""
}
for cluster in clusters:
if validate_unique_cluster_name(cluster, CLUSTER_TABLE) is not None:
cluster_item = CLUSTER_TABLE.get_item(Key={"id": cluster})
cluster_item = cluster_item['Item']
# Add certificate-authority-data if available,
# this is optional at the time of adding config
if cluster_item['certificate-authority-data'] != "NA":
config["clusters"].append({
"cluster": {
"certificate-authority-data":
cluster_item['certificate-authority-data'],
"server":
cluster_item['server']
},
"name": cluster_item['id']
})
else:
config["clusters"].append({
"cluster": {
"server": cluster_item['server']
},
"name": cluster_item['id']
})
for user in cluster_item['users_config']:
for user_key, secret in user['user'].items():
print(f'getting secret: {secret}')
secret_response = SECRETS_CLIENT.get_secret_value(
SecretId=secret)
user['user'][user_key] = secret_response['SecretString']
for user in cluster_item['users_config']:
config["users"].append(user)
config["contexts"].append({
"context": {
"cluster": cluster_item['id'],
"user": cluster_item['id']
},
"name": cluster_item['id']
})
# Last item processed will become the current-context in response
config["current-context"] = cluster_item['id']
else:
return {
"statusCode":
404,
"body":
json.dumps({
"message": (f'Unable to process cluster config for '
f'{cluster}, confirm cluster is in list '
f'endpoint output')
})
}
return {"statusCode": 200, "body": json.dumps(config)}