def record_secret(self, secret_name: str, namespace: str) -> Optional[SecretInfo]:
secret_key = (secret_name, namespace)
if secret_key not in self.needed:
self.needed[secret_key] = SecretInfo(secret_name, namespace, 'needed-secret', '-crt-', '-key-',
decode_b64=False)
return self.needed[secret_key]
def load_secret(self, resource: 'IRResource', secret_name: str,
namespace: str) -> Optional[SecretInfo]:
# Allow an environment variable to state whether we're in Edge Stack. But keep the
# existing condition as sufficient, so that there is less of a chance of breaking
# things running in a container with this file present.
if parse_bool(os.environ.get(
'EDGE_STACK',
'false')) or os.path.exists('/ambassador/.edge_stack'):
if ((secret_name == "fallback-self-signed-cert")
and (namespace == Config.ambassador_namespace)):
# This is Edge Stack. Force the fake TLS secret.
self.logger.info(
f"MockSecretHandler: mocking fallback secret {secret_name}.{namespace}"
)
return SecretInfo(secret_name,
namespace,
"mocked-fallback-secret",
"-fallback-cert-",
"-fallback-key-",
decode_b64=False)
self.logger.debug(
f"MockSecretHandler: cannot load {secret_name}.{namespace}")
return None
def load_secret(self, resource: 'IRResource', secret_name: str,
namespace: str) -> Optional[SecretInfo]:
return SecretInfo('fallback-self-signed-cert',
'ambassador',
"mocked-fallback-secret",
CRT,
KEY,
decode_b64=False)
def load_secret(self, context: 'IRTLSContext',
secret_name: str, namespace: str) -> Optional[SecretInfo]:
secret_key = ( secret_name, namespace )
if secret_key not in self.needed:
self.needed[secret_key] = SecretInfo(secret_name, namespace, '-crt-', '-key-', decode_b64=False)
return self.needed[secret_key]
def load_secret(self, context: 'IRTLSContext',
secret_name: str, namespace: str) -> Optional[SecretInfo]:
self.logger.info(f"SecretRecorder: Trying to load secret {secret_name} in namespace {namespace} from TLSContext {context}")
secret_key = ( secret_name, namespace )
if secret_key not in self.needed:
self.needed[secret_key] = SecretInfo(secret_name, namespace, '-crt-', '-key-', decode_b64=False)
return self.needed[secret_key]
def load_secret(self, resource: 'IRResource', secret_name: str,
namespace: str) -> Optional[SecretInfo]:
if ((secret_name == "fallback-self-signed-cert")
and (namespace == Config.ambassador_namespace)):
return SecretInfo(secret_name,
namespace,
"mocked-fallback-secret",
"-fallback-cert-",
"-fallback-key-",
decode_b64=False)
def load_secret(self, resource: 'IRResource', secret_name: str, namespace: str) -> Optional[SecretInfo]:
if os.path.exists('/ambassador/.edge_stack'):
if ((secret_name == "fallback-self-signed-cert") and
(namespace == Config.ambassador_namespace)):
# This is Edge Stack. Force the fake TLS secret.
self.logger.info(f"MockSecretHandler: mocking fallback secret {secret_name}.{namespace}")
return SecretInfo(secret_name, namespace, "mocked-fallback-secret",
"-fallback-cert-", "-fallback-key-", decode_b64=False)
self.logger.debug(f"MockSecretHandler: cannot load {secret_name}.{namespace}")
return None
def load_secret(self, resource: 'IRResource', secret_name: str, namespace: str) -> Optional[SecretInfo]:
# Only allow a secret to be _loaded_ if it's marked Loadable.
key = f"{secret_name}.{namespace}"
if key in CLISecretHandler.LoadableSecrets:
self.logger.info(f"CLISecretHandler: loading {key}")
return SecretInfo(secret_name, namespace, "mocked-loadable-secret",
"-mocked-cert-", "-mocked-key-", decode_b64=False)
self.logger.debug(f"CLISecretHandler: cannot load {key}")
return None
