def test_list_envs(folder):
path = ENVS_PATH / folder
path.mkdir()
try:
envs = list_envs()
assert folder not in envs
assert "minikube" in envs
finally:
path.rmdir()
def validate_release_configs(ctx):
envs = list_envs()
for env in envs:
logger.info("Validating configs for {} environment".format(env))
settings = load_env_settings(env)
components = settings.COMPONENTS
for path in components:
component = Component(path)
component.validate(ctx)
component.patch_from_env(env)
component.validate(ctx)
def update_from_templates(ctx):
envs = list_envs()
rendered_files = []
for env in envs:
settings = load_env_settings(env)
components = settings.COMPONENTS
for path in components:
component = Component(path)
rendered_files.extend(component.render_templates(env, settings))
return rendered_files
def test_load_env_settings(clean_test_settings):
envs = list_envs()
settings = load_env_settings(envs[0])
getattr(settings, "IMAGE_PULL_SECRETS")
getattr(settings, "KUBE_CONTEXT")
getattr(settings, "KUBE_NAMESPACE")
getattr(settings, "COMPONENTS")
getattr(settings, "REPLICAS")
TEST_ENV_PATH.mkdir(parents=True)
TEST_ENV_SETTINGS.write_text(TEST_SETTINGS)
settings = load_env_settings(TEST_ENV)
assert len(settings.COMPONENTS) == 1
assert "service/TEST_COMPONENT_LOL" in settings.COMPONENTS
assert settings.KUBE_CONTEXT == "TEST_CONTEXT_LOL"
assert settings.KUBE_NAMESPACE == "TEST_NAMESPACE_LOL"
assert len(settings.IMAGE_PULL_SECRETS) == 0
assert len(settings.REPLICAS) == 0
def unseal_secrets(ctx, env, all_envs=False):
"""Decrypts the secrets for the desired env(s) and base64 decodes them to make
them easy to edit.
Examples:
poetry run invoke unseal-secrets --env staging
poetry run invoke unseal-secrets --env staging --env production
poetry run invoke unseal-secrets --env staging,production
poetry run invoke unseal-secrets --all-envs
:param invoke.Context ctx: The invoke context.
:param List[str] env: A list of the environments.
:param bool all_envs: Use all envs.
"""
if all_envs:
envs = list_envs()
else:
envs = {e.strip() for es in env for e in es.split(",")}
for env in envs:
devops.tasks.unseal_secrets(env=env)
def update_from_templates():
envs = list_envs()
rendered_files = []
for env in envs:
settings = load_env_settings(env)
enabled_components = set(settings.COMPONENTS)
components_in_filesystem = {
p.parent.relative_to("envs", env, "merges").as_posix()
for p in Path("envs", env, "merges").glob("**/kube")
}
components_in_filesystem |= {
p.parent.relative_to("envs", env, "overrides").as_posix()
for p in Path("envs", env, "overrides").glob("**/kube")
}
for path in enabled_components | components_in_filesystem:
component = Component(path)
rendered_files.extend(component.render_templates(env, settings))
return rendered_files
def seal_secrets(ctx, env, all_envs=False, only_changed=False):
"""Base64 encodes and seals the secrets for the desired env(s).
Examples:
poetry run invoke seal-secrets --env staging
poetry run invoke seal-secrets --env staging --only-changed
poetry run invoke seal-secrets --env staging --env production
poetry run invoke seal-secrets --env staging,production
poetry run invoke seal-secrets --all-envs
:param invoke.Context ctx: The invoke context.
:param List[str] env: A list of the environments.
:param bool all_envs: Use all envs.
:param bool only_changed: Only reseal changed secrets.
"""
if all_envs:
envs = list_envs()
else:
envs = {e.strip() for es in env for e in es.split(",")}
for env in envs:
devops.tasks.seal_secrets(env=env, only_changed=only_changed)
from contextlib import contextmanager
from os import environ
from pathlib import Path
from subprocess import CalledProcessError # nosec
from time import sleep
from invoke import Context, task
import devops.settings
import devops.tasks
from devops.lib.log import logger
from devops.lib.utils import big_label, label, list_envs, load_env_settings, run
ALL_COMPONENTS = ["service/pipeline-agent"]
ENVS = list_envs()
LOCAL_ENV = "minikube" # Determines some special rules
# Maximum number of Docker tags to keep after cleanup
MAX_TAGS = 50
validate_release_configs = task(devops.tasks.validate_release_configs)
@task(
iterable=["component", "docker_arg"],
help={
"component":
"The components to build - if none given defaults to: " +
", ".join(ALL_COMPONENTS),
"dry-run":