def write_output_to_vault(dry_run, vault_path, account, secret_data, name): integration_name = QONTRACT_INTEGRATION secret_path = f"{vault_path}/{integration_name}/{account}/{name}" secret = {"path": secret_path, "data": secret_data} logging.info(["write_secret", secret_path]) vault_client = VaultClient() if not dry_run: vault_client.write(secret)
def write_outputs_to_vault(vault_path, ri): integration_name = QONTRACT_INTEGRATION.replace('_', '-') vault_client = VaultClient() for cluster, namespace, _, data in ri: for name, d_item in data['desired'].items(): secret_path = \ f"{vault_path}/{integration_name}/{cluster}/{namespace}/{name}" secret = {'path': secret_path, 'data': d_item.body['data']} vault_client.write(secret)
def write_outputs_to_vault(vault_path, ri): integration_name = QONTRACT_INTEGRATION.replace("_", "-") vault_client = VaultClient() for cluster, namespace, _, data in ri: for name, d_item in data["desired"].items(): body_data = d_item.body["data"] # write secret to per-namespace location secret_path = (f"{vault_path}/{integration_name}/" + f"{cluster}/{namespace}/{name}") secret = {"path": secret_path, "data": body_data} vault_client.write(secret) # write secret to shared-resources location secret_path = (f"{vault_path}/{integration_name}/" + f"shared-resources/{name}") secret = {"path": secret_path, "data": body_data} vault_client.write(secret)
def run(dry_run, vault_output_path): """Get Hive ClusterDeployments from clusters and save mapping to Vault""" if not vault_output_path: logging.error("must supply vault output path") sys.exit(ExitCodes.ERROR) clusters = queries.get_clusters() settings = queries.get_app_interface_settings() oc_map = OC_Map( clusters=clusters, integration=QONTRACT_INTEGRATION, thread_pool_size=1, settings=settings, init_api_resources=True, ) results = [] for c in clusters: name = c["name"] oc = oc_map.get(name) if not oc: continue if "ClusterDeployment" not in oc.api_resources: continue logging.info(f"[{name}] getting ClusterDeployments") cds = oc.get_all("ClusterDeployment", all_namespaces=True)["items"] for cd in cds: try: item = { "id": cd["spec"]["clusterMetadata"]["clusterID"], "cluster": name, } results.append(item) except KeyError: pass if not dry_run: logging.info("writing ClusterDeployments to vault") vault_client = VaultClient() secret = { "path": f"{vault_output_path}/{QONTRACT_INTEGRATION}", "data": { "map": "\n".join(f"{item['id']}: {item['cluster']}" for item in results) }, } vault_client.write(secret, decode_base64=False)
def run(dry_run, vault_output_path): """Get Hive ClusterDeployments from clusters and save mapping to Vault""" if not vault_output_path: logging.error('must supply vault output path') sys.exit(ExitCodes.ERROR) clusters = queries.get_clusters() settings = queries.get_app_interface_settings() oc_map = OC_Map(clusters=clusters, integration=QONTRACT_INTEGRATION, thread_pool_size=1, settings=settings, init_api_resources=True) results = [] for c in clusters: name = c['name'] oc = oc_map.get(name) if not oc: continue if 'ClusterDeployment' not in oc.api_resources: continue logging.info(f'[{name}] getting ClusterDeployments') cds = oc.get_all('ClusterDeployment', all_namespaces=True)['items'] for cd in cds: try: item = { 'id': cd['spec']['clusterMetadata']['clusterID'], 'cluster': name, } results.append(item) except KeyError: pass if not dry_run: logging.info('writing ClusterDeployments to vault') vault_client = VaultClient() secret = { 'path': f"{vault_output_path}/{QONTRACT_INTEGRATION}", 'data': { 'map': '\n'.join(f"{item['id']}: {item['cluster']}" for item in results) } } vault_client.write(secret, decode_base64=False)
def write_outputs_to_vault(vault_path, ri): integration_name = QONTRACT_INTEGRATION.replace('_', '-') vault_client = VaultClient() for cluster, namespace, _, data in ri: for name, d_item in data['desired'].items(): body_data = d_item.body['data'] # write secret to per-namespace location secret_path = \ f"{vault_path}/{integration_name}/" + \ f"{cluster}/{namespace}/{name}" secret = {'path': secret_path, 'data': body_data} vault_client.write(secret) # write secret to shared-resources location secret_path = \ f"{vault_path}/{integration_name}/" + \ f"shared-resources/{name}" secret = {'path': secret_path, 'data': body_data} vault_client.write(secret)
def write_output_to_vault(vault_path, name, data): integration_name = QONTRACT_INTEGRATION vault_client = VaultClient() secret_path = f"{vault_path}/{integration_name}/{name}" secret = {'path': secret_path, 'data': data} vault_client.write(secret)