def record_secret(self, secret_name: str, namespace: str) -> Optional[SecretInfo]: secret_key = (secret_name, namespace) if secret_key not in self.needed: self.needed[secret_key] = SecretInfo(secret_name, namespace, 'needed-secret', '-crt-', '-key-', decode_b64=False) return self.needed[secret_key]
def load_secret(self, resource: 'IRResource', secret_name: str, namespace: str) -> Optional[SecretInfo]: # Allow an environment variable to state whether we're in Edge Stack. But keep the # existing condition as sufficient, so that there is less of a chance of breaking # things running in a container with this file present. if parse_bool(os.environ.get( 'EDGE_STACK', 'false')) or os.path.exists('/ambassador/.edge_stack'): if ((secret_name == "fallback-self-signed-cert") and (namespace == Config.ambassador_namespace)): # This is Edge Stack. Force the fake TLS secret. self.logger.info( f"MockSecretHandler: mocking fallback secret {secret_name}.{namespace}" ) return SecretInfo(secret_name, namespace, "mocked-fallback-secret", "-fallback-cert-", "-fallback-key-", decode_b64=False) self.logger.debug( f"MockSecretHandler: cannot load {secret_name}.{namespace}") return None
def load_secret(self, resource: 'IRResource', secret_name: str, namespace: str) -> Optional[SecretInfo]: return SecretInfo('fallback-self-signed-cert', 'ambassador', "mocked-fallback-secret", CRT, KEY, decode_b64=False)
def load_secret(self, context: 'IRTLSContext', secret_name: str, namespace: str) -> Optional[SecretInfo]: secret_key = ( secret_name, namespace ) if secret_key not in self.needed: self.needed[secret_key] = SecretInfo(secret_name, namespace, '-crt-', '-key-', decode_b64=False) return self.needed[secret_key]
def load_secret(self, context: 'IRTLSContext', secret_name: str, namespace: str) -> Optional[SecretInfo]: self.logger.info(f"SecretRecorder: Trying to load secret {secret_name} in namespace {namespace} from TLSContext {context}") secret_key = ( secret_name, namespace ) if secret_key not in self.needed: self.needed[secret_key] = SecretInfo(secret_name, namespace, '-crt-', '-key-', decode_b64=False) return self.needed[secret_key]
def load_secret(self, resource: 'IRResource', secret_name: str, namespace: str) -> Optional[SecretInfo]: if ((secret_name == "fallback-self-signed-cert") and (namespace == Config.ambassador_namespace)): return SecretInfo(secret_name, namespace, "mocked-fallback-secret", "-fallback-cert-", "-fallback-key-", decode_b64=False)
def load_secret(self, resource: 'IRResource', secret_name: str, namespace: str) -> Optional[SecretInfo]: if os.path.exists('/ambassador/.edge_stack'): if ((secret_name == "fallback-self-signed-cert") and (namespace == Config.ambassador_namespace)): # This is Edge Stack. Force the fake TLS secret. self.logger.info(f"MockSecretHandler: mocking fallback secret {secret_name}.{namespace}") return SecretInfo(secret_name, namespace, "mocked-fallback-secret", "-fallback-cert-", "-fallback-key-", decode_b64=False) self.logger.debug(f"MockSecretHandler: cannot load {secret_name}.{namespace}") return None
def load_secret(self, resource: 'IRResource', secret_name: str, namespace: str) -> Optional[SecretInfo]: # Only allow a secret to be _loaded_ if it's marked Loadable. key = f"{secret_name}.{namespace}" if key in CLISecretHandler.LoadableSecrets: self.logger.info(f"CLISecretHandler: loading {key}") return SecretInfo(secret_name, namespace, "mocked-loadable-secret", "-mocked-cert-", "-mocked-key-", decode_b64=False) self.logger.debug(f"CLISecretHandler: cannot load {key}") return None