def build_secrets_for_all_namespaces(env_name, service_name, ecs_service_name,
sample_env_folder_path, secrets_name):
secrets_across_namespaces = {}
namespaces = get_namespaces_from_directory(sample_env_folder_path)
duplicates = find_duplicate_keys(sample_env_folder_path, namespaces)
if len(duplicates) != 0:
raise UnrecoverableException(
'duplicate keys found in env sample files {} '.format(duplicates))
for namespace in namespaces:
secrets_for_namespace = _get_secrets_for_namespace(
env_name, namespace, sample_env_folder_path, secrets_name)
secrets_across_namespaces.update(secrets_for_namespace)
automated_secret_name = get_automated_injected_secret_name(
env_name, service_name, ecs_service_name)
existing_secrets = {}
try:
existing_secrets = secrets_manager.get_config(automated_secret_name,
env_name)['secrets']
except Exception as err:
log_warning(
f'secret {automated_secret_name} does not exist. It will be created: {err}'
)
if existing_secrets != secrets_across_namespaces:
log(f"Updating {automated_secret_name}")
secrets_manager.set_secrets_manager_config(env_name,
automated_secret_name,
secrets_across_namespaces)
arn = secrets_manager.get_config(automated_secret_name, env_name)['ARN']
return dict(CLOUDLIFT_INJECTED_SECRETS=arn)
def test_get_config_caching(self, mock_get_client_for):
secrets_manager._secret_manager_cache = {}
mock_client = MagicMock('boto3_client', get_secret_value=MagicMock(return_value=_get_secret_response()))
mock_get_client_for.return_value = mock_client
secrets_manager.get_config("dummy-common", "test")
secrets_manager.get_config("dummy-common", "test")
mock_get_client_for.assert_called_once_with('secretsmanager', 'test')
mock_client.get_secret_value.assert_called_once_with(SecretId='dummy-common')
def _get_secrets_for_namespace(env_name, namespace, sample_env_folder_path,
secrets_name):
inferred_secrets_name = get_secret_name(secrets_name, namespace)
secrets_for_namespace = secrets_manager.get_config(inferred_secrets_name,
env_name)['secrets']
sample_config_keys = get_sample_keys(sample_env_folder_path, namespace)
_validate_config_availability(sample_config_keys,
set(secrets_for_namespace.keys()))
return {k: secrets_for_namespace[k] for k in sample_config_keys}
def test_get_config(self, mock_get_client_for):
secrets_manager._secret_manager_cache = {}
mock_client = MagicMock('boto3_client', get_secret_value=MagicMock(return_value=_get_secret_response()))
mock_get_client_for.return_value = mock_client
config = secrets_manager.get_config("dummy-test", "test")
mock_get_client_for.assert_called_once_with('secretsmanager', 'test')
mock_client.get_secret_value.assert_called_once_with(SecretId='dummy-test')
self.assertEqual(config, {'secrets': {'LABEL': 'L1', 'PORT': '80'},
'ARN': 'arn:aws:secretsmanager:us-west-2:12345678:secret:dummy-test-QvDJsW:::a1b87fb5-453e-42bd-a4f5-fdc0834854ef'})
def build_secrets_for_all_namespaces(env_name, service_name, ecs_service_name,
sample_env_folder_path, secrets_name):
secrets_across_namespaces = verify_and_get_secrets_for_all_namespaces(
env_name, sample_env_folder_path, secrets_name)
automated_secret_name = get_automated_injected_secret_name(
env_name, service_name, ecs_service_name)
existing_secrets = {}
try:
existing_secrets = secrets_manager.get_config(automated_secret_name,
env_name)['secrets']
except Exception as err:
log_warning(
f'secret {automated_secret_name} does not exist. It will be created: {err}'
)
if existing_secrets != secrets_across_namespaces:
log(f"Updating {automated_secret_name}")
secrets_manager.set_secrets_manager_config(env_name,
automated_secret_name,
secrets_across_namespaces)
arn = secrets_manager.get_config(automated_secret_name, env_name)['ARN']
return dict(CLOUDLIFT_INJECTED_SECRETS=arn)