def _GetSecretsChanges(args): """Return secret env var and volume changes for given args.""" volume_kwargs = {} env_kwargs = {} update = args.update_secrets or args.set_secrets if update: volume_update = {k: v for k, v in update.items() if _IsVolumeMountKey(k)} if volume_update: volume_kwargs['mounts_to_update'] = volume_update env_update = {k: v for k, v in update.items() if not _IsVolumeMountKey(k)} if env_update: env_kwargs['env_vars_to_update'] = env_update remove = args.remove_secrets if remove: volume_remove = [k for k in remove if _IsVolumeMountKey(k)] if volume_remove: volume_kwargs['mounts_to_remove'] = volume_remove env_remove = [k for k in remove if not _IsVolumeMountKey(k)] if env_remove: env_kwargs['env_vars_to_remove'] = env_remove if args.set_secrets or args.clear_secrets: env_kwargs['clear_others'] = True volume_kwargs['clear_others'] = True secret_changes = [] if env_kwargs: secret_changes.append(config_changes.SecretEnvVarChanges(**env_kwargs)) if volume_kwargs: secret_changes.append(config_changes.SecretVolumeChanges(**volume_kwargs)) return secret_changes
def testEnvVarSourceUpdate(self): self.template.env_vars.secrets.update({ 'k1': self._MakeSecretEnvVarSource('s1', 'key1'), 'k2': self._MakeSecretEnvVarSource('s2', 'key2'), }) env_change = config_changes.SecretEnvVarChanges( env_vars_to_update={'k1': 's3:key3', 'k3': 'secret:key'}) self.resource = env_change.Adjust(self.resource) self.assertDictEqual({ 'k1': self._MakeSecretEnvVarSource('s3', 'key3'), 'k2': self._MakeSecretEnvVarSource('s2', 'key2'), 'k3': self._MakeSecretEnvVarSource('secret', 'key'), }, dict(self.template.env_vars.secrets))
def testEnvSourceClear(self): self.template.env_vars.literals.update({'k0': 'v0'}) self.template.env_vars.secrets.update({ 'k1': self._MakeSecretEnvVarSource('s1', 'key'), 'k2': self._MakeSecretEnvVarSource('s2', 'key'), 'k3': self._MakeSecretEnvVarSource('s3', 'key'), }) self.template.env_vars.config_maps.update({ 'k4': self._MakeConfigMapEnvVarSource('c1', 'key'), 'k5': self._MakeConfigMapEnvVarSource('c2', 'key'), }) env_change = config_changes.SecretEnvVarChanges(clear_others=True) self.resource = env_change.Adjust(self.resource) self.assertDictEqual({'k0': 'v0'}, dict(self.template.env_vars.literals)) self.assertDictEqual({}, dict(self.template.env_vars.secrets)) self.assertDictEqual({ 'k4': self._MakeConfigMapEnvVarSource('c1', 'key'), 'k5': self._MakeConfigMapEnvVarSource('c2', 'key'), }, dict(self.template.env_vars.config_maps))
def testEnvSourceSetFailsWhenLiteralExists(self): self.template.env_vars.literals.update({'k1': 'v1'}) env_change = config_changes.SecretEnvVarChanges( env_vars_to_update={'k1': 's1:key'}) with self.assertRaises(exceptions.ConfigurationError): self.resource = env_change.Adjust(self.resource)
def testEnvSourceSetFailsWithNoKey(self): with self.assertRaises(exceptions.ConfigurationError): config_changes.SecretEnvVarChanges(env_vars_to_update={'k1': 's1'})