예제 #1
0
    def add_secrets(self, secrets_dict, overwrite=False):
        """Add a new secret to the user's Kubernetes secret.

        :param secrets: Dictionary containing new secrets, where keys are
            secret names and corresponding values are dictionaries containing
            base64 encoded value and a type (which determines how the secret
            should be mounted).
        :returns: Updated user secret list.
        """
        try:
            k8s_user_secrets = self._get_k8s_user_secrets_store()
            for secret_name in secrets_dict:
                if k8s_user_secrets.data.get(secret_name) and not overwrite:
                    raise REANASecretAlreadyExists(
                        "Operation cancelled. Secret {} already exists. "
                        "If you want change it use overwrite".format(
                            secret_name))
                secrets_types = self._load_json_annotation_from_k8s_object(
                    k8s_user_secrets, "secrets_types")
                secrets_types[secret_name] = secrets_dict[secret_name]["type"]
                self._dump_json_annotation_to_k8s_object(
                    k8s_user_secrets, "secrets_types", secrets_types)
                k8s_user_secrets.data[secret_name] = secrets_dict[secret_name][
                    "value"]
            self._update_store(k8s_user_secrets)
            return k8s_user_secrets.data.keys()
        except ApiException:
            log.error(
                "Something went wrong while adding secrets to "
                "Kubernetes secret for user {0}.".format(
                    str(self.user_secret_store_id)),
                exc_info=True,
            )
예제 #2
0
def add_secrets(secrets, overwrite, access_token):
    """Add new secrets.

    :param secrets: dictionary containing all the secrets to be sent.
      The dictionary with secret names for keys and for each key there is
       a dictionary with two fields:
      - 'value':  a base64 encoded file or literal string
      - 'type': 'file' or 'env'
    :param overwrite: whether secrets should be overwritten when they
     already exist.
    :param access_token: access token of the current user.

    """
    try:
        (response,
            http_response) = current_rs_api_client.api.add_secrets(
            secrets=secrets,
            access_token=access_token,
            overwrite=overwrite).result()
        if http_response.status_code == 201:
            return response
        else:
            raise Exception(
                "Expected status code 201 but replied with "
                "{status_code}".format(
                    status_code=http_response.status_code))

    except HTTPError as e:
        logging.debug(
            'Secrets could not be added: '
            '\nStatus: {}\nReason: {}\n'
            'Message: {}'.format(e.response.status_code,
                                 e.response.reason,
                                 e.response.json()['message']))
        if e.status_code == 409:
            raise REANASecretAlreadyExists()
        else:
            raise Exception(e.response.json()['message'])
    except Exception as e:
        raise e