Exemplo n.º 1
0
def save_secret_data(
    namespace: str, name: str, data: Dict[str, str], labels=None
):
    secret = {"metadata": {"name": name, "namespace": namespace}, "data": data}
    if labels is not None:
        secret["metadata"]["labels"] = labels

    try:
        find(pykube.Secret, name, namespace)
    except pykube.exceptions.ObjectDoesNotExist:
        pykube.Secret(api, secret).create()
    else:
        pykube.Secret(api, secret).update()
Exemplo n.º 2
0
def create_kubernetes_secret(doc: dict) -> pykube.Secret:
    api = pykube.HTTPClient(pykube.KubeConfig.from_env())
    secret = pykube.Secret(api, doc)
    secret.create()
    api.session.close()

    return secret
Exemplo n.º 3
0
def process(event):
    affected_services = event.get('services') or []
    errors = []
    result_code = 200

    for service in affected_services:

        # Set up the client with correct context
        confidant = _setup_confidant_client(service=service)

        # Pull the service details from Confidant
        service_details = confidant.get_service(service=service)
        app.logger.debug(service_details)

        if service_details.get('result') and not service_details.get('service'):
            err = "Unable to pull service details for '{}'".format(service)
            app.logger.error(err)
            errors.append(err)
            result_code = 400
            break

        if service_details.get('result') and service_details['service'].get('enabled'):
            service_details = service_details['service']
            service_name = service_details['id']
            namespace = _service_to_namespace(service_name)
            credentials = service_details.get('credentials') or []

            # Find which k8s clusters the service lives on, and get their login details
            k8s_clusters = [c for c in credentials if c.get('enabled') and c.get('name').startswith('k8s-cluster-')]
            secret_collection = [s for s in credentials if s.get('enabled') and not s.get('name').startswith('k8s-cluster-')]
            app.logger.debug({"k8s_clusters": k8s_clusters, "secret_collection": secret_collection})

            # Build up the secret data.
            try:
                secrets = _parse_secret_collection(secret_collection=secret_collection, namespace=namespace)
            except BadSecretFormat as e:
                errors.append("Error in Secret data: " + str(e))
                result_code = 400
                break

            # Create a hashed value, to see if the data has changed.
            hashedval = hashlib.md5(str(repr(credentials)).encode('utf-8')).hexdigest()

            k8s_auth = _get_k8s_auth(credentials=credentials)

            for config in k8s_auth:
                app.logger.debug({"config": config})
                try:

                    kube_connection = pykube.HTTPClient(pykube.KubeConfig(config))

                    for k8s_secret in secrets.values():

                        if pykube.Secret(kube_connection, k8s_secret).exists():
                            pykube.Secret(kube_connection, k8s_secret).delete()  # We delete, rather than update(), as updates seems to keep deleted data

                        k8s_namespace = {"apiVersion": "v1", "kind": "Namespace", "metadata": {"name": namespace}}
                        if not pykube.Namespace(kube_connection, k8s_namespace).exists():
                            errors.append("Creating namespace %s" % (namespace))
                            pykube.Namespace(kube_connection, k8s_namespace).create()

                        pykube.Secret(kube_connection, k8s_secret).create()

                    _trigger_deployment(kube_connection, namespace, checksum=hashedval)  # After updating secrets, we trigger a rolling update in the namespace

                except KeyError as e:
                    errors.append(str(e))
                    result_code = 500
                    app.logger.debug({"error": e})

                except NamespaceNoDeploymentError as e:
                    errors.append(str(e))
                    result_code = 200

    return {'code': result_code, 'errors': errors}
Exemplo n.º 4
0
 def _as_pykube(self):
     return pykube.Secret(_kapi, {"metadata": self._meta()})
Exemplo n.º 5
0
 def delete_secret(self, name):
     sec = pykube.Secret(self._api, {"metadata": self._mk_meta(name=name)})
     return sec.delete()
Exemplo n.º 6
0
 def patch_secret(self, name, patch):
     sec = pykube.Secret(self._api, {"metadata": self._mk_meta(name=name)})
     return sec.patch(patch)
Exemplo n.º 7
0
 def test_name(self):
     obj = {}
     name = "testname"
     k8s.set_name(obj, name)
     secret = pykube.Secret(None, obj)
     self.assertEquals(secret.name, name)