def save_secret_data( namespace: str, name: str, data: Dict[str, str], labels=None ): secret = {"metadata": {"name": name, "namespace": namespace}, "data": data} if labels is not None: secret["metadata"]["labels"] = labels try: find(pykube.Secret, name, namespace) except pykube.exceptions.ObjectDoesNotExist: pykube.Secret(api, secret).create() else: pykube.Secret(api, secret).update()
def create_kubernetes_secret(doc: dict) -> pykube.Secret: api = pykube.HTTPClient(pykube.KubeConfig.from_env()) secret = pykube.Secret(api, doc) secret.create() api.session.close() return secret
def process(event): affected_services = event.get('services') or [] errors = [] result_code = 200 for service in affected_services: # Set up the client with correct context confidant = _setup_confidant_client(service=service) # Pull the service details from Confidant service_details = confidant.get_service(service=service) app.logger.debug(service_details) if service_details.get('result') and not service_details.get('service'): err = "Unable to pull service details for '{}'".format(service) app.logger.error(err) errors.append(err) result_code = 400 break if service_details.get('result') and service_details['service'].get('enabled'): service_details = service_details['service'] service_name = service_details['id'] namespace = _service_to_namespace(service_name) credentials = service_details.get('credentials') or [] # Find which k8s clusters the service lives on, and get their login details k8s_clusters = [c for c in credentials if c.get('enabled') and c.get('name').startswith('k8s-cluster-')] secret_collection = [s for s in credentials if s.get('enabled') and not s.get('name').startswith('k8s-cluster-')] app.logger.debug({"k8s_clusters": k8s_clusters, "secret_collection": secret_collection}) # Build up the secret data. try: secrets = _parse_secret_collection(secret_collection=secret_collection, namespace=namespace) except BadSecretFormat as e: errors.append("Error in Secret data: " + str(e)) result_code = 400 break # Create a hashed value, to see if the data has changed. hashedval = hashlib.md5(str(repr(credentials)).encode('utf-8')).hexdigest() k8s_auth = _get_k8s_auth(credentials=credentials) for config in k8s_auth: app.logger.debug({"config": config}) try: kube_connection = pykube.HTTPClient(pykube.KubeConfig(config)) for k8s_secret in secrets.values(): if pykube.Secret(kube_connection, k8s_secret).exists(): pykube.Secret(kube_connection, k8s_secret).delete() # We delete, rather than update(), as updates seems to keep deleted data k8s_namespace = {"apiVersion": "v1", "kind": "Namespace", "metadata": {"name": namespace}} if not pykube.Namespace(kube_connection, k8s_namespace).exists(): errors.append("Creating namespace %s" % (namespace)) pykube.Namespace(kube_connection, k8s_namespace).create() pykube.Secret(kube_connection, k8s_secret).create() _trigger_deployment(kube_connection, namespace, checksum=hashedval) # After updating secrets, we trigger a rolling update in the namespace except KeyError as e: errors.append(str(e)) result_code = 500 app.logger.debug({"error": e}) except NamespaceNoDeploymentError as e: errors.append(str(e)) result_code = 200 return {'code': result_code, 'errors': errors}
def _as_pykube(self): return pykube.Secret(_kapi, {"metadata": self._meta()})
def delete_secret(self, name): sec = pykube.Secret(self._api, {"metadata": self._mk_meta(name=name)}) return sec.delete()
def patch_secret(self, name, patch): sec = pykube.Secret(self._api, {"metadata": self._mk_meta(name=name)}) return sec.patch(patch)
def test_name(self): obj = {} name = "testname" k8s.set_name(obj, name) secret = pykube.Secret(None, obj) self.assertEquals(secret.name, name)