def test_create_secret(monkeypatch):
monkeypatch.setattr(kc, "render", Mock())
monkeypatch.setattr(kc, "kubectl_manifest", Mock())
monkeypatch.setattr(kc, "get_secret_names", Mock())
monkeypatch.setattr(kc, "generate_rfc1123", Mock())
kc.kubectl_manifest.side_effect = [True, False]
kc.get_secret_names.side_effect = [{"username": "******"}, {}]
kc.generate_rfc1123.return_value = "foo"
assert kc.create_secret("token", "username", "user", "groups")
assert kc.render.call_args[1]["context"] == {
"groups": "Z3JvdXBz",
"password": "******",
"secret_name": "secret-id",
"secret_namespace": "kube-system",
"type": "juju.is/token-auth",
"user": "******",
"username": "******",
}
assert not kc.create_secret("token", "username", "user", "groups")
assert kc.render.call_args[1]["context"] == {
"groups": "Z3JvdXBz",
"password": "******",
"secret_name": "auth-user-foo",
"secret_namespace": "kube-system",
"type": "juju.is/token-auth",
"user": "******",
"username": "******",
}
def migrate_auth_file(filename):
"""Create secrets or known tokens depending on what file is being migrated."""
with open(str(filename), "r") as f:
rows = list(csv.reader(f))
for row in rows:
try:
if row[0].startswith("#"):
continue
else:
if filename == AUTH_BASIC_FILE:
create_known_token(*row)
elif filename == AUTH_TOKENS_FILE:
create_secret(*row)
else:
# log and return if we don't recognize the auth file
hookenv.log("Unknown auth file: {}".format(filename))
return False
except IndexError:
pass
deprecate_auth_file(filename)
return True
def create_calico_node_token():
''' Create the system:calico-node user token '''
status.maintenance('Creating system:calico-node user token')
token = kubernetes_common.token_generator()
user = '******'
success = kubernetes_common.create_secret(token=token,
username=user,
user=user)
if not success:
log('Failed to create system:calico-node user token, will retry')
status.waiting('Waiting to retry creating calico-node token')
return
# create_secret may have added the <user>:: prefix. Get the new token.
token = kubernetes_common.get_secret_password(user)
if not token:
log('Failed to get system:calico-node user token, will retry')
status.waiting('Waiting to retry creating calico-node token')
return
leader_set({'calico-node-token': token})