def _GetSecretsChanges(args):
"""Return secret env var and volume changes for given args."""
volume_kwargs = {}
env_kwargs = {}
update = args.update_secrets or args.set_secrets
if update:
volume_update = {k: v for k, v in update.items() if _IsVolumeMountKey(k)}
if volume_update:
volume_kwargs['mounts_to_update'] = volume_update
env_update = {k: v for k, v in update.items() if not _IsVolumeMountKey(k)}
if env_update:
env_kwargs['env_vars_to_update'] = env_update
remove = args.remove_secrets
if remove:
volume_remove = [k for k in remove if _IsVolumeMountKey(k)]
if volume_remove:
volume_kwargs['mounts_to_remove'] = volume_remove
env_remove = [k for k in remove if not _IsVolumeMountKey(k)]
if env_remove:
env_kwargs['env_vars_to_remove'] = env_remove
if args.set_secrets or args.clear_secrets:
env_kwargs['clear_others'] = True
volume_kwargs['clear_others'] = True
secret_changes = []
if env_kwargs:
secret_changes.append(config_changes.SecretEnvVarChanges(**env_kwargs))
if volume_kwargs:
secret_changes.append(config_changes.SecretVolumeChanges(**volume_kwargs))
return secret_changes
def testEnvVarSourceUpdate(self):
self.template.env_vars.secrets.update({
'k1': self._MakeSecretEnvVarSource('s1', 'key1'),
'k2': self._MakeSecretEnvVarSource('s2', 'key2'),
})
env_change = config_changes.SecretEnvVarChanges(
env_vars_to_update={'k1': 's3:key3', 'k3': 'secret:key'})
self.resource = env_change.Adjust(self.resource)
self.assertDictEqual({
'k1': self._MakeSecretEnvVarSource('s3', 'key3'),
'k2': self._MakeSecretEnvVarSource('s2', 'key2'),
'k3': self._MakeSecretEnvVarSource('secret', 'key'),
}, dict(self.template.env_vars.secrets))
def testEnvSourceClear(self):
self.template.env_vars.literals.update({'k0': 'v0'})
self.template.env_vars.secrets.update({
'k1': self._MakeSecretEnvVarSource('s1', 'key'),
'k2': self._MakeSecretEnvVarSource('s2', 'key'),
'k3': self._MakeSecretEnvVarSource('s3', 'key'),
})
self.template.env_vars.config_maps.update({
'k4': self._MakeConfigMapEnvVarSource('c1', 'key'),
'k5': self._MakeConfigMapEnvVarSource('c2', 'key'),
})
env_change = config_changes.SecretEnvVarChanges(clear_others=True)
self.resource = env_change.Adjust(self.resource)
self.assertDictEqual({'k0': 'v0'}, dict(self.template.env_vars.literals))
self.assertDictEqual({}, dict(self.template.env_vars.secrets))
self.assertDictEqual({
'k4': self._MakeConfigMapEnvVarSource('c1', 'key'),
'k5': self._MakeConfigMapEnvVarSource('c2', 'key'),
}, dict(self.template.env_vars.config_maps))
def testEnvSourceSetFailsWhenLiteralExists(self):
self.template.env_vars.literals.update({'k1': 'v1'})
env_change = config_changes.SecretEnvVarChanges(
env_vars_to_update={'k1': 's1:key'})
with self.assertRaises(exceptions.ConfigurationError):
self.resource = env_change.Adjust(self.resource)
def testEnvSourceSetFailsWithNoKey(self):
with self.assertRaises(exceptions.ConfigurationError):
config_changes.SecretEnvVarChanges(env_vars_to_update={'k1': 's1'})
