def _GetSecretsChanges(args):
"""Return secret env var and volume changes for given args."""
volume_kwargs = {}
env_kwargs = {}
update = args.update_secrets or args.set_secrets
if update:
volume_update = {k: v for k, v in update.items() if _IsVolumeMountKey(k)}
if volume_update:
volume_kwargs['mounts_to_update'] = volume_update
env_update = {k: v for k, v in update.items() if not _IsVolumeMountKey(k)}
if env_update:
env_kwargs['env_vars_to_update'] = env_update
remove = args.remove_secrets
if remove:
volume_remove = [k for k in remove if _IsVolumeMountKey(k)]
if volume_remove:
volume_kwargs['mounts_to_remove'] = volume_remove
env_remove = [k for k in remove if not _IsVolumeMountKey(k)]
if env_remove:
env_kwargs['env_vars_to_remove'] = env_remove
if args.set_secrets or args.clear_secrets:
env_kwargs['clear_others'] = True
volume_kwargs['clear_others'] = True
secret_changes = []
if env_kwargs:
secret_changes.append(config_changes.SecretEnvVarChanges(**env_kwargs))
if volume_kwargs:
secret_changes.append(config_changes.SecretVolumeChanges(**volume_kwargs))
return secret_changes
def testVolumeClear(self):
"""Volumes and mounts are cleared that are of the type we want to clear."""
self.template.volumes.secrets.update({
'secret1-abc': self._MakeSecretVolumeSource('secret1'),
'secret2-def': self._MakeSecretVolumeSource('secret2'),
})
self.template.volumes.config_maps.update({
'config1-abc': self._MakeConfigMapVolumeSource('config1'),
})
self.template.volume_mounts.secrets.update({
'/path1': 'secret1-abc',
'/path/1': 'secret1-abc',
'/path2': 'secret2-def',
})
self.template.volume_mounts.config_maps.update({
'/path3': 'config1-abc',
})
volume_change = config_changes.SecretVolumeChanges(clear_others=True)
self.resource = volume_change.Adjust(self.resource)
self.assertDictEqual({}, dict(self.template.volumes.secrets))
self.assertDictEqual({
'config1-abc': self._MakeConfigMapVolumeSource('config1'),
}, dict(self.template.volumes.config_maps))
self.assertDictEqual({}, dict(self.template.volume_mounts.secrets))
self.assertDictEqual({
'/path3': 'config1-abc',
}, dict(self.template.volume_mounts.config_maps))
def testVolumeUpdate(self):
self.template.volumes.secrets.update({
'secret1-abc':
self._MakeSecretVolumeSource('secret1', ('item0', 'item0')),
'secret2-def':
self._MakeSecretVolumeSource('secret2'),
'secret3-ghi':
self._MakeSecretVolumeSource('secret3'),
})
self.template.volumes.config_maps.update({
'config1-abc': self._MakeConfigMapVolumeSource('config1'),
})
self.template.volume_mounts.secrets.update({
'/path1': 'secret1-abc',
'/path1/1': 'secret1-abc',
'/path2': 'secret2-def',
'/path3': 'secret3-ghi',
})
self.template.volume_mounts.config_maps.update({
'/path4': 'config1-abc',
})
volume_change = config_changes.SecretVolumeChanges(
mounts_to_update={
'/path1/1': 'secret3:item1',
'/path2': 'new-secret6:item1',
'/path3': 'secret1',
'/path5': 'new-secret5',
})
self.resource = volume_change.Adjust(self.resource)
self.assertDictEqual({
'secret1-abc':
self._MakeSecretVolumeSource('secret1', ('item0', 'item0')),
'new-secret5-genr8d':
self._MakeSecretVolumeSource('new-secret5'),
'secret1-genr8d':
self._MakeSecretVolumeSource('secret1'),
'secret3-genr8d':
self._MakeSecretVolumeSource('secret3', ('item1', 'item1')),
'new-secret6-genr8d':
self._MakeSecretVolumeSource('new-secret6', ('item1', 'item1')),
}, dict(self.template.volumes.secrets))
self.assertDictEqual({
'config1-abc': self._MakeConfigMapVolumeSource('config1'),
}, dict(self.template.volumes.config_maps))
self.assertDictEqual({
'/path1': 'secret1-abc',
'/path1/1': 'secret3-genr8d',
'/path2': 'new-secret6-genr8d',
'/path3': 'secret1-genr8d',
'/path5': 'new-secret5-genr8d',
}, dict(self.template.volume_mounts.secrets))
self.assertDictEqual({
'/path4': 'config1-abc',
}, dict(self.template.volume_mounts.config_maps))
def _GetSecretsChanges(args):
"""Return config_changes.SecretVolumeChanges for given args."""
kwargs = {}
update = args.update_secrets or args.set_secrets
if update:
kwargs['mounts_to_update'] = update
remove = args.remove_secrets
if remove:
kwargs['mounts_to_remove'] = remove
if args.set_secrets or args.clear_secrets:
kwargs['clear_others'] = True
return config_changes.SecretVolumeChanges(**kwargs)
def testVolumeRemoveKeepsVolumeIfUsed(self):
"""If the volume is still in use after mount removal, it isn't deleted."""
self.template.volumes.secrets.update({
'secret1-abc': self._MakeSecretVolumeSource('secret1'),
})
self.template.volume_mounts.secrets.update({
'/path1': 'secret1-abc',
'/path2': 'secret1-abc',
})
volume_change = config_changes.SecretVolumeChanges(
mounts_to_remove=['/path2'])
self.resource = volume_change.Adjust(self.resource)
self.assertDictEqual({
'secret1-abc': self._MakeSecretVolumeSource('secret1'),
}, dict(self.template.volumes.secrets))
self.assertDictEqual({
'/path1': 'secret1-abc',
}, dict(self.template.volume_mounts.secrets))