From 410236a7da7a6e903f996157b4b8ffdec67a2473 Mon Sep 17 00:00:00 2001
From: Maarten de Waard <maarten@greenhost.nl>
Date: Thu, 16 Dec 2021 15:20:47 +0100
Subject: [PATCH] bugfix and improve generate_secrets script
---
install/generate_secrets.py | 47 ++++++++++++++++++++++++++++---------
1 file changed, 36 insertions(+), 11 deletions(-)
diff --git a/install/generate_secrets.py b/install/generate_secrets.py
index 6ff53ac01..56666eaf2 100644
--- a/install/generate_secrets.py
+++ b/install/generate_secrets.py
@@ -59,16 +59,27 @@ def create_variables_secret(app_name, env):
new_secret_dict = yaml.safe_load(env.from_string(lines).render())
current_secret_data = get_kubernetes_secret_data(secret_name,
secret_namespace)
- if current_secret_data is not None:
+ if current_secret_data is None:
+ # Create new secret
+ update_secret = False
+ elif current_secret_data.keys() != new_secret_dict['data'].keys():
+ # Update current secret with new keys
+ update_secret = True
print(f"Secret {secret_name} in namespace {secret_namespace}"
" already exists. Merging...")
# Merge dicts. Values from current_secret_data take precedence
new_secret_dict['data'] |= current_secret_data
+ else:
+ # Do Nothing
+ print(f"Secret {secret_name} in namespace {secret_namespace}"
+ " is already in a good state, doing nothing.")
+ return
print(f"Storing secret {secret_name} in namespace"
f" {secret_namespace} in cluster.")
- store_kubernetes_secret(new_secret_dict, secret_namespace)
+ store_kubernetes_secret(new_secret_dict, secret_namespace,
+ update=update_secret)
else:
- print(f'File {variables_filename} does not exist.')
+ print(f'File {variables_filename} does not exist, no action needed')
def create_basic_auth_secret(app_name, env):
@@ -100,7 +111,7 @@ def create_basic_auth_secret(app_name, env):
print(f"Secret {secret_name} in namespace {secret_namespace}"
" already exists. Not generating new secrets.")
else:
- print(f'File {basic_auth_filename} does not exist.')
+ print(f'File {basic_auth_filename} does not exist, no action needed')
def get_secret_metadata(yaml_string):
"""Returns secret name and namespace from metadata field in a yaml string"""
@@ -126,14 +137,28 @@ def get_kubernetes_secret_data(secret_name, namespace):
return None
return secret
-def store_kubernetes_secret(secret_dict, namespace):
- """Converts secret_string into a yaml object and adds it to the cluster"""
+def store_kubernetes_secret(secret_dict, namespace, update=False):
+ """Stores either a new secret in the cluster, or updates an existing one"""
+ api_client = client.api_client.ApiClient()
+ if update:
+ verb = "updated"
+ api_response = patch_kubernetes_secret(secret_dict, namespace)
+ else:
+ verb = "created"
+ api_response = create_from_yaml(
+ api_client,
+ yaml_objects=[secret_dict],
+ namespace=namespace)
+ print(f"Secret {verb} with api response: {api_response}")
+
+def patch_kubernetes_secret(secret_dict, namespace):
+ """Patches secret in the cluster with new data"""
api_client = client.api_client.ApiClient()
- api_response = create_from_yaml(
- api_client,
- yaml_objects=[secret_dict],
- namespace=namespace)
- print(f"Secret created with api response: {api_response}")
+ api_instance = client.CoreV1Api(api_client)
+ name = secret_dict['metadata']['name']
+ body = {}
+ body['data'] = secret_dict['data']
+ return api_instance.patch_namespaced_secret(name, namespace, body)
def generate_password(length):
"""Generates a password of "length" characters"""
--
GitLab