remove usage of secrets dir

5ace6a95 · Maarten de Waard · c91ecdcd · 5ace6a95 · 5ace6a95
Verified Commit 5ace6a95 authored 3 years ago by Maarten de Waard
--- a/openappstack/__main__.py
+++ b/openappstack/__main__.py
@@ -250,7 +250,7 @@ def secrets(clus, args):
    :param cluster.Cluster clus: cluster to show information about
    """
    clus.load_data()
-    clus.dump_secrets(args)
+    clus.dump_secrets()


 def create(clus, args):  # pylint: disable=too-many-branches
@@ -310,10 +310,13 @@ def create(clus, args):  # pylint: disable=too-many-branches
    elif args.droplet_id:
        clus.set_info_by_droplet_id(args.droplet_id)
    elif args.ip_address:
-        if not args.create_hostname:
-            log.error('--create-hostname required when using --ip-address')
-            sys.exit(2)
-        clus.set_info_by_ip_and_hostname(args.ip_address, args.create_hostname)
+        if args.create_hostname:
+            create_hostname = args.create_hostname
+        else:
+            log.info('No --create-hostname provided, using cluster name "%s"',
+                     args.cluster_name)
+            create_hostname = args.cluster_name
+        clus.set_info_by_ip_and_hostname(args.ip_address, create_hostname)
    elif args.droplet_hostname:
        clus.set_info_by_hostname(args.droplet_hostname)


--- a/openappstack/cluster.py
+++ b/openappstack/cluster.py
 """Contains code for managing the files related to an OpenAppStack cluster."""

 import base64
-import configparser
 import logging
 import os
 import sys
@@ -162,7 +161,7 @@ CLUSTER_DIR={cluster_dir}
 IP_ADDRESS={ip_address}
 HOSTNAME={hostname}
 FQDN={domain}
-KUBECONFIG={secret_dir}/kube_config_cluster.yml
+KUBECONFIG={cluster_dir}/kube_config_cluster.yml
 """

        with open(self.dotenv_file, 'w') as stream:
@@ -172,7 +171,6 @@ KUBECONFIG={secret_dir}/kube_config_cluster.yml
                ip_address=self.ip_address,
                hostname=self.hostname,
                domain=self.domain,
-                secret_dir=self.secret_dir
            ))
            log.info("Created %s", self.dotenv_file)

@@ -183,7 +181,6 @@ KUBECONFIG={secret_dir}/kube_config_cluster.yml
    def make_cluster_directories(self):
        """Make sure the cluster's file directory exists"""
        os.makedirs(self.cluster_dir, exist_ok=True)
-        os.makedirs(self.secret_dir, exist_ok=True)

    @property
    def inventory_file(self):
@@ -196,16 +193,10 @@ KUBECONFIG={secret_dir}/kube_config_cluster.yml
        return os.path.join(self.cluster_dir, '.cluster.env')


-    @property
-    def secret_dir(self):
-        """Path where all the passwords for cluster admins are saved"""
-        return os.path.join(self.cluster_dir, 'secrets')
-
-    def dump_secrets(self, args):
+    def dump_secrets(self):
        """
        Shows all OAS cluster secrets.
        """
-
        all_secrets = {
            'flux-system': {
                'oas-kube-prometheus-stack-variables': ['grafana_admin_password'],
@@ -219,16 +210,16 @@ KUBECONFIG={secret_dir}/kube_config_cluster.yml
                'oas-rocketchat-variables': [
                    'rocketchat_admin_password',
                    'mongodb_root_password',
-                    'mongodb_password' ],
+                    'mongodb_password'],
                'oas-single-sign-on-variables': [
                    'userbackend_admin_username',
                    'userbackend_admin_password',
                    'userbackend_postgres_password',
-                    'hydra_system_secret' ],
+                    'hydra_system_secret'],
                'oas-wordpress-variables': [
                    'wordpress_admin_password',
                    'wordpress_mariadb_password',
-                    'wordpress_mariadb_root_password' ]
+                    'wordpress_mariadb_root_password']
            }

        }
@@ -239,8 +230,8 @@ KUBECONFIG={secret_dir}/kube_config_cluster.yml
                    secret = self.get_password_from_kubernetes(
                        app,
                        app_secret,
-                        namespace)
-                    print(app_secret + '=' + secret )
+                        'flux-system')
+                    print(app_secret + '=' + secret)

    def get_password_from_kubernetes(self, secret, key, namespace):
        """
@@ -252,19 +243,19 @@ KUBECONFIG={secret_dir}/kube_config_cluster.yml
            encoded password
        :param string namespace: The namespace the secret is in
        """
-        kubeconfig = os.path.join(self.secret_dir, 'kube_config_cluster.yml')
+        kubeconfig = os.path.join(self.cluster_dir, 'kube_config_cluster.yml')
        config.load_kube_config(config_file=kubeconfig)
        api = client.CoreV1Api()
        try:
            secret_data = api.read_namespaced_secret(secret, namespace)
-        except client.exceptions.ApiException:
+        except client.rest.ApiException:
            print(f"Secret {secret} not found in namespace '{namespace}'")
            return "password not found"
        try:
            password = secret_data.data[key]
        except KeyError:
            print(f"Could not get password from secret '{secret}' in namespace"
-                   " '{namespace}' with key '{key}'")
+                  " '{namespace}' with key '{key}'")
            return "password not found"

        return base64.b64decode(password).decode('utf-8')
@@ -292,11 +283,11 @@ KUBECONFIG={secret_dir}/kube_config_cluster.yml

    To use kubectl with this cluster, copy-paste this in your terminal:

-    export KUBECONFIG={secret_dir}/kube_config_cluster.yml"""
+    export KUBECONFIG={cluster_dir}/kube_config_cluster.yml"""
            print(info_string.format(
                name=self.name,
                ip_address=self.ip_address,
                hostname=self.hostname,
                domain=self.domain,
                inventory_file=self.inventory_file,
-                secret_dir=self.secret_dir))
+                cluster_dir=self.cluster_dir))