From 5ace6a9588f65b045bd77de970d4ff9c68b82906 Mon Sep 17 00:00:00 2001
From: Maarten de Waard <maarten@greenhost.nl>
Date: Mon, 12 Jul 2021 13:57:37 +0200
Subject: [PATCH] remove usage of secrets dir
---
openappstack/__main__.py | 13 ++++++++-----
openappstack/cluster.py | 33 ++++++++++++---------------------
2 files changed, 20 insertions(+), 26 deletions(-)
diff --git a/openappstack/__main__.py b/openappstack/__main__.py
index f4541522b..8d17fb5f6 100755
--- a/openappstack/__main__.py
+++ b/openappstack/__main__.py
@@ -250,7 +250,7 @@ def secrets(clus, args):
:param cluster.Cluster clus: cluster to show information about
"""
clus.load_data()
- clus.dump_secrets(args)
+ clus.dump_secrets()
def create(clus, args): # pylint: disable=too-many-branches
@@ -310,10 +310,13 @@ def create(clus, args): # pylint: disable=too-many-branches
elif args.droplet_id:
clus.set_info_by_droplet_id(args.droplet_id)
elif args.ip_address:
- if not args.create_hostname:
- log.error('--create-hostname required when using --ip-address')
- sys.exit(2)
- clus.set_info_by_ip_and_hostname(args.ip_address, args.create_hostname)
+ if args.create_hostname:
+ create_hostname = args.create_hostname
+ else:
+ log.info('No --create-hostname provided, using cluster name "%s"',
+ args.cluster_name)
+ create_hostname = args.cluster_name
+ clus.set_info_by_ip_and_hostname(args.ip_address, create_hostname)
elif args.droplet_hostname:
clus.set_info_by_hostname(args.droplet_hostname)
diff --git a/openappstack/cluster.py b/openappstack/cluster.py
index fd9859b62..858829af8 100644
--- a/openappstack/cluster.py
+++ b/openappstack/cluster.py
@@ -1,7 +1,6 @@
"""Contains code for managing the files related to an OpenAppStack cluster."""
import base64
-import configparser
import logging
import os
import sys
@@ -162,7 +161,7 @@ CLUSTER_DIR={cluster_dir}
IP_ADDRESS={ip_address}
HOSTNAME={hostname}
FQDN={domain}
-KUBECONFIG={secret_dir}/kube_config_cluster.yml
+KUBECONFIG={cluster_dir}/kube_config_cluster.yml
"""
with open(self.dotenv_file, 'w') as stream:
@@ -172,7 +171,6 @@ KUBECONFIG={secret_dir}/kube_config_cluster.yml
ip_address=self.ip_address,
hostname=self.hostname,
domain=self.domain,
- secret_dir=self.secret_dir
))
log.info("Created %s", self.dotenv_file)
@@ -183,7 +181,6 @@ KUBECONFIG={secret_dir}/kube_config_cluster.yml
def make_cluster_directories(self):
"""Make sure the cluster's file directory exists"""
os.makedirs(self.cluster_dir, exist_ok=True)
- os.makedirs(self.secret_dir, exist_ok=True)
@property
def inventory_file(self):
@@ -196,16 +193,10 @@ KUBECONFIG={secret_dir}/kube_config_cluster.yml
return os.path.join(self.cluster_dir, '.cluster.env')
- @property
- def secret_dir(self):
- """Path where all the passwords for cluster admins are saved"""
- return os.path.join(self.cluster_dir, 'secrets')
-
- def dump_secrets(self, args):
+ def dump_secrets(self):
"""
Shows all OAS cluster secrets.
"""
-
all_secrets = {
'flux-system': {
'oas-kube-prometheus-stack-variables': ['grafana_admin_password'],
@@ -219,16 +210,16 @@ KUBECONFIG={secret_dir}/kube_config_cluster.yml
'oas-rocketchat-variables': [
'rocketchat_admin_password',
'mongodb_root_password',
- 'mongodb_password' ],
+ 'mongodb_password'],
'oas-single-sign-on-variables': [
'userbackend_admin_username',
'userbackend_admin_password',
'userbackend_postgres_password',
- 'hydra_system_secret' ],
+ 'hydra_system_secret'],
'oas-wordpress-variables': [
'wordpress_admin_password',
'wordpress_mariadb_password',
- 'wordpress_mariadb_root_password' ]
+ 'wordpress_mariadb_root_password']
}
}
@@ -239,8 +230,8 @@ KUBECONFIG={secret_dir}/kube_config_cluster.yml
secret = self.get_password_from_kubernetes(
app,
app_secret,
- namespace)
- print(app_secret + '=' + secret )
+ 'flux-system')
+ print(app_secret + '=' + secret)
def get_password_from_kubernetes(self, secret, key, namespace):
"""
@@ -252,19 +243,19 @@ KUBECONFIG={secret_dir}/kube_config_cluster.yml
encoded password
:param string namespace: The namespace the secret is in
"""
- kubeconfig = os.path.join(self.secret_dir, 'kube_config_cluster.yml')
+ kubeconfig = os.path.join(self.cluster_dir, 'kube_config_cluster.yml')
config.load_kube_config(config_file=kubeconfig)
api = client.CoreV1Api()
try:
secret_data = api.read_namespaced_secret(secret, namespace)
- except client.exceptions.ApiException:
+ except client.rest.ApiException:
print(f"Secret {secret} not found in namespace '{namespace}'")
return "password not found"
try:
password = secret_data.data[key]
except KeyError:
print(f"Could not get password from secret '{secret}' in namespace"
- " '{namespace}' with key '{key}'")
+ " '{namespace}' with key '{key}'")
return "password not found"
return base64.b64decode(password).decode('utf-8')
@@ -292,11 +283,11 @@ KUBECONFIG={secret_dir}/kube_config_cluster.yml
To use kubectl with this cluster, copy-paste this in your terminal:
- export KUBECONFIG={secret_dir}/kube_config_cluster.yml"""
+ export KUBECONFIG={cluster_dir}/kube_config_cluster.yml"""
print(info_string.format(
name=self.name,
ip_address=self.ip_address,
hostname=self.hostname,
domain=self.domain,
inventory_file=self.inventory_file,
- secret_dir=self.secret_dir))
+ cluster_dir=self.cluster_dir))
--
GitLab