blob: 1300d26c25da2db471e9b3bb5428b6fdc3d7e374 [file] [log] [blame]
Scott Bakerac43a742018-05-07 16:54:03 -07001
2# Copyright 2017-present Open Networking Foundation
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16"""
17 sync_secret.py
18
19 Synchronize Secrets.
20"""
21
22import json
Scott Bakera30fae72019-02-01 16:14:43 -080023from xossynchronizer.steps.syncstep import SyncStep
24from xossynchronizer.modelaccessor import KubernetesSecret
Scott Bakerac43a742018-05-07 16:54:03 -070025
26from xosconfig import Config
27from multistructlog import create_logger
28
Scott Bakerac43a742018-05-07 16:54:03 -070029log = create_logger(Config().get('logging'))
30
31class SyncKubernetesSecret(SyncStep):
32
33 """
34 SyncKubernetesSecret
35
36 Implements sync step for syncing Secrets.
37 """
38
39 provides = [KubernetesSecret]
40 observes = KubernetesSecret
41 requested_interval = 0
42
43 def __init__(self, *args, **kwargs):
44 super(SyncKubernetesSecret, self).__init__(*args, **kwargs)
Scott Baker13e953c2018-05-17 09:19:15 -070045 self.init_kubernetes_client()
46
47 def init_kubernetes_client(self):
48 from kubernetes.client.rest import ApiException
49 from kubernetes import client as kubernetes_client, config as kubernetes_config
Scott Bakerac43a742018-05-07 16:54:03 -070050 kubernetes_config.load_incluster_config()
Scott Baker13e953c2018-05-17 09:19:15 -070051 self.kubernetes_client = kubernetes_client
52 self.v1core = kubernetes_client.CoreV1Api()
53 self.ApiException = ApiException
Scott Bakerac43a742018-05-07 16:54:03 -070054
55 def get_secret(self, o):
56 """ Given an XOS KubernetesSecret object, read the corresponding Secret from Kubernetes.
57 return None if no Secret exists.
58 """
59 try:
Scott Baker13e953c2018-05-17 09:19:15 -070060 secret = self.v1core.read_namespaced_secret(o.name, o.trust_domain.name)
61 except self.ApiException, e:
Scott Bakerac43a742018-05-07 16:54:03 -070062 if e.status == 404:
63 return None
64 raise
65 return secret
66
67 def sync_record(self, o):
68 secret = self.get_secret(o)
69 if not secret:
Scott Baker13e953c2018-05-17 09:19:15 -070070 secret = self.kubernetes_client.V1Secret()
Scott Bakerac43a742018-05-07 16:54:03 -070071 secret.data = json.loads(o.data)
Scott Baker13e953c2018-05-17 09:19:15 -070072 secret.metadata = self.kubernetes_client.V1ObjectMeta(name=o.name)
Scott Bakerac43a742018-05-07 16:54:03 -070073
Scott Baker13e953c2018-05-17 09:19:15 -070074 secret = self.v1core.create_namespaced_secret(o.trust_domain.name, secret)
Scott Bakerac43a742018-05-07 16:54:03 -070075 else:
76 secret.data = json.loads(o.data)
Scott Baker13e953c2018-05-17 09:19:15 -070077 self.v1core.patch_namespaced_secret(o.name, o.trust_domain.name, secret)
Scott Bakerac43a742018-05-07 16:54:03 -070078
79 if (not o.backend_handle):
80 o.backend_handle = secret.metadata.self_link
81 o.save(update_fields=["backend_handle"])
82
Scott Baker393d0152018-05-21 09:17:49 -070083 def delete_record(self, o):
84 secret = self.get_secret(o)
85 if not secret:
86 log.info("Kubernetes secret does not exist; Nothing to delete.", o=o)
87 return
88 delete_options = self.kubernetes_client.V1DeleteOptions()
89 self.v1core.delete_namespaced_secret(o.name, o.trust_domain.name, delete_options)
90 log.info("Deleted secret from kubernetes", handle=o.backend_handle)