2018-06-28 17:45:26 +00:00
|
|
|
import os
|
2018-08-15 21:17:41 +00:00
|
|
|
import base64
|
|
|
|
|
2018-06-28 17:45:26 +00:00
|
|
|
from backports.tempfile import TemporaryDirectory
|
|
|
|
|
|
|
|
from config_app.config_util.config.fileprovider import FileConfigProvider
|
2018-08-09 20:43:11 +00:00
|
|
|
from config_app.config_util.k8saccessor import KubernetesAccessorSingleton
|
2018-08-15 21:17:41 +00:00
|
|
|
from util.config.validator import EXTRA_CA_DIRECTORY, EXTRA_CA_DIRECTORY_PREFIX
|
|
|
|
|
2018-08-08 18:22:28 +00:00
|
|
|
|
2018-06-28 17:45:26 +00:00
|
|
|
|
|
|
|
class TransientDirectoryProvider(FileConfigProvider):
|
2018-08-15 19:32:24 +00:00
|
|
|
""" Implementation of the config provider that reads and writes the data
|
|
|
|
from/to the file system, only using temporary directories,
|
|
|
|
deleting old dirs and creating new ones as requested.
|
|
|
|
"""
|
|
|
|
|
|
|
|
def __init__(self, config_volume, yaml_filename, py_filename):
|
|
|
|
# Create a temp directory that will be cleaned up when we change the config path
|
|
|
|
# This should ensure we have no "pollution" of different configs:
|
|
|
|
# no uploaded config should ever affect subsequent config modifications/creations
|
|
|
|
temp_dir = TemporaryDirectory()
|
|
|
|
self.temp_dir = temp_dir
|
|
|
|
super(TransientDirectoryProvider, self).__init__(temp_dir.name, yaml_filename, py_filename)
|
|
|
|
|
|
|
|
@property
|
|
|
|
def provider_id(self):
|
|
|
|
return 'transient'
|
|
|
|
|
|
|
|
def new_config_dir(self):
|
2018-06-28 17:45:26 +00:00
|
|
|
"""
|
2018-08-15 19:32:24 +00:00
|
|
|
Update the path with a new temporary directory, deleting the old one in the process
|
|
|
|
"""
|
|
|
|
self.temp_dir.cleanup()
|
|
|
|
temp_dir = TemporaryDirectory()
|
|
|
|
|
|
|
|
self.config_volume = temp_dir.name
|
|
|
|
self.temp_dir = temp_dir
|
|
|
|
self.yaml_path = os.path.join(temp_dir.name, self.yaml_filename)
|
|
|
|
|
|
|
|
def get_config_dir_path(self):
|
|
|
|
return self.config_volume
|
|
|
|
|
|
|
|
def save_configuration_to_kubernetes(self):
|
2018-08-15 21:17:41 +00:00
|
|
|
data = {}
|
|
|
|
|
2018-08-16 19:42:01 +00:00
|
|
|
# Kubernetes secrets don't have sub-directories, so for the extra_ca_certs dir
|
|
|
|
# we have to put the extra certs in with a prefix, and then one of our init scripts
|
|
|
|
# (02_get_kube_certs.sh) will expand the prefixed certs into the equivalent directory
|
|
|
|
# so that they'll be installed correctly on startup by the certs_install script
|
2018-08-15 21:17:41 +00:00
|
|
|
certs_dir = os.path.join(self.config_volume, EXTRA_CA_DIRECTORY)
|
|
|
|
if os.path.exists(certs_dir):
|
|
|
|
for extra_cert in os.listdir(certs_dir):
|
|
|
|
with open(os.path.join(certs_dir, extra_cert)) as f:
|
|
|
|
data[EXTRA_CA_DIRECTORY_PREFIX + extra_cert] = base64.b64encode(f.read())
|
2018-08-15 19:32:24 +00:00
|
|
|
|
2018-08-15 21:17:41 +00:00
|
|
|
|
|
|
|
for name in os.listdir(self.config_volume):
|
2018-08-15 19:32:24 +00:00
|
|
|
file_path = os.path.join(self.config_volume, name)
|
2018-08-15 21:17:41 +00:00
|
|
|
if not os.path.isdir(file_path):
|
|
|
|
with open(file_path) as f:
|
|
|
|
data[name] = base64.b64encode(f.read())
|
|
|
|
|
|
|
|
KubernetesAccessorSingleton.get_instance().replace_qe_secret(data)
|
2018-08-15 19:32:24 +00:00
|
|
|
|
|
|
|
return 200
|