ConfigProviders abstract over path construction

Fixes issue where certs can't be uploaded in UI in k8s
2017-05-17 08:12:09 -04:00 · 2017-05-17 08:12:09 -04:00 · 01b59e8d66
commit 01b59e8d66
parent 702cdf59ff
5 changed files with 32 additions and 3 deletions
--- a/endpoints/api/superuser.py
+++ b/endpoints/api/superuser.py
@ -852,7 +852,7 @@ class SuperUserCustomCertificates(ApiResource):
      cert_views = []
      for extra_cert_path in extra_certs_found:
        try:
-          cert_full_path = os.path.join(EXTRA_CA_DIRECTORY, extra_cert_path)
+          cert_full_path = config_provider.get_volume_path(EXTRA_CA_DIRECTORY, extra_cert_path)
          with config_provider.get_volume_file(cert_full_path) as f:
            certificate = load_certificate(f.read())
            cert_views.append({
@ -900,7 +900,7 @@ class SuperUserCustomCertificate(ApiResource):
        abort(400)

      logger.debug('Saving custom certificate %s', certpath)
-      cert_full_path = os.path.join(EXTRA_CA_DIRECTORY, certpath)
+      cert_full_path = config_provider.get_volume_path(EXTRA_CA_DIRECTORY, certpath) 
      config_provider.save_volume_file(cert_full_path, uploaded_file)
      logger.debug('Saved custom certificate %s', certpath)

@ -934,7 +934,7 @@ class SuperUserCustomCertificate(ApiResource):
  @verify_not_prod
  def delete(self, certpath):
    if SuperUserPermission().can():
-      cert_full_path = os.path.join(EXTRA_CA_DIRECTORY, certpath)
+      cert_full_path = config_provider.get_volume_path(EXTRA_CA_DIRECTORY, certpath)
      config_provider.remove_volume_file(cert_full_path)
      return '', 204

--- a/util/config/provider/baseprovider.py
+++ b/util/config/provider/baseprovider.py
@ -110,6 +110,11 @@ class BaseProvider(object):
    """
    raise NotImplementedError
  
+  def get_volume_path(self, directory, file):
+    """ Helper for constructing file paths, which may differ between providers. For example,
+    kubernetes can't have subfolders in configmaps """
+    raise NotImplementedError
+
  def _get_license_file(self):
    """ Returns the contents of the license file. """
    if not self.has_license_file():
--- a/util/config/provider/fileprovider.py
+++ b/util/config/provider/fileprovider.py
@ -110,3 +110,6 @@ class FileConfigProvider(BaseProvider):
        return True

    return False
+  
+  def get_volume_path(self, directory, file):
+    return os.path.join(directory, file)
--- a/util/config/provider/k8sprovider.py
+++ b/util/config/provider/k8sprovider.py
@ -55,6 +55,19 @@ class KubernetesConfigProvider(FileConfigProvider):
    except IOError as ioe:
      raise CannotWriteConfigException(str(ioe))
    
+  def volume_file_exists(self, filename):
+    secret = self._lookup_secret()
+    return filename in secret
+    
+
+  def list_volume_directory(self, path):
+    secret = self._lookup_secret()
+    
+    paths = []
+    for filename in secret:
+      if filename.startswith(path):
+        paths.append(filename[len(path) + 1:])
+
  def remove_volume_file(self, filename):
    super(KubernetesConfigProvider, self).remove_volume_file(filename)

@ -130,3 +143,6 @@ class KubernetesConfigProvider(FileConfigProvider):

    request = Request(method, url, data=data, headers=headers)
    return session.send(request.prepare(), verify=False, timeout=2)
+
+  def get_volume_path(self, directory, file):
+    return "_".join([directory, file])
--- a/util/config/provider/testprovider.py
+++ b/util/config/provider/testprovider.py
@ -1,5 +1,6 @@
 import json
 import io
+import os
 from datetime import datetime, timedelta

 from util.config.provider.baseprovider import BaseProvider
@ -88,3 +89,7 @@ class TestConfigProvider(BaseProvider):
  def reset_for_test(self):
    self._config['SUPER_USERS'] = ['devtable']
    self.files = {}
+    
+  def get_volume_path(self, directory, file):
+    return os.path.join(directory, file)
+