Skip to content

Commit

Permalink
TRON-1636: Setup tron secret_volumes in setup_tron_namespace
Browse files Browse the repository at this point in the history
  • Loading branch information
@Molaire
Molaire committed Jun 9, 2023
1 parent 4c93332 commit e4ace1f
Show file tree
Hide file tree
Showing 8 changed files with 224 additions and 3 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ example_cluster/paasta/docker_registry.json
general_itests/fake_etc_paasta/clusters.json
pip-wheel-metadata
debian/debhelper-build-stamp
unique-run

# Coverage artifacts
.coverage
1 change: 1 addition & 0 deletions paasta_tools/cli/schemas/kubernetes_schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -555,6 +555,7 @@
},
"items": {
"type": "array",
"maxItems": 1,
"items": {
"type": "object",
"properties": {
Expand Down
45 changes: 45 additions & 0 deletions paasta_tools/cli/schemas/tron_schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,51 @@
},
"uniqueItems": true
},
"secret_volumes": {
"type": "array",
"items": {
"type": "object",
"properties": {
"container_path": {
"type": "string"
},
"secret_name": {
"type": "string"
},
"default_mode": {
"type": "string"
},
"items": {
"type": "array",
"maxItems": 1,
"items": {
"type": "object",
"properties": {
"key": {
"type": "string"
},
"path": {
"type": "string"
},
"mode": {
"type": "string"
}
},
"required": [
"key",
"path"
]
},
"uniqueItems": true
}
},
"required": [
"container_path",
"secret_name"
]
},
"uniqueItems": true
},
"cluster": {
"type": "string"
},
Expand Down
2 changes: 1 addition & 1 deletion paasta_tools/kubernetes_tools.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1414,7 +1414,7 @@ def get_pod_volumes(
items = None
pod_volumes.append(
V1Volume(
name=self.get_secret_volume_name(secret_volume),
name=self.get_secret_volume_name(secret_volume=secret_volume),
secret=V1SecretVolumeSource(
secret_name=get_paasta_secret_name(
self.get_namespace(),
Expand Down
8 changes: 8 additions & 0 deletions paasta_tools/secret_tools.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,14 @@ def is_shared_secret(env_var_val: str) -> bool:
return env_var_val.startswith("SHARED_")


def is_shared_secret_from_secret_name(soa_dir: str, secret_name: str) -> bool:
"""Alternative way of figuring if a secret is shared, directly from the secret_name."""
secret_path = os.path.join(
soa_dir, SHARED_SECRET_SERVICE, "secrets", f"{secret_name}.json"
)
return os.path.isfile(secret_path)


def get_hmac_for_secret(
env_var_val: str, service: str, soa_dir: str, secret_environment: str
) -> Optional[str]:
Expand Down
30 changes: 30 additions & 0 deletions paasta_tools/tron_tools.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@
from paasta_tools.utils import NoDeploymentsAvailable
from paasta_tools.utils import time_cache
from paasta_tools.utils import filter_templates_from_config
from paasta_tools.utils import TronSecretVolume
from paasta_tools.kubernetes_tools import (
allowlist_denylist_to_requirements,
create_or_find_service_account_name,
Expand All @@ -68,6 +69,7 @@
)
from paasta_tools.secret_tools import is_secret_ref
from paasta_tools.secret_tools import is_shared_secret
from paasta_tools.secret_tools import is_shared_secret_from_secret_name
from paasta_tools.secret_tools import get_secret_name_from_ref
from paasta_tools.kubernetes_tools import get_paasta_secret_name
from paasta_tools.secret_tools import SHARED_SECRET_SERVICE
Expand Down Expand Up @@ -413,10 +415,37 @@ def get_job_name(self):
def get_action_name(self):
return self.action

def get_secret_volumes(self) -> List[TronSecretVolume]:
"""Adds the secret_volume_name to the objet so tron/task_processing can load it downstream without replicating code."""
secret_volumes = super().get_secret_volumes()
return [
TronSecretVolume(
secret_volume_name=self.get_secret_volume_name(
secret_volume["secret_name"]
),
**secret_volume,
)
for secret_volume in secret_volumes
]

def get_namespace(self) -> str:
"""Get namespace from config, default to 'paasta'"""
return self.config_dict.get("namespace", KUBERNETES_NAMESPACE)

def get_secret_volume_name(self, secret_name: str) -> str:
service = (
self.service
if not is_shared_secret_from_secret_name(
soa_dir=self.soa_dir, secret_name=secret_name
)
else SHARED_SECRET_SERVICE
)
return get_paasta_secret_name(
self.get_namespace(),
service,
secret_name,
)

def get_deploy_group(self) -> Optional[str]:
return self.config_dict.get("deploy_group", None)

Expand Down Expand Up @@ -869,6 +898,7 @@ def format_tron_action_dict(action_config: TronActionConfig, use_k8s: bool = Fal
"node": action_config.get_node(),
"retries": action_config.get_retries(),
"retries_delay": action_config.get_retries_delay(),
"secret_volumes": action_config.get_secret_volumes(),
"expected_runtime": action_config.get_expected_runtime(),
"trigger_downstreams": action_config.get_trigger_downstreams(),
"triggered_by": action_config.get_triggered_by(),
Expand Down
4 changes: 4 additions & 0 deletions paasta_tools/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -273,6 +273,10 @@ class SecretVolume(TypedDict, total=False):
items: List[SecretVolumeItem]


class TronSecretVolume(SecretVolume, total=False):
secret_volume_name: str


class MonitoringDict(TypedDict, total=False):
alert_after: Union[str, float]
check_every: str
Expand Down
Loading

0 comments on commit e4ace1f

Please sign in to comment.