Skip to content

Commit

Permalink
Only create db reader secrets if they don't exist
Browse files Browse the repository at this point in the history
  • Loading branch information
ronenh committed Nov 22, 2024
1 parent 341161d commit d8f7cfa
Show file tree
Hide file tree
Showing 5 changed files with 42 additions and 21 deletions.
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,6 @@
# python
**/__pycache__/
.venv-path

# env
.envrc
19 changes: 7 additions & 12 deletions charts/directory/templates/db_credentials.yaml
Original file line number Diff line number Diff line change
@@ -1,28 +1,23 @@
{{- $rootData := (lookup "v1" "Secret" .Release.Namespace .Values.rootDirectory.database.reader.credentialsSecret).data -}}
{{- if empty $rootData -}}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.rootDirectory.database.reader.credentialsSecret }}
data:
{{- $data := (lookup "v1" "Secret" .Release.Namespace .Values.rootDirectory.database.reader.credentialsSecret).data }}
{{- if $data }}
username: {{ $data.username }}
password: {{ $data.password }}
{{- else }}
username: {{ "root_reader" | b64enc }}
password: {{ randAlphaNum 20 | b64enc}}
{{- end }}
{{- end }}

{{- $tenantData := (lookup "v1" "Secret" .Release.Namespace .Values.tenantDirectory.database.reader.credentialsSecret).data -}}
{{- if empty $tenantData -}}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.tenantDirectory.database.reader.credentialsSecret }}
data:
{{- $data := (lookup "v1" "Secret" .Release.Namespace .Values.tenantDirectory.database.reader.credentialsSecret).data }}
{{- if $data }}
username: {{ $data.username }}
password: {{ $data.password }}
{{- else }}
username: {{ "tenant_reader" | b64enc }}
password: {{ randAlphaNum 20 | b64enc }}
{{- end }}
{{- end }}
8 changes: 8 additions & 0 deletions test/directory/tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,14 @@ tests:
values:
username: postgres
password: $POSTGRES_PASSWORD
- name: pg-root-reader-credentials
values:
username: root_reader
password: root_reader
- name: pg-tenant-reader-credentials
values:
username: tenant_reader
password: tenant_reader
- name: test-tenant-keys
values:
reader: apikey_tenant_reader
Expand Down
27 changes: 21 additions & 6 deletions tools/ktest/ktest.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
COLOR_ERROR = "red"


def echo(emoji: str, heading: str, msg: str="", *, cl=COLOR_HARNESS, nl=False):
def echo(emoji: str, heading: str, msg: str = "", *, cl=COLOR_HARNESS, nl=False):
out = f"{emoji} {click.style(heading, fg=cl)} {msg}"
if nl:
out = f"\n{out}\n"
Expand Down Expand Up @@ -58,7 +58,11 @@ def run(self):

with ExitStack() as stack:
for deployment in self.test.deployments:
echo("🔀", "Forwarding ports:", f"{deployment.chart} - {deployment.ports}")
echo(
"🔀",
"Forwarding ports:",
f"{deployment.chart} - {deployment.ports}",
)
stack.enter_context(ns.forward(deployment.chart, deployment.ports))

try:
Expand Down Expand Up @@ -92,7 +96,13 @@ def wait_for_deployments(self, deployments: Sequence[Deployment], ns: Namespace)
echo("⏳", "Waiting for pod:", pod)
ns.wait(pod)
except:
echo("🚨", "Error waiting for deployment:", deployment.chart, nl=True, cl=COLOR_ERROR)
echo(
"🚨",
"Error waiting for deployment:",
deployment.chart,
nl=True,
cl=COLOR_ERROR,
)
echo("📋", "Pod logs:", pod)
ns.logs(pod)
click.echo()
Expand Down Expand Up @@ -159,7 +169,7 @@ def main(specfile):
SPECFILE: path to a YAML file with test definitions.
"""

init_logger(logging.DEBUG)
init_logging(logging.DEBUG)
config.load_kube_config()

spec = Spec(**yaml.safe_load(specfile))
Expand All @@ -174,16 +184,21 @@ def git_root(from_path: str) -> str:
repo = git.Repo(from_path, search_parent_directories=True)
return repo.git.rev_parse("--show-toplevel")

def init_logging(level=logging.INFO):
loggers = (logging.getLogger(name) for name in logging.root.manager.loggerDict if name.startswith("k3test"))
for logger in loggers:
init_logger(logger, level)

def init_logger(level=logging.INFO):

def init_logger(logger: logging.Logger, level=logging.INFO):
logger.setLevel(level)

# create console handler and set level to debug
ch = logging.StreamHandler()
ch.setLevel(logging.DEBUG)

# create formatter
formatter = logging.Formatter("%(asctime)s - %(levelname)s - %(message)s")
formatter = logging.Formatter("%(asctime)s - %(levelname)s - %(name)s - %(message)s")

# add formatter to ch
ch.setFormatter(formatter)
Expand Down
6 changes: 3 additions & 3 deletions tools/ktest/namespace.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@

from model import ConfigMap, Secret

logger = logging.getLogger("namespace")
logger = logging.getLogger("k3test.namespace")


class Namespace:
Expand Down Expand Up @@ -91,10 +91,10 @@ def forward(self, svc: str, ports: Mapping[int, int]):
try:
yield proc
finally:
logger.debug("terminating port-forward")
logger.debug("terminating port-forward: %s", svc)
proc.send_signal(signal.SIGINT)
proc.wait()
logger.debug("port-forward terminated")
logger.debug("port-forward terminated: %s", svc)

@lru_cache(maxsize=32)
def svc_pod(self, svc: str) -> str:
Expand Down

0 comments on commit d8f7cfa

Please sign in to comment.