diff options
| author |   Jan Malkiewicz <jan.malkiewicz@nokia.com> | 2021-02-24 07:37:35 +0100 |
|---|---|---|
| committer | Jan Malkiewicz <jan.malkiewicz@nokia.com> | 2021-02-24 11:04:40 +0100 |
| commit | 56f25871c2ee7f33799a3985ec5e1215b196f3dd (patch) | |
| tree | 8f89bfd562cad36cbd62444f3d5a8904ec4da62e | |
| parent | 710d5b07eb1f5ea1358fdbec78a5339ec5860712 (diff) | |
Add a method for creating a secret with a generated password.
Issue-ID: DCAEGEN2-2440
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: Ib56b193d0ae8ae1822ec7dac04a22ca767e9ecab
| -rw-r--r-- | k8s/k8sclient/k8sclient.py | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/k8s/k8sclient/k8sclient.py b/k8s/k8sclient/k8sclient.py index d35a67c..d2f260f 100644 --- a/k8s/k8sclient/k8sclient.py +++ b/k8s/k8sclient/k8sclient.py @@ -22,7 +22,9 @@ import os import re import uuid +import base64 +from binascii import hexlify from kubernetes import config, client, stream # Default values for readiness probe @@ -261,6 +263,48 @@ def _create_service_object(service_name, component_name, service_ports, annotati return service +def create_secret_with_password(namespace, secret_prefix, password_length): + """ + Creates K8s secret object with a generated password. + Returns: secret name and data key. + + Example usage: + create_secret_with_password('onap', 'dcae-keystore-password-', 128) + """ + password = _generate_password(password_length) + password_base64 = _encode_base64(password) + + metadata = {'generateName': secret_prefix, 'namespace': namespace} + key = 'data' + data = {key: password_base64} + + response = _create_k8s_secret(namespace, metadata, data, 'Opaque') + secret_name = response.metadata.name + return secret_name, key + + +def _generate_password(length): + rand = os.urandom(length) + password = hexlify(rand) + return password.decode("ascii"); + + +def _encode_base64(value): + value_bytes = value.encode("ascii") + base64_encoded_bytes = base64.b64encode(value_bytes) + encoded_value = base64_encoded_bytes.decode("ascii") + return encoded_value + + +def _create_k8s_secret(namespace, metadata, data, secret_type): + api_version = 'v1' + kind = 'Secret' + body = client.V1Secret(api_version, data, kind, metadata, type=secret_type) + + response = client.CoreV1Api().create_namespaced_secret(namespace, body) + return response + + def parse_ports(port_list): """ Parse the port list into a list of container ports (needed to create the container) @@ -864,3 +908,7 @@ def execute_command_in_deployment(deployment_description, command): # Execute command in the running pods return [_execute_command_in_pod(location, namespace, pod_name, command) for pod_name in pod_names] + + + + |