From 56f25871c2ee7f33799a3985ec5e1215b196f3dd Mon Sep 17 00:00:00 2001
From: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Date: Wed, 24 Feb 2021 07:37:35 +0100
Subject: Add a method for creating a secret with a generated password.

Issue-ID: DCAEGEN2-2440
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: Ib56b193d0ae8ae1822ec7dac04a22ca767e9ecab
---
 k8s/k8sclient/k8sclient.py | 48 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/k8s/k8sclient/k8sclient.py b/k8s/k8sclient/k8sclient.py
index d35a67c..d2f260f 100644
--- a/k8s/k8sclient/k8sclient.py
+++ b/k8s/k8sclient/k8sclient.py
@@ -22,7 +22,9 @@
 import os
 import re
 import uuid
+import base64
 
+from binascii import hexlify
 from kubernetes import config, client, stream
 
 # Default values for readiness probe
@@ -261,6 +263,48 @@ def _create_service_object(service_name, component_name, service_ports, annotati
     return service
 
 
+def create_secret_with_password(namespace, secret_prefix, password_length):
+    """
+    Creates K8s secret object with a generated password.
+    Returns: secret name and data key.
+
+    Example usage:
+         create_secret_with_password('onap', 'dcae-keystore-password-', 128)
+    """
+    password = _generate_password(password_length)
+    password_base64 = _encode_base64(password)
+
+    metadata = {'generateName': secret_prefix, 'namespace': namespace}
+    key = 'data'
+    data = {key: password_base64}
+
+    response = _create_k8s_secret(namespace, metadata, data, 'Opaque')
+    secret_name = response.metadata.name
+    return secret_name, key
+
+
+def _generate_password(length):
+    rand = os.urandom(length)
+    password = hexlify(rand)
+    return password.decode("ascii");
+
+
+def _encode_base64(value):
+    value_bytes = value.encode("ascii")
+    base64_encoded_bytes = base64.b64encode(value_bytes)
+    encoded_value = base64_encoded_bytes.decode("ascii")
+    return encoded_value
+
+
+def _create_k8s_secret(namespace, metadata, data, secret_type):
+    api_version = 'v1'
+    kind = 'Secret'
+    body = client.V1Secret(api_version, data, kind, metadata, type=secret_type)
+
+    response = client.CoreV1Api().create_namespaced_secret(namespace, body)
+    return response
+
+
 def parse_ports(port_list):
     """
     Parse the port list into a list of container ports (needed to create the container)
@@ -864,3 +908,7 @@ def execute_command_in_deployment(deployment_description, command):
     # Execute command in the running pods
     return [_execute_command_in_pod(location, namespace, pod_name, command)
             for pod_name in pod_names]
+
+
+
+
-- 
cgit 1.2.3-korg