Class: KubernetesDeploy::EjsonSecretProvisioner

Inherits:

Object

• Object
• KubernetesDeploy::EjsonSecretProvisioner

Defined in:

lib/kubernetes-deploy/ejson_secret_provisioner.rb

Constant Summary

EJSON_SECRET_ANNOTATION =

"kubernetes-deploy.shopify.io/ejson-secret"

EJSON_SECRET_KEY =

"kubernetes_secrets"

EJSON_SECRETS_FILE =

"secrets.ejson"

EJSON_KEYS_SECRET =

"ejson-keys"

Instance Method Summary

• #ejson_keys_secret ⇒ Object
• #initialize(namespace:, context:, template_dir:, logger:, statsd_tags:, selector: nil) ⇒ EjsonSecretProvisioner constructor

  A new instance of EjsonSecretProvisioner.

• #resources ⇒ Object

Constructor Details

#initialize(namespace:, context:, template_dir:, logger:, statsd_tags:, selector: nil) ⇒ EjsonSecretProvisioner

Returns a new instance of EjsonSecretProvisioner.

# File 'lib/kubernetes-deploy/ejson_secret_provisioner.rb', line 20

def initialize(namespace:, context:, template_dir:, logger:, statsd_tags:, selector: nil)
  @namespace = namespace
  @context = context
  @ejson_file = "#{template_dir}/#{EJSON_SECRETS_FILE}"
  @logger = logger
  @statsd_tags = statsd_tags
  @selector = selector
  @kubectl = Kubectl.new(
    namespace: @namespace,
    context: @context,
    logger: @logger,
    log_failure_by_default: false,
    output_is_sensitive_default: true # output may contain ejson secrets
  )
end

Instance Method Details

#ejson_keys_secret ⇒ Object

# File 'lib/kubernetes-deploy/ejson_secret_provisioner.rb', line 40

def ejson_keys_secret
  @ejson_keys_secret ||= begin
    out, err, st = @kubectl.run("get", "secret", EJSON_KEYS_SECRET, output: "json",
      raise_if_not_found: true, attempts: 3, output_is_sensitive: true, log_failure: true)
    unless st.success?
      raise EjsonSecretError, "Error retrieving Secret/#{EJSON_KEYS_SECRET}: #{err}"
    end
    JSON.parse(out)
  end
end

#resources ⇒ Object

# File 'lib/kubernetes-deploy/ejson_secret_provisioner.rb', line 36

def resources
  @resources ||= build_secrets
end