Class: KubernetesDeploy::EjsonSecretProvisioner
- Inherits:
-
Object
- Object
- KubernetesDeploy::EjsonSecretProvisioner
- Defined in:
- lib/kubernetes-deploy/ejson_secret_provisioner.rb
Constant Summary collapse
- EJSON_SECRET_ANNOTATION =
"kubernetes-deploy.shopify.io/ejson-secret"
- EJSON_SECRET_KEY =
"kubernetes_secrets"
- EJSON_SECRETS_FILE =
"secrets.ejson"
- EJSON_KEYS_SECRET =
"ejson-keys"
Instance Method Summary collapse
- #ejson_keys_secret ⇒ Object
-
#initialize(namespace:, context:, template_dir:, logger:, statsd_tags:, selector: nil) ⇒ EjsonSecretProvisioner
constructor
A new instance of EjsonSecretProvisioner.
- #resources ⇒ Object
Constructor Details
#initialize(namespace:, context:, template_dir:, logger:, statsd_tags:, selector: nil) ⇒ EjsonSecretProvisioner
Returns a new instance of EjsonSecretProvisioner.
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'lib/kubernetes-deploy/ejson_secret_provisioner.rb', line 20 def initialize(namespace:, context:, template_dir:, logger:, statsd_tags:, selector: nil) @namespace = namespace @context = context @ejson_file = "#{template_dir}/#{EJSON_SECRETS_FILE}" @logger = logger @statsd_tags = @selector = selector @kubectl = Kubectl.new( namespace: @namespace, context: @context, logger: @logger, log_failure_by_default: false, output_is_sensitive_default: true # output may contain ejson secrets ) end |
Instance Method Details
#ejson_keys_secret ⇒ Object
40 41 42 43 44 45 46 47 48 49 |
# File 'lib/kubernetes-deploy/ejson_secret_provisioner.rb', line 40 def ejson_keys_secret @ejson_keys_secret ||= begin out, err, st = @kubectl.run("get", "secret", EJSON_KEYS_SECRET, output: "json", raise_if_not_found: true, attempts: 3, output_is_sensitive: true, log_failure: true) unless st.success? raise EjsonSecretError, "Error retrieving Secret/#{EJSON_KEYS_SECRET}: #{err}" end JSON.parse(out) end end |
#resources ⇒ Object
36 37 38 |
# File 'lib/kubernetes-deploy/ejson_secret_provisioner.rb', line 36 def resources @resources ||= build_secrets end |