kubernetes-watch 0.1.4__tar.gz → 0.1.5__tar.gz

{kubernetes_watch-0.1.4 → kubernetes_watch-0.1.5}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: kubernetes-watch
-Version: 0.1.4
+Version: 0.1.5
 Summary: 
 Author: bmotevalli
 Author-email: b.motevalli@gmail.com

kubernetes_watch-0.1.5/kube_watch/modules/logic/load.py

@@ -0,0 +1,23 @@
+import os
+from prefect import get_run_logger
+logger = get_run_logger()
+
+def load_secrets_to_env(data):
+    for key, value in data.items():
+        if key in os.environ:
+            del os.environ[key]
+        os.environ[key] = value
+        # logger.info(f"ENV VAR: {key} loaded")
+
+def load_env_from_file(filepath):
+    with open(filepath, "r") as f:
+        for line in f:
+            # Remove whitespace and ignore comments
+            line = line.strip()
+            if line and not line.startswith('#'):
+                key, value = line.split('=', 1)
+                # Remove the environment variable if it already exists
+                if key in os.environ:
+                    del os.environ[key]
+                # Set the new value
+                os.environ[key] = value

{kubernetes_watch-0.1.4 → kubernetes_watch-0.1.5}/kube_watch/modules/providers/vault.py

@@ -108,12 +108,33 @@ def generate_new_secret_id(vault_client, role_name, vault_path, env_var_name):
     """
     Generates new secret_id. Note an admin role is required for this.
     """
-    new_secret_response = vault_client.auth.approle.generate_secret_id(
-        role_name=role_name,
-        mount_point=f'approle/{vault_path}'
-    )
+    try:
+        # Write directly to the Vault endpoint to create the secret ID with num_uses
+        # response = vault_client.write(
+        #     f"auth/approle/{vault_path}/role/{role_name}/secret-id",
+        # )
+        response = vault_client.auth.approle.generate_secret_id(
+            role_name=role_name,
+            mount_point=f'approle/{vault_path}'
+        )
+        # Check if the response contains the secret ID
+        if response and 'data' in response:
+            secret_id = response['data']['secret_id']
+            secret_id_accessor = response['data']['secret_id_accessor']
+            logger.info("Generated a new secret ID with usage buffer.")
+            return {env_var_name: secret_id, f"{env_var_name}_ACCESSOR": secret_id_accessor}
+        else:
+            logger.error("No secret ID returned in the response.")
+            raise RuntimeError("Failed to generate new secret ID: No content returned.")
+    except hvac.exceptions.InvalidRequest as e:
+        logger.error("Error generating new secret ID: %s", str(e))
+        raise RuntimeError("Failed to generate new secret ID.") from e
+    # new_secret_response = vault_client.auth.approle.generate_secret_id(
+    #     role_name=role_name,
+    #     mount_point=f'approle/{vault_path}'
+    # )
 
-    return { env_var_name : new_secret_response['data']['secret_id'] }
+    # return { env_var_name : new_secret_response['data']['secret_id'] }
 
 
 
@@ -147,7 +168,8 @@ def clean_secret_ids(vault_client, role_name, secret_id_env, vault_path, has_kub
 
     Note: secret_id_env is a dictionary. The key, VAULT_SECRET_ID, has the secret_id value.
     """
-    secret_id = secret_id_env.get("VAULT_SECRET_ID")
+    secret_id = secret_id_env.get("VAULT_SECRET_ID_ACCESSOR")
+    
     if has_kube_secret_updated:
         secret_ids_path = f'auth/approle/{vault_path}/role/{role_name}/secret-id'
         try:

{kubernetes_watch-0.1.4 → kubernetes_watch-0.1.5}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "kubernetes-watch"
-version = "0.1.4"
+version = "0.1.5"
 description = ""
 authors = ["bmotevalli <b.motevalli@gmail.com>"]
 packages = [{include = "kube_watch"}]

kubernetes_watch-0.1.4/kube_watch/modules/logic/load.py

@@ -1,8 +0,0 @@
-import os
-from prefect import get_run_logger
-logger = get_run_logger()
-
-def load_secrets_to_env(data):
-    for key, value in data.items():
-        os.environ[key] = value
-        # logger.info(f"ENV VAR: {key} loaded")