PyPI - paasta-tools - Versions diffs - 1.21.3__py3-none-any.whl - Mend

paasta-tools 1.21.3__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (348) hide show

k8s_itests/__init__.py +0 -0
k8s_itests/test_autoscaling.py +23 -0
k8s_itests/utils.py +38 -0
paasta_tools/__init__.py +20 -0
paasta_tools/adhoc_tools.py +142 -0
paasta_tools/api/__init__.py +13 -0
paasta_tools/api/api.py +330 -0
paasta_tools/api/api_docs/swagger.json +2323 -0
paasta_tools/api/client.py +106 -0
paasta_tools/api/settings.py +33 -0
paasta_tools/api/tweens/__init__.py +6 -0
paasta_tools/api/tweens/auth.py +125 -0
paasta_tools/api/tweens/profiling.py +108 -0
paasta_tools/api/tweens/request_logger.py +124 -0
paasta_tools/api/views/__init__.py +13 -0
paasta_tools/api/views/autoscaler.py +100 -0
paasta_tools/api/views/exception.py +45 -0
paasta_tools/api/views/flink.py +73 -0
paasta_tools/api/views/instance.py +395 -0
paasta_tools/api/views/pause_autoscaler.py +71 -0
paasta_tools/api/views/remote_run.py +113 -0
paasta_tools/api/views/resources.py +76 -0
paasta_tools/api/views/service.py +35 -0
paasta_tools/api/views/version.py +25 -0
paasta_tools/apply_external_resources.py +79 -0
paasta_tools/async_utils.py +109 -0
paasta_tools/autoscaling/__init__.py +0 -0
paasta_tools/autoscaling/autoscaling_service_lib.py +57 -0
paasta_tools/autoscaling/forecasting.py +106 -0
paasta_tools/autoscaling/max_all_k8s_services.py +41 -0
paasta_tools/autoscaling/pause_service_autoscaler.py +77 -0
paasta_tools/autoscaling/utils.py +52 -0
paasta_tools/bounce_lib.py +184 -0
paasta_tools/broadcast_log_to_services.py +62 -0
paasta_tools/cassandracluster_tools.py +210 -0
paasta_tools/check_autoscaler_max_instances.py +212 -0
paasta_tools/check_cassandracluster_services_replication.py +35 -0
paasta_tools/check_flink_services_health.py +203 -0
paasta_tools/check_kubernetes_api.py +57 -0
paasta_tools/check_kubernetes_services_replication.py +141 -0
paasta_tools/check_oom_events.py +244 -0
paasta_tools/check_services_replication_tools.py +324 -0
paasta_tools/check_spark_jobs.py +234 -0
paasta_tools/cleanup_kubernetes_cr.py +138 -0
paasta_tools/cleanup_kubernetes_crd.py +145 -0
paasta_tools/cleanup_kubernetes_jobs.py +344 -0
paasta_tools/cleanup_tron_namespaces.py +96 -0
paasta_tools/cli/__init__.py +13 -0
paasta_tools/cli/authentication.py +85 -0
paasta_tools/cli/cli.py +260 -0
paasta_tools/cli/cmds/__init__.py +13 -0
paasta_tools/cli/cmds/autoscale.py +143 -0
paasta_tools/cli/cmds/check.py +334 -0
paasta_tools/cli/cmds/cook_image.py +147 -0
paasta_tools/cli/cmds/get_docker_image.py +76 -0
paasta_tools/cli/cmds/get_image_version.py +172 -0
paasta_tools/cli/cmds/get_latest_deployment.py +93 -0
paasta_tools/cli/cmds/info.py +155 -0
paasta_tools/cli/cmds/itest.py +117 -0
paasta_tools/cli/cmds/list.py +66 -0
paasta_tools/cli/cmds/list_clusters.py +42 -0
paasta_tools/cli/cmds/list_deploy_queue.py +171 -0
paasta_tools/cli/cmds/list_namespaces.py +84 -0
paasta_tools/cli/cmds/local_run.py +1396 -0
paasta_tools/cli/cmds/logs.py +1601 -0
paasta_tools/cli/cmds/mark_for_deployment.py +1988 -0
paasta_tools/cli/cmds/mesh_status.py +174 -0
paasta_tools/cli/cmds/pause_service_autoscaler.py +107 -0
paasta_tools/cli/cmds/push_to_registry.py +275 -0
paasta_tools/cli/cmds/remote_run.py +252 -0
paasta_tools/cli/cmds/rollback.py +347 -0
paasta_tools/cli/cmds/secret.py +549 -0
paasta_tools/cli/cmds/security_check.py +59 -0
paasta_tools/cli/cmds/spark_run.py +1400 -0
paasta_tools/cli/cmds/start_stop_restart.py +401 -0
paasta_tools/cli/cmds/status.py +2302 -0
paasta_tools/cli/cmds/validate.py +1012 -0
paasta_tools/cli/cmds/wait_for_deployment.py +275 -0
paasta_tools/cli/fsm/__init__.py +13 -0
paasta_tools/cli/fsm/autosuggest.py +82 -0
paasta_tools/cli/fsm/template/README.md +8 -0
paasta_tools/cli/fsm/template/cookiecutter.json +7 -0
paasta_tools/cli/fsm/template/{{cookiecutter.service}}/kubernetes-PROD.yaml +91 -0
paasta_tools/cli/fsm/template/{{cookiecutter.service}}/monitoring.yaml +20 -0
paasta_tools/cli/fsm/template/{{cookiecutter.service}}/service.yaml +8 -0
paasta_tools/cli/fsm/template/{{cookiecutter.service}}/smartstack.yaml +6 -0
paasta_tools/cli/fsm_cmd.py +121 -0
paasta_tools/cli/paasta_tabcomplete.sh +23 -0
paasta_tools/cli/schemas/adhoc_schema.json +199 -0
paasta_tools/cli/schemas/autoscaling_schema.json +91 -0
paasta_tools/cli/schemas/autotuned_defaults/cassandracluster_schema.json +37 -0
paasta_tools/cli/schemas/autotuned_defaults/kubernetes_schema.json +89 -0
paasta_tools/cli/schemas/deploy_schema.json +173 -0
paasta_tools/cli/schemas/eks_schema.json +970 -0
paasta_tools/cli/schemas/kubernetes_schema.json +970 -0
paasta_tools/cli/schemas/rollback_schema.json +160 -0
paasta_tools/cli/schemas/service_schema.json +25 -0
paasta_tools/cli/schemas/smartstack_schema.json +322 -0
paasta_tools/cli/schemas/tron_schema.json +699 -0
paasta_tools/cli/utils.py +1118 -0
paasta_tools/clusterman.py +21 -0
paasta_tools/config_utils.py +385 -0
paasta_tools/contrib/__init__.py +0 -0
paasta_tools/contrib/bounce_log_latency_parser.py +68 -0
paasta_tools/contrib/check_manual_oapi_changes.sh +24 -0
paasta_tools/contrib/check_orphans.py +306 -0
paasta_tools/contrib/create_dynamodb_table.py +35 -0
paasta_tools/contrib/create_paasta_playground.py +105 -0
paasta_tools/contrib/emit_allocated_cpu_metrics.py +50 -0
paasta_tools/contrib/get_running_task_allocation.py +346 -0
paasta_tools/contrib/habitat_fixer.py +86 -0
paasta_tools/contrib/ide_helper.py +316 -0
paasta_tools/contrib/is_pod_healthy_in_proxy.py +139 -0
paasta_tools/contrib/is_pod_healthy_in_smartstack.py +50 -0
paasta_tools/contrib/kill_bad_containers.py +109 -0
paasta_tools/contrib/mass-deploy-tag.sh +44 -0
paasta_tools/contrib/mock_patch_checker.py +86 -0
paasta_tools/contrib/paasta_update_soa_memcpu.py +520 -0
paasta_tools/contrib/render_template.py +129 -0
paasta_tools/contrib/rightsizer_soaconfigs_update.py +348 -0
paasta_tools/contrib/service_shard_remove.py +157 -0
paasta_tools/contrib/service_shard_update.py +373 -0
paasta_tools/contrib/shared_ip_check.py +77 -0
paasta_tools/contrib/timeouts_metrics_prom.py +64 -0
paasta_tools/delete_kubernetes_deployments.py +89 -0
paasta_tools/deployment_utils.py +44 -0
paasta_tools/docker_wrapper.py +234 -0
paasta_tools/docker_wrapper_imports.py +13 -0
paasta_tools/drain_lib.py +351 -0
paasta_tools/dump_locally_running_services.py +71 -0
paasta_tools/eks_tools.py +119 -0
paasta_tools/envoy_tools.py +373 -0
paasta_tools/firewall.py +504 -0
paasta_tools/firewall_logging.py +154 -0
paasta_tools/firewall_update.py +172 -0
paasta_tools/flink_tools.py +345 -0
paasta_tools/flinkeks_tools.py +90 -0
paasta_tools/frameworks/__init__.py +0 -0
paasta_tools/frameworks/adhoc_scheduler.py +71 -0
paasta_tools/frameworks/constraints.py +87 -0
paasta_tools/frameworks/native_scheduler.py +652 -0
paasta_tools/frameworks/native_service_config.py +301 -0
paasta_tools/frameworks/task_store.py +245 -0
paasta_tools/generate_all_deployments +9 -0
paasta_tools/generate_authenticating_services.py +94 -0
paasta_tools/generate_deployments_for_service.py +255 -0
paasta_tools/generate_services_file.py +114 -0
paasta_tools/generate_services_yaml.py +30 -0
paasta_tools/hacheck.py +76 -0
paasta_tools/instance/__init__.py +0 -0
paasta_tools/instance/hpa_metrics_parser.py +122 -0
paasta_tools/instance/kubernetes.py +1362 -0
paasta_tools/iptables.py +240 -0
paasta_tools/kafkacluster_tools.py +143 -0
paasta_tools/kubernetes/__init__.py +0 -0
paasta_tools/kubernetes/application/__init__.py +0 -0
paasta_tools/kubernetes/application/controller_wrappers.py +476 -0
paasta_tools/kubernetes/application/tools.py +90 -0
paasta_tools/kubernetes/bin/__init__.py +0 -0
paasta_tools/kubernetes/bin/kubernetes_remove_evicted_pods.py +164 -0
paasta_tools/kubernetes/bin/paasta_cleanup_remote_run_resources.py +135 -0
paasta_tools/kubernetes/bin/paasta_cleanup_stale_nodes.py +181 -0
paasta_tools/kubernetes/bin/paasta_secrets_sync.py +758 -0
paasta_tools/kubernetes/remote_run.py +558 -0
paasta_tools/kubernetes_tools.py +4679 -0
paasta_tools/list_kubernetes_service_instances.py +128 -0
paasta_tools/list_tron_namespaces.py +60 -0
paasta_tools/long_running_service_tools.py +678 -0
paasta_tools/mac_address.py +44 -0
paasta_tools/marathon_dashboard.py +0 -0
paasta_tools/mesos/__init__.py +0 -0
paasta_tools/mesos/cfg.py +46 -0
paasta_tools/mesos/cluster.py +60 -0
paasta_tools/mesos/exceptions.py +59 -0
paasta_tools/mesos/framework.py +77 -0
paasta_tools/mesos/log.py +48 -0
paasta_tools/mesos/master.py +306 -0
paasta_tools/mesos/mesos_file.py +169 -0
paasta_tools/mesos/parallel.py +52 -0
paasta_tools/mesos/slave.py +115 -0
paasta_tools/mesos/task.py +94 -0
paasta_tools/mesos/util.py +69 -0
paasta_tools/mesos/zookeeper.py +37 -0
paasta_tools/mesos_maintenance.py +848 -0
paasta_tools/mesos_tools.py +1051 -0
paasta_tools/metrics/__init__.py +0 -0
paasta_tools/metrics/metastatus_lib.py +1110 -0
paasta_tools/metrics/metrics_lib.py +217 -0
paasta_tools/monitoring/__init__.py +13 -0
paasta_tools/monitoring/check_k8s_api_performance.py +110 -0
paasta_tools/monitoring_tools.py +652 -0
paasta_tools/monkrelaycluster_tools.py +146 -0
paasta_tools/nrtsearchservice_tools.py +143 -0
paasta_tools/nrtsearchserviceeks_tools.py +68 -0
paasta_tools/oom_logger.py +321 -0
paasta_tools/paasta_deploy_tron_jobs +3 -0
paasta_tools/paasta_execute_docker_command.py +123 -0
paasta_tools/paasta_native_serviceinit.py +21 -0
paasta_tools/paasta_service_config_loader.py +201 -0
paasta_tools/paastaapi/__init__.py +29 -0
paasta_tools/paastaapi/api/__init__.py +3 -0
paasta_tools/paastaapi/api/autoscaler_api.py +302 -0
paasta_tools/paastaapi/api/default_api.py +569 -0
paasta_tools/paastaapi/api/remote_run_api.py +604 -0
paasta_tools/paastaapi/api/resources_api.py +157 -0
paasta_tools/paastaapi/api/service_api.py +1736 -0
paasta_tools/paastaapi/api_client.py +818 -0
paasta_tools/paastaapi/apis/__init__.py +22 -0
paasta_tools/paastaapi/configuration.py +455 -0
paasta_tools/paastaapi/exceptions.py +137 -0
paasta_tools/paastaapi/model/__init__.py +5 -0
paasta_tools/paastaapi/model/adhoc_launch_history.py +176 -0
paasta_tools/paastaapi/model/autoscaler_count_msg.py +176 -0
paasta_tools/paastaapi/model/deploy_queue.py +178 -0
paasta_tools/paastaapi/model/deploy_queue_service_instance.py +194 -0
paasta_tools/paastaapi/model/envoy_backend.py +185 -0
paasta_tools/paastaapi/model/envoy_location.py +184 -0
paasta_tools/paastaapi/model/envoy_status.py +181 -0
paasta_tools/paastaapi/model/flink_cluster_overview.py +188 -0
paasta_tools/paastaapi/model/flink_config.py +173 -0
paasta_tools/paastaapi/model/flink_job.py +186 -0
paasta_tools/paastaapi/model/flink_job_details.py +192 -0
paasta_tools/paastaapi/model/flink_jobs.py +175 -0
paasta_tools/paastaapi/model/float_and_error.py +173 -0
paasta_tools/paastaapi/model/hpa_metric.py +176 -0
paasta_tools/paastaapi/model/inline_object.py +170 -0
paasta_tools/paastaapi/model/inline_response200.py +170 -0
paasta_tools/paastaapi/model/inline_response2001.py +170 -0
paasta_tools/paastaapi/model/instance_bounce_status.py +200 -0
paasta_tools/paastaapi/model/instance_mesh_status.py +186 -0
paasta_tools/paastaapi/model/instance_status.py +220 -0
paasta_tools/paastaapi/model/instance_status_adhoc.py +187 -0
paasta_tools/paastaapi/model/instance_status_cassandracluster.py +173 -0
paasta_tools/paastaapi/model/instance_status_flink.py +173 -0
paasta_tools/paastaapi/model/instance_status_kafkacluster.py +173 -0
paasta_tools/paastaapi/model/instance_status_kubernetes.py +263 -0
paasta_tools/paastaapi/model/instance_status_kubernetes_autoscaling_status.py +187 -0
paasta_tools/paastaapi/model/instance_status_kubernetes_v2.py +197 -0
paasta_tools/paastaapi/model/instance_status_tron.py +204 -0
paasta_tools/paastaapi/model/instance_tasks.py +182 -0
paasta_tools/paastaapi/model/integer_and_error.py +173 -0
paasta_tools/paastaapi/model/kubernetes_container.py +178 -0
paasta_tools/paastaapi/model/kubernetes_container_v2.py +219 -0
paasta_tools/paastaapi/model/kubernetes_healthcheck.py +176 -0
paasta_tools/paastaapi/model/kubernetes_pod.py +201 -0
paasta_tools/paastaapi/model/kubernetes_pod_event.py +176 -0
paasta_tools/paastaapi/model/kubernetes_pod_v2.py +213 -0
paasta_tools/paastaapi/model/kubernetes_replica_set.py +185 -0
paasta_tools/paastaapi/model/kubernetes_version.py +202 -0
paasta_tools/paastaapi/model/remote_run_outcome.py +189 -0
paasta_tools/paastaapi/model/remote_run_start.py +185 -0
paasta_tools/paastaapi/model/remote_run_stop.py +176 -0
paasta_tools/paastaapi/model/remote_run_token.py +173 -0
paasta_tools/paastaapi/model/resource.py +187 -0
paasta_tools/paastaapi/model/resource_item.py +187 -0
paasta_tools/paastaapi/model/resource_value.py +176 -0
paasta_tools/paastaapi/model/smartstack_backend.py +191 -0
paasta_tools/paastaapi/model/smartstack_location.py +181 -0
paasta_tools/paastaapi/model/smartstack_status.py +181 -0
paasta_tools/paastaapi/model/task_tail_lines.py +176 -0
paasta_tools/paastaapi/model_utils.py +1879 -0
paasta_tools/paastaapi/models/__init__.py +62 -0
paasta_tools/paastaapi/rest.py +287 -0
paasta_tools/prune_completed_pods.py +220 -0
paasta_tools/puppet_service_tools.py +59 -0
paasta_tools/py.typed +1 -0
paasta_tools/remote_git.py +127 -0
paasta_tools/run-paasta-api-in-dev-mode.py +57 -0
paasta_tools/run-paasta-api-playground.py +51 -0
paasta_tools/secret_providers/__init__.py +66 -0
paasta_tools/secret_providers/vault.py +214 -0
paasta_tools/secret_tools.py +277 -0
paasta_tools/setup_istio_mesh.py +353 -0
paasta_tools/setup_kubernetes_cr.py +412 -0
paasta_tools/setup_kubernetes_crd.py +138 -0
paasta_tools/setup_kubernetes_internal_crd.py +154 -0
paasta_tools/setup_kubernetes_job.py +353 -0
paasta_tools/setup_prometheus_adapter_config.py +1028 -0
paasta_tools/setup_tron_namespace.py +248 -0
paasta_tools/slack.py +75 -0
paasta_tools/smartstack_tools.py +676 -0
paasta_tools/spark_tools.py +283 -0
paasta_tools/synapse_srv_namespaces_fact.py +42 -0
paasta_tools/tron/__init__.py +0 -0
paasta_tools/tron/client.py +158 -0
paasta_tools/tron/tron_command_context.py +194 -0
paasta_tools/tron/tron_timeutils.py +101 -0
paasta_tools/tron_tools.py +1448 -0
paasta_tools/utils.py +4307 -0
paasta_tools/yaml_tools.py +44 -0
paasta_tools-1.21.3.data/scripts/apply_external_resources.py +79 -0
paasta_tools-1.21.3.data/scripts/bounce_log_latency_parser.py +68 -0
paasta_tools-1.21.3.data/scripts/check_autoscaler_max_instances.py +212 -0
paasta_tools-1.21.3.data/scripts/check_cassandracluster_services_replication.py +35 -0
paasta_tools-1.21.3.data/scripts/check_flink_services_health.py +203 -0
paasta_tools-1.21.3.data/scripts/check_kubernetes_api.py +57 -0
paasta_tools-1.21.3.data/scripts/check_kubernetes_services_replication.py +141 -0
paasta_tools-1.21.3.data/scripts/check_manual_oapi_changes.sh +24 -0
paasta_tools-1.21.3.data/scripts/check_oom_events.py +244 -0
paasta_tools-1.21.3.data/scripts/check_orphans.py +306 -0
paasta_tools-1.21.3.data/scripts/check_spark_jobs.py +234 -0
paasta_tools-1.21.3.data/scripts/cleanup_kubernetes_cr.py +138 -0
paasta_tools-1.21.3.data/scripts/cleanup_kubernetes_crd.py +145 -0
paasta_tools-1.21.3.data/scripts/cleanup_kubernetes_jobs.py +344 -0
paasta_tools-1.21.3.data/scripts/create_dynamodb_table.py +35 -0
paasta_tools-1.21.3.data/scripts/create_paasta_playground.py +105 -0
paasta_tools-1.21.3.data/scripts/delete_kubernetes_deployments.py +89 -0
paasta_tools-1.21.3.data/scripts/emit_allocated_cpu_metrics.py +50 -0
paasta_tools-1.21.3.data/scripts/generate_all_deployments +9 -0
paasta_tools-1.21.3.data/scripts/generate_authenticating_services.py +94 -0
paasta_tools-1.21.3.data/scripts/generate_deployments_for_service.py +255 -0
paasta_tools-1.21.3.data/scripts/generate_services_file.py +114 -0
paasta_tools-1.21.3.data/scripts/generate_services_yaml.py +30 -0
paasta_tools-1.21.3.data/scripts/get_running_task_allocation.py +346 -0
paasta_tools-1.21.3.data/scripts/habitat_fixer.py +86 -0
paasta_tools-1.21.3.data/scripts/ide_helper.py +316 -0
paasta_tools-1.21.3.data/scripts/is_pod_healthy_in_proxy.py +139 -0
paasta_tools-1.21.3.data/scripts/is_pod_healthy_in_smartstack.py +50 -0
paasta_tools-1.21.3.data/scripts/kill_bad_containers.py +109 -0
paasta_tools-1.21.3.data/scripts/kubernetes_remove_evicted_pods.py +164 -0
paasta_tools-1.21.3.data/scripts/mass-deploy-tag.sh +44 -0
paasta_tools-1.21.3.data/scripts/mock_patch_checker.py +86 -0
paasta_tools-1.21.3.data/scripts/paasta_cleanup_remote_run_resources.py +135 -0
paasta_tools-1.21.3.data/scripts/paasta_cleanup_stale_nodes.py +181 -0
paasta_tools-1.21.3.data/scripts/paasta_deploy_tron_jobs +3 -0
paasta_tools-1.21.3.data/scripts/paasta_execute_docker_command.py +123 -0
paasta_tools-1.21.3.data/scripts/paasta_secrets_sync.py +758 -0
paasta_tools-1.21.3.data/scripts/paasta_tabcomplete.sh +23 -0
paasta_tools-1.21.3.data/scripts/paasta_update_soa_memcpu.py +520 -0
paasta_tools-1.21.3.data/scripts/render_template.py +129 -0
paasta_tools-1.21.3.data/scripts/rightsizer_soaconfigs_update.py +348 -0
paasta_tools-1.21.3.data/scripts/service_shard_remove.py +157 -0
paasta_tools-1.21.3.data/scripts/service_shard_update.py +373 -0
paasta_tools-1.21.3.data/scripts/setup_istio_mesh.py +353 -0
paasta_tools-1.21.3.data/scripts/setup_kubernetes_cr.py +412 -0
paasta_tools-1.21.3.data/scripts/setup_kubernetes_crd.py +138 -0
paasta_tools-1.21.3.data/scripts/setup_kubernetes_internal_crd.py +154 -0
paasta_tools-1.21.3.data/scripts/setup_kubernetes_job.py +353 -0
paasta_tools-1.21.3.data/scripts/setup_prometheus_adapter_config.py +1028 -0
paasta_tools-1.21.3.data/scripts/shared_ip_check.py +77 -0
paasta_tools-1.21.3.data/scripts/synapse_srv_namespaces_fact.py +42 -0
paasta_tools-1.21.3.data/scripts/timeouts_metrics_prom.py +64 -0
paasta_tools-1.21.3.dist-info/LICENSE +201 -0
paasta_tools-1.21.3.dist-info/METADATA +74 -0
paasta_tools-1.21.3.dist-info/RECORD +348 -0
paasta_tools-1.21.3.dist-info/WHEEL +5 -0
paasta_tools-1.21.3.dist-info/entry_points.txt +20 -0
paasta_tools-1.21.3.dist-info/top_level.txt +2 -0

paasta_tools/secret_tools.py ADDED Viewed

@@ -0,0 +1,277 @@
+# Copyright 2015-2017 Yelp Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import json
+import os
+import re
+import sys
+from typing import Any
+from typing import Dict
+from typing import List
+from typing import Optional
+from typing import Sequence
+from typing import Union
+from paasta_tools.secret_providers import SecretProvider
+from paasta_tools.utils import SecretVolume
+SECRET_REGEX = r"^(SHARED_)?SECRET\([A-Za-z0-9_-]*\)$"
+SHARED_SECRET_SERVICE = "_shared"
+def is_secret_ref(env_var_val: str) -> bool:
+    pattern = re.compile(SECRET_REGEX)
+    try:
+        match = pattern.match(env_var_val)
+    except TypeError:
+        # it can't be a secret ref if it isn't a string
+        return False
+    return match is not None
+def is_shared_secret(env_var_val: str) -> bool:
+    return env_var_val.startswith("SHARED_")
+def is_shared_secret_from_secret_name(soa_dir: str, secret_name: str) -> bool:
+    """Alternative way of figuring if a secret is shared, directly from the secret_name."""
+    secret_path = os.path.join(
+        soa_dir, SHARED_SECRET_SERVICE, "secrets", f"{secret_name}.json"
+    )
+    return os.path.isfile(secret_path)
+def get_hmac_for_secret(
+    env_var_val: str, service: str, soa_dir: str, secret_environment: str
+) -> Optional[str]:
+    secret_name = get_secret_name_from_ref(env_var_val)
+    if is_shared_secret(env_var_val):
+        service = SHARED_SECRET_SERVICE
+    secret_path = os.path.join(soa_dir, service, "secrets", f"{secret_name}.json")
+    try:
+        with open(secret_path, "r") as json_secret_file:
+            secret_file = json.load(json_secret_file)
+            try:
+                return secret_file["environments"][secret_environment]["signature"]
+            except KeyError:
+                print(
+                    "Failed to get secret signature at environments:{}:signature in json"
+                    " file".format(secret_environment),
+                    file=sys.stderr,
+                )
+                return None
+    except IOError:
+        print(f"Failed to open json secret at {secret_path}", file=sys.stderr)
+        return None
+    except json.decoder.JSONDecodeError:
+        print(f"Failed to deserialise json secret at {secret_path}", file=sys.stderr)
+        return None
+def get_secret_name_from_ref(env_var_val: str) -> str:
+    """
+    :param env_var_val: Expect value is in form of "SECRET(<secret-name>)"
+    """
+    return env_var_val.split("(")[1][:-1]
+def get_secret_provider(
+    secret_provider_name: str,
+    soa_dir: str,
+    service_name: str,
+    cluster_names: List[str],
+    secret_provider_kwargs: Dict[str, Any],
+) -> SecretProvider:
+    SecretProvider = __import__(
+        secret_provider_name, fromlist=["SecretProvider"]
+    ).SecretProvider
+    return SecretProvider(
+        soa_dir=soa_dir,
+        service_name=service_name,
+        cluster_names=cluster_names,
+        **secret_provider_kwargs,
+    )
+def get_secret_hashes(
+    environment_variables: Dict[str, str],
+    secret_environment: str,
+    service: str,
+    soa_dir: str,
+) -> Dict[str, str]:
+    secret_hashes = {}
+    for env_var_val in environment_variables.values():
+        if is_secret_ref(env_var_val):
+            secret_hashes[env_var_val] = get_hmac_for_secret(
+                env_var_val=env_var_val,
+                service=service,
+                soa_dir=soa_dir,
+                secret_environment=secret_environment,
+            )
+    return secret_hashes
+def decrypt_secret_environment_for_service(
+    secret_env_vars: Dict[str, str],
+    service_name: str,
+    secret_provider_name: str,
+    soa_dir: str,
+    cluster_name: str,
+    secret_provider_kwargs: Dict[str, Any],
+) -> Dict[str, str]:
+    if not secret_env_vars:
+        return {}
+    secret_provider = get_secret_provider(
+        secret_provider_name=secret_provider_name,
+        soa_dir=soa_dir,
+        service_name=service_name,
+        cluster_names=[cluster_name],
+        secret_provider_kwargs=secret_provider_kwargs,
+    )
+    return secret_provider.decrypt_environment(secret_env_vars)
+def decrypt_secret_environment_variables(
+    secret_provider_name: str,
+    environment: Dict[str, str],
+    soa_dir: str,
+    service_name: str,
+    cluster_name: str,
+    secret_provider_kwargs: Dict[str, Any],
+) -> Dict[str, str]:
+    decrypted_secrets = {}
+    service_secret_env = {}
+    shared_secret_env = {}
+    for k, v in environment.items():
+        if is_secret_ref(v):
+            if is_shared_secret(v):
+                shared_secret_env[k] = v
+            else:
+                service_secret_env[k] = v
+    secret_provider_kwargs["vault_num_uses"] = len(service_secret_env) + len(
+        shared_secret_env
+    )
+    decrypted_secrets.update(
+        decrypt_secret_environment_for_service(
+            service_secret_env,
+            service_name,
+            secret_provider_name,
+            soa_dir,
+            cluster_name,
+            secret_provider_kwargs,
+        )
+    )
+    decrypted_secrets.update(
+        decrypt_secret_environment_for_service(
+            shared_secret_env,
+            SHARED_SECRET_SERVICE,
+            secret_provider_name,
+            soa_dir,
+            cluster_name,
+            secret_provider_kwargs,
+        )
+    )
+    return decrypted_secrets
+def decrypt_secret_volumes(
+    secret_provider_name: str,
+    secret_volumes_config: Sequence[SecretVolume],
+    soa_dir: str,
+    service_name: str,
+    cluster_name: str,
+    secret_provider_kwargs: Dict[str, Any],
+) -> Dict[str, Union[str, bytes]]:
+    secret_volumes = {}
+    # The config might look one of two ways:
+    # Implicit full path consisting of the container path and the secret name:
+    #   secret_volumes:
+    #   - container_path: /nail/foo
+    #     secret_name: the_secret_1
+    #   - container_path: /nail/bar
+    #     secret_name: the_secret_2
+    #
+    # This ^ should result in two files (/nail/foo/the_secret_1, /nail/foo/the_secret_2)
+    #
+    # OR
+    #
+    # Multiple files within a folder with explicit path names
+    #   secret_volumes:
+    #   - container_path: /nail/foo
+    #     items:
+    #     - key: the_secret_1
+    #       path: bar.yaml
+    #     - key: the_secret_2
+    #       path: baz.yaml
+    #
+    # This ^ should result in 2 files (/nail/foo/bar.yaml, /nail/foo/baz.yaml)
+    # We need to support both cases
+    for secret_volume in secret_volumes_config:
+        if not secret_volume.get("items"):
+            secret_contents = decrypt_secret(
+                secret_provider_name=secret_provider_name,
+                soa_dir=soa_dir,
+                service_name=service_name,
+                cluster_name=cluster_name,
+                secret_provider_kwargs=secret_provider_kwargs,
+                secret_name=secret_volume["secret_name"],
+                decode=False,
+            )
+            # Index by container path => the actual secret contents, to be used downstream to create local files and mount into the container
+            secret_volumes[
+                os.path.join(
+                    secret_volume["container_path"], secret_volume["secret_name"]
+                )
+            ] = secret_contents
+        else:
+            for item in secret_volume["items"]:
+                secret_contents = decrypt_secret(
+                    secret_provider_name=secret_provider_name,
+                    soa_dir=soa_dir,
+                    service_name=service_name,
+                    cluster_name=cluster_name,
+                    secret_provider_kwargs=secret_provider_kwargs,
+                    secret_name=item["key"],
+                    decode=False,
+                )
+                # Index by container path => the actual secret contents, to be used downstream to create local files and mount into the container
+                secret_volumes[
+                    os.path.join(secret_volume["container_path"], item["path"])
+                ] = secret_contents
+    return secret_volumes
+def decrypt_secret(
+    secret_provider_name: str,
+    soa_dir: str,
+    service_name: str,
+    cluster_name: str,
+    secret_provider_kwargs: Dict[str, Any],
+    secret_name: str,
+    decode: bool = True,
+) -> Union[str, bytes]:
+    secret_provider = get_secret_provider(
+        secret_provider_name=secret_provider_name,
+        soa_dir=soa_dir,
+        service_name=service_name,
+        cluster_names=[cluster_name],
+        secret_provider_kwargs=secret_provider_kwargs,
+    )
+    if decode:
+        return secret_provider.decrypt_secret(secret_name)
+    else:
+        return secret_provider.decrypt_secret_raw(secret_name)

paasta_tools/setup_istio_mesh.py ADDED Viewed

@@ -0,0 +1,353 @@
+#!/usr/bin/env python
+# Copyright 2015-2018 Yelp Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""
+Usage: ./setup_kubernetes_services.py <service.instance>
+Command line options:
+- -c, --cluster: PAASTA cluster
+- -v, --verbose: Verbose output
+"""
+import argparse
+import logging
+import os
+import sys
+import time
+from functools import partial
+from typing import AbstractSet
+from typing import Iterator
+from typing import Mapping
+from typing import Set
+import kubernetes.client as k8s
+from paasta_tools import yaml_tools as yaml
+from paasta_tools.kubernetes_tools import ensure_namespace
+from paasta_tools.kubernetes_tools import KubeClient
+from paasta_tools.kubernetes_tools import limit_size_with_hash
+from paasta_tools.kubernetes_tools import paasta_prefixed
+from paasta_tools.kubernetes_tools import registration_label
+from paasta_tools.kubernetes_tools import sanitise_kubernetes_name
+from paasta_tools.utils import DEFAULT_SOA_DIR
+log = logging.getLogger(__name__)
+UNIFIED_K8S_SVC_NAME = "paasta-routing"
+UNIFIED_SVC_PORT = 1337
+PAASTA_SVC_PORT = 8888
+PAASTA_NAMESPACE = "paasta"
+ANNOTATIONS = {paasta_prefixed("managed_by"): "setup_istio_mesh"}
+def parse_args() -> argparse.Namespace:
+    parser = argparse.ArgumentParser(description="Creates Kubernetes services.")
+    parser.add_argument(
+        "-v",
+        "--verbose",
+        action="store_true",
+        dest="verbose",
+        default=False,
+    )
+    parser.add_argument(
+        "--dry-run",
+        action="store_true",
+        dest="dry_run",
+        default=False,
+    )
+    parser.add_argument(
+        "-l",
+        "--rate-limit",
+        dest="rate_limit",
+        default=0,
+        metavar="LIMIT",
+        type=float,
+        help="Maximum number of write calls to k8s per second. Default is 0 (no limit).",
+    )
+    parser.add_argument(
+        "-d",
+        "--soa-dir",
+        dest="soa_dir",
+        default=DEFAULT_SOA_DIR,
+        metavar="LIMIT",
+        type=str,
+        help=f"Directory with service declarations. Default is {DEFAULT_SOA_DIR}",
+    )
+    args = parser.parse_args()
+    return args
+def load_smartstack_namespaces(soa_dir: str = DEFAULT_SOA_DIR) -> Mapping:
+    namespaces = {}
+    _, dirs, _ = next(os.walk(soa_dir))
+    for dir in dirs:
+        file_path = f"{soa_dir}/{dir}/smartstack.yaml"
+        if not os.path.isfile(file_path):
+            continue
+        try:
+            with open(file_path) as f:
+                svc_namespaces = yaml.safe_load(f)
+                for (ns, details) in svc_namespaces.items():
+                    namespaces[f"{dir}.{ns}"] = details
+        except Exception as err:
+            log.warn(f"Failed to load namespaces for {dir}: {err}")
+    return namespaces
+def sanitise_kubernetes_service_name(name: str) -> str:
+    return limit_size_with_hash(sanitise_kubernetes_name(name).replace(".", "---"))
+def get_existing_kubernetes_service_names(kube_client: KubeClient) -> Set[str]:
+    service_objects = kube_client.core.list_namespaced_service(PAASTA_NAMESPACE)
+    return {
+        item.metadata.name
+        for item in service_objects.items
+        if item.metadata.annotations
+        if item.metadata.annotations.get(paasta_prefixed("managed_by"))
+        == "setup_istio_mesh"
+    }
+def get_existing_kubernetes_virtual_services(kube_client: KubeClient) -> Set[str]:
+    virtual_service_objects = kube_client.custom.list_namespaced_custom_object(
+        "networking.istio.io", "v1beta1", PAASTA_NAMESPACE, "virtualservices"
+    )
+    return {item["metadata"]["name"] for item in virtual_service_objects["items"]}
+def setup_paasta_routing(kube_client: KubeClient, namespaces: Mapping) -> Iterator:
+    # Add smartstack ports for routing, Clients can connect to this
+    # Directly without need of setting x-yelp-svc header
+    # Add port 1337 for envoy unified listener.
+    # Clients can connect to this listenner and set x-yelp-svc header for routing
+    port_list = sorted(
+        val["proxy_port"] for val in namespaces.values() if val.get("proxy_port")
+    )
+    ports = [
+        k8s.V1ServicePort(
+            name=f"p{port}",
+            port=port,
+            protocol="TCP",
+            target_port=PAASTA_SVC_PORT,
+            app_protocol="http",
+        )
+        for port in [1337, *port_list]
+    ]
+    service_meta = k8s.V1ObjectMeta(name=UNIFIED_K8S_SVC_NAME, annotations=ANNOTATIONS)
+    service_spec = k8s.V1ServiceSpec(ports=ports)
+    service_object = k8s.V1APIService(metadata=service_meta, spec=service_spec)
+    yield partial(
+        kube_client.core.create_namespaced_service, PAASTA_NAMESPACE, service_object
+    )
+    sorted_namespaces = sorted(namespaces.keys())
+    x_yelp_svc_routes = [
+        dict(
+            match=[dict(headers={"x-yelp-svc": dict(exact=mesh_ns)})],
+            delegate=dict(
+                name=sanitise_kubernetes_service_name(mesh_ns),
+                namespace=PAASTA_NAMESPACE,
+            ),
+        )
+        for mesh_ns in sorted_namespaces
+    ]
+    port_routes = [
+        dict(
+            match=[dict(port=namespaces[mesh_ns]["proxy_port"])],
+            delegate=dict(
+                name=sanitise_kubernetes_service_name(mesh_ns),
+                namespace=PAASTA_NAMESPACE,
+            ),
+        )
+        for mesh_ns in sorted_namespaces
+        if namespaces[mesh_ns].get("proxy_port")
+    ]
+    virtual_service = dict(
+        apiVersion="networking.istio.io/v1alpha3",
+        kind="VirtualService",
+        metadata=dict(
+            name="paasta-routing",
+            namespace=PAASTA_NAMESPACE,
+        ),
+        spec=dict(
+            hosts=["paasta-routing", "169.254.255.254"],
+            http=x_yelp_svc_routes + port_routes,
+        ),
+    )
+    yield partial(
+        kube_client.custom.create_namespaced_custom_object,
+        "networking.istio.io",
+        "v1alpha3",
+        PAASTA_NAMESPACE,
+        "virtualservices",
+        virtual_service,
+    )
+def setup_paasta_namespace_services(
+    kube_client: KubeClient,
+    paasta_namespaces: AbstractSet,
+    existing_namespace_services: Set[str],
+    existing_virtual_services: Set[str],
+) -> Iterator:
+    for namespace in paasta_namespaces:
+        service = sanitise_kubernetes_service_name(namespace)
+        if service not in existing_namespace_services:
+            log.info(f"Creating k8s service {service} because it does not exist yet.")
+            service_meta = k8s.V1ObjectMeta(name=service, annotations=ANNOTATIONS)
+            port_spec = k8s.V1ServicePort(
+                name="http", port=PAASTA_SVC_PORT, protocol="TCP", app_protocol="http"
+            )
+            service_spec = k8s.V1ServiceSpec(
+                selector={registration_label(namespace): "true"}, ports=[port_spec]
+            )
+            service_object = k8s.V1APIService(metadata=service_meta, spec=service_spec)
+            yield partial(
+                kube_client.core.create_namespaced_service,
+                PAASTA_NAMESPACE,
+                service_object,
+            )
+        if service not in existing_virtual_services:
+            log.info(
+                f"Creating istio virtualservice {service} because it does not exist yet."
+            )
+            route = dict(
+                destination=dict(host=service, port=dict(number=PAASTA_SVC_PORT))
+            )
+            virtual_service = dict(
+                apiVersion="networking.istio.io/v1alpha3",
+                kind="VirtualService",
+                metadata=dict(name=service, namespace=PAASTA_NAMESPACE),
+                spec=dict(http=[dict(route=[route])]),
+            )
+            yield partial(
+                kube_client.custom.create_namespaced_custom_object,
+                "networking.istio.io",
+                "v1alpha3",
+                PAASTA_NAMESPACE,
+                "virtualservices",
+                virtual_service,
+            )
+def cleanup_paasta_namespace_services(
+    kube_client: KubeClient,
+    paasta_namespaces: AbstractSet,
+    existing_namespace_services: Set[str],
+    existing_virtual_services: Set[str],
+) -> Iterator:
+    declared_services = {
+        sanitise_kubernetes_service_name(ns) for ns in paasta_namespaces
+    }
+    for service in existing_namespace_services:
+        if service == UNIFIED_K8S_SVC_NAME or service in declared_services:
+            continue
+        log.info(f"Garbage collecting K8s Service {service}")
+        yield partial(
+            kube_client.core.delete_namespaced_service, service, PAASTA_NAMESPACE
+        )
+    for service in existing_virtual_services:
+        if service == UNIFIED_K8S_SVC_NAME or service in declared_services:
+            continue
+        log.info(f"Garbage collecting Istio VS {service}")
+        yield partial(
+            kube_client.custom.delete_namespaced_custom_object,
+            "networking.istio.io",
+            "v1beta1",
+            PAASTA_NAMESPACE,
+            "virtualservices",
+            service,
+        )
+def process_kube_services(
+    kube_client: KubeClient, soa_dir: str = DEFAULT_SOA_DIR
+) -> Iterator:
+    existing_namespace_services = get_existing_kubernetes_service_names(kube_client)
+    existing_virtual_services = get_existing_kubernetes_virtual_services(kube_client)
+    namespaces = load_smartstack_namespaces(soa_dir)
+    should_setup_unified = (
+        UNIFIED_K8S_SVC_NAME not in existing_namespace_services
+        or UNIFIED_K8S_SVC_NAME not in existing_virtual_services
+    )
+    if should_setup_unified:
+        log.info(f"Creating {UNIFIED_K8S_SVC_NAME} because it does not exist yet.")
+        yield from setup_paasta_routing(
+            kube_client=kube_client,
+            namespaces=namespaces,
+        )
+    yield from setup_paasta_namespace_services(
+        kube_client,
+        namespaces.keys(),
+        existing_namespace_services,
+        existing_virtual_services,
+    )
+    yield from cleanup_paasta_namespace_services(
+        kube_client,
+        namespaces.keys(),
+        existing_namespace_services,
+        existing_virtual_services,
+    )
+def setup_istio_mesh(
+    kube_client: KubeClient,
+    rate_limit: int = 0,
+    soa_dir: str = DEFAULT_SOA_DIR,
+) -> bool:
+    delay = 0 if rate_limit == 0 else 1.0 / float(rate_limit)
+    took = delay
+    success = True
+    for fn in process_kube_services(kube_client=kube_client, soa_dir=soa_dir):
+        time.sleep(max(0, delay - took))
+        try:
+            log.debug(f"Calling yielded {fn.func}({fn.args})")
+            start = time.time()
+            result = fn()
+            took = time.time() - start
+            log.debug(f"Result: {result}, took {took}s")
+        except Exception:
+            success = False
+            log.exception(f"Failed calling {fn.func}({fn.args})")
+    return success
+def main() -> None:
+    args = parse_args()
+    logging.basicConfig(level=logging.DEBUG if args.verbose else logging.INFO)
+    kube_client = KubeClient()
+    ensure_namespace(kube_client, namespace=PAASTA_NAMESPACE)
+    success = setup_istio_mesh(kube_client, args.rate_limit, args.soa_dir)
+    sys.exit(0 if success else 1)
+if __name__ == "__main__":
+    main()