Skip to content
This repository has been archived by the owner on Apr 2, 2024. It is now read-only.

Commit

Permalink
Don't attempt to trim keys for presets (#17)
Browse files Browse the repository at this point in the history
The operator was attempting to run `trim_keys` on Preset keys. This was
failing because the Secrets were not writable by the operator.

The root cause was a bug introduced during refactoring of the account
creation code.

Also forbid optional.py v2.0, newly uploaded on 13 March and with a
different and useless API.
  • Loading branch information
amrc-benmorrow authored Mar 21, 2024
2 parents 8154137 + 062318d commit 9f3bd05
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 14 deletions.
3 changes: 2 additions & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ ARG kubeseal_ver=0.19.5

RUN apk add curl python3 py3-pip python3-dev gcc musl-dev krb5 krb5-dev \
&& pip install -t /usr/local/python krb5 python-kadmV kubernetes kopf \
optional.py requests requests-cache requests-kerberos \
"optional.py<2.0" \
requests requests-cache requests-kerberos \
&& curl -L https://github.com/bitnami-labs/sealed-secrets/releases/download/v${kubeseal_ver}/kubeseal-${kubeseal_ver}-linux-amd64.tar.gz | tar -xzvf - -C /usr/local/bin kubeseal

FROM alpine
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

-include config.mk

version?=v1.3.0
version?=v1.3.1
suffix?=
registry?=ghcr.io/amrc-factoryplus
repo?=acs-kerberos-keys
Expand Down
2 changes: 1 addition & 1 deletion lib/amrc/factoryplus/krbkeys/event.py
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ def process (self):

p_meta = self.patch.metadata
p_meta.annotations[Identifiers.FORCE_REKEY] = None
if status.has_old_keys:
if status.has_old:
p_meta.labels[Identifiers.HAS_OLD_KEYS] = "true"

class TrimKeys (KrbKeyEvent):
Expand Down
12 changes: 1 addition & 11 deletions lib/amrc/factoryplus/krbkeys/spec.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,6 @@
from .secrets import SecretRef
from .util import Identifiers, dslice, fields, hidden, log

@fields
class ReconcileStatus:
has_old_keys: bool = False

@fields
class InternalSpec:
principals: list[str]
Expand Down Expand Up @@ -73,12 +69,6 @@ def remove (self, new):
kadm.disable_princ(p)

def reconcile (self, force=False):
status = ReconcileStatus()

status.has_old_keys = self.reconcile_key(force)
return status

def reconcile_key (self, force):
kops = self.kind
current = self.secret.maybe_read()

Expand All @@ -104,7 +94,7 @@ def reconcile_key (self, force):

status = kops.generate_key(self, oldkey)
self.secret.write(status.secret)
return status.has_old
return status

def trim_keys (self):
self.secret.verify_writable()
Expand Down

0 comments on commit 9f3bd05

Please sign in to comment.