old-portfolio/infra-hideyoshi.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removes Templates and Creates All Secrets in ./deployment/secrets

Browse Source
This commit is contained in:
Vitor Hideyoshi
2023-09-26 07:24:15 -03:00
parent 94083f63bd
commit 5246c51176
7 changed files with 133 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.gitignore vendored
View File

@@ -6,15 +6,7 @@
.vscode/ .vscode/
**/storage-secret.yaml **/*.json
**/backend-secret.yaml
**/frontend-secret.yaml
**/postgres-secret.yaml
**/redis-secret.yaml
**/cert-manager-certificate.yaml **/cert-manager-certificate.yaml

189
setup.py
View File

@@ -3,40 +3,17 @@ from dotenv import load_dotenv
from envsubst import envsubst from envsubst import envsubst
from pathlib import Path, PosixPath from pathlib import Path, PosixPath
import argparse import argparse
import warnings
import json
import os import os
ENV_VARIABLES = [
"FRONTEND_PATH",
"BACKEND_URL",
"BACKEND_OAUTH_URL",
"TOKEN_SECRET",
"ACCESS_TOKEN_DURATION",
"REFRESH_TOKEN_DURATION",
"DEFAULT_USER_FULLNAME",
"DEFAULT_USER_EMAIL",
"DEFAULT_USER_USERNAME",
"DEFAULT_USER_PASSWORD",
"GOOGLE_CLIENT_ID",
"GOOGLE_CLIENT_SECRET",
"GOOGLE_REDIRECT_URL",
"OAUTH_GITHUB_CLIENT_ID",
"OAUTH_GITHUB_CLIENT_SECRET",
"OAUTH_GITHUB_REDIRECT_URL",
"POSTGRES_USER",
"POSTGRES_PASSWORD",
"POSTGRES_DB",
"REDIS_PASSWORD",
"STORAGE_TYPE",
"AWS_ACCESS_KEY_ID",
"AWS_SECRET_ACCESS_KEY",
"AWS_REGION_NAME",
"AWS_BUCKET_NAME",
"VIRUS_CHECKER_TYPE",
"VIRUS_CHECKER_API_KEY",
]
def write_template(template: str, output: str):
with open(template, 'r') as template,\
open(output, 'w') as output:
output.write(envsubst(template.read()))
def setting_environment(environment: str): def configure_templates(environment: str):
if not environment in ("prod", "staging", "local", "dev"): if not environment in ("prod", "staging", "local", "dev"):
raise ValueError("Invalid Environment Selected") raise ValueError("Invalid Environment Selected")
@@ -54,48 +31,146 @@ def setting_environment(environment: str):
os.environ["DOMAIN"] = DOMAIN os.environ["DOMAIN"] = DOMAIN
os.environ["API_DOMAIN"] = API_DOMAIN os.environ["API_DOMAIN"] = API_DOMAIN
write_template(
"template/cert-manager/cert-manager-certificate.template.yaml",
"deployment/cert-manager/cert-manager-certificate.yaml"
)
def load_secret_file(file: str): write_template(
secret_file_path = Path(file) "template/nginx-ingress/nginx-ingress-api.yaml",
if not secret_file_path.exists(): "deployment/nginx-ingress/nginx-ingress-api.yaml"
raise FileNotFoundError("Secret File Doesn't Exists") )
load_dotenv(dotenv_path=secret_file_path) write_template(
"template/nginx-ingress/nginx-ingress-root.yaml",
"deployment/nginx-ingress/nginx-ingress-root.yaml"
)
def fetch_env_variables(): def validate_backend_secret(secret: str):
for env in ENV_VARIABLES: required_keys = [
value = os.environ[env] 'tokenSecret',
value = value.encode("utf-8") 'accessTokenDuration',
os.environ[env] = b64encode(value).decode() 'refreshTokenDuration',
'defaultUserFullName',
'defaultUserEmail',
'defaultUserUsername',
'defaultUserPassword',
'googleClientId',
'googleClientSecret',
'googleRedirectUrl',
'githubClientId',
'githubClientSecret',
'githubRedirectUrl'
]
for key in required_keys:
if key not in secret:
raise ValueError(f"Key {key} not found in backendSecret")
def envsubst_file(file: PosixPath): def validate_frontend_secret(secret: str):
with open(file) as f: required_keys = [
formated_file = envsubst(f.read()) 'frontendPath',
'backendUrl',
'backendOAuthUrl',
]
new_file = Path("deployment") \ for key in required_keys:
.joinpath(*[part.split('.')[0] for part in file.parts if part != "template"]) \ if key not in secret:
.with_suffix(".yaml") raise ValueError(f"Key {key} not found in frontendSecret")
with open(new_file, 'w') as f:
f.write(formated_file)
def substitute_secrets_from_templates(): def validate_postgres_secret(secret: str):
for subdir in Path("template").glob("*"): required_keys = [
for file in subdir.glob("*.yaml"): 'postgresUser',
envsubst_file(file) 'postgresPassword',
'postgresDatabase'
]
for key in required_keys:
if key not in secret:
raise ValueError(f"Key {key} not found in postgresSecret")
def validate_redis_secret(secret: str):
required_keys = [
'redisPassword',
]
for key in required_keys:
if key not in secret:
raise ValueError(f"Key {key} not found in redisSecret")
def validate_storage_secret(secret: str):
required_keys = [
'storageType',
'awsAccessKeyId',
'awsSecretAccessKey',
'awsRegion',
'awsBucket',
'virusCheckerType',
'virusCheckerApiKey',
]
for key in required_keys:
if key not in secret:
raise ValueError(f"Key {key} not found in storageSecret")
def validate_env(env: dict):
required_secrets = [
'backendSecret',
'frontendSecret',
'postgresSecret',
'redisSecret',
'storageSecret',
]
for secret in required_secrets:
if secret not in env:
raise ValueError(f"Secret {secret} not found in env.json")
if secret == 'backendSecret':
validate_backend_secret(env[secret])
if secret == 'frontendSecret':
validate_frontend_secret(env[secret])
if secret == 'postgresSecret':
validate_postgres_secret(env[secret])
if secret == 'redisSecret':
validate_redis_secret(env[secret])
if secret == 'storageSecret':
validate_storage_secret(env[secret])
def write_secrets_to_file(env: dict):
for key, secret in env.items():
dir = Path("deployment", "secrets")
with open(dir.joinpath(f"{key}.json"), "w") as f:
json.dump(secret, f, indent=4)
def read_env_json(file: str) -> dict:
with open(file, "r") as f:
return json.load(f)
def main(file, environment): def main(file, environment):
setting_environment(environment) env = read_env_json(file)
load_secret_file(file) validate_env(env)
fetch_env_variables() write_secrets_to_file(env)
substitute_secrets_from_templates() configure_templates(environment)
if __name__ == "__main__": if __name__ == "__main__":

20
template/backend/backend-secret.template.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
namespace: portfolio
name: backend-secret
type: Opaque
data:
token_secret: $TOKEN_SECRET
access_token_duration: $ACCESS_TOKEN_DURATION
refresh_token_duration: $REFRESH_TOKEN_DURATION
default_user_fullname: $DEFAULT_USER_FULLNAME
default_user_email: $DEFAULT_USER_EMAIL
default_user_username: $DEFAULT_USER_USERNAME
default_user_password: $DEFAULT_USER_PASSWORD
google_client_id: $GOOGLE_CLIENT_ID
google_client_secret: $GOOGLE_CLIENT_SECRET
google_redirect_url: $GOOGLE_REDIRECT_URL
github_client_id: $OAUTH_GITHUB_CLIENT_ID
github_client_secret: $OAUTH_GITHUB_CLIENT_SECRET
github_redirect_url: $OAUTH_GITHUB_REDIRECT_URL

10
template/frontend/frontend-secret.template.yaml
View File

@@ -1,10 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
namespace: portfolio
name: frontend-secret
type: Opaque
data:
frontend_path: $FRONTEND_PATH
backend_url: $BACKEND_URL
backend_oauth_url: $BACKEND_OAUTH_URL

10
template/postgres/postgres-secret.template.yaml
View File

@@ -1,10 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
namespace: portfolio
name: postgres-secret
type: Opaque
data:
POSTGRES_USER: $POSTGRES_USER
POSTGRES_PASSWORD: $POSTGRES_PASSWORD
POSTGRES_DB: $POSTGRES_DB

8
template/redis/redis-secret.template.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
namespace: portfolio
name: redis-secret
type: Opaque
data:
redis-password: $REDIS_PASSWORD

14
template/storage/storage-secret.template.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
namespace: portfolio
name: storage-secret
type: Opaque
data:
storage_type: $STORAGE_TYPE
aws_access_key_id: $AWS_ACCESS_KEY_ID
aws_access_access_key: $AWS_SECRET_ACCESS_KEY
aws_region_name: $AWS_REGION_NAME
aws_bucket_name: $AWS_BUCKET_NAME
virus_checker_type: $VIRUS_CHECKER_TYPE
virus_checher_api_key: $VIRUS_CHECKER_API_KEY