Source code for airflow.providers.cncf.kubernetes.secret
# Licensed to the Apache Software Foundation (ASF) under one# or more contributor license agreements. See the NOTICE file# distributed with this work for additional information# regarding copyright ownership. The ASF licenses this file# to you under the Apache License, Version 2.0 (the# "License"); you may not use this file except in compliance# with the License. You may obtain a copy of the License at## http://www.apache.org/licenses/LICENSE-2.0## Unless required by applicable law or agreed to in writing,# software distributed under the License is distributed on an# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY# KIND, either express or implied. See the License for the# specific language governing permissions and limitations# under the License."""Classes for interacting with Kubernetes API."""from__future__importannotationsimportcopyimportuuidfromkubernetes.clientimportmodelsask8sfromairflow.exceptionsimportAirflowConfigExceptionfromairflow.providers.cncf.kubernetes.k8s_modelimportK8SModel
[docs]classSecret(K8SModel):"""Defines Kubernetes Secret Volume."""def__init__(self,deploy_type,deploy_target,secret,key=None,items=None):""" Initialize a Kubernetes Secret Object. Used to track requested secrets from the user. :param deploy_type: The type of secret deploy in Kubernetes, either `env` or `volume` :param deploy_target: (Optional) The environment variable when `deploy_type` `env` or file path when `deploy_type` `volume` where expose secret. If `key` is not provided deploy target should be None. :param secret: Name of the secrets object in Kubernetes :param key: (Optional) Key of the secret within the Kubernetes Secret if not provided in `deploy_type` `env` it will mount all secrets in object :param items: (Optional) items that can be added to a volume secret for specifying projects of secret keys to paths https://kubernetes.io/docs/concepts/configuration/secret/#projection-of-secret-keys-to-specific-paths """ifdeploy_typenotin("env","volume"):raiseAirflowConfigException("deploy_type must be env or volume")self.deploy_type=deploy_typeself.deploy_target=deploy_targetself.items=itemsor[]ifdeploy_targetisnotNoneanddeploy_type=="env":# if deploying to env, capitalize the deploy targetself.deploy_target=deploy_target.upper()ifkeyisnotNoneanddeploy_targetisNone:raiseAirflowConfigException("If `key` is set, `deploy_target` should not be None")self.secret=secretself.key=key
[docs]defto_env_secret(self)->k8s.V1EnvVar:"""Store es environment secret."""returnk8s.V1EnvVar(name=self.deploy_target,value_from=k8s.V1EnvVarSource(secret_key_ref=k8s.V1SecretKeySelector(name=self.secret,key=self.key)),)
[docs]defto_env_from_secret(self)->k8s.V1EnvFromSource:"""Read from environment to secret."""returnk8s.V1EnvFromSource(secret_ref=k8s.V1SecretEnvSource(name=self.secret))
[docs]defto_volume_secret(self)->tuple[k8s.V1Volume,k8s.V1VolumeMount]:"""Convert to volume secret."""vol_id=f"secretvol{uuid.uuid4()}"volume=k8s.V1Volume(name=vol_id,secret=k8s.V1SecretVolumeSource(secret_name=self.secret))ifself.items:volume.secret.items=self.itemsreturn(volume,k8s.V1VolumeMount(mount_path=self.deploy_target,name=vol_id,read_only=True))
[docs]defattach_to_pod(self,pod:k8s.V1Pod)->k8s.V1Pod:"""Attach to pod."""cp_pod=copy.deepcopy(pod)ifself.deploy_type=="volume":volume,volume_mount=self.to_volume_secret()ifcp_pod.spec.volumesisNone:cp_pod.spec.volumes=[]cp_pod.spec.volumes.append(volume)ifcp_pod.spec.containers[0].volume_mountsisNone:cp_pod.spec.containers[0].volume_mounts=[]cp_pod.spec.containers[0].volume_mounts.append(volume_mount)ifself.deploy_type=="env"andself.keyisnotNone:env=self.to_env_secret()ifcp_pod.spec.containers[0].envisNone:cp_pod.spec.containers[0].env=[]cp_pod.spec.containers[0].env.append(env)ifself.deploy_type=="env"andself.keyisNone:env_from=self.to_env_from_secret()ifcp_pod.spec.containers[0].env_fromisNone:cp_pod.spec.containers[0].env_from=[]cp_pod.spec.containers[0].env_from.append(env_from)returncp_pod
