Merge pull request #10 from teamhephy/issue/fix-objecstorage-keyfile-in-namespaces

Cryptophobia · web-flow · commit 3aab23db019b · 2020-10-20T16:25:05.000-04:00
Fix for refreshing of objectstorage-keyfile
diff --git a/rootfs/api/models/app.py b/rootfs/api/models/app.py
@@ -1153,6 +1153,25 @@ def set_application_config(self, release):
     def create_object_store_secret(self):
         try:
             self._scheduler.secret.get(self.id, 'objectstorage-keyfile')
+            if self._scheduler.secret.get(self.id, 'objectstorage-keyfile'):
+                '''
+                Rotating Secret Access Keys Bug:
+                Issue #9: https://github.com/teamhephy/controller/issues/9
+
+                We need to set a new objectstorage-keyfile if it has changed
+                in workflow's namespace
+                '''
+                workflow_objectstorage_keyfile = self._scheduler.secret.get(
+                    settings.WORKFLOW_NAMESPACE, 'objectstorage-keyfile').json()
+                app_objectstorage_keyfile = self._scheduler.secret.get(
+                    self.id, 'objectstorage-keyfile').json()
+                if workflow_objectstorage_keyfile['data'] != app_objectstorage_keyfile['data']:
+                    self.log('Refreshing the objectstorage-keyfile for {} namespace'
+                             .format(self.id), level=logging.INFO)
+                    self._scheduler.secret.delete(self.id, 'objectstorage-keyfile')
+                    secret = self._scheduler.secret.get(
+                        settings.WORKFLOW_NAMESPACE, 'objectstorage-keyfile').json()
+                    self._scheduler.secret.create(self.id, 'objectstorage-keyfile', secret['data'])
         except KubeException:
             secret = self._scheduler.secret.get(
                 settings.WORKFLOW_NAMESPACE, 'objectstorage-keyfile').json()
