Merge pull request #593 from helgi/secrets_decode

helgi · helgi · commit 8c364ab8edef · 2016-04-07T13:23:10.000-07:00
feat(k8s): base64 decode secrets on the fly and insert into response
diff --git a/rootfs/scheduler/__init__.py b/rootfs/scheduler/__init__.py
@@ -1,3 +1,4 @@
+import io
 import json
 import logging
 import os
@@ -475,7 +476,8 @@ def create(self, namespace, **kwargs):
                 try:
                     self._get_secret(namespace, 'objectstorage-keyfile')
                 except KubeException:
-                    self._create_objectstore_secret(namespace)
+                    secret = self._get_secret('deis', 'objectstorage-keyfile').json()
+                    self._create_secret(namespace, 'objectstorage-keyfile', secret['data'])
 
             try:
                 self._get_service(namespace, namespace)
@@ -1056,20 +1058,20 @@ def _healthcheck(self, controller, routable=False, path='/', port=5000, delay=30
 
     # SECRETS #
     # http://kubernetes.io/v1.1/docs/api-reference/v1/definitions.html#_v1_secret
-    def _create_objectstore_secret(self, namespace):
-        secret = self._get_secret('deis', 'objectstorage-keyfile').json()
-        data = {}
-        for key, value in secret['data'].items():
-            data[key] = base64.b64decode(value)
-        self._create_secret(namespace, 'objectstorage-keyfile', data)
-
     def _get_secret(self, namespace, name):
         url = self._api("/namespaces/{}/secrets/{}", namespace, name)
         response = self.session.get(url)
         if unhealthy(response.status_code):
             error(response, 'get Secret "{}" in Namespace "{}"', name, namespace)
 
-        # FIXME decode data - can it be done without affecting the response object too much???
+        # decode the base64 data
+        secrets = response.json()
+        for key, value in secrets['data'].items():
+            secrets['data'][key] = base64.b64decode(value).decode(encoding='UTF-8')
+
+        # tell python-requests it actually hasn't consumed the data
+        response._content_consumed = False
+        response.raw = io.StringIO(json.dumps(secrets))
 
         return response
 
