diff --git a/hooks/copy_custom_certificate.py b/hooks/copy_custom_certificate.py deleted file mode 100755 index 82c383f022..0000000000 --- a/hooks/copy_custom_certificate.py +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright 2023 Flant JSC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from lib.hooks.copy_custom_certificate import CopyCustomCertificatesHook -import common - -if __name__ == "__main__": - hook = CopyCustomCertificatesHook(common.MODULE_NAME) - hook.run() diff --git a/hooks/lib/hooks/copy_custom_certificate.py b/hooks/lib/hooks/copy_custom_certificate.py deleted file mode 100644 index 0ea265af66..0000000000 --- a/hooks/lib/hooks/copy_custom_certificate.py +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright 2023 Flant JSC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from deckhouse import hook -from typing import Callable -from lib.module import module -from lib.hooks.hook import Hook - - -class CopyCustomCertificatesHook(Hook): - CUSTOM_CERTIFICATES_SNAPSHOT_NAME = "custom_certificates" - - def __init__(self, module_name: str): - self.module_name = module_name - self.queue = f"/modules/{self.module_name}/copy-custom-certificates" - - def generate_config(self) -> dict: - return { - "configVersion": "v1", - "beforeHelm": 10, - "kubernetes": [ - { - "name": self.CUSTOM_CERTIFICATES_SNAPSHOT_NAME, - "apiVersion": "v1", - "kind": "Secret", - "labelSelector": { - "matchExpressions": [ - { - "key": "owner", - "operator": "NotIn", - "values": ["helm"] - } - ] - }, - "namespace": { - "nameSelector": { - "matchNames": ["d8-system"] - } - }, - "includeSnapshotsFrom": [self.CUSTOM_CERTIFICATES_SNAPSHOT_NAME], - "jqFilter": '{"name": .metadata.name, "data": .data}', - "queue": self.queue, - "keepFullObjectsInMemory": False - }, - ] - } - - def reconcile(self) -> Callable[[hook.Context], None]: - def r(ctx: hook.Context) -> None: - custom_certificates = {} - for s in ctx.snapshots.get(self.CUSTOM_CERTIFICATES_SNAPSHOT_NAME, []): - custom_certificates[s["filterResult"] - ["name"]] = s["filterResult"]["data"] - if len(custom_certificates) == 0: - return - - https_mode = module.get_https_mode(module_name=self.module_name, - values=ctx.values) - path = f"{self.module_name}.internal.customCertificateData" - if https_mode != "CustomCertificate": - self.delete_value(path, ctx.values) - return - - raw_secret_name = module.get_values_first_defined(ctx.values, - f"{self.module_name}.https.customCertificate.secretName", - "global.modules.https.customCertificate.secretName") - secret_name = str(raw_secret_name or "") - secret_data = custom_certificates.get(secret_name) - if secret_data is None: - print( - f"Custom certificate secret name is configured, but secret d8-system/{secret_name} doesn't exist") - return - self.set_value(path, ctx.values, secret_data) - return r diff --git a/hooks/lib/tests/test_copy_custom_certificate.py b/hooks/lib/tests/test_copy_custom_certificate.py deleted file mode 100644 index 66bcbbe493..0000000000 --- a/hooks/lib/tests/test_copy_custom_certificate.py +++ /dev/null @@ -1,114 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright 2023 Flant JSC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from lib.tests import testing -from lib.hooks.copy_custom_certificate import CopyCustomCertificatesHook - - -MODULE_NAME = "test" -SECRET_NAME = "secretName" -SECRET_DATA = { - "ca.crt": "CACRT", - "tls.crt": "TLSCRT", - "tls.key": "TLSKEY" -} - -hook = CopyCustomCertificatesHook(module_name=MODULE_NAME) - -binding_context = [ - { - "binding": "binding", - "snapshots": { - hook.CUSTOM_CERTIFICATES_SNAPSHOT_NAME: [ - { - "filterResult": { - "name": SECRET_NAME, - "data": SECRET_DATA - } - }, - { - "filterResult": { - "name": "test", - "data": {} - } - } - ] - } - } -] - -values_add = { - "global": { - "modules": { - "https": { - "mode": "CustomCertificate", - "customCertificate": { - "secretName": "test" - } - } - } - }, - MODULE_NAME: { - "https": { - "customCertificate": { - "secretName": SECRET_NAME - } - }, - "internal": {} - } -} - - -values_delete = { - "global": { - "modules": { - "https": { - "mode": "CertManager" - } - } - }, - MODULE_NAME: { - "internal": { - "customCertificateData": SECRET_DATA - } - } -} - - -class TestCopyCustomCertificateAdd(testing.TestHook): - def setUp(self): - self.func = hook.reconcile() - self.bindind_context = binding_context - self.values = values_add - - def test_copy_custom_certificate_adding(self): - self.hook_run() - self.assertGreater( - len(self.values[MODULE_NAME]["internal"].get("customCertificateData", {})), 0) - self.assertEqual( - self.values[MODULE_NAME]["internal"]["customCertificateData"], SECRET_DATA) - - -class TestCopyCustomCertificateDelete(testing.TestHook): - def setUp(self): - self.func = hook.reconcile() - self.bindind_context = binding_context - self.values = values_delete - - def test_copy_custom_certificate_deleting(self): - self.hook_run() - self.assertEqual( - len(self.values[MODULE_NAME]["internal"].get("customCertificateData", {})), 0) diff --git a/images/hooks/cmd/virtualization-module-hooks/register.go b/images/hooks/cmd/virtualization-module-hooks/register.go index 0fff8fb021..5912430cec 100644 --- a/images/hooks/cmd/virtualization-module-hooks/register.go +++ b/images/hooks/cmd/virtualization-module-hooks/register.go @@ -17,6 +17,7 @@ package main import ( _ "hooks/pkg/hooks/ca-discovery" + _ "hooks/pkg/hooks/copy-custom-certificate" _ "hooks/pkg/hooks/discovery-clusterip-service-for-dvcr" _ "hooks/pkg/hooks/discovery-workload-nodes" _ "hooks/pkg/hooks/generate-secret-for-dvcr" diff --git a/images/hooks/pkg/hooks/copy-custom-certificate/main.go b/images/hooks/pkg/hooks/copy-custom-certificate/main.go new file mode 100644 index 0000000000..063e5901c0 --- /dev/null +++ b/images/hooks/pkg/hooks/copy-custom-certificate/main.go @@ -0,0 +1,25 @@ +/* +Copyright 2025 Flant JSC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package copy_custom_certificate + +import ( + copycustomcertificate "github.com/deckhouse/module-sdk/common-hooks/copy-custom-certificate" + + "hooks/pkg/settings" +) + +var _ = copycustomcertificate.RegisterHook(settings.ModuleName)