Add keystore password support

Zuul now requires a keystore password set in zuul.conf. Change-Id: I2269b2dce156265a084b2a68687a233131933b00
2021-05-06 14:08:36 -07:00 · 2021-05-06 14:08:36 -07:00 · ce1f8b338c
commit ce1f8b338c
parent a0b182199e
2 changed files with 20 additions and 1 deletions
--- a/zuul_operator/templates/zuul.conf
+++ b/zuul_operator/templates/zuul.conf
@ -1,6 +1,9 @@
 [gearman]
 server=zuul-gearman

+[keystore]
+password={{ keystore_password }}
+
 [zookeeper]
 {% for key, value in spec.zookeeper.items() -%}
 {{ key }}={{ value }}
--- a/zuul_operator/zuul.py
+++ b/zuul_operator/zuul.py
@ -142,6 +142,21 @@ class Zuul:
        except pykube.exceptions.ObjectDoesNotExist:
            return None

+    def get_keystore_password(self):
+        secret_name = 'zuul-keystore'
+        secret_key = 'password'
+        try:
+            obj = objects.Secret.objects(self.api).\
+                filter(namespace=self.namespace).\
+                get(name=secret_name)
+            pw = base64.b64decode(obj.obj['data'][secret_key]).decode('utf8')
+            return pw
+        except pykube.exceptions.ObjectDoesNotExist:
+            pw = utils.generate_password(512)
+            utils.update_secret(self.api, self.namespace, secret_name,
+                                string_data={secret_key: pw})
+            return pw
+
    def write_zuul_conf(self):
        dburi = self.get_db_uri()
        self.spec.setdefault('database', {})['dburi'] = dburi
@ -170,7 +185,8 @@ class Zuul:
                    connection[k] = v

        kw = {'connections': connections,
-              'spec': self.spec}
+              'spec': self.spec,
+              'keystore_password': self.get_keystore_password()}

        env = jinja2.Environment(
            loader=jinja2.PackageLoader('zuul_operator', 'templates'))