fix(controller): refresh objectstorage-keyfile for apps

Signed-off-by: Cryptophobia <aouzounov@gmail.com>
teamhephy · Oct 20, 2020 · ec87381 · ec87381
1 parent 2bf9a23
commit ec87381
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/rootfs/api/models/app.py b/rootfs/api/models/app.py
@@ -1142,6 +1142,25 @@ def set_application_config(self, release):
     def create_object_store_secret(self):
         try:
             self._scheduler.secret.get(self.id, 'objectstorage-keyfile')
+            if self._scheduler.secret.get(self.id, 'objectstorage-keyfile'):
+                '''
+                Rotating Secret Access Keys Bug:
+                Issue #9: https://github.com/teamhephy/controller/issues/9
+
+                We need to set a new objectstorage-keyfile if it has changed
+                in workflow's namespace
+                '''
+                workflow_objectstorage_keyfile = self._scheduler.secret.get(
+                    settings.WORKFLOW_NAMESPACE, 'objectstorage-keyfile').json()
+                app_objectstorage_keyfile = self._scheduler.secret.get(
+                    self.id, 'objectstorage-keyfile').json()
+                if workflow_objectstorage_keyfile['data'] != app_objectstorage_keyfile['data']:
+                    self.log('Refreshing the objectstorage-keyfile for {} namespace'
+                             .format(self.id), level=logging.INFO)
+                    self._scheduler.secret.delete(self.id, 'objectstorage-keyfile')
+                    secret = self._scheduler.secret.get(
+                        settings.WORKFLOW_NAMESPACE, 'objectstorage-keyfile').json()
+                    self._scheduler.secret.create(self.id, 'objectstorage-keyfile', secret['data'])
         except KubeException:
             secret = self._scheduler.secret.get(
                 settings.WORKFLOW_NAMESPACE, 'objectstorage-keyfile').json()