-
Notifications
You must be signed in to change notification settings - Fork 1
/
copy-resources-between-projects.py
190 lines (165 loc) · 6.11 KB
/
copy-resources-between-projects.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
import os
import base64
try:
import requests
import json
import argparse
except ImportError:
print('\nYou have to install "requests" module with:\n python -m pip install requests')
exit()
RANCHER_URL = ""
SOURCE_PROJECT = ""
DEST_PROJECT = ""
SECRET = ""
AUTH_TOKEN = ""
RANCHER_BIN = './rancher '
KUBECTL = RANCHER_BIN + ' kubectl'
COPY_TLS = False
COPY_CREDS = False
def check_settings():
global RANCHER_URL
global SOURCE_PROJECT
global DEST_PROJECT
global SECRET
global AUTH_TOKEN
global RANCHER_BIN
global KUBECTL
global COPY_TLS
global COPY_CREDS
print("Checking params...")
parser = argparse.ArgumentParser()
parser.add_argument("--server",
help="Set rancher instance url")
parser.add_argument("--source",
help="Set the rancher project ID from where to read data")
parser.add_argument("--dest",
help="Set the rancher project ID to copy data, multiple values allowed")
parser.add_argument("--secret",
help="Search for a specific secret name (tls or creds)")
parser.add_argument("--token",
help="Set the rancher auth token")
parser.add_argument("--rancher-path",
help="Set rancher binary path (default to ./rancher)")
parser.add_argument("--copy-mode",
help="Copy tls certificates, registries credentials or both.\nAccepted values: tls, creds, all")
args = parser.parse_args()
if args.server:
RANCHER_URL = args.server
if args.source:
SOURCE_PROJECT = args.source
if args.dest:
DEST_PROJECT = args.dest
if args.secret:
SECRET = args.secret
if args.token:
AUTH_TOKEN = args.token
if args.rancher_path:
RANCHER_BIN = args.rancher_path
if args.copy_mode:
if (args.copy_mode == 'tls'):
COPY_TLS = True
elif (args.copy_mode == 'creds'):
COPY_CREDS = True
elif (args.copy_mode == 'all'):
COPY_TLS = True
COPY_CREDS = True
else:
print("ERR: No Copy Mode defined")
exit()
if RANCHER_URL == "":
print("ERR: No Rancher URL defined")
exit()
if SOURCE_PROJECT == "":
print("ERR: No Source Project defined")
exit()
if DEST_PROJECT == "":
print("ERR: No Destination Project defined")
exit()
if AUTH_TOKEN == "":
print("ERR: No Auth Token defined")
exit()
KUBECTL = RANCHER_BIN + ' kubectl'
def create_tls(name, key, crt, project):
global AUTH_TOKEN
global RANCHER_URL
headers = {
'Authorization': 'Bearer ' + AUTH_TOKEN,
'Content-type': 'application/json',
}
data = {
'type': 'certificate',
'name': name,
'key': key,
'certs': crt
}
#print(json.dumps(data))
api_url = RANCHER_URL + '/v3/project/'+ project + '/certificate'
response = requests.post(api_url, headers = headers, data = json.dumps(data)) #, verify=False)
return response.status_code
def create_registry_credentials(name, registry, project):
global AUTH_TOKEN
global RANCHER_URL
headers = {
'Authorization': 'Bearer ' + AUTH_TOKEN,
'Content-type': 'application/json',
}
data = {
'type': 'dockerCredential',
'name': name,
'registries': {
}
}
data['registries'] = json.loads(registry)['auths']
api_url = RANCHER_URL + '/v3/project/'+ project + '/dockercredential'
response = requests.post(api_url, headers = headers, data = json.dumps(data)) #, verify=False)
return response.status_code
def rancher_login():
global AUTH_TOKEN
global RANCHER_URL
global SOURCE_PROJECT
print("Login to rancher...")
cmd = RANCHER_BIN + ' login ' + RANCHER_URL + ' -t ' + AUTH_TOKEN + ' --context ' + SOURCE_PROJECT
result = os.popen(cmd).read()
if result != '':
print(result)
exit()
if __name__ == "__main__":
check_settings()
rancher_login()
dest_projects = DEST_PROJECT.split(',')
print("Get namespaces from source project...")
cmd = RANCHER_BIN + ' namespaces ps'
result = os.popen(cmd).read()
already_created = []
for line in result.splitlines()[1:]: #1: skip the first element with header
namespace = line.split()[0]
print("Namespace: " + namespace)
print("Check secrets...")
cmd = KUBECTL + ' get secrets -o json -n ' + namespace
if (SECRET != ""):
cmd = cmd + " --field-selector metadata.name=" + SECRET
secrets = os.popen(cmd).read()
secrets_array = json.loads(secrets)['items']
for secret in secrets_array:
type = secret['type']
name = secret['metadata']['name']
print("- " + name + " (" + type + ")")
if (name in already_created):
if type == 'kubernetes.io/tls' and COPY_TLS:
print("\ttls already created")
elif type == "kubernetes.io/dockerconfigjson" and COPY_CREDS:
print("\tregistry_credentials already created")
else:
if type == 'kubernetes.io/tls' and COPY_TLS:
crt = base64.b64decode(secret['data']['tls.crt'].encode("ascii")).decode("ascii")
key = base64.b64decode(secret['data']['tls.key'].encode("ascii")).decode("ascii")
for project in dest_projects:
result = create_tls(name, key, crt, project)
print("\tcreate tls on " + project + ": " + str(result))
elif type == "kubernetes.io/dockerconfigjson" and COPY_CREDS:
registry = base64.b64decode(secret['data']['.dockerconfigjson'].encode("ascii")).decode("ascii")
#print(registry)
for project in dest_projects:
result = create_registry_credentials(name, registry, project)
print("\tcreate registry_credentials on " + project + ": " + str(result))
already_created.append(name)