Merge pull request #209 from ImMin5/master

Add trusted secret get data at secret manager
cloudforet-io · Mar 13, 2024 · 415651d · 415651d
2 parents edb9e99 + f62d7a9
commit 415651d
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 35 deletions.
diff --git a/src/spaceone/identity/interface/task/v1/trusted_account_sync_scheduler.py b/src/spaceone/identity/interface/task/v1/trusted_account_sync_scheduler.py
@@ -28,30 +28,21 @@ def create_task(self) -> list:
 
     def _create_trusted_account_sync_task(self):
         current_hour = datetime.utcnow().hour
-        if current_hour == 0:
-            stp = {
-                "name": "trusted_account_sync_schedule",
-                "version": "v1",
-                "executionEngine": "BaseWorker",
-                "stages": [
-                    {
-                        "locator": "SERVICE",
-                        "name": "JobService",
-                        "metadata": {"token": self._token},
-                        "method": "create_jobs_by_trusted_account",
-                        "params": {"params": {"current_hour": current_hour}},
-                    }
-                ],
-            }
-            print(
-                f"{utils.datetime_to_iso8601(datetime.utcnow())} [INFO] [create_task] create_jobs_by_trusted_account => START"
-            )
-            return [stp]
-        else:
-            print(
-                f"{utils.datetime_to_iso8601(datetime.utcnow())} [INFO] [create_task] create_jobs_by_trusted_account => SKIP"
-            )
-            print(
-                f"{utils.datetime_to_iso8601(datetime.utcnow())} [INFO] [create_task] data_source_sync_time: {current_hour} hour (UTC)"
-            )
-            return []
+        stp = {
+            "name": "trusted_account_sync_schedule",
+            "version": "v1",
+            "executionEngine": "BaseWorker",
+            "stages": [
+                {
+                    "locator": "SERVICE",
+                    "name": "JobService",
+                    "metadata": {"token": self._token},
+                    "method": "create_jobs_by_trusted_account",
+                    "params": {"params": {"current_hour": current_hour}},
+                }
+            ],
+        }
+        print(
+            f"{utils.datetime_to_iso8601(datetime.utcnow())} [INFO] [create_task] create_jobs_by_trusted_account => START"
+        )
+        return [stp]
diff --git a/src/spaceone/identity/manager/secret_manager.py b/src/spaceone/identity/manager/secret_manager.py
@@ -23,6 +23,15 @@ def get_secret_data(self, secret_id: str, domain_id: str) -> dict:
             token=system_token,
         )
 
+    def get_trusted_secret_data(self, trusted_secret_id: str, domain_id: str) -> dict:
+        system_token = config.get_global("TOKEN")
+
+        return self.secret_conn.dispatch(
+            "TrustedSecret.get_data",
+            {"trusted_secret_id": trusted_secret_id, "domain_id": domain_id},
+            token=system_token,
+        )
+
     def create_trusted_secret(self, params: dict) -> dict:
         return self.secret_conn.dispatch("TrustedSecret.create", params)
 

diff --git a/src/spaceone/identity/service/__init__.py b/src/spaceone/identity/service/__init__.py
@@ -0,0 +1 @@
+from spaceone.identity.service.job_service import JobService
diff --git a/src/spaceone/identity/service/job_service.py b/src/spaceone/identity/service/job_service.py
@@ -277,18 +277,19 @@ def created_service_account_job(
         ac_plugin_mgr.initialize(endpoint)
 
         try:
-            secret_data = self._get_secret_data(
+            trusted_secret_data = self._get_trusted_secret_data(
                 trusted_account_vo.trusted_secret_id, domain_id
             )
             schema_mgr = SchemaManager()
             # Check secret_data by schema
             schema_mgr.validate_secret_data_by_schema_id(
-                schema_id, domain_id, secret_data, "SECRET"
+                schema_id, domain_id, trusted_secret_data, "SECRET"
             )
         except Exception as e:
-            secret_data = {}
+            trusted_secret_data = {}
             _LOGGER.error(
-                f"[created_trusted_account_job] get secret error: {e}", exc_info=True
+                f"[created_trusted_account_job] get trusted secret error: {e}",
+                exc_info=True,
             )
 
         # Add Job Options
@@ -310,7 +311,7 @@ def created_service_account_job(
                     "job_id": job_vo.job_id,
                     "trusted_account_id": trusted_account_id,
                     "trusted_secret_id": trusted_account_vo.trusted_secret_id,
-                    "secret_data": secret_data,
+                    "secret_data": trusted_secret_data,
                     "workspace_id": trusted_account_vo.workspace_id,
                     "domain_id": domain_id,
                 }
@@ -338,11 +339,13 @@ def _get_all_schedule_enabled_trusted_accounts(self, current_hour: int) -> list:
         )
         return trusted_account_vos
 
-    def _get_secret_data(self, secret_id: str, domain_id: str) -> dict:
+    def _get_trusted_secret_data(self, trusted_secret_id: str, domain_id: str) -> dict:
         # todo: this method is internal method
         secret_mgr: SecretManager = self.locator.get_manager("SecretManager")
-        if secret_id:
-            secret_data = secret_mgr.get_secret_data(secret_id, domain_id)
+        if trusted_secret_id:
+            secret_data = secret_mgr.get_trusted_secret_data(
+                trusted_secret_id, domain_id
+            )
         else:
             secret_data = {}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		from spaceone.identity.service.job_service import JobService