KubernetesTokenService

class gafaelfawr.services.kubernetes.KubernetesTokenService(*, token_service, storage, session, logger)

Bases: object

Manage Gafaelfawr service tokens stored in Kubernetes secrets.

The GafaelfawrServiceToken custom resource defines a Gafaelfawr service token that should be created and managed as a Kubernetes secret. This class provides the core of the Kubernetes operator that does this. It is intended to be driven via Kopf and a thin layer of Kopf event handlers.

Notes

This service unfortunately has to be aware of the database session since it has to manage transactions around token issuance. The token service is transaction-unaware because it otherwise runs in the context of a request handler, where we implement one transaction per request.

Parameters:

• token_service (TokenService) – Token management service.

• storage (KubernetesTokenStorage) – Storage layer for the Kubernetes cluster.

• session (async_scoped_session) – Database session, used for transaction management.

• logger (BoundLogger) – Logger to report issues.

Methods Summary

update(name, namespace, service_token)

Handle a change to a GafaelfawrServiceToken.

Methods Documentation

async update(name, namespace, service_token)

Handle a change to a GafaelfawrServiceToken.

Parameters:

• name (str) – Name of the GafaelfawrServiceToken Kubernetes object.

• namespace (str) – Namespace of the GafaelfawrServiceToken Kubernetes object.

• body – Contents of the GafaelfawrServiceToken Kubernetes object.

• service_token (GafaelfawrServiceToken)

Returns:

Information to put into the status portion of the object, or None if no status update is required.

Return type:

KubernetesResourceStatus or None

Raises:

KubernetesError – Some error occurred while trying to write to Kubernetes.