kubevirt: use tempfile to create secrets with arbitrary length

karmab · Dec 6, 2024 · b3af095 · b3af095
1 parent c9f4a24
commit b3af095
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 12 deletions.
diff --git a/kvirt/kubecommon/__init__.py b/kvirt/kubecommon/__init__.py
@@ -78,3 +78,10 @@ def _put(subresource, data, debug=False):
     data = json.dumps(data).encode('utf-8')
     request = Request(url, headers=headers, method='PUT', data=data)
     urlopen(request, context=context)
+
+
+def _create_secret(kubectl, name, namespace, data, field='userdata'):
+    with NamedTemporaryFile(mode='w+') as tmp:
+        tmp.write(data)
+        cmd = f"{kubectl} -n {namespace} create secret generic --from-file={field}={tmp.name} -o yaml {name}"
+        return yaml.safe_load(os.popen(cmd).read())
diff --git a/kvirt/providers/kubevirt/__init__.py b/kvirt/providers/kubevirt/__init__.py
@@ -1,11 +1,10 @@
 # -*- coding: utf-8 -*-
 
-import base64
 from ipaddress import ip_address
 from kvirt import common
 from kvirt.common import error, pprint, warning
 from kvirt.kubecommon import _create_resource, _delete_resource, _patch_resource, _replace_resource
-from kvirt.kubecommon import _get_resource, _get_all_resources, _put
+from kvirt.kubecommon import _get_resource, _get_all_resources, _put, _create_secret
 from kvirt.defaults import IMAGES, UBUNTUS, METADATA_FIELDS
 import datetime
 import os
@@ -453,13 +452,13 @@ def create(self, name, virttype=None, profile='', flavor=None, plan='kvirt', cpu
                     cloudinitvolume[cloudinitsource]['networkData'] = netdata
             else:
                 userdatasecretname = f"{name}-userdata-secret"
-                self.create_secret(userdatasecretname, namespace, userdata, field='userdata')
+                _create_secret(kubectl, userdatasecretname, namespace, userdata, field='userdata')
                 cloudinitvolume[cloudinitsource] = {'secretRef': {'name': userdatasecretname}}
                 owners.append(userdatasecretname)
                 if netdata is not None and netdata != '':
                     netdatasecretname = f"{name}-netdata-secret"
                     cloudinitvolume[cloudinitsource]['networkDataSecretRef'] = {'name': netdatasecretname}
-                    self.create_secret(netdatasecretname, namespace, netdata, field='networkdata')
+                    _create_secret(kubectl, netdatasecretname, namespace, netdata, field='networkdata')
                     owners.append(netdatasecretname)
             vm['spec']['template']['spec']['volumes'].append(cloudinitvolume)
         if windows:
@@ -1665,14 +1664,6 @@ def ssh_loadbalancer_ip(self, name, namespace):
         except:
             return None
 
-    def create_secret(self, name, namespace, data, field='userdata'):
-        kubectl = self.kubectl
-        data = base64.b64encode(data.encode()).decode("UTF-8")
-        data = {field: data}
-        spec = {'kind': 'Secret', 'apiVersion': 'v1', 'metadata': {'namespace': namespace, 'name': name},
-                'data': data, 'type': 'Opaque'}
-        _create_resource(kubectl, spec, namespace, debug=self.debug)
-
     def delete_secret(self, name, namespace):
         kubectl = self.kubectl
         if _delete_resource(kubectl, 'secret', name, namespace, debug=self.debug) == '':