Improving SS as a source of truth (#56) (#57)

* split up make local with a new `push-secrets` command
* update SS-related comments

.gitignore

@@ -17,4 +17,4 @@ user.yaml
 # ohsu
 venv/
 .SSToken.*
-Secrets-local/
+Secrets-*/

Makefile

@@ -92,8 +92,7 @@ clean: check-clean ## Delete all existing deployments, configmaps, and secrets
 	@kubectl delete configmaps --all
 	@kubectl delete jobs --all
 
-# Make sure to build the venv. Don't have to be in it but it must exist in the dir
-deploy: check-context check-secrets check-venv
+deploy: check-context check-secrets
 	@read -p "Deploy $(DEPLOY)? [y/N]: " sure && \
 		case "$$sure" in \
 			[yY]) true;; \
@@ -106,24 +105,7 @@ deploy: check-context check-secrets check-venv
 		-f Secrets/user.yaml \
 		-f Secrets/fence-config.yaml \
 		-f Secrets/TLS/gen3-certs.yaml
-
-	@read -p "Update Secret Server secrets for $(DEPLOY)? [y/N]: " sure && \
-		case "$$sure" in \
-			[yY]) $(VENV)/bin/python $(SCRIPT) post $(DEPLOY);; \
-			*) echo "secrets were not updated in SS";; \
-		esac
-
-ENV :=
-VENV := venv
-SCRIPT := SSClient.py
-
-# Runs like make fetch-secret ENV=local where local is whatever env you want
-fetch-secret: check-venv
-	@echo "Fetching $(ENV)"
-	$(VENV)/bin/python $(SCRIPT) get $(ENV);
 
-list-secret: check-venv
-	$(VENV)/bin/python $(SCRIPT) list;
 
 # Create a timestamped Secrets archive and copy to $HOME/OneDrive/ACED-deployments
 zip:
@@ -137,4 +119,31 @@ help:	## Show this help message
 	@grep -hE '^[A-Za-z0-9_ \-]*?:.*##.*$$' $(MAKEFILE_LIST) | \
 		awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m\033[1m%-20s\033[0m %s\n", $$1, $$2}'
 
-.PHONY: debug deploy clean check-clean zip help change-context
+.PHONY: debug deploy clean check-clean zip help change-context
+
+
+#################
+# SECRET SERVER #
+#################
+# venv will be created if it doesn't exist
+VENV := venv
+SCRIPT := SSClient.py
+
+# eg: fetch-secrets ENV=local or development, etc
+fetch-secrets: check-venv
+	@echo "Fetching $(ENV)"
+	$(VENV)/bin/python $(SCRIPT) get $(ENV);
+
+
+# eg: push-secrets ENV=local or local_test or development, etc
+push-secrets: check-venv
+	@read -p "Update Secret Server secrets for $(ENV)? [y/N]: " sure && \
+		case "$$sure" in \
+			[yY]) true;; \
+			*) echo "secrets were not updated in SS" && false;; \
+		esac
+	$(VENV)/bin/python $(SCRIPT) post "$(ENV)"
+
+
+list-secrets: check-venv
+	$(VENV)/bin/python $(SCRIPT) list;

SSClient.py

@@ -1,3 +1,4 @@
+from typing import Optional
 import click
 import requests
 import os
@@ -17,7 +18,9 @@
 
 # See 'Domain' on https://secretserver.ohsu.edu/SecretServer/login.aspx
 DOMAIN = "OHSUM01"
+
 SECRETS_LOCAL = 17583
+SECRETS_LOCAL_TEST = 17717
 SECRETS_DEV = 17220
 SECRETS_CBDS = 17599
 SECRETS_STAGING = 17600
@@ -66,9 +69,8 @@ def conv_shorthand(env: str) -> str:
     return env
 
 
-def match_env_with_id(env: str, id: int):
-    """Secret Server expects an 'id' in order to get data from a secret.
-       To do this you need to"""
+def match_env_with_id(env: str, id: Optional[int]):
+    "Associates environment secret with its SS ID"
 
     conv_env = conv_shorthand(env)
     prefix = "Secrets-"
@@ -77,6 +79,8 @@ def match_env_with_id(env: str, id: int):
 
     if conv_env == "local":
         return SECRETS_LOCAL, f"{prefix}local"
+    if conv_env == "local_test":
+        return SECRETS_LOCAL_TEST, f"{prefix}local_test"
     if conv_env == "development":
         return SECRETS_DEV, f"{prefix}development"
     if conv_env == "staging":
@@ -238,12 +242,12 @@ def _update_secret(env: str, username: str, password: str, id: int, otp: int):
         else:
             raise FileNotFoundError(f"Secrets directory: {env_dir}.zip does\
 not exist")
-
+
+        # upload secrets
         files = {'file': (os.path.basename(f"{env_dir}.zip"), data)}
         response = session.put(f"{OHSU_SECRET_SERVER_ENDPOINT}/api/v1/secrets/{id}/fields/file",
                                data={'fileName': f"{env_dir}.zip"},
                                headers=headers, files=files)
-
         response.raise_for_status()
     except requests.exceptions.RequestException as e:
         response_body = e.response.json() if e.response else None