diff --git a/.gitignore b/.gitignore index 9b4f3164..315e0149 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,8 @@ _sample-*/ credentials-templates/ fence-config.yaml user.yaml + +# ohsu +venv/ +.SSToken.* +Secrets-local/ \ No newline at end of file diff --git a/Makefile b/Makefile index e3073b16..f13c252f 100644 --- a/Makefile +++ b/Makefile @@ -97,7 +97,7 @@ deploy: check-context check-secrets check-venv @read -p "Deploy $(DEPLOY)? [y/N]: " sure && \ case "$$sure" in \ [yY]) true;; \ - *) false;; \ + *) echo "exiting..." && false;; \ esac @echo "Deploying $(DEPLOY)" @@ -106,9 +106,12 @@ deploy: check-context check-secrets check-venv -f Secrets/user.yaml \ -f Secrets/fence-config.yaml \ -f Secrets/TLS/gen3-certs.yaml - - - $(VENV)/bin/python $(SCRIPT) post $(DEPLOY); + + @read -p "Update Secret Server secrets for $(DEPLOY)? [y/N]: " sure && \ + case "$$sure" in \ + [yY]) $(VENV)/bin/python $(SCRIPT) post $(DEPLOY);; \ + *) echo "secrets were not updated in SS";; \ + esac ENV := VENV := venv diff --git a/SSClient.py b/SSClient.py index 0662c670..6b46318b 100644 --- a/SSClient.py +++ b/SSClient.py @@ -34,7 +34,8 @@ def cli(): class CustomHttpAdapter (requests.adapters.HTTPAdapter): """Python 3.12 uses openSSL v3 which doesn't allow for unsafe legacy renegotiation. Secretserver endpoint is - making me have to use unsafe legacy renegotiation""" + making me have to use unsafe legacy renegotiation + see https://stackoverflow.com/questions/71603314/ssl-error-unsafe-legacy-renegotiation-disabled/73519818#73519818""" def __init__(self, ssl_context=None, **kwargs): self.ssl_context = ssl_context @@ -243,7 +244,6 @@ def _update_secret(env: str, username: str, password: str, id: int, otp: int): data={'fileName': f"{env_dir}.zip"}, headers=headers, files=files) - print(response.content) response.raise_for_status() except requests.exceptions.RequestException as e: response_body = e.response.json() if e.response else None @@ -301,14 +301,18 @@ def _get_token(username: str, password: str, otp: int) -> str: except requests.exceptions.RequestException as e: response_body = e.response.json() if e.response else None error_message = response_body.get("error") if response_body else str(e) - if "Failed to resolve 'secretserver.ohsu.edu'" in str(e): + + if "Failed to resolve 'secretserver.ohsu.edu'" in error_message: print("You must be connected to the secure network in order to access secretserver.ohsu.edu") - exit(1) - elif "400 Client Error: Bad Request for url: https://secretserver.ohsu.edu/secretserver/oauth2/token" in str(e): + elif "400 Client Error: Bad Request for url: https://secretserver.ohsu.edu/secretserver/oauth2/token" in error_message: print("Invalid login credentials.") + elif "403" in error_message: + print(error_message) + print("User either does not have access or has had too many failed attempts") else: print(f"ERROR: {error_message}") - exit(1) + + exit(1) if __name__ == '__main__': diff --git a/helm/etl-pod/values.yaml b/helm/etl-pod/values.yaml index bca830af..831495b9 100644 --- a/helm/etl-pod/values.yaml +++ b/helm/etl-pod/values.yaml @@ -29,7 +29,7 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" -serviceAccount: +serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account @@ -71,13 +71,13 @@ ingress: # hosts: # - chart-example.local -resources: - limits: - cpu: 1.0 - memory: 1Gi - requests: - cpu: 0.2 - memory: 256Mi +resources: + limits: + cpu: 1.0 + memory: 1Gi + requests: + cpu: 0.2 + memory: 256Mi autoscaling: enabled: false diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index 619adc19..282a6800 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -4,7 +4,7 @@ # Global configuration global: - + # -- (map) AWS configuration dbRestoreBucket: aced-development dbRestorePath: meta_graph_load.py