Secrets

Secrets prototype

class qarnot.secrets.SecretAccessRightBySecret(key: str)[source]

Bases: object

Secret to be made available to a task, described by exact match on its key property.

__init__(key: str)[source]

The SecretAccessRightBySecret constructor.

Parameters:: key (str) – the exact key of the secret.

to_json() → Dict[str, str][source]

Get a SecretAccessRightBySecret ready to be json packed.

Returns:: the json representation of a secret accessible by exact match.
Return type:: Dict[str,str]

__hash__ = None

class qarnot.secrets.SecretAccessRightByPrefix(prefix: str)[source]

Bases: object

Secrets to be made available to a task, by prefix match on its prefix property.

__init__(prefix: str)[source]

The SecretAccessRightByPrefix constructor.

Parameters:: key (str) – the prefix of the secrets’ keys.

to_json() → Dict[str, str][source]

Get a SecretAccessRightByPrefix ready to be json packed.

Returns:: the json representation of a secret accessible by prefix match.
Return type:: Dict[str, str]

__hash__ = None

class qarnot.secrets.SecretsAccessRights(by_secret: List[SecretAccessRightBySecret] | None = None, by_prefix: List[SecretAccessRightByPrefix] | None = None)[source]

Bases: object

Description of all the secrets a task will have access to when running.

__init__(by_secret: List[SecretAccessRightBySecret] | None = None, by_prefix: List[SecretAccessRightByPrefix] | None = None)[source]

The SecretsAccessRights constructor

Parameters:

by_secret (List[~qarnot.secrets.SecretAccessRightBySecret]) – the list of secrets the task will have access to, described using an exact key match
by_prefix (List[~qarnot.secrets.SecretAccessRightByPrefix]) – the list of secrets the task will have access to, described using a prefix key match

to_json() → Dict[str, List[Dict[str, str]]][source]

Get a SecretsAccessRights ready to be json packed.

Returns:: the json representation of the secrets a task will have access to when running.
Return type:: Dict[str, List[str]]

classmethod from_json(json: Dict[str, List[Dict[str, str]]])[source]

Create a SecretsAccessRights from a json representation

Parameters:: json (Dict[str, Any]) – the json to use to create the SecretsAccessRights object.
Returns:: The created SecretsAccessRights.

add_secret_by_key(key: str)[source]

Add key as an available secret to the task.

Parameters:: key (str) – Key to exactly match secrets on.

add_secrets_by_keys(keys: List[str])[source]

Add multiple keys as available secrets to the task.

Parameters:: key (List[str]) – Keys to exactly match secrets on.

add_secret_by_prefix(prefix: str)[source]

Add all secrets starting with prefix as available secrets to the task.

Parameters:: prefix (str) – Prefix to match secrets against.

add_secrets_by_prefixes(prefixes: List[str])[source]

Add all secrets starting with any of the prefixes as available secrets to the task.

Parameters:: prefixes (List[str]) – Prefixes to match secrets against.

class qarnot.secrets.Secrets(connection)[source]

Bases: object

Client used to interact with the Qarnot secrets API.

__init__(connection)[source]

The Secrets constructor.

Parameters:: connection (qarnot.connection.Connection) – the cluster one where secrets are retrieved.

get_secret(key: str) → str[source]

Retrieves the value of the secret with key key and parses it to a string.

Parameters:

key (str) – the key of the secret

Return type:

str

Raises:

SecretNotFoundException – Secret was not found.
UnauthorizedException – Unauthorized.
QarnotGenericException – API general error, see message for details

create_secret(key: str, value: str) → str[source]

Creates a secret with key key and value value. Returns back the key.

Parameters:

key (str) – the key of the secret
value (str) – the value of the secret

Return type:

str

Raises:

SecretConflictException – Secret with this key already exists.
UnauthorizedException – Unauthorized.
QarnotGenericException – API general error, see message for details

update_secret(key: str, value: str) → None[source]

Updates secret with key key and sets its value to value.

Parameters:

key (str) – the key of the secret
value (str) – the new value of the secret

Raises:

UnauthorizedException – Unauthorized.
SecretNotFoundException – The secret was not found.
QarnotGenericException – API general error, see message for details

delete_secret(key: str) → None[source]

Deletes secret with key key.

Parameters:

key (str) – the key of the secret

Raises:

UnauthorizedException – Unauthorized.
SecretNotFoundException – The secret was not found.
QarnotGenericException – API general error, see message for details

list_secrets(prefix: str, recursive: bool = False) → List[str][source]

Lists all the secrets starting with prefix

When not using recursive mode, only keys and folders directly under prefix are returned. For example, listing with a prefix of “prefix” will return “prefix/a” but won’t return “prefix/a/b”. Folders can be identified by a trailing “/”, for example “prefix/nested/”. When in recursive mode, only the secrets are returned, not the folders.

Parameters:

prefix (str) – the prefix
recursive (bool) – lists secrets recursively or not (defaults to False)

Return type:

List[str]

Raises:

UnauthorizedException – Unauthorized.
QarnotGenericException – API general error, see message for details