Skip to content

[patch] Add function to update pull secret #152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
unnati-solanki-git wants to merge 1 commit into from
Closed

[patch] Add function to update pull secret #152

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 62 additions & 0 deletions src/mas/devops/ocp.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -332,3 +332,65 @@ def execInPod(core_v1_api: client.CoreV1Api, pod_name: str, namespace, command:
logger.debug(f"stdout: \n----------------------------------------------------------------\n{stdout}\n----------------------------------------------------------------\n")

return stdout


def updateGlobalPullSecret(dynClient: DynamicClient, registryUrl: str, username: str, password: str) -> dict:
"""
Update the global pull secret in openshift-config namespace with new registry credentials.

Args:
dynClient: OpenShift Dynamic Client
registryUrl: Registry URL (e.g., "myregistry.com:5000")
username: Registry username
password: Registry password

Returns:
dict: Updated secret information
"""
import json
import base64

logger.info(f"Updating global pull secret with credentials for {registryUrl}")

# Get the existing pull secret
secretsAPI = dynClient.resources.get(api_version="v1", kind="Secret")
try:
pullSecret = secretsAPI.get(name="pull-secret", namespace="openshift-config")
except NotFoundError:
raise Exception("Global pull-secret not found in openshift-config namespace")

# Decode the existing dockerconfigjson
dockerConfigJson = pullSecret.data.get(".dockerconfigjson", "")
dockerConfig = json.loads(base64.b64decode(dockerConfigJson).decode('utf-8'))

# Create auth string (username:password base64 encoded)
authString = base64.b64encode(f"{username}:{password}".encode('utf-8')).decode('utf-8')

# Add or update the registry credentials
if "auths" not in dockerConfig:
dockerConfig["auths"] = {}

dockerConfig["auths"][registryUrl] = {
"username": username,
"password": password,
"email": username,
"auth": authString
}

# Encode back to base64
updatedDockerConfig = base64.b64encode(json.dumps(dockerConfig).encode('utf-8')).decode('utf-8')

# Update the secret
pullSecret.data[".dockerconfigjson"] = updatedDockerConfig

# Apply the updated secret
updatedSecret = secretsAPI.apply(body=pullSecret.to_dict(), namespace="openshift-config")

logger.info(f"Successfully updated global pull secret with credentials for {registryUrl}")

return {
"name": updatedSecret.metadata.name,
"namespace": updatedSecret.metadata.namespace,
"registry": registryUrl,
"changed": True
}