From 23f69287ea1a44658830606f0272c10af5b9b85e Mon Sep 17 00:00:00 2001 From: jessebot Date: Mon, 11 Nov 2024 13:22:19 +0100 Subject: [PATCH] clean up how we determin libretranslate api keys --- pyproject.toml | 2 +- smol_k8s_lab/__init__.py | 5 +- smol_k8s_lab/config/default_config.yaml | 1 + smol_k8s_lab/k8s_apps/__init__.py | 3 +- .../k8s_apps/social/libre_translate.py | 39 ++++++++++----- smol_k8s_lab/k8s_apps/social/mastodon.py | 49 ++++++++----------- 6 files changed, 57 insertions(+), 42 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 70f04212d..059c4891b 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "smol_k8s_lab" -version = "5.19.1" +version = "5.19.2" description = "CLI and TUI to quickly install slimmer Kubernetes distros and then manage apps declaratively using Argo CD" authors = ["Jesse Hitch ", "Max Roby "] diff --git a/smol_k8s_lab/__init__.py b/smol_k8s_lab/__init__.py index 599ee301b..35f51913d 100755 --- a/smol_k8s_lab/__init__.py +++ b/smol_k8s_lab/__init__.py @@ -306,7 +306,9 @@ def main(config: str = "", # set up self hosted translation libre_translate_dict = apps.pop('libre_translate', {}) if libre_translate_dict: - configure_libretranslate(argocd, libre_translate_dict, bw) + libretranslate_api_key = configure_libretranslate(argocd, + libre_translate_dict, + bw) # setup nextcloud, home assistant, mastodon, and matrix setup_federated_apps( @@ -319,6 +321,7 @@ def main(config: str = "", pvc_storage_class, zitadel_hostname, oidc_obj, + libretranslate_api_key, bw ) diff --git a/smol_k8s_lab/config/default_config.yaml b/smol_k8s_lab/config/default_config.yaml index 12941f7cd..f0091cd47 100644 --- a/smol_k8s_lab/config/default_config.yaml +++ b/smol_k8s_lab/config/default_config.yaml @@ -827,6 +827,7 @@ apps: - MASTODON_S3_BACKUP_ACCESS_ID - MASTODON_S3_BACKUP_SECRET_KEY - MASTODON_RESTIC_REPO_PASSWORD + - MASTODON_LIBRETRANSLATE_API_KEY enabled: false init: enabled: true diff --git a/smol_k8s_lab/k8s_apps/__init__.py b/smol_k8s_lab/k8s_apps/__init__.py index d0ba40fd1..b1a5591d3 100644 --- a/smol_k8s_lab/k8s_apps/__init__.py +++ b/smol_k8s_lab/k8s_apps/__init__.py @@ -230,6 +230,7 @@ def setup_federated_apps(argocd: ArgoCD, pvc_storage_class: str = "local-path", zitadel_hostname: str = "", zitadel_obj: Zitadel = None, + libretranslate_api_key: str = "", bw: BwCLI = None) -> None: """ Setup any federated apps with initialization supported @@ -243,7 +244,7 @@ def setup_federated_apps(argocd: ArgoCD, zitadel_obj, bw) if mastodon_dict.get('enabled', False): - configure_mastodon(argocd, mastodon_dict, pvc_storage_class, bw) + configure_mastodon(argocd, mastodon_dict, pvc_storage_class, libretranslate_api_key, bw) if matrix_dict.get('enabled', False): configure_matrix(argocd, matrix_dict, pvc_storage_class, zitadel_obj, bw) diff --git a/smol_k8s_lab/k8s_apps/social/libre_translate.py b/smol_k8s_lab/k8s_apps/social/libre_translate.py index 0b9aca1a3..2770203cb 100644 --- a/smol_k8s_lab/k8s_apps/social/libre_translate.py +++ b/smol_k8s_lab/k8s_apps/social/libre_translate.py @@ -10,7 +10,7 @@ def configure_libretranslate(argocd: ArgoCD, cfg: dict, - bitwarden: BwCLI = None) -> None: + bitwarden: BwCLI = None) -> str: """ creates a libretranslate app and initializes it with secrets if you'd like :) @@ -20,6 +20,8 @@ def configure_libretranslate(argocd: ArgoCD, optional: bitwarden - BwCLI() object with session token to create bitwarden items + + Returns api key for libretranslate for programatic access """ # check immediately if this app is installed app_installed = argocd.check_if_app_exists('libretranslate') @@ -49,6 +51,9 @@ def configure_libretranslate(argocd: ArgoCD, # we need namespace no matter the install type libre_translate_namespace = cfg['argo']['namespace'] + # api key for programatic access to libretranslate: set it to blank just in case + api_key = "" + # if the user has chosen to use smol-k8s-lab initialization if not app_installed and init_enabled: # immediately create namespace @@ -56,9 +61,9 @@ def configure_libretranslate(argocd: ArgoCD, # if bitwarden is enabled, we create login items for each set of credentials if bitwarden and not restore_enabled: - setup_bitwarden_items(argocd, - libretranslate_hostname, - bitwarden) + api_key = setup_bitwarden_items(argocd, + libretranslate_hostname, + bitwarden) # these are standard k8s secrets else: # libretranslate admin credentials and smtp credentials @@ -77,16 +82,21 @@ def configure_libretranslate(argocd: ArgoCD, # if bitwarden and init are enabled, make sure we populate appset secret # plugin secret with bitwarden item IDs if bitwarden and init_enabled: - refresh_bitwarden(argocd, libretranslate_hostname, bitwarden) + api_key = refresh_bitwarden(argocd, libretranslate_hostname, bitwarden) + + return api_key def setup_bitwarden_items(argocd: ArgoCD, libretranslate_hostname: str, - bitwarden: BwCLI) -> None: + bitwarden: BwCLI) -> str: """ - setup initial bitwarden items for home assistant + setup initial bitwarden items for libretranslate + + returns the api key used for libretranslate so you can use it in other apps """ sub_header("Creating libretranslate items in Bitwarden") + api_key = bitwarden.generate() # admin credentials for initial owner user origin = create_custom_field('origin', libretranslate_hostname) @@ -94,25 +104,32 @@ def setup_bitwarden_items(argocd: ArgoCD, name=f'libretranslate-credentials-{libretranslate_hostname}', item_url=libretranslate_hostname, user="n/a", - password=bitwarden.generate(), + password=api_key, fields=[origin] ) # update the libretranslate values for the argocd appset argocd.update_appset_secret({'libretranslate_credentials_bitwarden_id': api_id}) + return api_key + def refresh_bitwarden(argocd: ArgoCD, libretranslate_hostname: str, - bitwarden: BwCLI) -> None: + bitwarden: BwCLI) -> str: """ refresh bitwardens item in the appset secret plugin + + returns the api key used for libretranslate so you can use it in other apps """ log.debug("Making sure libretranslate Bitwarden item IDs are in appset " "secret plugin secret") - api_id = bitwarden.get_item( + api_item = bitwarden.get_item( f"libretranslate-credentials-{libretranslate_hostname}" - )[0]['id'] + )[0] + api_id = api_item['id'] argocd.update_appset_secret({'libretranslate_credentials_bitwarden_id': api_id}) + + return api_item['data']['login']['password'] diff --git a/smol_k8s_lab/k8s_apps/social/mastodon.py b/smol_k8s_lab/k8s_apps/social/mastodon.py index e54f39057..3f680c831 100644 --- a/smol_k8s_lab/k8s_apps/social/mastodon.py +++ b/smol_k8s_lab/k8s_apps/social/mastodon.py @@ -10,7 +10,6 @@ from smol_k8s_lab.utils.rich_cli.console_logging import sub_header, header from smol_k8s_lab.utils.run.subproc import subproc from smol_k8s_lab.utils.value_from import extract_secret, process_backup_vals -from smol_k8s_lab.utils.minio_lib import BetterMinio # external libraries import logging as log @@ -19,15 +18,16 @@ def configure_mastodon(argocd: ArgoCD, cfg: dict, pvc_storage_class: str, - bitwarden: BwCLI = None, - minio_obj: BetterMinio = {}) -> bool: + libretranslate_api_key: str = "", + bitwarden: BwCLI = None) -> bool: """ creates a mastodon app and initializes it with secrets if you'd like :) required: - argocd - ArgoCD() object for Argo CD operations - cfg - dict, with at least argocd key and init key - pvc_storage_class - str, storage class of PVC + argocd - ArgoCD() object for Argo CD operations + cfg - dict, with at least argocd key and init key + pvc_storage_class - str, storage class of PVC + libretranslate_api_key - str, api key to enable automatic translations optional: bitwarden - BwCLI() object with session token to create bitwarden items @@ -93,13 +93,7 @@ def configure_mastodon(argocd: ArgoCD, # get the api key for LibreTranslate, so we can translate posts libre_api_key = extract_secret(init_values.get('libretranslate_api_key')) if not libre_api_key: - # check if it's already in bitwarden - libre_api_key = bitwarden.get_item( - f"libretranslate-credentials-{mastodon_libretranslate_hostname}" - )[0]['login']['password'] - # else, just give it fake data - if not libre_api_key: - libre_api_key = "notapplicable" + libre_api_key = libretranslate_api_key s3_endpoint = secrets.get('s3_endpoint', "") log.debug(f"Mastodon s3_endpoint at the start is: {s3_endpoint}") @@ -162,6 +156,7 @@ def configure_mastodon(argocd: ArgoCD, pvc_storage_class, 'mastodon-postgres', mastodon_libretranslate_hostname, + libre_api_key, bitwarden) if not init_enabled: @@ -189,7 +184,7 @@ def configure_mastodon(argocd: ArgoCD, log.info("mastodon already installed 🎉") if bitwarden and init_enabled: - refresh_bweso(argocd, mastodon_hostname, mastodon_libretranslate_hostname, bitwarden) + refresh_bweso(argocd, mastodon_hostname, mastodon_libretranslate_hostname, libre_api_key, bitwarden) def create_user(user: str, email: str, pod_namespace: str) -> str: @@ -224,6 +219,7 @@ def create_user(user: str, email: str, pod_namespace: str) -> str: def refresh_bweso(argocd: ArgoCD, mastodon_hostname: str, mastodon_libretranslate_hostname: str, + libre_api_key: str, bitwarden: BwCLI) -> None: """ if mastodon already installed, but bitwarden and init are enabled, still @@ -272,20 +268,16 @@ def refresh_bweso(argocd: ArgoCD, f"mastodon-server-secrets-{mastodon_hostname}", False )[0]['id'] - libretranslate_api_key_id = bitwarden.get_item( - f"libretranslate-credentials-{mastodon_hostname}", False - )[0]['id'] + # do some checking here since this isn't required and so it may not be available + libretranslate_api_key_item = bitwarden.get_item( + f"mastodon-libretranslate-credentials-{mastodon_hostname}", False + )[0] + libretranslate_api_key_id = libretranslate_api_key_item.get('id', "") if not libretranslate_api_key_id: - # check if it's already in bitwarden - libre_api_key = bitwarden.get_item( - f"libretranslate-credentials-{mastodon_libretranslate_hostname}" - )[0]['login']['password'] - if not libre_api_key: - libre_api_key = "notapplicable" - - endpoint = create_custom_field('endpoint', mastodon_libretranslate_hostname) + endpoint = create_custom_field('endpoint', + mastodon_libretranslate_hostname) libretranslate_api_key_id = bitwarden.create_login( - name=f'libretranslate-credentials-{mastodon_hostname}', + name=f'mastodon-libretranslate-credentials-{mastodon_hostname}', item_url=mastodon_libretranslate_hostname, user="n/a", password=libre_api_key, @@ -472,7 +464,7 @@ def setup_bitwarden_items(argocd: ArgoCD, endpoint = create_custom_field('endpoint', mastodon_libretranslate_hostname) libretranslate_api_key_id = bitwarden.create_login( - name=f'libretranslate-credentials-{mastodon_hostname}', + name=f'mastodon-libretranslate-credentials-{mastodon_hostname}', item_url=mastodon_libretranslate_hostname, user="n/a", password=libre_api_key, @@ -515,6 +507,7 @@ def restore_mastodon(argocd: ArgoCD, global_pvc_storage_class: str, pgsql_cluster_name: str, mastodon_libretranslate_hostname: str, + libre_api_key: str, bitwarden: BwCLI) -> None: """ restore mastodon seaweedfs PVCs, mastodon files and/or config PVC(s), @@ -534,7 +527,7 @@ def restore_mastodon(argocd: ArgoCD, # first we grab existing bitwarden items if they exist if bitwarden: - refresh_bweso(argocd, mastodon_hostname, mastodon_libretranslate_hostname, bitwarden) + refresh_bweso(argocd, mastodon_hostname, mastodon_libretranslate_hostname, libre_api_key, bitwarden) # apply the external secrets so we can immediately use them for restores external_secrets_yaml = (