From dce7a87d26feffa11782822364d7be5e5fcfa6f7 Mon Sep 17 00:00:00 2001 From: Konstantinos Tsakalozos Date: Fri, 3 Nov 2017 23:24:57 +0200 Subject: [PATCH] Removing flush_auth_for_departed --- .../reactive/kubernetes_master.py | 29 ------------------- 1 file changed, 29 deletions(-) diff --git a/cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py b/cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py index 32946097e97..ed9343dff17 100644 --- a/cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py +++ b/cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py @@ -472,35 +472,6 @@ def create_service_configs(kube_control): remove_state('authentication.setup') -@when('kube-control.departed') -@when('leadership.is_leader') -def flush_auth_for_departed(kube_control): - ''' Unit has left the cluster and needs to have its authentication - tokens removed from the token registry ''' - token_auth_file = '/root/cdk/known_tokens.csv' - departing_units = kube_control.flush_departed() - if departing_units: - userids = [] - for departing_unit in departing_units: - userids.append("kubelet-{}".format(departing_unit.split('/')[1])) - known_tokens = open(token_auth_file, 'r').readlines() - for line in known_tokens[:]: - haystack = line.split(',') - # skip the entry if we dont have token,user,id,groups format - if len(haystack) < 4: - continue - if haystack[2] in userids: - hookenv.log('Found unit {} in token auth. Removing auth' - ' token.'.format(haystack[2])) - known_tokens.remove(line) - # atomically rewrite the file minus any scrubbed units - hookenv.log('Rewriting token auth file: {}'.format(token_auth_file)) - with open(token_auth_file, 'w') as fp: - fp.writelines(known_tokens) - # Trigger rebroadcast of auth files for followers - remove_state('authentication.setup') - - @when_not('kube-control.connected') def missing_kube_control(): """Inform the operator master is waiting for a relation to workers.