in app/app.py [0:0]
def update_identity_mappings(event, action):
"""
Uses the `action` parameter to run an `kubectl apply` or
`kubectl delete` command.
:param event: the CFN event
:param action: `apply` to create/update the config map, or `delete` to delete it
"""
template_file = "templates/aws-auth.yaml.jinja"
template = templateEnv.get_template(template_file)
aws_auth = template.render(roleMappings=event["ResourceProperties"]["RoleMappings"])
command_base = 'cat <<EOF | kubectl -n kube-system apply -f -\n{0}\nEOF'
commands = {
"apply": command_base.format(aws_auth),
"delete": "kubectl -n kube-system delete configmap aws-auth"
}
logger.info('Updating identity mappings...')
logger.info("rendered template: %s", aws_auth)
output = subprocess.run(
args=commands[action],
encoding='utf-8',
capture_output=True,
shell=True,
check=False
)
if output.returncode != 0:
if action == 'delete' and "\"aws-auth\" not found" in output.stderr:
logger.error('aws-auth config map not found during delete operation. Ignoring error...')
logger.error('output: %s', output.stdout)
return
else:
raise RuntimeError(f'Failed to update identity mappings: {output.stderr}.')
logger.info('Successfully updated identity mappings.')
command_output = get_stdout(output)
logger.info('output: %s', command_output)
return