def create_pks_context_for_all_accounts_in_org(
request_context: ctx.RequestContext): # noqa: E501
"""Create PKS context for accounts in a given Org.
If user is Sysadmin
Creates PKS contexts for all PKS accounts defined in the entire
system.
else
Creates PKS contexts for all PKS accounts assigned to the org.
However if separate service accounts for each org hasn't been
configued by admin via pks.yaml, then PKS accounts of the PKS
server corresponding to the vCenters powering the individual
orgVDC of the org will be picked up for creating the PKS contexts.
:return: list of dict, where each dictionary is a PKS context
:rtype: list
"""
pks_cache = utils.get_pks_cache()
if pks_cache is None:
return []
if request_context.client.is_sysadmin():
all_pks_account_info = pks_cache.get_all_pks_account_info_in_system()
pks_ctx_list = [
ovdc_utils.construct_pks_context(pks_account_info,
credentials_required=True)
for pks_account_info in all_pks_account_info
] # noqa: E501
return pks_ctx_list
if pks_cache.do_orgs_have_exclusive_pks_account():
pks_account_infos = pks_cache.get_exclusive_pks_accounts_info_for_org(
request_context.user.org_name) # noqa: E501
pks_ctx_list = [
ovdc_utils.construct_pks_context(pks_account_info,
credentials_required=True)
for pks_account_info in pks_account_infos
] # noqa: E501
return pks_ctx_list
org_resource = request_context.client.get_org()
org = Org(request_context.client, resource=org_resource)
vdc_names = [vdc['name'] for vdc in org.list_vdcs()]
# Constructing dict instead of list to avoid duplicates
# TODO() figure out a way to add pks contexts to a set directly
pks_ctx_dict = {}
for vdc_name in vdc_names:
# this is a full blown pks_account_info + pvdc_info +
# compute_profile_name dictionary
k8s_metadata = ovdc_utils.get_ovdc_k8s_provider_metadata(
request_context.sysadmin_client,
ovdc_name=vdc_name,
org_name=request_context.user.org_name,
include_credentials=True)
if k8s_metadata[K8S_PROVIDER_KEY] == K8sProvider.PKS:
pks_ctx_dict[k8s_metadata['vc']] = k8s_metadata
return list(pks_ctx_dict.values())
def __init__(self, client):
"""Construct the cache for ovdc.
:param pyvcloud.vcd.client.Client client:the client that will be used
to make REST calls to vCD.
"""
self.client = client
self.pks_cache = get_pks_cache()
def __init__(self, tenant_auth_token, request_spec):
self.tenant_auth_token = tenant_auth_token
self.req_spec = request_spec
self.pks_cache = get_pks_cache()
self.vcdbroker_manager = VcdBrokerManager(tenant_auth_token,
request_spec)
self.pksbroker_manager = PksBrokerManager(tenant_auth_token,
request_spec)
self.is_ovdc_present_in_request = False
def __init__(self, pks_ctx, tenant_auth_token):
"""Initialize PKS broker.
:param dict pks_ctx: A dictionary with which should atleast have the
following keys in it ['username', 'secret', 'host', 'port',
'uaac_port'], 'proxy' and 'pks_compute_profile_name' are optional
keys. Currently all callers of this method is using ovdc cache
(subject to change) to initialize PKS broker.
"""
self.tenant_client = None
self.client_session = None
self.tenant_user_name = None
self.tenant_user_id = None
self.tenant_org_name = None
self.tenant_org_href = None
# populates above attributes
super().__init__(tenant_auth_token)
if not pks_ctx:
raise ValueError(
"PKS context is required to establish connection to PKS")
self.username = pks_ctx['username']
self.secret = pks_ctx['secret']
self.pks_host_uri = f"https://{pks_ctx['host']}:{pks_ctx['port']}"
self.uaac_uri = f"https://{pks_ctx['host']}:{pks_ctx['uaac_port']}"
self.proxy_uri = None
if pks_ctx.get('proxy'):
self.proxy_uri = f"http://{pks_ctx['proxy']}:80"
self.compute_profile = pks_ctx.get(PKS_COMPUTE_PROFILE_KEY, None)
self.nsxt_server = \
utils.get_pks_cache().get_nsxt_info(pks_ctx.get('vc'))
self.nsxt_client = None
if self.nsxt_server:
self.nsxt_client = NSXTClient(
host=self.nsxt_server.get('host'),
username=self.nsxt_server.get('username'),
password=self.nsxt_server.get('password'),
http_proxy=self.nsxt_server.get('proxy'),
https_proxy=self.nsxt_server.get('proxy'),
verify_ssl=self.nsxt_server.get('verify'),
log_requests=True,
log_headers=True,
log_body=True)
# TODO() Add support in pyvcloud to send metadata values with their
# types intact.
verify_ssl = pks_ctx.get('verify')
self.verify = True
if isinstance(verify_ssl, bool):
self.verify = verify_ssl
elif isinstance(verify_ssl, str):
self.verify = utils.str_to_bool(verify_ssl)
token = self._get_token()
self.client_v1 = self._get_pks_client(token, self.VERSION_V1)
self.client_v1beta = self._get_pks_client(token, self.VERSION_V1BETA)
def __init__(self, pks_ctx, op_ctx: ctx.OperationContext):
"""Initialize PKS broker.
:param dict pks_ctx: A dictionary with which should atleast have the
following keys in it ['username', 'secret', 'host', 'port',
'uaac_port'], 'proxy' and 'pks_compute_profile_name' are optional
keys. Currently all callers of this method is using ovdc cache
(subject to change) to initialize PKS broker.
"""
self.context: ctx.OperationContext = None
# populates above attributes
super().__init__(op_ctx)
if not pks_ctx:
raise ValueError(
"PKS context is required to establish connection to PKS")
self.username = pks_ctx['username']
self.secret = pks_ctx['secret']
self.pks_host_uri = f"https://{pks_ctx['host']}:{pks_ctx['port']}"
self.uaac_uri = f"https://{pks_ctx['host']}:{pks_ctx['uaac_port']}"
self.proxy_uri = None
if pks_ctx.get('proxy'):
self.proxy_uri = f"http://{pks_ctx['proxy']}:80"
self.compute_profile = pks_ctx.get(PKS_COMPUTE_PROFILE_KEY, None)
self.nsxt_server = \
utils.get_pks_cache().get_nsxt_info(pks_ctx.get('vc'))
self.nsxt_client = None
self.pks_wire_logger = NULL_LOGGER
nsxt_wire_logger = NULL_LOGGER
config = utils.get_server_runtime_config()
if utils.str_to_bool(config['service'].get('log_wire')):
nsxt_wire_logger = SERVER_NSXT_WIRE_LOGGER
self.pks_wire_logger = SERVER_PKS_WIRE_LOGGER
if self.nsxt_server:
self.nsxt_client = NSXTClient(
host=self.nsxt_server.get('host'),
username=self.nsxt_server.get('username'),
password=self.nsxt_server.get('password'),
logger_debug=SERVER_LOGGER,
logger_wire=nsxt_wire_logger,
http_proxy=self.nsxt_server.get('proxy'),
https_proxy=self.nsxt_server.get('proxy'),
verify_ssl=self.nsxt_server.get('verify'))
# TODO() Add support in pyvcloud to send metadata values with their
# types intact.
verify_ssl = pks_ctx.get('verify')
self.verify = True
if isinstance(verify_ssl, bool):
self.verify = verify_ssl
elif isinstance(verify_ssl, str):
self.verify = utils.str_to_bool(verify_ssl)
self.pks_client = self._get_pks_client(self._get_token())
def get_ovdc_k8s_provider_metadata(org_name=None,
ovdc_name=None,
ovdc_id=None,
include_credentials=False,
include_nsxt_info=False):
"""Get k8s provider metadata for an org VDC.
:param str org_name:
:param str ovdc_name:
:param str ovdc_id:
:param bool include_credentials:
:param bool include_nsxt_info:
:return: Dictionary with k8s provider metadata
:rtype: Dict
"""
client = None
try:
client = vcd_utils.get_sys_admin_client()
ovdc = vcd_utils.get_vdc(client=client,
vdc_name=ovdc_name,
vdc_id=ovdc_id,
org_name=org_name,
is_admin_operation=True)
all_metadata = pyvcd_utils.metadata_to_dict(ovdc.get_all_metadata())
k8s_provider = all_metadata.get(K8S_PROVIDER_KEY, K8sProvider.NONE)
result = {K8S_PROVIDER_KEY: k8s_provider}
if k8s_provider == K8sProvider.PKS:
result.update(
{k: all_metadata[k]
for k in PksCache.get_pks_keys()}) # noqa: E501
result[PKS_PLANS_KEY] = result[PKS_PLANS_KEY].split(',')
# Get the credentials from PksCache
if include_credentials or include_nsxt_info:
pks_cache = utils.get_pks_cache()
pvdc_info = \
pks_cache.get_pvdc_info(vcd_utils.get_pvdc_id(ovdc))
if include_credentials:
# noqa: E501 TODO in case only ovdc_id is provided, we need a way to get org_name
pks_info = \
pks_cache.get_pks_account_info(org_name, pvdc_info.vc)
result.update(pks_info.credentials._asdict())
if include_nsxt_info:
nsxt_info = pks_cache.get_nsxt_info(pvdc_info.vc)
result['nsxt'] = nsxt_info
return result
finally:
if client is not None:
client.logout()
def __init__(self, request_headers, request_query_params, request_spec):
self.req_headers = request_headers
self.req_qparams = request_query_params
self.req_spec = request_spec
self.pks_cache = get_pks_cache()
self.ovdc_cache = OvdcCache(get_vcd_sys_admin_client())
self.is_ovdc_present_in_request = False
config = get_server_runtime_config()
self.vcd_client, self.session = connect_vcd_user_via_token(
vcd_uri=config['vcd']['host'],
headers=self.req_headers,
verify_ssl_certs=config['vcd']['verify'])
def __init__(self, request_headers, request_spec, pks_ctx):
"""Initialize PKS broker.
:param dict pks_ctx: A dictionary with which should atleast have the
following keys in it ['username', 'secret', 'host', 'port',
'uaac_port'], 'proxy' and 'pks_compute_profile_name' are optional
keys. Currently all callers of this method is using ovdc cache
(subject to change) to initialize PKS broker.
"""
super().__init__(request_headers, request_spec)
if not pks_ctx:
raise ValueError(
"PKS context is required to establish connection to PKS")
self.req_headers = request_headers
self.req_spec = request_spec
self.username = pks_ctx['username']
self.secret = pks_ctx['secret']
self.pks_host_uri = \
f"https://{pks_ctx['host']}:{pks_ctx['port']}"
self.uaac_uri = \
f"https://{pks_ctx['host']}:{pks_ctx['uaac_port']}"
self.proxy_uri = f"http://{pks_ctx['proxy']}:80" \
if pks_ctx.get('proxy') else None
self.compute_profile = pks_ctx.get(PKS_COMPUTE_PROFILE_KEY, None)
self.nsxt_server = \
get_pks_cache().get_nsxt_info(pks_ctx.get('vc'))
if self.nsxt_server:
self.nsxt_client = NSXTClient(
host=self.nsxt_server.get('host'),
username=self.nsxt_server.get('username'),
password=self.nsxt_server.get('password'),
http_proxy=self.nsxt_server.get('proxy'),
https_proxy=self.nsxt_server.get('proxy'),
verify_ssl=self.nsxt_server.get('verify'),
log_requests=True,
log_headers=True,
log_body=True)
# TODO() Add support in pyvcloud to send metadata values with their
# types intact.
verify_ssl_value_in_ctx = pks_ctx.get('verify')
if isinstance(verify_ssl_value_in_ctx, bool):
self.verify = verify_ssl_value_in_ctx
elif isinstance(verify_ssl_value_in_ctx, str):
self.verify = \
False if verify_ssl_value_in_ctx.lower() == 'false' else True
else:
self.verify = True
token = self._get_token()
self.client_v1 = self._get_pks_client(token, self.VERSION_V1)
self.client_v1beta = self._get_pks_client(token, self.VERSION_V1BETA)
self.client_session = None
self.get_tenant_client_session()
def construct_ctr_prov_ctx_from_pks_cache(ovdc_id, org_name, pks_plans,
pks_cluster_domain,
container_provider):
client = None
try:
ctr_prov_context = {}
ctr_prov_context[K8S_PROVIDER_KEY] = container_provider
if container_provider == K8sProviders.PKS:
if not is_pks_enabled():
raise CseServerError('CSE is not configured to work with PKS.')
client = get_sys_admin_client()
ovdc = get_vdc(client=client, vdc_id=ovdc_id,
is_admin_operation=True)
pks_cache = get_pks_cache()
pvdc_id = get_pvdc_id(ovdc)
pvdc_info = pks_cache.get_pvdc_info(pvdc_id)
if not pvdc_info:
LOGGER.debug(f"pvdc '{pvdc_id}' is not backed "
f"by PKS-managed-vSphere resources")
raise CseServerError(f"VDC '{ovdc.get_resource().get('name')}'"
" is not eligible to provide resources"
" for PKS clusters.")
pks_account_info = pks_cache.get_pks_account_info(
org_name, pvdc_info.vc)
nsxt_info = pks_cache.get_nsxt_info(pvdc_info.vc)
pks_compute_profile_name = \
_construct_pks_compute_profile_name(ovdc_id)
ctr_prov_context = construct_pks_context(
pks_account_info=pks_account_info,
pvdc_info=pvdc_info,
nsxt_info=nsxt_info,
pks_compute_profile_name=pks_compute_profile_name,
pks_plans=pks_plans,
pks_cluster_domain=pks_cluster_domain,
credentials_required=True)
return ctr_prov_context
finally:
if client:
client.logout()
def construct_k8s_metadata_from_pks_cache(sysadmin_client: vcd_client.Client,
ovdc_id, org_name, pks_plans,
pks_cluster_domain, k8s_provider):
vcd_utils.raise_error_if_not_sysadmin(sysadmin_client)
ctr_prov_context = {
K8S_PROVIDER_KEY: k8s_provider,
}
if k8s_provider == K8sProvider.PKS:
if not utils.is_pks_enabled():
raise e.CseServerError('CSE is not configured to work with PKS.')
ovdc = vcd_utils.get_vdc(client=sysadmin_client,
vdc_id=ovdc_id,
is_admin_operation=True)
pks_cache = utils.get_pks_cache()
pvdc_id = vcd_utils.get_pvdc_id(sysadmin_client, ovdc)
pvdc_info = pks_cache.get_pvdc_info(pvdc_id)
if not pvdc_info:
LOGGER.debug(f"pvdc '{pvdc_id}' is not backed "
f"by PKS-managed-vSphere resources")
raise e.CseServerError(f"VDC '{ovdc.get_resource().get('name')}'"
" is not eligible to provide resources"
" for PKS clusters.")
pks_account_info = pks_cache.get_pks_account_info(
org_name, pvdc_info.vc)
nsxt_info = pks_cache.get_nsxt_info(pvdc_info.vc)
pks_compute_profile_name = _construct_pks_compute_profile_name(
sysadmin_client, ovdc_id)
ctr_prov_context = construct_pks_context(
pks_account_info=pks_account_info,
pvdc_info=pvdc_info,
nsxt_info=nsxt_info,
pks_compute_profile_name=pks_compute_profile_name,
pks_plans=pks_plans,
pks_cluster_domain=pks_cluster_domain,
credentials_required=True)
return ctr_prov_context
def get_ovdc_container_provider_metadata(self, ovdc_name=None,
ovdc_id=None, org_name=None,
credentials_required=False,
nsxt_info_required=False):
"""Get metadata of given ovdc, pertaining to the container provider.
:param str ovdc_name: name of the ovdc
:param str ovdc_id: UUID of ovdc
:param str org_name: specific org to use if @org is not given.
If None, uses currently logged-in org from @client.
:param bool credentials_required: Decides if output metadata
should include credentials or not.
:return: metadata of the ovdc
:rtype: dict
:raises EntityNotFoundException: if the ovdc could not be found.
"""
# Get pvdc and pks information from oVdc metadata
client = None
try:
client = get_sys_admin_client()
ovdc = get_vdc(client=client, vdc_name=ovdc_name,
vdc_id=ovdc_id, org_name=org_name,
is_admin_operation=True)
all_metadata = metadata_to_dict(ovdc.get_all_metadata())
if K8S_PROVIDER_KEY not in all_metadata:
container_provider = K8sProviders.NONE
else:
container_provider = all_metadata[K8S_PROVIDER_KEY]
ctr_prov_details = {}
if container_provider == K8sProviders.PKS:
# Filter out container provider metadata into a dict
ctr_prov_details = {
metadata_key:
all_metadata[metadata_key]
for metadata_key in PksCache.get_pks_keys()
}
# Get the credentials from PksCache
pvdc_id = get_pvdc_id(ovdc)
pks_cache = get_pks_cache()
pvdc_info = pks_cache.get_pvdc_info(pvdc_id)
ctr_prov_details[PKS_PLANS_KEY] = \
ctr_prov_details[PKS_PLANS_KEY].split(',')
if credentials_required:
pks_info = pks_cache.get_pks_account_info(
org_name, pvdc_info.vc)
ctr_prov_details.update(pks_info.credentials._asdict())
if nsxt_info_required:
nsxt_info = pks_cache.get_nsxt_info(pvdc_info.vc)
ctr_prov_details['nsxt'] = nsxt_info
ctr_prov_details[K8S_PROVIDER_KEY] = container_provider
return ctr_prov_details
finally:
if client:
client.logout()
def __init__(self, tenant_auth_token, request_spec):
self.tenant_auth_token = tenant_auth_token
self.req_spec = request_spec
self.pks_cache = get_pks_cache()
self.vcd_client, self.session = connect_vcd_user_via_token(
tenant_auth_token=tenant_auth_token)
