def extract_crypto(opts, node_type, verbose=False): # Get chart type chart = NODE_MAPPER[node_type] node_namespace = get_namespace(opts, opts[node_type + 's']['msp']) for release in opts[node_type + 's']['names']: pod_ex = get_pod(node_namespace, release, chart) # Secrets crypto_info = [ CryptoInfo('idcert', 'signcerts', 'cert.pem', True), CryptoInfo('idkey', 'keystore', 'key.pem', True), CryptoInfo('cacert', 'cacerts', 'cacert.pem', True), CryptoInfo('caintcert', 'intermediatecerts', 'intermediatecacert.pem', False) ] for item in crypto_info: secret_name = 'hlf--{}-{}'.format(release, item.secret_type) try: secret_read(secret_name, node_namespace) if verbose: print('{} secret already exists'.format(secret_name)) except ApiException: command = "bash -c 'ls /var/hyperledger/msp/{}' | wc -l".format(item.subfolder) file_num = pod_ex.execute(command) if file_num.strip() != '1': if item.required: raise ValueError('We should only have 1 file in each of these folders') else: print('Wrong number of files in {} directory'.format(item.subfolder)) else: command = "bash -c 'cat /var/hyperledger/msp/{}/*'".format(item.subfolder) content = pod_ex.execute(command) secret_data = { item.key: content } secret_create(secret_data, secret_name, node_namespace, verbose=verbose)
def credentials_secret(secret_name, namespace, username, password=None, verbose=False): """Create a CA credentials secret. Args: secret_name (str): Name of secret. namespace (str): Namespace for secret to be located. username (str): Username for credentials secret. password (str): Password for credentials secret. verbose (bool): Verbosity. False by default. Returns: dict: Secret data including "CA_USERNAME" and "CA_PASSWORD" """ try: secret_data = secret_read(secret_name, namespace, verbose=verbose) # Check that the ID stored is the same as Orderer name assert username == secret_data["CA_USERNAME"] if password: assert password == secret_data["CA_PASSWORD"] except ApiException: # Get relevant variables if not password: password = rand_string(24) secret_data = {"CA_USERNAME": username, "CA_PASSWORD": password} secret_create(secret_data, secret_name, namespace) return secret_data
def test_secret_create_verbose(self, mock_api, mock_print): secret_create({'a_key': 'a_value'}, 'a_secret', 'a-namespace', verbose=True) mock_api.create_namespaced_secret.assert_called_once() mock_print.assert_called_once_with( 'Created secret a_secret in namespace a-namespace')
def test_secret_create_verbose(self, mock_api, mock_print): secret_create({"a_key": "a_value"}, "a_secret", "a-namespace", verbose=True) mock_api.create_namespaced_secret.assert_called_once() mock_print.assert_called_once_with( "Created Secret a_secret in namespace a-namespace")
def deploy_composer(opts, upgrade=False, verbose=False): """Deploy Hyperledger Composer on K8S. We use the hl-composer Helm chart as a basis to deploying Composer on K8S. Please note that Composer is unmaintained and may eventually be deprecated from this repository as we migrate to raw Fabric. Args: opts (dict): Nephos options dict. upgrade (bool): Do we upgrade the deployment? False by default. verbose (bool): Verbosity. False by default. """ peer_namespace = get_namespace(opts, opts["peers"]["msp"]) # Ensure BNA exists secret_data = input_files((None, ), clean_key=True) secret_create(secret_data, opts["composer"]["secret_bna"], peer_namespace) composer_connection(opts, verbose=verbose) # Start Composer version = get_version(opts, "hl-composer") config_yaml = ( f'{opts["core"]["dir_values"]}/hl-composer/{opts["composer"]["name"]}.yaml' ) if not upgrade: extra_vars = helm_extra_vars(version=version, config_yaml=config_yaml) helm_install( opts["core"]["chart_repo"], "hl-composer", opts["composer"]["name"], peer_namespace, extra_vars=extra_vars, ) else: preserve = (HelmPreserve( peer_namespace, f"{opts['composer']['name']}-hl-composer-rest", "COMPOSER_APIKEY", "rest.config.apiKey", ), ) extra_vars = helm_extra_vars(version=version, config_yaml=config_yaml, preserve=preserve) helm_upgrade( opts["core"]["chart_repo"], "hl-composer", opts["composer"]["name"], extra_vars=extra_vars, ) helm_check("hl-composer", opts["composer"]["name"], peer_namespace, pod_num=3)
def credentials_secret(secret_name, namespace, username, password=None, verbose=False): try: secret_data = secret_read(secret_name, namespace, verbose=verbose) # Check that the ID stored is the same as Orderer name assert username == secret_data['CA_USERNAME'] if password: assert password == secret_data['CA_PASSWORD'] except ApiException: # Get relevant variables if not password: password = rand_string(24) secret_data = {'CA_USERNAME': username, 'CA_PASSWORD': password} secret_create(secret_data, secret_name, namespace) return secret_data
def extract_credentials(opts, node_type, verbose=False): chart = NODE_MAPPER[node_type] node_namespace = get_namespace(opts, opts[node_type + 's']['msp']) # Loop over the nodes for release in opts[node_type + 's']['names']: secret_name = 'hlf--{}-cred'.format(release) try: secret_read(secret_name, node_namespace) if verbose: print('{} secret already exists'.format(secret_name)) except ApiException: # Obtain secret data from original chart secret original_data = secret_read('{}-{}'.format(release, chart), node_namespace) # Create secret with Orderer credentials secret_data = { 'CA_USERNAME': original_data['CA_USERNAME'], 'CA_PASSWORD': original_data['CA_PASSWORD'] } secret_create(secret_data, secret_name, node_namespace, verbose=verbose)
def upgrade_network(opts, verbose=False): """Upgrade Hyperledger Composer network. Args: opts (dict): Nephos options dict. verbose (bool): Verbosity. False by default. """ peer_namespace = get_namespace(opts, opts["peers"]["msp"]) secret_data = input_files((None, ), clean_key=True) secret_create(secret_data, opts["composer"]["secret_bna"], peer_namespace) # Set up the PeerAdmin card hlc_cli_ex = get_helm_pod(peer_namespace, "hlc", "hl-composer", verbose=verbose) bna, _ = hlc_cli_ex.execute("ls /hl_config/blockchain_network") bna_name, bna_rem = bna.split("_") bna_version, _ = bna_rem.split(".bna") peer_msp = opts["peers"]["msp"] bna_admin = opts["msps"][peer_msp]["org_admin"] res, _ = hlc_cli_ex.execute( f"composer network ping --card {bna_admin}@{bna_name}") curr_version = (res.split("Business network version: ")[1]).split()[0] logging.info(curr_version) if curr_version != bna_version: hlc_cli_ex.execute( ("composer network install --card PeerAdmin@hlfv1 " + f"--archiveFile /hl_config/blockchain_network/{bna}")) hlc_cli_ex.execute( ("composer network upgrade " + "--card PeerAdmin@hlfv1 " + f"--networkName {bna_name} --networkVersion {bna_version}")) res, _ = hlc_cli_ex.execute( f"composer network ping --card {bna_admin}@{bna_name}") curr_version = (res.split("Business network version: ")[1]).split()[0] logging.info(f"Upgraded to {curr_version}")
def test_secret_create(selfself, mock_api, mock_print): secret_create({"a_key": "a_value"}, "a_secret", "a-namespace") mock_api.create_namespaced_secret.assert_called_once() mock_print.assert_not_called()
def test_secret_create(self, mock_api, mock_log): secret_create({"a_key": "a_value"}, "a_secret", "a-namespace") mock_api.create_namespaced_secret.assert_called_once() mock_log.info.assert_called_once_with( "Created Secret a_secret in namespace a-namespace")
def test_secret_create(selfself, mock_api, mock_print): secret_create({'a_key': 'a_value'}, 'a_secret', 'a-namespace') mock_api.create_namespaced_secret.assert_called_once() mock_print.assert_not_called()