def create_pks_context_for_all_accounts_in_org(tenant_auth_token): """Create PKS context for accounts in a given Org. If user is Sysadmin Creates PKS contexts for all PKS accounts defined in the entire system. else Creates PKS contexts for all PKS accounts assigned to the org. However if separate service accounts for each org hasn't been configued by admin via pks.yaml, then PKS accounts of the PKS server corresponding to the vCenters powering the individual orgVDC of the org will be picked up for creating the PKS contexts. :return: list of dict, where each dictionary is a PKS context :rtype: list """ pks_cache = utils.get_pks_cache() if pks_cache is None: return [] client, _ = connect_vcd_user_via_token(tenant_auth_token=tenant_auth_token) if client.is_sysadmin(): all_pks_account_info = pks_cache.get_all_pks_account_info_in_system() pks_ctx_list = [ ovdc_utils.construct_pks_context(pks_account_info, credentials_required=True) for pks_account_info in all_pks_account_info # noqa: E501 ] return pks_ctx_list org_resource = client.get_org() org_name = org_resource.get('name') if pks_cache.do_orgs_have_exclusive_pks_account(): pks_account_infos = \ pks_cache.get_exclusive_pks_accounts_info_for_org(org_name) pks_ctx_list = [ ovdc_utils.construct_pks_context(pks_account_info, credentials_required=True) for pks_account_info in pks_account_infos # noqa: E501 ] return pks_ctx_list org = Org(client, resource=org_resource) vdc_names = [vdc['name'] for vdc in org.list_vdcs()] # Constructing dict instead of list to avoid duplicates # TODO() figure out a way to add pks contexts to a set directly pks_ctx_dict = {} for vdc_name in vdc_names: # this is a full blown pks_account_info + pvdc_info + # compute_profile_name dictionary k8s_metadata = \ ovdc_utils.get_ovdc_k8s_provider_metadata(ovdc_name=vdc_name, org_name=org_name, include_credentials=True) if k8s_metadata[K8S_PROVIDER_KEY] == K8sProvider.PKS: pks_ctx_dict[k8s_metadata['vc']] = k8s_metadata return list(pks_ctx_dict.values())
def ovdc_compute_policy_update(request_data, tenant_auth_token): """Request handler for ovdc compute-policy update operation. Required data: ovdc_id, compute_policy_action, compute_policy_names :return: Dictionary with task href. """ required = [ RequestKey.OVDC_ID, RequestKey.COMPUTE_POLICY_ACTION, RequestKey.COMPUTE_POLICY_NAME ] req_utils.validate_payload(request_data, required) defaults = { RequestKey.REMOVE_COMPUTE_POLICY_FROM_VMS: False, } validated_data = {**defaults, **request_data} req_utils.validate_payload(request_data, required) action = validated_data[RequestKey.COMPUTE_POLICY_ACTION] cp_name = validated_data[RequestKey.COMPUTE_POLICY_NAME] ovdc_id = validated_data[RequestKey.OVDC_ID] remove_compute_policy_from_vms = validated_data[ RequestKey.REMOVE_COMPUTE_POLICY_FROM_VMS] # noqa: E501 client, _ = vcd_utils.connect_vcd_user_via_token(tenant_auth_token) cpm = ComputePolicyManager(client) cp_href = None cp_id = None if cp_name == SYSTEM_DEFAULT_COMPUTE_POLICY_NAME: for _cp in cpm.list_compute_policies_on_vdc(ovdc_id): if _cp['name'] == cp_name: cp_href = _cp['href'] cp_id = _cp['id'] else: try: _cp = cpm.get_policy(cp_name) cp_href = _cp['href'] cp_id = _cp['id'] except EntityNotFoundException: pass if cp_href is None: raise BadRequestError(f"Compute policy '{cp_name}' not found.") if action == ComputePolicyAction.ADD: cpm.add_compute_policy_to_vdc(ovdc_id, cp_href) return f"Added compute policy '{cp_name}' ({cp_id}) to ovdc " \ f"({ovdc_id})" if action == ComputePolicyAction.REMOVE: return cpm.remove_compute_policy_from_vdc( ovdc_id, cp_href, remove_compute_policy_from_vms=remove_compute_policy_from_vms) raise BadRequestError("Unsupported compute policy action")
def ovdc_list(request_data, tenant_auth_token): """Request handler for ovdc list operation. :return: List of dictionaries with org VDC k8s provider metadata. """ client, _ = vcd_utils.connect_vcd_user_via_token(tenant_auth_token) list_pks_plans = utils.str_to_bool(request_data[RequestKey.LIST_PKS_PLANS]) return ovdc_utils.get_ovdc_list(client, list_pks_plans=list_pks_plans, tenant_auth_token=tenant_auth_token)
def info(self, tenant_auth_token): tenant_client, _ = connect_vcd_user_via_token( tenant_auth_token=tenant_auth_token) result = Service.version() if tenant_client.is_sysadmin(): result['consumer_threads'] = len(self.threads) result['all_threads'] = threading.activeCount() result['requests_in_progress'] = self.active_requests_count() result['config_file'] = self.config_file result['status'] = self.get_status() else: del result['python'] return result
def ovdc_compute_policy_list(request_data, tenant_auth_token): """Request handler for ovdc compute-policy list operation. Required data: ovdc_id :return: Dictionary with task href. """ required = [RequestKey.OVDC_ID] utils.ensure_keys_in_dict(required, request_data, dict_name='data') client, _ = vcd_utils.connect_vcd_user_via_token(tenant_auth_token) cpm = ComputePolicyManager(client) return cpm.list_compute_policies_on_vdc(request_data[RequestKey.OVDC_ID])
def update_status(self, tenant_auth_token, request_data): tenant_client, _ = connect_vcd_user_via_token( tenant_auth_token=tenant_auth_token) if not tenant_client.is_sysadmin(): raise CseRequestError(status_code=requests.codes.unauthorized, error_message='Unauthorized to update CSE') action = request_data.get(RequestKey.SERVER_ACTION) if self._state == ServerState.RUNNING: if action == ServerAction.ENABLE: raise CseRequestError( status_code=requests.codes.bad_request, error_message='CSE is already enabled and running.') elif action == ServerAction.DISABLE: self._state = ServerState.DISABLED message = 'CSE has been disabled.' elif action == ServerAction.STOP: raise CseRequestError( status_code=requests.codes.bad_request, error_message='Cannot stop CSE while it is enabled. ' 'Disable the service first') elif self._state == ServerState.DISABLED: if action == ServerAction.ENABLE: self._state = ServerState.RUNNING message = 'CSE has been enabled and is running.' elif action == ServerAction.DISABLE: raise CseRequestError(status_code=requests.codes.bad_request, error_message='CSE is already disabled.') elif action == 'stop': message = 'CSE graceful shutdown started.' n = self.active_requests_count() if n > 0: message += f" CSE will finish processing {n} requests." self._state = ServerState.STOPPING elif self._state == ServerState.STOPPING: if action == ServerAction.ENABLE: raise CseRequestError( status_code=requests.codes.bad_request, error_message='Cannot enable CSE while it is being' 'stopped.') elif action == ServerAction.DISABLE: raise CseRequestError( status_code=requests.codes.bad_request, error_message='Cannot disable CSE while it is being' ' stopped.') elif action == ServerAction.STOP: message = 'CSE graceful shutdown is in progress.' return message
def _connect_tenant(self): self.tenant_client, self.client_session = connect_vcd_user_via_token( tenant_auth_token=self.tenant_auth_token) self.tenant_info = { 'user_name': self.client_session.get('user'), 'user_id': self.client_session.get('userId'), 'org_name': self.client_session.get('org'), 'org_href': self.tenant_client._get_wk_endpoint( _WellKnownEndpoint.LOGGED_IN_ORG) }
def __init__(self, tenant_auth_token): self.tenant_client = None self.client_session = None self.tenant_user_name = None self.tenant_user_id = None self.tenant_org_name = None self.tenant_org_href = None self.tenant_client, self.client_session = \ vcd_utils.connect_vcd_user_via_token(tenant_auth_token=tenant_auth_token) # noqa: E501 self.tenant_user_name = self.client_session.get('user') self.tenant_user_id = self.client_session.get('userId') self.tenant_org_name = self.client_session.get('org') self.tenant_org_href = \ self.tenant_client._get_wk_endpoint(_WellKnownEndpoint.LOGGED_IN_ORG) # noqa: E501
def ovdc_list(request_data, tenant_auth_token): """Request handler for ovdc list operation. :return: List of dictionaries with org VDC k8s provider metadata. """ defaults = {RequestKey.LIST_PKS_PLANS: False} validated_data = {**defaults, **request_data} client, _ = vcd_utils.connect_vcd_user_via_token(tenant_auth_token) # TODO check if this is needed list_pks_plans = utils.str_to_bool( validated_data[RequestKey.LIST_PKS_PLANS]) # noqa: E501 return ovdc_utils.get_ovdc_list(client, list_pks_plans=list_pks_plans, tenant_auth_token=tenant_auth_token)
def _list_ovdcs(self, list_pks_plans): """Get list of ovdcs. If client is sysadmin, Gets all ovdcs of all organizations. Else Gets all ovdcs of the organization in context. """ client, _ = connect_vcd_user_via_token(self.tenant_auth_token) if client.is_sysadmin(): org_resource_list = client.get_org_list() else: org_resource_list = list(client.get_org()) ovdc_list = [] vc_to_pks_plans_map = {} if is_pks_enabled() and list_pks_plans: if client.is_sysadmin(): vc_to_pks_plans_map = self._construct_vc_to_pks_map() else: raise UnauthorizedActionError( 'Operation Denied. Plans available only for ' 'System Administrator.') for org_resource in org_resource_list: org = Org(client, resource=org_resource) vdc_list = org.list_vdcs() for vdc_sparse in vdc_list: ctr_prov_ctx = \ OvdcManager().get_ovdc_container_provider_metadata( ovdc_name=vdc_sparse['name'], org_name=org.get_name(), credentials_required=False) vdc_dict = { 'name': vdc_sparse['name'], 'org': org.get_name(), K8S_PROVIDER_KEY: ctr_prov_ctx[K8S_PROVIDER_KEY] } if is_pks_enabled() and list_pks_plans: pks_plans, pks_server = self.\ _get_pks_plans_and_server_for_vdc(client, vdc_sparse, org_resource, vc_to_pks_plans_map) vdc_dict['pks_api_server'] = pks_server vdc_dict['available pks plans'] = pks_plans ovdc_list.append(vdc_dict) return ovdc_list
def ovdc_compute_policy_list(request_data, tenant_auth_token, is_jwt_token): """Request handler for ovdc compute-policy list operation. Required data: ovdc_id :return: Dictionary with task href. """ required = [ RequestKey.OVDC_ID ] req_utils.validate_payload(request_data, required) client = vcd_utils.connect_vcd_user_via_token( tenant_auth_token, is_jwt_token) cpm = ComputePolicyManager(client) return cpm.list_compute_policies_on_vdc(request_data[RequestKey.OVDC_ID])
def ovdc_compute_policy_update(request_data, tenant_auth_token): """Request handler for ovdc compute-policy update operation. Required data: ovdc_id, compute_policy_action, compute_policy_names :return: Dictionary with task href. """ required = [ RequestKey.OVDC_ID, RequestKey.COMPUTE_POLICY_ACTION, RequestKey.COMPUTE_POLICY_NAME ] utils.ensure_keys_in_dict(required, request_data, dict_name='data') client, _ = vcd_utils.connect_vcd_user_via_token(tenant_auth_token) action = request_data[RequestKey.COMPUTE_POLICY_ACTION] cp_name = request_data[RequestKey.COMPUTE_POLICY_NAME] ovdc_id = request_data[RequestKey.OVDC_ID] cpm = ComputePolicyManager(client) cp = cpm.get_policy(cp_name) if cp is None: raise ValueError(f"Compute policy '{cp_name}' does not exist") cp_href = cp['href'] if action == ComputePolicyAction.ADD: cpm.add_compute_policy_to_vdc(cp_href, vdc_id=ovdc_id) return f"Added compute policy '{cp_name}' to ovdc '{ovdc_id}'" if action == ComputePolicyAction.REMOVE: try: cpm.remove_compute_policy_from_vdc(cp_href, vdc_id=ovdc_id) except EntityNotFoundException: raise EntityNotFoundException(f"Compute policy '{cp_name}' not " f"found in ovdc '{ovdc_id}'") except Exception: # This ensures that BadRequestException message is printed # to console. (error when ovdc currently has VMs/vApp # templates with the compute policy reference, so compute policy # cannot be removed) raise Exception(f"Could not remove compute policy '{cp_name}' " f"from ovdc '{ovdc_id}' (check that no vApp" f" templates or VMs currently contain a reference" f" to the compute policy).") return f"Removed compute policy '{cp_name}' from ovdc '{ovdc_id}'" raise ValueError("Unsupported compute policy action")
def ovdc_list(request_data, tenant_auth_token, is_jwt_token): """Request handler for ovdc list operation. :return: List of dictionaries with org VDC k8s provider metadata. """ defaults = { RequestKey.LIST_PKS_PLANS: False } validated_data = {**defaults, **request_data} client = vcd_utils.connect_vcd_user_via_token( tenant_auth_token, is_jwt_token) # TODO check if this is needed list_pks_plans = utils.str_to_bool(validated_data[RequestKey.LIST_PKS_PLANS]) # noqa: E501 # Record telemetry data cse_params = copy.deepcopy(validated_data) cse_params[RequestKey.LIST_PKS_PLANS] = list_pks_plans record_user_action_details(cse_operation=CseOperation.OVDC_LIST, cse_params=cse_params) # noqa: E501 return ovdc_utils.get_ovdc_list(client, list_pks_plans=list_pks_plans, tenant_auth_token=tenant_auth_token, is_jwt_token=is_jwt_token)
def client(self): if self._client is None: self._client = vcd_utils.connect_vcd_user_via_token( tenant_auth_token=self._auth_token, is_jwt_token=self._is_jwt) return self._client
def __init__(self, tenant_auth_token, request_spec): self.tenant_auth_token = tenant_auth_token self.req_spec = request_spec self.pks_cache = get_pks_cache() self.vcd_client, self.session = connect_vcd_user_via_token( tenant_auth_token=tenant_auth_token)
def ovdc_compute_policy_update(request_data, tenant_auth_token): """Request handler for ovdc compute-policy update operation. Required data: ovdc_id, compute_policy_action, compute_policy_names :return: Dictionary with task href. """ required = [ RequestKey.OVDC_ID, RequestKey.COMPUTE_POLICY_ACTION, RequestKey.COMPUTE_POLICY_NAME ] utils.ensure_keys_in_dict(required, request_data, dict_name='data') defaults = { RequestKey.REMOVE_COMPUTE_POLICY_FROM_VMS: False, } validated_data = {**defaults, **request_data} utils.ensure_keys_in_dict(required, validated_data, dict_name='data') action = validated_data[RequestKey.COMPUTE_POLICY_ACTION] cp_name = validated_data[RequestKey.COMPUTE_POLICY_NAME] ovdc_id = validated_data[RequestKey.OVDC_ID] remove_compute_policy_from_vms = validated_data[ RequestKey.REMOVE_COMPUTE_POLICY_FROM_VMS] # noqa: E501 client, _ = vcd_utils.connect_vcd_user_via_token(tenant_auth_token) cpm = ComputePolicyManager(client) cp_href = None cp_id = None for _cp in cpm.list_compute_policies_on_vdc(ovdc_id): if _cp['name'] == cp_name: cp_href = _cp['href'] cp_id = _cp['id'] if cp_href is None: raise ValueError(f"Compute policy '{cp_name}' not found.") if action == ComputePolicyAction.ADD: cpm.add_compute_policy_to_vdc(ovdc_id, cp_href) return f"Added compute policy '{cp_name}' ({cp_id}) to ovdc " \ f"({ovdc_id})" if action == ComputePolicyAction.REMOVE: try: cpm.remove_compute_policy_from_vdc( ovdc_id, cp_href, remove_compute_policy_from_vms=remove_compute_policy_from_vms) except EntityNotFoundException: raise EntityNotFoundException( f"Compute policy '{cp_name}' not found in ovdc ({ovdc_id})") except Exception: # This ensures that BadRequestException message is printed # to console. (error when ovdc currently has VMs/vApp # templates with the compute policy reference, so compute policy # cannot be removed) msg = f"Could not remove compute policy '{cp_name}' " \ f"({cp_id}) from ovdc ({ovdc_id})" LOGGER.error(msg, exc_info=True) raise Exception( f"{msg} (check that no vApp templates or VMs currently " f"contain a reference to the compute policy)") return f"Removed compute policy '{cp_name}' ({cp_id}) " \ f"from ovdc ({ovdc_id})" raise ValueError("Unsupported compute policy action")