def install_package(package, version, options):
"""Install a Universe package on DC/OS."""
display.vvv("DC/OS: installing package {} version {}".format(
package, version))
# create a temporary file for the options json file
with tempfile.NamedTemporaryFile('w+') as f:
json.dump(options, f)
# force write the file to disk to make sure subcommand can read it
f.flush()
os.fsync(f)
display.vvv(subprocess.check_output(
['cat', f.name]).decode())
cmd = [
'dcos',
'package',
'install',
package,
'--yes',
'--package-version',
version,
'--options',
f.name
]
run_command(cmd, 'install package', stop_on_error=True)
def secret_delete(path, store):
"""Delete a secret"""
display.vvv("DC/OS: delete secret {}".format(path))
cmd = ['dcos', 'security', 'secrets', 'delete', '--store-id', store, path]
run_command(cmd, 'delete secret', stop_on_error=True)
def user_create(uid, password, description):
"""Create a user"""
display.vvv("DC/OS: IAM create user {}".format(uid))
cmd = [
'dcos', 'security', 'org', 'users', 'create', uid, '--description',
description, '--password', password
]
run_command(cmd, 'create user', stop_on_error=True)
def user_update(uid, groups):
"""Update user groups"""
display.vvv("DC/OS: IAM update user {}".format(uid))
for g in groups:
display.vvv("Assigning user {} to group {}".format(uid, g))
cmd = ['dcos', 'security', 'org', 'groups', 'add_user', g, uid]
run_command(cmd, 'update user', stop_on_error=False)
def service_account_update(sid, groups):
"""Update service_account groups"""
display.vvv("DC/OS: IAM update service_account {}".format(sid))
for g in groups:
display.vvv("Assigning service_account {} to group {}".format(sid, g))
cmd = ['dcos', 'security', 'org', 'groups', 'add_user', g, sid]
run_command(cmd, 'update service_account', stop_on_error=False)
def secret_update(path, value, store):
"""Update a secret"""
display.vvv("DC/OS: update secret {} with {}".format(path, value))
cmd = [
'dcos', 'security', 'secrets', 'update', '--store-id', store,
'--value', value, path
]
run_command(cmd, 'update secret', stop_on_error=True)
def quota_delete(gid):
"""Delete a quota"""
display.vvv("DC/OS: delete quota {}".format(gid))
cmd = [
'dcos',
'quota',
'delete',
gid,
]
run_command(cmd, 'delete quota', stop_on_error=True)
def app_remove(app_id):
display.vvv("DC/OS: remove app {}".format(app_id))
cmd = [
'dcos',
'marathon',
'app',
'remove',
'/' + app_id,
]
run_command(cmd, 'remove app', stop_on_error=True)
def pool_delete(pool_id, instance_name):
"""Delete a pool"""
display.vvv("DC/OS: Edge-LB delete pool {}".format(pool_id))
cmd = [
'dcos',
'edgelb',
'delete',
'--name=' + instance_name,
pool_id,
]
run_command(cmd, 'delete pool', stop_on_error=True)
def group_remove(group_id):
"""Remove an group via Marathon"""
display.vvv("DC/OS: Marathon remove group {}".format(group_id))
cmd = [
'dcos',
'marathon',
'group',
'remove',
'/' + group_id,
]
run_command(cmd, 'remove group', stop_on_error=True)
def repo_remove(name):
"""Delete a repo"""
display.vvv("DC/OS: remove repo {}".format(name))
cmd = [
'dcos',
'package',
'repo',
'remove',
name,
]
run_command(cmd, 'remove repo', stop_on_error=True)
def pod_remove(pod_id):
"""Remove an pod via Marathon"""
display.vvv("DC/OS: Marathon remove pod {}".format(pod_id))
cmd = [
'dcos',
'marathon',
'pod',
'remove',
'/' + pod_id,
]
run_command(cmd, 'remove pod', stop_on_error=True)
def group_update(gid, permissions):
"""Update group permissions"""
display.vvv("DC/OS: IAM update group {}".format(gid))
for p in permissions:
display.vvv("Granting {} permission on {} to group {}".format(
p['rid'], p['action'], gid))
cmd = [
'dcos', 'security', 'org', 'groups', 'grant', gid, p['rid'],
p['action']
]
run_command(cmd, 'update group', stop_on_error=False)
def user_delete(uid):
"""Delete a user"""
display.vvv("DC/OS: IAM delete user {}".format(uid))
cmd = [
'dcos',
'security',
'org',
'users',
'delete',
uid,
]
run_command(cmd, 'delete user', stop_on_error=True)
def service_account_delete(sid):
"""Delete a service_account"""
display.vvv("DC/OS: IAM delete service_account {}".format(sid))
cmd = [
'dcos',
'security',
'org',
'service-accounts',
'delete',
sid,
]
run_command(cmd, 'delete service_account', stop_on_error=True)
def group_delete(gid):
"""Delete a group"""
display.vvv("DC/OS: IAM delete group {}".format(gid))
cmd = [
'dcos',
'security',
'org',
'groups',
'delete',
gid,
]
run_command(cmd, 'delete group', stop_on_error=True)
def uninstall_package(package, app_id):
display.vvv("DC/OS: uninstalling package {}".format(package))
cmd = [
'dcos',
'package',
'uninstall',
package,
'--yes',
'--app',
'--app-id',
'/' + app_id,
]
run_command(cmd, 'uninstall package', stop_on_error=True)
def group_create(gid, description):
"""Create a group"""
display.vvv("DC/OS: IAM create group {}".format(gid))
cmd = [
'dcos',
'security',
'org',
'groups',
'create',
'--description',
'\'' + description + '\'',
gid,
]
run_command(cmd, 'create group', stop_on_error=True)
def app_create(app_id, options):
"""Deploy an app via Marathon"""
display.vvv("DC/OS: Marathon create app {}".format(app_id))
# create a temporary file for the options json file
with tempfile.NamedTemporaryFile('w+') as f:
json.dump(options, f)
# force write the file to disk to make sure subcommand can read it
f.flush()
os.fsync(f)
display.vvv(subprocess.check_output(['cat', f.name]).decode())
cmd = ['dcos', 'marathon', 'app', 'add', f.name]
run_command(cmd, 'add app', stop_on_error=True)
def pool_update(pool_id, instance_name, options):
"""Update an pool"""
display.vvv("DC/OS: Edgelb update pool {}".format(pool_id))
# create a temporary file for the options json file
with tempfile.NamedTemporaryFile('w+') as f:
json.dump(options, f)
# force write the file to disk to make sure subcommand can read it
f.flush()
os.fsync(f)
display.vvv(subprocess.check_output(['cat', f.name]).decode())
cmd = ['dcos', 'edgelb', 'update', '--name=' + instance_name, f.name]
run_command(cmd, 'update pool', stop_on_error=True)
def secret_update_from_file(path, file, store):
"""Update a secret from file"""
display.vvv("DC/OS: update secret from file {} at path {}".format(file,path))
cmd = [
'dcos',
'security',
'secrets',
'update',
'--store-id',
store,
'-f',
file,
path
]
run_command(cmd, 'update secret', stop_on_error=True)
def repo_add(name, url, index):
"""Create a repo"""
display.vvv("DC/OS: create repo {}".format(name))
quotes = '\"'
cmd = [
'dcos',
'package',
'repo',
'add',
'--index',
str(index),
name,
url,
]
run_command(cmd, 'add repo', stop_on_error=True)
def update_package(package, app_id, version, options):
"""Update a Universe package on DC/OS."""
display.vvv("DC/OS: updating package {} version {}".format(
package, version))
# create a temporary file for the options json file
with tempfile.NamedTemporaryFile('w+') as f:
json.dump(options, f)
# force write the file to disk to make sure subcommand can read it
f.flush()
os.fsync(f)
display.vvv(subprocess.check_output(
['cat', f.name]).decode())
r = subprocess.check_output([
'dcos',
'package',
'describe',
package,
'--options',
f.name,
'--package-version',
version,
'--render',
'--app',
], env=_dcos_path())
app_update(app_id, json.loads(r))
# workaround: install cli to refresh dcos package list
cmd = [
'dcos',
'package',
'install',
package,
'--package-version',
version,
'--yes',
'--cli'
]
run_command(cmd, 'install cli', stop_on_error=True)
def quota_update(gid, cpu, mem, disk, gpu):
"""Update quota permissions"""
display.vvv("DC/OS: update quota {}".format(gid))
cmd = [
'dcos',
'quota',
'update',
gid,
]
if cpu is not None:
cmd.extend(['--cpu', str(cpu)])
if mem is not None:
cmd.extend(['--mem', str(mem)])
if disk is not None:
cmd.extend(['--disk', str(disk)])
if gpu is not None:
cmd.extend(['--gpu', str(gpu)])
run_command(cmd, 'update quota', stop_on_error=True)
def service_account_create(sid, secret_path, store, description):
"""Create a service_account"""
display.vvv("DC/OS: IAM create service_account {}".format(sid))
if get_secret_value(secret_path, store) is not None:
secret_delete(secret_path, store)
with tempfile.NamedTemporaryFile('w+') as f_private:
with tempfile.NamedTemporaryFile('w+') as f_public:
cmd = [
'dcos', 'security', 'org', 'service-accounts', 'keypair',
f_private.name, f_public.name
]
run_command(cmd, 'create kepypairs', stop_on_error=True)
display.vvv(
subprocess.check_output(['cat', f_private.name]).decode())
display.vvv(
subprocess.check_output(['cat', f_public.name]).decode())
cmd = [
'dcos', 'security', 'org', 'service-accounts', 'create', sid,
'--public-key', f_public.name, '--description', description
]
run_command(cmd, 'create service account', stop_on_error=True)
cmd = [
'dcos', 'security', 'secrets', 'create-sa-secret',
'--store-id', store, '--strict', f_private.name, sid,
secret_path
]
run_command(cmd, 'create service secret', stop_on_error=True)
def ensure_auth(**connect_args):
valid = False
r = run_command(['dcos', 'config', 'show', 'core.dcos_acs_token'])
if r.returncode == 0:
parts = r.stdout.read().decode().split('.')
info = json.loads(base64.b64decode(parts[1]))
exp = int(info['exp'])
limit = int(time.time()) + 5 * 60
if exp > limit:
valid = True
if not valid:
refresh_auth(**connect_args)
def refresh_auth(**kwargs):
"""Run the authentication command using the DC/OS CLI."""
cli_args = parse_connect_options(False, **kwargs)
return run_command(['dcos', 'auth', 'login'] + cli_args,
'refresh auth token', True)
