def test_get_unknown_policy_driver(self): config = {"name": "n", "policy": {"type": "madeup"}} cni_plugin = Mock(spec=CniPlugin) cni_plugin.network_config = config with assert_raises(SystemExit) as err: get_policy_driver(cni_plugin) e = err.exception assert_equal(e.code, ERR_CODE_GENERIC)
def test_missing_cert(self): config = {"name": "n", "policy": {"type": "k8s", "k8s_client_certificate":"surely this can't exist?"}} cni_plugin = Mock(spec=CniPlugin) cni_plugin.network_config = config cni_plugin.running_under_k8s = True cni_plugin.k8s_pod_name = "podname" cni_plugin.k8s_namespace = "namespace" with assert_raises(SystemExit) as err: get_policy_driver(cni_plugin) e = err.exception assert_equal(e.code, ERR_CODE_GENERIC)
def test_get_policy_driver_value_error(self, m_driver): # Mock m_driver.side_effect = ValueError cni_plugin = Mock(spec=CniPlugin) cni_plugin.network_config = {"name": "testnetwork"} cni_plugin.running_under_k8s = False # Call with assert_raises(SystemExit) as err: get_policy_driver(cni_plugin) e = err.exception assert_equal(e.code, ERR_CODE_GENERIC)
def test_get_policy_driver_value_error(self, m_driver): # Mock m_driver.side_effect = ValueError k8s_pod_name = None k8s_namespace = None config = {"name": "testnetwork"} # Call with assert_raises(SystemExit) as err: get_policy_driver(k8s_pod_name, k8s_namespace, config) e = err.exception assert_equal(e.code, ERR_CODE_GENERIC)
def test_get_policy_driver_k8s_annotations(self): k8s_pod_name = "podname" k8s_namespace = "namespace" config = {"name": "testnetwork"} config["policy"] = {"type": "k8s-annotations"} driver = get_policy_driver(k8s_pod_name, k8s_namespace, config) assert_true(isinstance(driver, KubernetesAnnotationDriver))
def test_get_policy_driver_deny_inbound(self): k8s_pod_name = "podname" k8s_namespace = "namespace" config = {"name": "testnetwork"} config["policy"] = {"type": "default-deny-inbound"} driver = get_policy_driver(k8s_pod_name, k8s_namespace, config) assert_true(isinstance(driver, DefaultDenyInboundDriver))
def test_missing_cert(self): config = { "name": "n", "policy": { "type": "k8s", "k8s_client_certificate": "surely this can't exist?" } } cni_plugin = Mock(spec=CniPlugin) cni_plugin.network_config = config cni_plugin.running_under_k8s = True cni_plugin.k8s_pod_name = "podname" cni_plugin.k8s_namespace = "namespace" with assert_raises(SystemExit) as err: get_policy_driver(cni_plugin) e = err.exception assert_equal(e.code, ERR_CODE_GENERIC)
def test_get_policy_driver_default_k8s(self): cni_plugin = Mock(spec=CniPlugin) cni_plugin.network_config = {"name": "testnetwork"} cni_plugin.k8s_pod_name = "podname" cni_plugin.k8s_namespace = "namespace" cni_plugin.running_under_k8s = True driver = get_policy_driver(cni_plugin) assert_true(isinstance(driver, KubernetesNoPolicyDriver))
def test_get_policy_driver_k8s(self): cni_plugin = Mock(spec=CniPlugin) cni_plugin.network_config = {"name": "testnetwork", "policy":{"type": "k8s"}} cni_plugin.k8s_pod_name = "podname" cni_plugin.k8s_namespace = "namespace" cni_plugin.running_under_k8s = True driver = get_policy_driver(cni_plugin) assert_true(isinstance(driver, KubernetesPolicyDriver))
def test_get_policy_driver_k8s_annotations(self): cni_plugin = Mock(spec=CniPlugin) cni_plugin.network_config = { "name": "testnetwork", "policy": { "type": "k8s-annotations" } } cni_plugin.k8s_pod_name = "podname" cni_plugin.k8s_namespace = "namespace" cni_plugin.running_under_k8s = True driver = get_policy_driver(cni_plugin) assert_true(isinstance(driver, KubernetesAnnotationDriver))
def __init__(self, network_config, env): self._client = DatastoreClient() """ DatastoreClient for access to the Calico datastore. """ # Parse CNI_ARGS into dictionary so we can extract values. cni_args = parse_cni_args(env.get(CNI_ARGS_ENV, "")) self.k8s_pod_name = cni_args.get(K8S_POD_NAME) """ Name of Kubernetes pod if running under Kubernetes, else None. """ self.k8s_namespace = cni_args.get(K8S_POD_NAMESPACE) """ Name of Kubernetes namespace if running under Kubernetes, else None. """ self.network_config = network_config """ Network config as provided in the CNI network file passed in via stdout. """ self.network_name = network_config["name"] """ Name of the network from the provided network config file. """ self.ipam_type = network_config["ipam"]["type"] """ Type of IPAM to use, e.g calico-ipam. """ self.hostname = network_config.get("hostname", socket.gethostname()) """ The hostname to register endpoints under. """ self.container_engine = get_container_engine(self.k8s_pod_name) """ Chooses the correct container engine based on the given configuration. """ self.ipam_env = env """ Environment dictionary used when calling the IPAM plugin. """ self.command = env[CNI_COMMAND_ENV] assert self.command in [CNI_CMD_DELETE, CNI_CMD_ADD], \ "Invalid CNI command %s" % self.command """ The command to execute for this plugin instance. Required. One of: - CNI_CMD_ADD - CNI_CMD_DELETE """ self.container_id = env[CNI_CONTAINERID_ENV] """ The container's ID in the containerizer. Required. """ self.cni_netns = env[CNI_NETNS_ENV] """ Relative path to the network namespace of this container. """ self.interface = env[CNI_IFNAME_ENV] """ Name of the interface to create within the container. """ self.cni_path = env[CNI_PATH_ENV] """ Path in which to search for CNI plugins. """ self.running_under_k8s = self.k8s_namespace and self.k8s_pod_name if self.running_under_k8s: self.workload_id = "%s.%s" % (self.k8s_namespace, self.k8s_pod_name) self.orchestrator_id = "k8s" else: self.workload_id = self.container_id self.orchestrator_id = "cni" kubernetes_config = network_config.get("kubernetes", {}) self.kubeconfig_path = kubernetes_config.get("kubeconfig") self.k8s_node_name = kubernetes_config.get("node_name", socket.gethostname()) """ Configure orchestrator specific settings. workload_id: In Kubernetes, this is the pod's namespace and name. Otherwise, this is the container ID. orchestrator_id: Either "k8s" or "cni". """ # Ensure that the ipam_env CNI_ARGS contains the IgnoreUnknown=1 option # See https://github.com/appc/cni/pull/158 # And https://github.com/appc/cni/pull/127 self.ipam_env[CNI_ARGS_ENV] = 'IgnoreUnknown=1' if env.get(CNI_ARGS_ENV): # Append any existing args - if they are set. self.ipam_env[CNI_ARGS_ENV] += ";%s" % env.get(CNI_ARGS_ENV) self.policy_driver = get_policy_driver(self) """
def test_get_policy_driver_default_k8s(self): k8s_pod_name = "podname" k8s_namespace = "namespace" config = {"name": "testnetwork"} driver = get_policy_driver(k8s_pod_name, k8s_namespace, config) assert_true(isinstance(driver, KubernetesDefaultPolicyDriver))
def __init__(self, network_config, env): self._client = DatastoreClient() """ DatastoreClient for access to the Calico datastore. """ # Parse CNI_ARGS into dictionary so we can extract values. cni_args = parse_cni_args(env.get(CNI_ARGS_ENV, "")) self.k8s_pod_name = cni_args.get(K8S_POD_NAME) """ Name of Kubernetes pod if running under Kubernetes, else None. """ self.k8s_namespace = cni_args.get(K8S_POD_NAMESPACE) """ Name of Kubernetes namespace if running under Kubernetes, else None. """ self.network_config = network_config """ Network config as provided in the CNI network file passed in via stdout. """ self.network_name = network_config["name"] """ Name of the network from the provided network config file. """ self.ipam_type = network_config["ipam"]["type"] """ Type of IPAM to use, e.g calico-ipam. """ self.policy_driver = get_policy_driver(self.k8s_pod_name, self.k8s_namespace, self.network_config) """ Chooses the correct policy driver based on the given configuration """ self.container_engine = get_container_engine(self.k8s_pod_name) """ Chooses the correct container engine based on the given configuration. """ self.ipam_env = env """ Environment dictionary used when calling the IPAM plugin. """ self.command = env[CNI_COMMAND_ENV] assert self.command in [CNI_CMD_DELETE, CNI_CMD_ADD], \ "Invalid CNI command %s" % self.command """ The command to execute for this plugin instance. Required. One of: - CNI_CMD_ADD - CNI_CMD_DELETE """ self.container_id = env[CNI_CONTAINERID_ENV] """ The container's ID in the containerizer. Required. """ self.cni_netns = env[CNI_NETNS_ENV] """ Relative path to the network namespace of this container. """ self.interface = env[CNI_IFNAME_ENV] """ Name of the interface to create within the container. """ self.cni_path = env[CNI_PATH_ENV] """