def create_pks_context_for_all_accounts_in_org( request_context: ctx.RequestContext): # noqa: E501 """Create PKS context for accounts in a given Org. If user is Sysadmin Creates PKS contexts for all PKS accounts defined in the entire system. else Creates PKS contexts for all PKS accounts assigned to the org. However if separate service accounts for each org hasn't been configued by admin via pks.yaml, then PKS accounts of the PKS server corresponding to the vCenters powering the individual orgVDC of the org will be picked up for creating the PKS contexts. :return: list of dict, where each dictionary is a PKS context :rtype: list """ pks_cache = utils.get_pks_cache() if pks_cache is None: return [] if request_context.client.is_sysadmin(): all_pks_account_info = pks_cache.get_all_pks_account_info_in_system() pks_ctx_list = [ ovdc_utils.construct_pks_context(pks_account_info, credentials_required=True) for pks_account_info in all_pks_account_info ] # noqa: E501 return pks_ctx_list if pks_cache.do_orgs_have_exclusive_pks_account(): pks_account_infos = pks_cache.get_exclusive_pks_accounts_info_for_org( request_context.user.org_name) # noqa: E501 pks_ctx_list = [ ovdc_utils.construct_pks_context(pks_account_info, credentials_required=True) for pks_account_info in pks_account_infos ] # noqa: E501 return pks_ctx_list org_resource = request_context.client.get_org() org = Org(request_context.client, resource=org_resource) vdc_names = [vdc['name'] for vdc in org.list_vdcs()] # Constructing dict instead of list to avoid duplicates # TODO() figure out a way to add pks contexts to a set directly pks_ctx_dict = {} for vdc_name in vdc_names: # this is a full blown pks_account_info + pvdc_info + # compute_profile_name dictionary k8s_metadata = ovdc_utils.get_ovdc_k8s_provider_metadata( request_context.sysadmin_client, ovdc_name=vdc_name, org_name=request_context.user.org_name, include_credentials=True) if k8s_metadata[K8S_PROVIDER_KEY] == K8sProvider.PKS: pks_ctx_dict[k8s_metadata['vc']] = k8s_metadata return list(pks_ctx_dict.values())
def __init__(self, client): """Construct the cache for ovdc. :param pyvcloud.vcd.client.Client client:the client that will be used to make REST calls to vCD. """ self.client = client self.pks_cache = get_pks_cache()
def __init__(self, tenant_auth_token, request_spec): self.tenant_auth_token = tenant_auth_token self.req_spec = request_spec self.pks_cache = get_pks_cache() self.vcdbroker_manager = VcdBrokerManager(tenant_auth_token, request_spec) self.pksbroker_manager = PksBrokerManager(tenant_auth_token, request_spec) self.is_ovdc_present_in_request = False
def __init__(self, pks_ctx, tenant_auth_token): """Initialize PKS broker. :param dict pks_ctx: A dictionary with which should atleast have the following keys in it ['username', 'secret', 'host', 'port', 'uaac_port'], 'proxy' and 'pks_compute_profile_name' are optional keys. Currently all callers of this method is using ovdc cache (subject to change) to initialize PKS broker. """ self.tenant_client = None self.client_session = None self.tenant_user_name = None self.tenant_user_id = None self.tenant_org_name = None self.tenant_org_href = None # populates above attributes super().__init__(tenant_auth_token) if not pks_ctx: raise ValueError( "PKS context is required to establish connection to PKS") self.username = pks_ctx['username'] self.secret = pks_ctx['secret'] self.pks_host_uri = f"https://{pks_ctx['host']}:{pks_ctx['port']}" self.uaac_uri = f"https://{pks_ctx['host']}:{pks_ctx['uaac_port']}" self.proxy_uri = None if pks_ctx.get('proxy'): self.proxy_uri = f"http://{pks_ctx['proxy']}:80" self.compute_profile = pks_ctx.get(PKS_COMPUTE_PROFILE_KEY, None) self.nsxt_server = \ utils.get_pks_cache().get_nsxt_info(pks_ctx.get('vc')) self.nsxt_client = None if self.nsxt_server: self.nsxt_client = NSXTClient( host=self.nsxt_server.get('host'), username=self.nsxt_server.get('username'), password=self.nsxt_server.get('password'), http_proxy=self.nsxt_server.get('proxy'), https_proxy=self.nsxt_server.get('proxy'), verify_ssl=self.nsxt_server.get('verify'), log_requests=True, log_headers=True, log_body=True) # TODO() Add support in pyvcloud to send metadata values with their # types intact. verify_ssl = pks_ctx.get('verify') self.verify = True if isinstance(verify_ssl, bool): self.verify = verify_ssl elif isinstance(verify_ssl, str): self.verify = utils.str_to_bool(verify_ssl) token = self._get_token() self.client_v1 = self._get_pks_client(token, self.VERSION_V1) self.client_v1beta = self._get_pks_client(token, self.VERSION_V1BETA)
def __init__(self, pks_ctx, op_ctx: ctx.OperationContext): """Initialize PKS broker. :param dict pks_ctx: A dictionary with which should atleast have the following keys in it ['username', 'secret', 'host', 'port', 'uaac_port'], 'proxy' and 'pks_compute_profile_name' are optional keys. Currently all callers of this method is using ovdc cache (subject to change) to initialize PKS broker. """ self.context: ctx.OperationContext = None # populates above attributes super().__init__(op_ctx) if not pks_ctx: raise ValueError( "PKS context is required to establish connection to PKS") self.username = pks_ctx['username'] self.secret = pks_ctx['secret'] self.pks_host_uri = f"https://{pks_ctx['host']}:{pks_ctx['port']}" self.uaac_uri = f"https://{pks_ctx['host']}:{pks_ctx['uaac_port']}" self.proxy_uri = None if pks_ctx.get('proxy'): self.proxy_uri = f"http://{pks_ctx['proxy']}:80" self.compute_profile = pks_ctx.get(PKS_COMPUTE_PROFILE_KEY, None) self.nsxt_server = \ utils.get_pks_cache().get_nsxt_info(pks_ctx.get('vc')) self.nsxt_client = None self.pks_wire_logger = NULL_LOGGER nsxt_wire_logger = NULL_LOGGER config = utils.get_server_runtime_config() if utils.str_to_bool(config['service'].get('log_wire')): nsxt_wire_logger = SERVER_NSXT_WIRE_LOGGER self.pks_wire_logger = SERVER_PKS_WIRE_LOGGER if self.nsxt_server: self.nsxt_client = NSXTClient( host=self.nsxt_server.get('host'), username=self.nsxt_server.get('username'), password=self.nsxt_server.get('password'), logger_debug=SERVER_LOGGER, logger_wire=nsxt_wire_logger, http_proxy=self.nsxt_server.get('proxy'), https_proxy=self.nsxt_server.get('proxy'), verify_ssl=self.nsxt_server.get('verify')) # TODO() Add support in pyvcloud to send metadata values with their # types intact. verify_ssl = pks_ctx.get('verify') self.verify = True if isinstance(verify_ssl, bool): self.verify = verify_ssl elif isinstance(verify_ssl, str): self.verify = utils.str_to_bool(verify_ssl) self.pks_client = self._get_pks_client(self._get_token())
def get_ovdc_k8s_provider_metadata(org_name=None, ovdc_name=None, ovdc_id=None, include_credentials=False, include_nsxt_info=False): """Get k8s provider metadata for an org VDC. :param str org_name: :param str ovdc_name: :param str ovdc_id: :param bool include_credentials: :param bool include_nsxt_info: :return: Dictionary with k8s provider metadata :rtype: Dict """ client = None try: client = vcd_utils.get_sys_admin_client() ovdc = vcd_utils.get_vdc(client=client, vdc_name=ovdc_name, vdc_id=ovdc_id, org_name=org_name, is_admin_operation=True) all_metadata = pyvcd_utils.metadata_to_dict(ovdc.get_all_metadata()) k8s_provider = all_metadata.get(K8S_PROVIDER_KEY, K8sProvider.NONE) result = {K8S_PROVIDER_KEY: k8s_provider} if k8s_provider == K8sProvider.PKS: result.update( {k: all_metadata[k] for k in PksCache.get_pks_keys()}) # noqa: E501 result[PKS_PLANS_KEY] = result[PKS_PLANS_KEY].split(',') # Get the credentials from PksCache if include_credentials or include_nsxt_info: pks_cache = utils.get_pks_cache() pvdc_info = \ pks_cache.get_pvdc_info(vcd_utils.get_pvdc_id(ovdc)) if include_credentials: # noqa: E501 TODO in case only ovdc_id is provided, we need a way to get org_name pks_info = \ pks_cache.get_pks_account_info(org_name, pvdc_info.vc) result.update(pks_info.credentials._asdict()) if include_nsxt_info: nsxt_info = pks_cache.get_nsxt_info(pvdc_info.vc) result['nsxt'] = nsxt_info return result finally: if client is not None: client.logout()
def __init__(self, request_headers, request_query_params, request_spec): self.req_headers = request_headers self.req_qparams = request_query_params self.req_spec = request_spec self.pks_cache = get_pks_cache() self.ovdc_cache = OvdcCache(get_vcd_sys_admin_client()) self.is_ovdc_present_in_request = False config = get_server_runtime_config() self.vcd_client, self.session = connect_vcd_user_via_token( vcd_uri=config['vcd']['host'], headers=self.req_headers, verify_ssl_certs=config['vcd']['verify'])
def __init__(self, request_headers, request_spec, pks_ctx): """Initialize PKS broker. :param dict pks_ctx: A dictionary with which should atleast have the following keys in it ['username', 'secret', 'host', 'port', 'uaac_port'], 'proxy' and 'pks_compute_profile_name' are optional keys. Currently all callers of this method is using ovdc cache (subject to change) to initialize PKS broker. """ super().__init__(request_headers, request_spec) if not pks_ctx: raise ValueError( "PKS context is required to establish connection to PKS") self.req_headers = request_headers self.req_spec = request_spec self.username = pks_ctx['username'] self.secret = pks_ctx['secret'] self.pks_host_uri = \ f"https://{pks_ctx['host']}:{pks_ctx['port']}" self.uaac_uri = \ f"https://{pks_ctx['host']}:{pks_ctx['uaac_port']}" self.proxy_uri = f"http://{pks_ctx['proxy']}:80" \ if pks_ctx.get('proxy') else None self.compute_profile = pks_ctx.get(PKS_COMPUTE_PROFILE_KEY, None) self.nsxt_server = \ get_pks_cache().get_nsxt_info(pks_ctx.get('vc')) if self.nsxt_server: self.nsxt_client = NSXTClient( host=self.nsxt_server.get('host'), username=self.nsxt_server.get('username'), password=self.nsxt_server.get('password'), http_proxy=self.nsxt_server.get('proxy'), https_proxy=self.nsxt_server.get('proxy'), verify_ssl=self.nsxt_server.get('verify'), log_requests=True, log_headers=True, log_body=True) # TODO() Add support in pyvcloud to send metadata values with their # types intact. verify_ssl_value_in_ctx = pks_ctx.get('verify') if isinstance(verify_ssl_value_in_ctx, bool): self.verify = verify_ssl_value_in_ctx elif isinstance(verify_ssl_value_in_ctx, str): self.verify = \ False if verify_ssl_value_in_ctx.lower() == 'false' else True else: self.verify = True token = self._get_token() self.client_v1 = self._get_pks_client(token, self.VERSION_V1) self.client_v1beta = self._get_pks_client(token, self.VERSION_V1BETA) self.client_session = None self.get_tenant_client_session()
def construct_ctr_prov_ctx_from_pks_cache(ovdc_id, org_name, pks_plans, pks_cluster_domain, container_provider): client = None try: ctr_prov_context = {} ctr_prov_context[K8S_PROVIDER_KEY] = container_provider if container_provider == K8sProviders.PKS: if not is_pks_enabled(): raise CseServerError('CSE is not configured to work with PKS.') client = get_sys_admin_client() ovdc = get_vdc(client=client, vdc_id=ovdc_id, is_admin_operation=True) pks_cache = get_pks_cache() pvdc_id = get_pvdc_id(ovdc) pvdc_info = pks_cache.get_pvdc_info(pvdc_id) if not pvdc_info: LOGGER.debug(f"pvdc '{pvdc_id}' is not backed " f"by PKS-managed-vSphere resources") raise CseServerError(f"VDC '{ovdc.get_resource().get('name')}'" " is not eligible to provide resources" " for PKS clusters.") pks_account_info = pks_cache.get_pks_account_info( org_name, pvdc_info.vc) nsxt_info = pks_cache.get_nsxt_info(pvdc_info.vc) pks_compute_profile_name = \ _construct_pks_compute_profile_name(ovdc_id) ctr_prov_context = construct_pks_context( pks_account_info=pks_account_info, pvdc_info=pvdc_info, nsxt_info=nsxt_info, pks_compute_profile_name=pks_compute_profile_name, pks_plans=pks_plans, pks_cluster_domain=pks_cluster_domain, credentials_required=True) return ctr_prov_context finally: if client: client.logout()
def construct_k8s_metadata_from_pks_cache(sysadmin_client: vcd_client.Client, ovdc_id, org_name, pks_plans, pks_cluster_domain, k8s_provider): vcd_utils.raise_error_if_not_sysadmin(sysadmin_client) ctr_prov_context = { K8S_PROVIDER_KEY: k8s_provider, } if k8s_provider == K8sProvider.PKS: if not utils.is_pks_enabled(): raise e.CseServerError('CSE is not configured to work with PKS.') ovdc = vcd_utils.get_vdc(client=sysadmin_client, vdc_id=ovdc_id, is_admin_operation=True) pks_cache = utils.get_pks_cache() pvdc_id = vcd_utils.get_pvdc_id(sysadmin_client, ovdc) pvdc_info = pks_cache.get_pvdc_info(pvdc_id) if not pvdc_info: LOGGER.debug(f"pvdc '{pvdc_id}' is not backed " f"by PKS-managed-vSphere resources") raise e.CseServerError(f"VDC '{ovdc.get_resource().get('name')}'" " is not eligible to provide resources" " for PKS clusters.") pks_account_info = pks_cache.get_pks_account_info( org_name, pvdc_info.vc) nsxt_info = pks_cache.get_nsxt_info(pvdc_info.vc) pks_compute_profile_name = _construct_pks_compute_profile_name( sysadmin_client, ovdc_id) ctr_prov_context = construct_pks_context( pks_account_info=pks_account_info, pvdc_info=pvdc_info, nsxt_info=nsxt_info, pks_compute_profile_name=pks_compute_profile_name, pks_plans=pks_plans, pks_cluster_domain=pks_cluster_domain, credentials_required=True) return ctr_prov_context
def get_ovdc_container_provider_metadata(self, ovdc_name=None, ovdc_id=None, org_name=None, credentials_required=False, nsxt_info_required=False): """Get metadata of given ovdc, pertaining to the container provider. :param str ovdc_name: name of the ovdc :param str ovdc_id: UUID of ovdc :param str org_name: specific org to use if @org is not given. If None, uses currently logged-in org from @client. :param bool credentials_required: Decides if output metadata should include credentials or not. :return: metadata of the ovdc :rtype: dict :raises EntityNotFoundException: if the ovdc could not be found. """ # Get pvdc and pks information from oVdc metadata client = None try: client = get_sys_admin_client() ovdc = get_vdc(client=client, vdc_name=ovdc_name, vdc_id=ovdc_id, org_name=org_name, is_admin_operation=True) all_metadata = metadata_to_dict(ovdc.get_all_metadata()) if K8S_PROVIDER_KEY not in all_metadata: container_provider = K8sProviders.NONE else: container_provider = all_metadata[K8S_PROVIDER_KEY] ctr_prov_details = {} if container_provider == K8sProviders.PKS: # Filter out container provider metadata into a dict ctr_prov_details = { metadata_key: all_metadata[metadata_key] for metadata_key in PksCache.get_pks_keys() } # Get the credentials from PksCache pvdc_id = get_pvdc_id(ovdc) pks_cache = get_pks_cache() pvdc_info = pks_cache.get_pvdc_info(pvdc_id) ctr_prov_details[PKS_PLANS_KEY] = \ ctr_prov_details[PKS_PLANS_KEY].split(',') if credentials_required: pks_info = pks_cache.get_pks_account_info( org_name, pvdc_info.vc) ctr_prov_details.update(pks_info.credentials._asdict()) if nsxt_info_required: nsxt_info = pks_cache.get_nsxt_info(pvdc_info.vc) ctr_prov_details['nsxt'] = nsxt_info ctr_prov_details[K8S_PROVIDER_KEY] = container_provider return ctr_prov_details finally: if client: client.logout()
def __init__(self, tenant_auth_token, request_spec): self.tenant_auth_token = tenant_auth_token self.req_spec = request_spec self.pks_cache = get_pks_cache() self.vcd_client, self.session = connect_vcd_user_via_token( tenant_auth_token=tenant_auth_token)