def create_pks_context_for_all_accounts_in_org(tenant_auth_token):
"""Create PKS context for accounts in a given Org.
If user is Sysadmin
Creates PKS contexts for all PKS accounts defined in the entire
system.
else
Creates PKS contexts for all PKS accounts assigned to the org.
However if separate service accounts for each org hasn't been
configued by admin via pks.yaml, then PKS accounts of the PKS
server corresponding to the vCenters powering the individual
orgVDC of the org will be picked up for creating the PKS contexts.
:return: list of dict, where each dictionary is a PKS context
:rtype: list
"""
pks_cache = utils.get_pks_cache()
if pks_cache is None:
return []
client, _ = connect_vcd_user_via_token(tenant_auth_token=tenant_auth_token)
if client.is_sysadmin():
all_pks_account_info = pks_cache.get_all_pks_account_info_in_system()
pks_ctx_list = [
ovdc_utils.construct_pks_context(pks_account_info,
credentials_required=True)
for pks_account_info in all_pks_account_info # noqa: E501
]
return pks_ctx_list
org_resource = client.get_org()
org_name = org_resource.get('name')
if pks_cache.do_orgs_have_exclusive_pks_account():
pks_account_infos = \
pks_cache.get_exclusive_pks_accounts_info_for_org(org_name)
pks_ctx_list = [
ovdc_utils.construct_pks_context(pks_account_info,
credentials_required=True)
for pks_account_info in pks_account_infos # noqa: E501
]
return pks_ctx_list
org = Org(client, resource=org_resource)
vdc_names = [vdc['name'] for vdc in org.list_vdcs()]
# Constructing dict instead of list to avoid duplicates
# TODO() figure out a way to add pks contexts to a set directly
pks_ctx_dict = {}
for vdc_name in vdc_names:
# this is a full blown pks_account_info + pvdc_info +
# compute_profile_name dictionary
k8s_metadata = \
ovdc_utils.get_ovdc_k8s_provider_metadata(ovdc_name=vdc_name,
org_name=org_name,
include_credentials=True)
if k8s_metadata[K8S_PROVIDER_KEY] == K8sProvider.PKS:
pks_ctx_dict[k8s_metadata['vc']] = k8s_metadata
return list(pks_ctx_dict.values())
def ovdc_compute_policy_update(request_data, tenant_auth_token):
"""Request handler for ovdc compute-policy update operation.
Required data: ovdc_id, compute_policy_action, compute_policy_names
:return: Dictionary with task href.
"""
required = [
RequestKey.OVDC_ID, RequestKey.COMPUTE_POLICY_ACTION,
RequestKey.COMPUTE_POLICY_NAME
]
req_utils.validate_payload(request_data, required)
defaults = {
RequestKey.REMOVE_COMPUTE_POLICY_FROM_VMS: False,
}
validated_data = {**defaults, **request_data}
req_utils.validate_payload(request_data, required)
action = validated_data[RequestKey.COMPUTE_POLICY_ACTION]
cp_name = validated_data[RequestKey.COMPUTE_POLICY_NAME]
ovdc_id = validated_data[RequestKey.OVDC_ID]
remove_compute_policy_from_vms = validated_data[
RequestKey.REMOVE_COMPUTE_POLICY_FROM_VMS] # noqa: E501
client, _ = vcd_utils.connect_vcd_user_via_token(tenant_auth_token)
cpm = ComputePolicyManager(client)
cp_href = None
cp_id = None
if cp_name == SYSTEM_DEFAULT_COMPUTE_POLICY_NAME:
for _cp in cpm.list_compute_policies_on_vdc(ovdc_id):
if _cp['name'] == cp_name:
cp_href = _cp['href']
cp_id = _cp['id']
else:
try:
_cp = cpm.get_policy(cp_name)
cp_href = _cp['href']
cp_id = _cp['id']
except EntityNotFoundException:
pass
if cp_href is None:
raise BadRequestError(f"Compute policy '{cp_name}' not found.")
if action == ComputePolicyAction.ADD:
cpm.add_compute_policy_to_vdc(ovdc_id, cp_href)
return f"Added compute policy '{cp_name}' ({cp_id}) to ovdc " \
f"({ovdc_id})"
if action == ComputePolicyAction.REMOVE:
return cpm.remove_compute_policy_from_vdc(
ovdc_id,
cp_href,
remove_compute_policy_from_vms=remove_compute_policy_from_vms)
raise BadRequestError("Unsupported compute policy action")
def ovdc_list(request_data, tenant_auth_token):
"""Request handler for ovdc list operation.
:return: List of dictionaries with org VDC k8s provider metadata.
"""
client, _ = vcd_utils.connect_vcd_user_via_token(tenant_auth_token)
list_pks_plans = utils.str_to_bool(request_data[RequestKey.LIST_PKS_PLANS])
return ovdc_utils.get_ovdc_list(client,
list_pks_plans=list_pks_plans,
tenant_auth_token=tenant_auth_token)
def info(self, tenant_auth_token):
tenant_client, _ = connect_vcd_user_via_token(
tenant_auth_token=tenant_auth_token)
result = Service.version()
if tenant_client.is_sysadmin():
result['consumer_threads'] = len(self.threads)
result['all_threads'] = threading.activeCount()
result['requests_in_progress'] = self.active_requests_count()
result['config_file'] = self.config_file
result['status'] = self.get_status()
else:
del result['python']
return result
def ovdc_compute_policy_list(request_data, tenant_auth_token):
"""Request handler for ovdc compute-policy list operation.
Required data: ovdc_id
:return: Dictionary with task href.
"""
required = [RequestKey.OVDC_ID]
utils.ensure_keys_in_dict(required, request_data, dict_name='data')
client, _ = vcd_utils.connect_vcd_user_via_token(tenant_auth_token)
cpm = ComputePolicyManager(client)
return cpm.list_compute_policies_on_vdc(request_data[RequestKey.OVDC_ID])
def update_status(self, tenant_auth_token, request_data):
tenant_client, _ = connect_vcd_user_via_token(
tenant_auth_token=tenant_auth_token)
if not tenant_client.is_sysadmin():
raise CseRequestError(status_code=requests.codes.unauthorized,
error_message='Unauthorized to update CSE')
action = request_data.get(RequestKey.SERVER_ACTION)
if self._state == ServerState.RUNNING:
if action == ServerAction.ENABLE:
raise CseRequestError(
status_code=requests.codes.bad_request,
error_message='CSE is already enabled and running.')
elif action == ServerAction.DISABLE:
self._state = ServerState.DISABLED
message = 'CSE has been disabled.'
elif action == ServerAction.STOP:
raise CseRequestError(
status_code=requests.codes.bad_request,
error_message='Cannot stop CSE while it is enabled. '
'Disable the service first')
elif self._state == ServerState.DISABLED:
if action == ServerAction.ENABLE:
self._state = ServerState.RUNNING
message = 'CSE has been enabled and is running.'
elif action == ServerAction.DISABLE:
raise CseRequestError(status_code=requests.codes.bad_request,
error_message='CSE is already disabled.')
elif action == 'stop':
message = 'CSE graceful shutdown started.'
n = self.active_requests_count()
if n > 0:
message += f" CSE will finish processing {n} requests."
self._state = ServerState.STOPPING
elif self._state == ServerState.STOPPING:
if action == ServerAction.ENABLE:
raise CseRequestError(
status_code=requests.codes.bad_request,
error_message='Cannot enable CSE while it is being'
'stopped.')
elif action == ServerAction.DISABLE:
raise CseRequestError(
status_code=requests.codes.bad_request,
error_message='Cannot disable CSE while it is being'
' stopped.')
elif action == ServerAction.STOP:
message = 'CSE graceful shutdown is in progress.'
return message
def _connect_tenant(self):
self.tenant_client, self.client_session = connect_vcd_user_via_token(
tenant_auth_token=self.tenant_auth_token)
self.tenant_info = {
'user_name':
self.client_session.get('user'),
'user_id':
self.client_session.get('userId'),
'org_name':
self.client_session.get('org'),
'org_href':
self.tenant_client._get_wk_endpoint(
_WellKnownEndpoint.LOGGED_IN_ORG)
}
def __init__(self, tenant_auth_token):
self.tenant_client = None
self.client_session = None
self.tenant_user_name = None
self.tenant_user_id = None
self.tenant_org_name = None
self.tenant_org_href = None
self.tenant_client, self.client_session = \
vcd_utils.connect_vcd_user_via_token(tenant_auth_token=tenant_auth_token) # noqa: E501
self.tenant_user_name = self.client_session.get('user')
self.tenant_user_id = self.client_session.get('userId')
self.tenant_org_name = self.client_session.get('org')
self.tenant_org_href = \
self.tenant_client._get_wk_endpoint(_WellKnownEndpoint.LOGGED_IN_ORG) # noqa: E501
def ovdc_list(request_data, tenant_auth_token):
"""Request handler for ovdc list operation.
:return: List of dictionaries with org VDC k8s provider metadata.
"""
defaults = {RequestKey.LIST_PKS_PLANS: False}
validated_data = {**defaults, **request_data}
client, _ = vcd_utils.connect_vcd_user_via_token(tenant_auth_token)
# TODO check if this is needed
list_pks_plans = utils.str_to_bool(
validated_data[RequestKey.LIST_PKS_PLANS]) # noqa: E501
return ovdc_utils.get_ovdc_list(client,
list_pks_plans=list_pks_plans,
tenant_auth_token=tenant_auth_token)
def _list_ovdcs(self, list_pks_plans):
"""Get list of ovdcs.
If client is sysadmin,
Gets all ovdcs of all organizations.
Else
Gets all ovdcs of the organization in context.
"""
client, _ = connect_vcd_user_via_token(self.tenant_auth_token)
if client.is_sysadmin():
org_resource_list = client.get_org_list()
else:
org_resource_list = list(client.get_org())
ovdc_list = []
vc_to_pks_plans_map = {}
if is_pks_enabled() and list_pks_plans:
if client.is_sysadmin():
vc_to_pks_plans_map = self._construct_vc_to_pks_map()
else:
raise UnauthorizedActionError(
'Operation Denied. Plans available only for '
'System Administrator.')
for org_resource in org_resource_list:
org = Org(client, resource=org_resource)
vdc_list = org.list_vdcs()
for vdc_sparse in vdc_list:
ctr_prov_ctx = \
OvdcManager().get_ovdc_container_provider_metadata(
ovdc_name=vdc_sparse['name'], org_name=org.get_name(),
credentials_required=False)
vdc_dict = {
'name': vdc_sparse['name'],
'org': org.get_name(),
K8S_PROVIDER_KEY: ctr_prov_ctx[K8S_PROVIDER_KEY]
}
if is_pks_enabled() and list_pks_plans:
pks_plans, pks_server = self.\
_get_pks_plans_and_server_for_vdc(client,
vdc_sparse,
org_resource,
vc_to_pks_plans_map)
vdc_dict['pks_api_server'] = pks_server
vdc_dict['available pks plans'] = pks_plans
ovdc_list.append(vdc_dict)
return ovdc_list
def ovdc_compute_policy_list(request_data, tenant_auth_token, is_jwt_token):
"""Request handler for ovdc compute-policy list operation.
Required data: ovdc_id
:return: Dictionary with task href.
"""
required = [
RequestKey.OVDC_ID
]
req_utils.validate_payload(request_data, required)
client = vcd_utils.connect_vcd_user_via_token(
tenant_auth_token, is_jwt_token)
cpm = ComputePolicyManager(client)
return cpm.list_compute_policies_on_vdc(request_data[RequestKey.OVDC_ID])
def ovdc_compute_policy_update(request_data, tenant_auth_token):
"""Request handler for ovdc compute-policy update operation.
Required data: ovdc_id, compute_policy_action, compute_policy_names
:return: Dictionary with task href.
"""
required = [
RequestKey.OVDC_ID, RequestKey.COMPUTE_POLICY_ACTION,
RequestKey.COMPUTE_POLICY_NAME
]
utils.ensure_keys_in_dict(required, request_data, dict_name='data')
client, _ = vcd_utils.connect_vcd_user_via_token(tenant_auth_token)
action = request_data[RequestKey.COMPUTE_POLICY_ACTION]
cp_name = request_data[RequestKey.COMPUTE_POLICY_NAME]
ovdc_id = request_data[RequestKey.OVDC_ID]
cpm = ComputePolicyManager(client)
cp = cpm.get_policy(cp_name)
if cp is None:
raise ValueError(f"Compute policy '{cp_name}' does not exist")
cp_href = cp['href']
if action == ComputePolicyAction.ADD:
cpm.add_compute_policy_to_vdc(cp_href, vdc_id=ovdc_id)
return f"Added compute policy '{cp_name}' to ovdc '{ovdc_id}'"
if action == ComputePolicyAction.REMOVE:
try:
cpm.remove_compute_policy_from_vdc(cp_href, vdc_id=ovdc_id)
except EntityNotFoundException:
raise EntityNotFoundException(f"Compute policy '{cp_name}' not "
f"found in ovdc '{ovdc_id}'")
except Exception:
# This ensures that BadRequestException message is printed
# to console. (error when ovdc currently has VMs/vApp
# templates with the compute policy reference, so compute policy
# cannot be removed)
raise Exception(f"Could not remove compute policy '{cp_name}' "
f"from ovdc '{ovdc_id}' (check that no vApp"
f" templates or VMs currently contain a reference"
f" to the compute policy).")
return f"Removed compute policy '{cp_name}' from ovdc '{ovdc_id}'"
raise ValueError("Unsupported compute policy action")
def ovdc_list(request_data, tenant_auth_token, is_jwt_token):
"""Request handler for ovdc list operation.
:return: List of dictionaries with org VDC k8s provider metadata.
"""
defaults = {
RequestKey.LIST_PKS_PLANS: False
}
validated_data = {**defaults, **request_data}
client = vcd_utils.connect_vcd_user_via_token(
tenant_auth_token, is_jwt_token)
# TODO check if this is needed
list_pks_plans = utils.str_to_bool(validated_data[RequestKey.LIST_PKS_PLANS]) # noqa: E501
# Record telemetry data
cse_params = copy.deepcopy(validated_data)
cse_params[RequestKey.LIST_PKS_PLANS] = list_pks_plans
record_user_action_details(cse_operation=CseOperation.OVDC_LIST, cse_params=cse_params) # noqa: E501
return ovdc_utils.get_ovdc_list(client, list_pks_plans=list_pks_plans,
tenant_auth_token=tenant_auth_token,
is_jwt_token=is_jwt_token)
def client(self):
if self._client is None:
self._client = vcd_utils.connect_vcd_user_via_token(
tenant_auth_token=self._auth_token, is_jwt_token=self._is_jwt)
return self._client
def __init__(self, tenant_auth_token, request_spec):
self.tenant_auth_token = tenant_auth_token
self.req_spec = request_spec
self.pks_cache = get_pks_cache()
self.vcd_client, self.session = connect_vcd_user_via_token(
tenant_auth_token=tenant_auth_token)
def ovdc_compute_policy_update(request_data, tenant_auth_token):
"""Request handler for ovdc compute-policy update operation.
Required data: ovdc_id, compute_policy_action, compute_policy_names
:return: Dictionary with task href.
"""
required = [
RequestKey.OVDC_ID, RequestKey.COMPUTE_POLICY_ACTION,
RequestKey.COMPUTE_POLICY_NAME
]
utils.ensure_keys_in_dict(required, request_data, dict_name='data')
defaults = {
RequestKey.REMOVE_COMPUTE_POLICY_FROM_VMS: False,
}
validated_data = {**defaults, **request_data}
utils.ensure_keys_in_dict(required, validated_data, dict_name='data')
action = validated_data[RequestKey.COMPUTE_POLICY_ACTION]
cp_name = validated_data[RequestKey.COMPUTE_POLICY_NAME]
ovdc_id = validated_data[RequestKey.OVDC_ID]
remove_compute_policy_from_vms = validated_data[
RequestKey.REMOVE_COMPUTE_POLICY_FROM_VMS] # noqa: E501
client, _ = vcd_utils.connect_vcd_user_via_token(tenant_auth_token)
cpm = ComputePolicyManager(client)
cp_href = None
cp_id = None
for _cp in cpm.list_compute_policies_on_vdc(ovdc_id):
if _cp['name'] == cp_name:
cp_href = _cp['href']
cp_id = _cp['id']
if cp_href is None:
raise ValueError(f"Compute policy '{cp_name}' not found.")
if action == ComputePolicyAction.ADD:
cpm.add_compute_policy_to_vdc(ovdc_id, cp_href)
return f"Added compute policy '{cp_name}' ({cp_id}) to ovdc " \
f"({ovdc_id})"
if action == ComputePolicyAction.REMOVE:
try:
cpm.remove_compute_policy_from_vdc(
ovdc_id,
cp_href,
remove_compute_policy_from_vms=remove_compute_policy_from_vms)
except EntityNotFoundException:
raise EntityNotFoundException(
f"Compute policy '{cp_name}' not found in ovdc ({ovdc_id})")
except Exception:
# This ensures that BadRequestException message is printed
# to console. (error when ovdc currently has VMs/vApp
# templates with the compute policy reference, so compute policy
# cannot be removed)
msg = f"Could not remove compute policy '{cp_name}' " \
f"({cp_id}) from ovdc ({ovdc_id})"
LOGGER.error(msg, exc_info=True)
raise Exception(
f"{msg} (check that no vApp templates or VMs currently "
f"contain a reference to the compute policy)")
return f"Removed compute policy '{cp_name}' ({cp_id}) " \
f"from ovdc ({ovdc_id})"
raise ValueError("Unsupported compute policy action")
