def from_cfg(concourse_cfg: ConcourseConfig, team_name: str, verify_ssl=False):
'''
Factory method to get Concourse API object
'''
base_url = concourse_cfg.ingress_url()
team_credentials = concourse_cfg.team_credentials(team_name)
team_name = team_credentials.teamname()
username = team_credentials.username()
password = team_credentials.passwd()
concourse_version = concourse_cfg.concourse_version()
if concourse_version is ConcourseApiVersion.V4:
routes = ConcourseApiRoutesV4(base_url=base_url, team=team_name)
request_builder = AuthenticatedRequestBuilder(
basic_auth_username=AUTH_TOKEN_REQUEST_USER,
basic_auth_passwd=AUTH_TOKEN_REQUEST_PWD,
verify_ssl=verify_ssl)
concourse_api = ConcourseApiV4(
routes=routes,
request_builder=request_builder,
verify_ssl=verify_ssl,
)
else:
raise NotImplementedError("Concourse version {v} not supported".format(
v=concourse_version.value))
concourse_api.login(
username=username,
passwd=password,
)
return concourse_api
def from_cfg(concourse_cfg: ConcourseConfig, team_name: str, verify_ssl=False):
'''
Helper method to get Concourse API object
'''
cfg_factory = ci.util.ctx().cfg_factory()
base_url = concourse_cfg.ingress_url(cfg_factory)
concourse_uam_cfg_name = concourse_cfg.concourse_uam_config()
concourse_uam_cfg = cfg_factory.concourse_uam(concourse_uam_cfg_name)
concourse_team = concourse_uam_cfg.team(team_name)
team_name = concourse_team.teamname()
username = concourse_team.username()
password = concourse_team.password()
concourse_api_version = concourse_cfg.compatible_api_version(cfg_factory)
concourse_api = ConcourseApiFactory.create_api(
base_url=base_url,
team_name=team_name,
verify_ssl=verify_ssl,
concourse_api_version=concourse_api_version,
)
concourse_api.login(
username=username,
passwd=password,
)
return concourse_api
def from_cfg(
concourse_cfg: ConcourseConfig,
team_name: str,
concourse_uam_cfg: ConcourseUAMConfig = None,
verify_ssl=True,
concourse_api_version=None,
):
# XXX rm last dependency towards cfg-factory
cfg_factory = ci.util.ctx().cfg_factory()
base_url = concourse_cfg.ingress_url(cfg_factory)
if not concourse_uam_cfg:
concourse_uam_cfg = cfg_factory.concourse_uam(
concourse_cfg.concourse_uam_cfg())
import sys
print('warning: omitting concourse_uam_cfg is deprecated!',
file=sys.stderr)
concourse_team = concourse_uam_cfg.team(team_name)
team_name = concourse_team.teamname()
username = concourse_team.username()
password = concourse_team.password()
concourse_api = ConcourseApiFactory.create_api(
base_url=base_url,
team_name=team_name,
verify_ssl=verify_ssl,
concourse_api_version=concourse_api_version,
)
concourse_api.login(
username=username,
passwd=password,
)
return concourse_api
def create_postgresql_helm_values(
concourse_cfg: ConcourseConfig,
cfg_factory: ConfigFactory,
):
helm_chart_default_values_name = concourse_cfg.helm_chart_default_values_config(
)
default_helm_values = cfg_factory.concourse_helmchart(
helm_chart_default_values_name).raw
helm_chart_values_name = concourse_cfg.helm_chart_values()
custom_helm_values = cfg_factory.concourse_helmchart(
helm_chart_values_name).raw
helm_values = {
"service": {
"annotations": {
"prometheus.io/scrape": "true"
}
},
"rbac": {
"create": False,
"pspEnabled": False
},
"serviceAccount": {
"create": False
},
"config": {
"datasource": {
"host":
"concourse-postgresql.concourse.svc.cluster.local",
"user":
default_helm_values.get('postgresql').get(
'postgresqlUsername'),
"password":
custom_helm_values.get('postgresql').get('postgresqlPassword'),
"database":
default_helm_values.get('postgresql').get(
'postgresqlDatabase'),
"sslmode":
"disable"
},
"disableDefaultMetrics":
True,
"queries":
LiteralStr('''
pg_database:
query: "SELECT pg_database.datname, pg_database_size(pg_database.datname)
as size FROM pg_database"
metrics:
- datname:
usage: "LABEL"
description: "Name of the database"
- size:
usage: "GAUGE"
description: "Disk space used by the database" ''')
}
}
return helm_values
def set_teams(config: ConcourseConfig):
not_none(config)
# Use main-team, i.e. the team that can change the other teams' credentials
main_team_credentials = config.main_team_credentials()
concourse_api = client.from_cfg(
concourse_cfg=config,
team_name=main_team_credentials.teamname(),
)
for team in config.all_team_credentials():
# We skip the main team here since we cannot update all its credentials at this time.
if team.teamname() == "main":
continue
concourse_api.set_team(team)
def set_teams(config: ConcourseConfig):
not_none(config)
cfg_factory = global_ctx().cfg_factory()
concourse_uam_cfg_name = config.concourse_uam_config()
concourse_uam_cfg = cfg_factory.concourse_uam(concourse_uam_cfg_name)
# Use main-team, i.e. the team that can change the other teams' credentials
main_team = concourse_uam_cfg.main_team()
concourse_api = client.from_cfg(
concourse_cfg=config,
team_name=main_team.teamname(),
)
for team in concourse_uam_cfg.teams():
# We skip the main team here since we cannot update all its credentials at this time.
if team.teamname() == main_team.teamname():
continue
concourse_api.set_team(team)
def create_instance_specific_helm_values(
concourse_cfg: ConcourseConfig,
config_factory: ConfigFactory,
):
'''
Creates a dict containing instance specific helm values not explicitly stated in
the `ConcourseConfig`'s helm_chart_values.
'''
not_none(concourse_cfg)
# 'main'-team credentials need to be included in the values.yaml, unlike the other teams
concourse_uam_cfg_name = concourse_cfg.concourse_uam_config()
concourse_uam_cfg = config_factory.concourse_uam(concourse_uam_cfg_name)
main_team = concourse_uam_cfg.main_team()
external_url = concourse_cfg.external_url()
external_host = urlparse(external_url).netloc
ingress_host = concourse_cfg.ingress_host()
ingress_cfg = config_factory.ingress(concourse_cfg.ingress_config())
concourse_version = concourse_cfg.concourse_version()
if concourse_version is ConcourseApiVersion.V5:
github_config_name = concourse_cfg.github_enterprise_host()
# 'github_enterprise_host' only configured in case of internal concourse
# using github enterprise
if github_config_name:
github_config = config_factory.github(github_config_name)
github_http_url = github_config.http_url()
github_host = urlparse(github_http_url).netloc
else:
github_host = None
bcrypted_pwd = bcrypt.hashpw(main_team.password().encode('utf-8'),
bcrypt.gensalt()).decode('utf-8')
instance_specific_values = {
'concourse': {
'web': {
'externalUrl': external_url,
'auth': {
'mainTeam': {
'localUser': main_team.username(),
'github': {
'team': main_team.github_auth_team()
}
},
'github': {
'host': github_host
}
}
}
},
'secrets': {
'localUsers': main_team.username() + ':' + bcrypted_pwd,
'githubClientId': main_team.github_auth_client_id(),
'githubClientSecret': main_team.github_auth_client_secret()
},
'web': {
'ingress': {
'annotations': {
'cert.gardener.cloud/issuer':
ingress_cfg.issuer_name(),
'cert.gardener.cloud/purpose': 'managed',
'dns.gardener.cloud/class': 'garden',
'dns.gardener.cloud/dnsnames': ingress_host,
'dns.gardener.cloud/ttl': str(ingress_cfg.ttl()),
},
'hosts': [external_host, ingress_host],
'tls': [{
'secretName': concourse_cfg.tls_secret_name(),
'hosts': ingress_cfg.tls_host_names(),
}],
}
}
}
else:
raise NotImplementedError(
"Concourse version {v} not supported".format(v=concourse_version))
return instance_specific_values