def __init__(self,
mcg,
name,
email,
buckets,
admin_access=False,
s3_access=True,
full_bucket_access=True,
backingstore_name=constants.DEFAULT_NOOBAA_BACKINGSTORE):
"""
Initializer function
Args:
mcg (obj): Multi cloud gateway object
name (str): Name of noobaa account
email (str): Email id to be assigned to noobaa account
buckets (list): list of bucket names to be given permission
admin_access (bool): True for admin privilege, otherwise False. Default (False)
s3_access (bool): True for S3 access, otherwise False. Default (True)
backingstore_name (str): Backingstore name on which buckets created
using this account to be placed by default. Default("noobaa-default-backing-store")
full_bucket_access (bool): True for future bucket access, otherwise False. Default (False)
"""
self.account_name = name
self.email_id = email
response = mcg.send_rpc_query(api="account_api",
method="create_account",
params={
"email": email,
"name": name,
"has_login": admin_access,
"s3_access": s3_access,
"default_pool": backingstore_name,
"allowed_buckets": {
"full_permission":
full_bucket_access,
"permission_list": buckets
}
}).json()
self.access_key_id = response['reply']['access_keys'][0]['access_key']
self.access_key = response['reply']['access_keys'][0]['secret_key']
self.s3_endpoint = mcg.s3_endpoint
self.token = response['reply']['token']
self.s3_resource = boto3.resource(
's3',
verify=retrieve_verification_mode(),
endpoint_url=self.s3_endpoint,
aws_access_key_id=self.access_key_id,
aws_secret_access_key=self.access_key)
self.s3_client = boto3.client('s3',
verify=retrieve_verification_mode(),
endpoint_url=self.s3_endpoint,
aws_access_key_id=self.access_key_id,
aws_secret_access_key=self.access_key)
def send_rpc_query(self, api, method, params=None):
"""
Templates and sends an RPC query to the MCG mgmt endpoint
Args:
api: The name of the API to use
method: The method to use inside the API
params: A dictionary containing the command payload
Returns:
The server's response
"""
logger.info(f"Sending MCG RPC query:\n{api} {method} {params}")
payload = {
"api": api,
"method": method,
"params": params,
"auth_token": self.noobaa_token,
}
return requests.post(
url=self.mgmt_endpoint,
data=json.dumps(payload),
verify=retrieve_verification_mode(),
)
def __init__(self, obc_name):
"""
Initializer function
Args:
obc_name (str): Name of the Object Bucket Claim
"""
self.obc_name = obc_name
self.namespace = config.ENV_DATA['cluster_namespace']
obc_resource = OCP(namespace=self.namespace, kind='ObjectBucketClaim', resource_name=self.obc_name).get()
self.ob_name = obc_resource.get('spec').get('ObjectBucketName')
self.bucket_name = obc_resource.get('spec').get('bucketName')
ob_obj = OCP(namespace=self.namespace, kind='ObjectBucket', resource_name=self.ob_name).get()
self.obc_account = ob_obj.get('spec').get('additionalState').get('account')
secret_obc_obj = OCP(kind='secret', namespace=self.namespace, resource_name=self.obc_name).get()
obc_configmap = OCP(namespace=self.namespace, kind='ConfigMap', resource_name=self.obc_name).get()
obc_configmap_data = obc_configmap.get('data')
obc_provisioner = obc_resource.get('metadata').get('labels').get('bucket-provisioner')
self.region = obc_configmap_data.get('BUCKET_REGION')
self.access_key_id = base64.b64decode(
secret_obc_obj.get('data').get('AWS_ACCESS_KEY_ID')
).decode('utf-8')
self.access_key = base64.b64decode(
secret_obc_obj.get('data').get('AWS_SECRET_ACCESS_KEY')
).decode('utf-8')
if 'noobaa' in obc_provisioner:
get_noobaa = OCP(kind='noobaa', namespace=self.namespace).get()
self.s3_internal_endpoint = (
get_noobaa.get('items')[0].get('status').get('services')
.get('serviceS3').get('internalDNS')[0]
)
self.s3_external_endpoint = (
get_noobaa.get('items')[0].get('status').get('services')
.get('serviceS3').get('externalDNS')[0]
)
self.s3_resource = boto3.resource(
's3', verify=retrieve_verification_mode(),
endpoint_url=self.s3_external_endpoint,
aws_access_key_id=self.access_key_id,
aws_secret_access_key=self.access_key
)
self.s3_client = self.s3_resource.meta.client
elif 'rook' in obc_provisioner:
# TODO: implement network forwarding to access the internal address
self.s3_internal_endpoint = (
'http://' + obc_configmap_data.get('BUCKET_HOST') + ':'
+ obc_configmap_data.get('BUCKET_PORT')
)
def send_rpc_query(self, api, method, params=None):
"""
Templates and sends an RPC query to the MCG mgmt endpoint
Args:
api: The name of the API to use
method: The method to use inside the API
params: A dictionary containing the command payload
Returns:
The server's response
"""
payload = {
'api': api,
'method': method,
'params': params,
'auth_token': self.noobaa_token
}
return requests.post(url=self.mgmt_endpoint,
data=json.dumps(payload),
verify=retrieve_verification_mode())
def __init__(self, obc_name):
"""
Initializer function
Args:
obc_name (str): Name of the Object Bucket Claim
"""
self.obc_name = obc_name
self.namespace = config.ENV_DATA["cluster_namespace"]
obc_resource = OCP(
namespace=self.namespace,
kind="ObjectBucketClaim",
resource_name=self.obc_name,
).get()
self.ob_name = obc_resource.get("spec").get("ObjectBucketName")
self.bucket_name = obc_resource.get("spec").get("bucketName")
ob_obj = OCP(namespace=self.namespace,
kind="ObjectBucket",
resource_name=self.ob_name).get()
self.obc_account = ob_obj.get("spec").get("additionalState").get(
"account")
secret_obc_obj = OCP(kind="secret",
namespace=self.namespace,
resource_name=self.obc_name).get()
obc_configmap = OCP(namespace=self.namespace,
kind="ConfigMap",
resource_name=self.obc_name).get()
obc_configmap_data = obc_configmap.get("data")
obc_provisioner = (obc_resource.get("metadata").get("labels").get(
"bucket-provisioner"))
self.region = obc_configmap_data.get("BUCKET_REGION")
self.access_key_id = base64.b64decode(
secret_obc_obj.get("data").get("AWS_ACCESS_KEY_ID")).decode(
"utf-8")
self.access_key = base64.b64decode(
secret_obc_obj.get("data").get("AWS_SECRET_ACCESS_KEY")).decode(
"utf-8")
if "noobaa" in obc_provisioner:
get_noobaa = OCP(kind="noobaa", namespace=self.namespace).get()
self.s3_internal_endpoint = (
get_noobaa.get("items")[0].get("status").get("services").get(
"serviceS3").get("internalDNS")[0])
self.s3_external_endpoint = (
get_noobaa.get("items")[0].get("status").get("services").get(
"serviceS3").get("externalDNS")[0])
self.s3_resource = boto3.resource(
"s3",
verify=retrieve_verification_mode(),
endpoint_url=self.s3_external_endpoint,
aws_access_key_id=self.access_key_id,
aws_secret_access_key=self.access_key,
)
self.s3_client = self.s3_resource.meta.client
elif "rook" in obc_provisioner:
# TODO: implement network forwarding to access the internal address
self.s3_internal_endpoint = (
"http://" + obc_configmap_data.get("BUCKET_HOST") + ":" +
obc_configmap_data.get("BUCKET_PORT"))
def __init__(self, *args, **kwargs):
"""
Constructor for the MCG class
"""
self.namespace = config.ENV_DATA["cluster_namespace"]
self.operator_pod = Pod(**get_pods_having_label(
constants.NOOBAA_OPERATOR_POD_LABEL, self.namespace)[0])
self.core_pod = Pod(**get_pods_having_label(
constants.NOOBAA_CORE_POD_LABEL, self.namespace)[0])
self.retrieve_noobaa_cli_binary()
"""
The certificate will be copied on each mcg_obj instantiation since
the process is so light and quick, that the time required for the redundant
copy is neglible in comparison to the time a hash comparison will take.
"""
retrieve_default_ingress_crt()
get_noobaa = OCP(kind="noobaa", namespace=self.namespace).get()
self.s3_endpoint = (get_noobaa.get("items")[0].get("status").get(
"services").get("serviceS3").get("externalDNS")[0])
self.s3_internal_endpoint = (get_noobaa.get("items")[0].get(
"status").get("services").get("serviceS3").get("internalDNS")[0])
self.mgmt_endpoint = (get_noobaa.get("items")[0].get("status").get(
"services").get("serviceMgmt").get("externalDNS")[0]) + "/rpc"
self.region = config.ENV_DATA["region"]
creds_secret_name = (get_noobaa.get("items")[0].get("status").get(
"accounts").get("admin").get("secretRef").get("name"))
secret_ocp_obj = OCP(kind="secret", namespace=self.namespace)
creds_secret_obj = secret_ocp_obj.get(creds_secret_name)
self.access_key_id = base64.b64decode(
creds_secret_obj.get("data").get("AWS_ACCESS_KEY_ID")).decode(
"utf-8")
self.access_key = base64.b64decode(
creds_secret_obj.get("data").get("AWS_SECRET_ACCESS_KEY")).decode(
"utf-8")
self.noobaa_user = base64.b64decode(
creds_secret_obj.get("data").get("email")).decode("utf-8")
self.noobaa_password = base64.b64decode(
creds_secret_obj.get("data").get("password")).decode("utf-8")
self.noobaa_token = self.retrieve_nb_token()
self.s3_resource = boto3.resource(
"s3",
verify=retrieve_verification_mode(),
endpoint_url=self.s3_endpoint,
aws_access_key_id=self.access_key_id,
aws_secret_access_key=self.access_key,
)
self.s3_client = self.s3_resource.meta.client
if config.ENV_DATA["platform"].lower() == "aws" and kwargs.get(
"create_aws_creds"):
(
self.cred_req_obj,
self.aws_access_key_id,
self.aws_access_key,
) = self.request_aws_credentials()
self.aws_s3_resource = boto3.resource(
"s3",
endpoint_url="https://s3.amazonaws.com",
aws_access_key_id=self.aws_access_key_id,
aws_secret_access_key=self.aws_access_key,
)
if (config.ENV_DATA["platform"].lower() in constants.CLOUD_PLATFORMS
or storagecluster_independent_check()):
if not config.ENV_DATA["platform"] == constants.AZURE_PLATFORM and (
float(config.ENV_DATA["ocs_version"]) > 4.5):
logger.info("Checking whether RGW pod is not present")
pods = pod.get_pods_having_label(label=constants.RGW_APP_LABEL,
namespace=self.namespace)
assert (
not pods
), "RGW pods should not exist in the current platform/cluster"
elif config.ENV_DATA.get("platform") in constants.ON_PREM_PLATFORMS:
rgw_count = get_rgw_count(config.ENV_DATA["ocs_version"],
check_if_cluster_was_upgraded(), None)
logger.info(
f'Checking for RGW pod/s on {config.ENV_DATA.get("platform")} platform'
)
rgw_pod = OCP(kind=constants.POD, namespace=self.namespace)
assert rgw_pod.wait_for_resource(
condition=constants.STATUS_RUNNING,
selector=constants.RGW_APP_LABEL,
resource_count=rgw_count,
timeout=60,
)
def test_rgw_kafka_notifications(self, bucket_factory):
"""
Test to verify rgw kafka notifications
"""
# Get sc
sc = default_storage_class(interface_type=constants.CEPHBLOCKPOOL)
# Deploy amq cluster
self.amq.setup_amq_cluster(sc.name)
# Create topic
self.kafka_topic = self.amq.create_kafka_topic()
# Create Kafkadrop pod
(
self.kafkadrop_pod,
self.kafkadrop_pod,
self.kafkadrop_route,
) = self.amq.create_kafkadrop()
# Get the kafkadrop route
kafkadrop_host = self.kafkadrop_route.get().get("spec").get("host")
# Create bucket
bucketname = bucket_factory(amount=1, interface="RGW-OC")[0].name
# Get RGW credentials
rgw_obj = RGW()
rgw_endpoint, access_key, secret_key = rgw_obj.get_credentials()
# Clone notify repo
notify_path = clone_notify()
# Initialise to put objects
data = "A random string data to write on created rgw bucket"
obc_obj = OBC(bucketname)
s3_resource = boto3.resource(
"s3",
verify=retrieve_verification_mode(),
endpoint_url=rgw_endpoint,
aws_access_key_id=obc_obj.access_key_id,
aws_secret_access_key=obc_obj.access_key,
)
s3_client = s3_resource.meta.client
# Initialize notify command to run
notify_cmd = (
f"python {notify_path} -e {rgw_endpoint} -a {obc_obj.access_key_id} "
f"-s {obc_obj.access_key} -b {bucketname} -ke {constants.KAFKA_ENDPOINT} -t {self.kafka_topic.name}"
)
log.info(f"Running cmd {notify_cmd}")
# Put objects to bucket
assert s3_client.put_object(Bucket=bucketname, Key="key-1",
Body=data), "Failed: Put object: key-1"
exec_cmd(notify_cmd)
# Validate rgw logs notification are sent
# No errors are seen
pattern = "ERROR: failed to create push endpoint"
rgw_pod_obj = get_rgw_pods()
rgw_log = get_pod_logs(pod_name=rgw_pod_obj[0].name, container="rgw")
assert re.search(pattern=pattern, string=rgw_log) is None, (
f"Error: {pattern} msg found in the rgw logs."
f"Validate {pattern} found on rgw logs and also "
f"rgw bucket notification is working correctly")
assert s3_client.put_object(Bucket=bucketname, Key="key-2",
Body=data), "Failed: Put object: key-2"
exec_cmd(notify_cmd)
# Validate message are received Kafka side using curl command
# A temporary way to check from Kafka side, need to check from UI
curl_command = (
f"curl -X GET {kafkadrop_host}/topic/{self.kafka_topic.name} "
"-H 'content-type: application/vnd.kafka.json.v2+json'")
json_output = run_cmd(cmd=curl_command)
new_string = json_output.split()
messages = new_string[new_string.index("messages</td>") + 1]
if messages.find("1") == -1:
raise Exception(
"Error: Messages are not recieved from Kafka side."
"RGW bucket notification is not working as expected.")
# Validate the timestamp events
ocs_version = config.ENV_DATA["ocs_version"]
if Version.coerce(ocs_version) >= Version.coerce("4.8"):
cmd = (
f"bin/kafka-console-consumer.sh --bootstrap-server {constants.KAFKA_ENDPOINT} "
f"--topic {self.kafka_topic.name} --from-beginning --timeout-ms 20000"
)
pod_list = get_pod_name_by_pattern(
pattern="my-cluster-zookeeper",
namespace=constants.AMQ_NAMESPACE)
zookeeper_obj = get_pod_obj(name=pod_list[0],
namespace=constants.AMQ_NAMESPACE)
event_obj = zookeeper_obj.exec_cmd_on_pod(command=cmd)
log.info(f"Event obj: {event_obj}")
event_time = event_obj.get("Records")[0].get("eventTime")
format_string = "%Y-%m-%dT%H:%M:%S.%fZ"
try:
datetime.strptime(event_time, format_string)
except ValueError as ef:
log.error(
f"Timestamp event {event_time} doesnt match the pattern {format_string}"
)
raise ef
log.info(
f"Timestamp event {event_time} matches the pattern {format_string}"
)
def test_rgw_kafka_notifications(self, bucket_factory):
"""
Test to verify rgw kafka notifications
"""
# Get sc
sc = default_storage_class(interface_type=constants.CEPHBLOCKPOOL)
# Deploy amq cluster
self.amq.setup_amq_cluster(sc.name)
# Create topic
self.kafka_topic = self.amq.create_kafka_topic()
# Create Kafkadrop pod
(
self.kafkadrop_pod,
self.kafkadrop_pod,
self.kafkadrop_route,
) = self.amq.create_kafkadrop()
# Get the kafkadrop route
kafkadrop_host = self.kafkadrop_route.get().get("spec").get("host")
# Create bucket
bucketname = bucket_factory(amount=1, interface="RGW-OC")[0].name
# Get RGW credentials
rgw_obj = RGW()
rgw_endpoint, access_key, secret_key = rgw_obj.get_credentials()
# Clone notify repo
notify_path = clone_notify()
# Initialise to put objects
data = "A random string data to write on created rgw bucket"
obc_obj = OBC(bucketname)
s3_resource = boto3.resource(
"s3",
verify=retrieve_verification_mode(),
endpoint_url=rgw_endpoint,
aws_access_key_id=obc_obj.access_key_id,
aws_secret_access_key=obc_obj.access_key,
)
s3_client = s3_resource.meta.client
# Initialize notify command to run
notify_cmd = (
f"python {notify_path} -e {rgw_endpoint} -a {obc_obj.access_key_id} "
f"-s {obc_obj.access_key} -b {bucketname} -ke {constants.KAFKA_ENDPOINT} -t {self.kafka_topic.name}"
)
log.info(f"Running cmd {notify_cmd}")
# Put objects to bucket
assert s3_client.put_object(Bucket=bucketname, Key="key-1",
Body=data), "Failed: Put object: key-1"
exec_cmd(notify_cmd)
# Validate rgw logs notification are sent
# No errors are seen
pattern = "ERROR: failed to create push endpoint"
rgw_pod_obj = get_rgw_pods()
rgw_log = get_pod_logs(pod_name=rgw_pod_obj[0].name, container="rgw")
assert re.search(pattern=pattern, string=rgw_log) is None, (
f"Error: {pattern} msg found in the rgw logs."
f"Validate {pattern} found on rgw logs and also "
f"rgw bucket notification is working correctly")
assert s3_client.put_object(Bucket=bucketname, Key="key-2",
Body=data), "Failed: Put object: key-2"
exec_cmd(notify_cmd)
# Validate message are received Kafka side using curl command
# A temporary way to check from Kafka side, need to check from UI
curl_command = (
f"curl -X GET {kafkadrop_host}/topic/{self.kafka_topic.name} "
"-H 'content-type: application/vnd.kafka.json.v2+json'")
json_output = run_cmd(cmd=curl_command)
new_string = json_output.split()
messages = new_string[new_string.index("messages</td>") + 1]
if messages.find("1") == -1:
raise Exception(
"Error: Messages are not recieved from Kafka side."
"RGW bucket notification is not working as expected.")
def __init__(self, obc_name):
"""
Initializer function
Args:
obc_name (str): Name of the Object Bucket Claim
"""
self.obc_name = obc_name
self.namespace = config.ENV_DATA["cluster_namespace"]
obc_resource = OCP(
namespace=self.namespace,
kind="ObjectBucketClaim",
resource_name=self.obc_name,
).get()
obn_str = (constants.OBJECTBUCKETNAME_46ANDBELOW
if version.get_semantic_ocs_version_from_config() <
version.VERSION_4_7 else
constants.OBJECTBUCKETNAME_47ANDABOVE)
self.ob_name = obc_resource.get("spec").get(obn_str)
self.bucket_name = obc_resource.get("spec").get("bucketName")
ob_obj = OCP(namespace=self.namespace,
kind="ObjectBucket",
resource_name=self.ob_name).get()
self.obc_account = ob_obj.get("spec").get("additionalState").get(
"account")
secret_obc_obj = OCP(kind="secret",
namespace=self.namespace,
resource_name=self.obc_name).get()
obc_configmap = OCP(namespace=self.namespace,
kind="ConfigMap",
resource_name=self.obc_name).get()
obc_configmap_data = obc_configmap.get("data")
obc_provisioner = (obc_resource.get("metadata").get("labels").get(
"bucket-provisioner"))
self.region = obc_configmap_data.get("BUCKET_REGION")
self.access_key_id = base64.b64decode(
secret_obc_obj.get("data").get("AWS_ACCESS_KEY_ID")).decode(
"utf-8")
self.access_key = base64.b64decode(
secret_obc_obj.get("data").get("AWS_SECRET_ACCESS_KEY")).decode(
"utf-8")
if "noobaa" in obc_provisioner:
get_noobaa = OCP(kind="noobaa", namespace=self.namespace).get()
self.s3_internal_endpoint = (
get_noobaa.get("items")[0].get("status").get("services").get(
"serviceS3").get("internalDNS")[0])
self.s3_external_endpoint = (
get_noobaa.get("items")[0].get("status").get("services").get(
"serviceS3").get("externalDNS")[0])
self.s3_resource = boto3.resource(
"s3",
verify=retrieve_verification_mode(),
endpoint_url=self.s3_external_endpoint,
aws_access_key_id=self.access_key_id,
aws_secret_access_key=self.access_key,
)
self.s3_client = self.s3_resource.meta.client
elif "rook" in obc_provisioner:
scheme = ("https" if obc_configmap_data.get("BUCKET_PORT") == "443"
else "http")
host = obc_configmap_data.get("BUCKET_HOST")
port = obc_configmap_data.get("BUCKET_PORT")
self.s3_internal_endpoint = f"{scheme}://{host}:{port}"
def test_ns_bucket_unsigned_access(self, mcg_obj, bucket_factory,
namespace_store_factory):
"""
Test anonymous(unsigned) access of S3 operations are denied on Namespace bucket.
"""
sample_data = "Sample string content to write to a S3 object"
object_key = "ObjKey-" + str(uuid.uuid4().hex)
# Create the namespace bucket
nss_tup = ("oc", {"aws": [(1, self.DEFAULT_REGION)]})
ns_store = namespace_store_factory(*nss_tup)[0]
bucketclass_dict = {
"interface": "OC",
"namespace_policy_dict": {
"type": "Single",
"namespacestores": [ns_store],
},
}
ns_bucket = bucket_factory(
amount=1,
interface=bucketclass_dict["interface"],
bucketclass=bucketclass_dict,
)[0].name
# Put and Get object operations done with s3 credentials
logger.info(f"Put and Get object operations on {ns_bucket}")
assert bucket_utils.s3_put_object(
s3_obj=mcg_obj,
bucketname=ns_bucket,
object_key=object_key,
data=sample_data,
), "Failed: PutObject"
assert bucket_utils.s3_get_object(
s3_obj=mcg_obj, bucketname=ns_bucket,
object_key=object_key), "Failed: GetObject"
# Boto3 client with signing disabled
anon_s3_client = boto3.client(
"s3",
verify=retrieve_verification_mode(),
endpoint_url=mcg_obj.s3_endpoint,
config=Config(signature_version=UNSIGNED),
)
logger.info(
f"Verifying anonymous access is blocked on namespace bucket: {ns_bucket}"
)
try:
anon_s3_client.get_object(Bucket=ns_bucket, Key=object_key)
except boto3exception.ClientError as e:
response = HttpResponseParser(e.response)
assert (response.error["Code"] == "AccessDenied"
), f"Invalid error code:{response.error['Code']}"
assert (response.status_code == 403
), f"Invalid status code:{response.status_code}"
assert (response.error["Message"] == "Access Denied"
), f"Invalid error message:{response.error['Message']}"
else:
assert (
False
), "GetObject operation has been granted access, when it should have been blocked"
def __init__(self, *args, **kwargs):
"""
Constructor for the MCG class
"""
self.namespace = config.ENV_DATA["cluster_namespace"]
self.operator_pod = Pod(**get_pods_having_label(
constants.NOOBAA_OPERATOR_POD_LABEL, self.namespace)[0])
self.core_pod = Pod(**get_pods_having_label(
constants.NOOBAA_CORE_POD_LABEL, self.namespace)[0])
wait_for_resource_state(resource=self.operator_pod,
state=constants.STATUS_RUNNING,
timeout=300)
self.retrieve_noobaa_cli_binary()
"""
The certificate will be copied on each mcg_obj instantiation since
the process is so light and quick, that the time required for the redundant
copy is neglible in comparison to the time a hash comparison will take.
"""
retrieve_default_ingress_crt()
get_noobaa = OCP(kind="noobaa", namespace=self.namespace).get()
self.s3_endpoint = (get_noobaa.get("items")[0].get("status").get(
"services").get("serviceS3").get("externalDNS")[0])
self.s3_internal_endpoint = (get_noobaa.get("items")[0].get(
"status").get("services").get("serviceS3").get("internalDNS")[0])
self.mgmt_endpoint = (get_noobaa.get("items")[0].get("status").get(
"services").get("serviceMgmt").get("externalDNS")[0]) + "/rpc"
self.region = config.ENV_DATA["region"]
creds_secret_name = (get_noobaa.get("items")[0].get("status").get(
"accounts").get("admin").get("secretRef").get("name"))
secret_ocp_obj = OCP(kind="secret", namespace=self.namespace)
creds_secret_obj = secret_ocp_obj.get(creds_secret_name)
self.access_key_id = base64.b64decode(
creds_secret_obj.get("data").get("AWS_ACCESS_KEY_ID")).decode(
"utf-8")
self.access_key = base64.b64decode(
creds_secret_obj.get("data").get("AWS_SECRET_ACCESS_KEY")).decode(
"utf-8")
self.noobaa_user = base64.b64decode(
creds_secret_obj.get("data").get("email")).decode("utf-8")
self.noobaa_password = base64.b64decode(
creds_secret_obj.get("data").get("password")).decode("utf-8")
self.noobaa_token = self.retrieve_nb_token()
self.s3_resource = boto3.resource(
"s3",
verify=retrieve_verification_mode(),
endpoint_url=self.s3_endpoint,
aws_access_key_id=self.access_key_id,
aws_secret_access_key=self.access_key,
)
self.s3_client = self.s3_resource.meta.client
if config.ENV_DATA["platform"].lower() == "aws" and kwargs.get(
"create_aws_creds"):
(
self.cred_req_obj,
self.aws_access_key_id,
self.aws_access_key,
) = self.request_aws_credentials()
self.aws_s3_resource = boto3.resource(
"s3",
endpoint_url="https://s3.amazonaws.com",
aws_access_key_id=self.aws_access_key_id,
aws_secret_access_key=self.aws_access_key,
)
def __init__(self, *args, **kwargs):
"""
Constructor for the MCG class
"""
self.namespace = config.ENV_DATA['cluster_namespace']
self.operator_pod = Pod(**get_pods_having_label(
constants.NOOBAA_OPERATOR_POD_LABEL, self.namespace)[0])
self.core_pod = Pod(**get_pods_having_label(
constants.NOOBAA_CORE_POD_LABEL, self.namespace)[0])
self.retrieve_noobaa_cli_binary()
"""
The certificate will be copied on each mcg_obj instantiation since
the process is so light and quick, that the time required for the redundant
copy is neglible in comparison to the time a hash comparison will take.
"""
retrieve_default_ingress_crt()
get_noobaa = OCP(kind='noobaa', namespace=self.namespace).get()
self.s3_endpoint = (get_noobaa.get('items')[0].get('status').get(
'services').get('serviceS3').get('externalDNS')[0])
self.s3_internal_endpoint = (get_noobaa.get('items')[0].get(
'status').get('services').get('serviceS3').get('internalDNS')[0])
self.mgmt_endpoint = (get_noobaa.get('items')[0].get('status').get(
'services').get('serviceMgmt').get('externalDNS')[0]) + '/rpc'
self.region = config.ENV_DATA['region']
creds_secret_name = (get_noobaa.get('items')[0].get('status').get(
'accounts').get('admin').get('secretRef').get('name'))
secret_ocp_obj = OCP(kind='secret', namespace=self.namespace)
creds_secret_obj = secret_ocp_obj.get(creds_secret_name)
self.access_key_id = base64.b64decode(
creds_secret_obj.get('data').get('AWS_ACCESS_KEY_ID')).decode(
'utf-8')
self.access_key = base64.b64decode(
creds_secret_obj.get('data').get('AWS_SECRET_ACCESS_KEY')).decode(
'utf-8')
self.noobaa_user = base64.b64decode(
creds_secret_obj.get('data').get('email')).decode('utf-8')
self.noobaa_password = base64.b64decode(
creds_secret_obj.get('data').get('password')).decode('utf-8')
self.noobaa_token = self.send_rpc_query(
'auth_api',
'create_auth',
params={
'role': 'admin',
'system': 'noobaa',
'email': self.noobaa_user,
'password': self.noobaa_password
}).json().get('reply').get('token')
self.s3_resource = boto3.resource(
's3',
verify=retrieve_verification_mode(),
endpoint_url=self.s3_endpoint,
aws_access_key_id=self.access_key_id,
aws_secret_access_key=self.access_key)
self.s3_client = self.s3_resource.meta.client
if (config.ENV_DATA['platform'].lower() == 'aws'
and kwargs.get('create_aws_creds')):
(self.cred_req_obj, self.aws_access_key_id,
self.aws_access_key) = self.request_aws_credentials()
self.aws_s3_resource = boto3.resource(
's3',
endpoint_url="https://s3.amazonaws.com",
aws_access_key_id=self.aws_access_key_id,
aws_secret_access_key=self.aws_access_key)
if (config.ENV_DATA['platform'].lower() in constants.CLOUD_PLATFORMS
or storagecluster_independent_check()):
if not config.ENV_DATA['platform'] == constants.AZURE_PLATFORM and (
float(config.ENV_DATA['ocs_version']) > 4.5):
logger.info('Checking whether RGW pod is not present')
pods = pod.get_pods_having_label(label=constants.RGW_APP_LABEL,
namespace=self.namespace)
assert not pods, 'RGW pods should not exist in the current platform/cluster'
elif config.ENV_DATA.get(
'platform') in constants.ON_PREM_PLATFORMS or (
config.ENV_DATA.get('platform')
== constants.AZURE_PLATFORM):
rgw_count = 2 if float(
config.ENV_DATA['ocs_version']) >= 4.5 and not (
check_if_cluster_was_upgraded()) else 1
# With 4.4 OCS cluster deployed over Azure, RGW is the default backingstore
if float(config.ENV_DATA['ocs_version']
) == 4.4 and config.ENV_DATA.get(
'platform') == constants.AZURE_PLATFORM:
rgw_count = 1
if float(config.ENV_DATA['ocs_version']
) == 4.5 and config.ENV_DATA.get(
'platform') == constants.AZURE_PLATFORM and (
check_if_cluster_was_upgraded()):
rgw_count = 1
logger.info(
f'Checking for RGW pod/s on {config.ENV_DATA.get("platform")} platform'
)
rgw_pod = OCP(kind=constants.POD, namespace=self.namespace)
assert rgw_pod.wait_for_resource(
condition=constants.STATUS_RUNNING,
selector=constants.RGW_APP_LABEL,
resource_count=rgw_count,
timeout=60)
