def _list_clusters(self):
"""Logic of the method is as follows.
If 'ovdc' is present in the body,
choose the right broker (by identifying the container_provider
(vcd|pks) defined for that ovdc) to do list_clusters operation.
Else
Invoke set of all (vCD/PKS)brokers in the org to do list_clusters.
Post-process the result returned by each broker.
Aggregate all the results into one.
"""
vcd_clusters_info = \
self.vcdbroker_manager.list_clusters()
pks_clusters_info = []
if is_pks_enabled():
pks_clusters_info = \
self.pksbroker_manager.list_clusters()
all_cluster_infos = vcd_clusters_info + pks_clusters_info
common_cluster_properties = \
('name', 'vdc', 'status', 'org_name', K8S_PROVIDER_KEY)
result = []
for cluster_info in all_cluster_infos:
filtered_cluster_info = {
k: cluster_info.get(k)
for k in common_cluster_properties
}
result.append(filtered_cluster_info)
return result
def cluster_list(request_data, tenant_auth_token, is_jwt_token):
"""Request handler for cluster list operation.
All (vCD/PKS) brokers in the org do 'list cluster' operation.
Post-process the result returned by pks broker.
Aggregate all the results into a list.
Optional data and default values: org_name=None, ovdc_name=None
(data validation handled in brokers)
:return: List
"""
vcd_broker = vcdbroker.VcdBroker(tenant_auth_token, is_jwt_token)
vcd_clusters_info = vcd_broker.list_clusters(request_data)
pks_clusters_info = []
if utils.is_pks_enabled():
pks_clusters_info = pks_broker_manager.list_clusters(
request_data, tenant_auth_token, is_jwt_token)
all_cluster_infos = vcd_clusters_info + pks_clusters_info
common_cluster_properties = [
'name', 'vdc', 'status', 'org_name', 'k8s_version', K8S_PROVIDER_KEY
]
result = []
for cluster_info in all_cluster_infos:
filtered_cluster_info = \
{k: cluster_info.get(k) for k in common_cluster_properties}
result.append(filtered_cluster_info)
return result
def _list_ovdcs(self, list_pks_plans):
"""Get list of ovdcs.
If client is sysadmin,
Gets all ovdcs of all organizations.
Else
Gets all ovdcs of the organization in context.
"""
client, _ = connect_vcd_user_via_token(self.tenant_auth_token)
if client.is_sysadmin():
org_resource_list = client.get_org_list()
else:
org_resource_list = list(client.get_org())
ovdc_list = []
vc_to_pks_plans_map = {}
if is_pks_enabled() and list_pks_plans:
if client.is_sysadmin():
vc_to_pks_plans_map = self._construct_vc_to_pks_map()
else:
raise UnauthorizedActionError(
'Operation Denied. Plans available only for '
'System Administrator.')
for org_resource in org_resource_list:
org = Org(client, resource=org_resource)
vdc_list = org.list_vdcs()
for vdc_sparse in vdc_list:
ctr_prov_ctx = \
OvdcManager().get_ovdc_container_provider_metadata(
ovdc_name=vdc_sparse['name'], org_name=org.get_name(),
credentials_required=False)
vdc_dict = {
'name': vdc_sparse['name'],
'org': org.get_name(),
K8S_PROVIDER_KEY: ctr_prov_ctx[K8S_PROVIDER_KEY]
}
if is_pks_enabled() and list_pks_plans:
pks_plans, pks_server = self.\
_get_pks_plans_and_server_for_vdc(client,
vdc_sparse,
org_resource,
vc_to_pks_plans_map)
vdc_dict['pks_api_server'] = pks_server
vdc_dict['available pks plans'] = pks_plans
ovdc_list.append(vdc_dict)
return ovdc_list
def _find_cluster_in_org(self, cluster_name, is_org_admin_search=False):
cluster, broker = self.vcdbroker_manager.find_cluster_in_org(
cluster_name, is_org_admin_search)
if not cluster and is_pks_enabled():
cluster, broker = self.pksbroker_manager.find_cluster_in_org(
cluster_name, is_org_admin_search)
return cluster, broker
def invoke(self, op):
"""Handle ovdc related operations.
:param CseOperation op: Operation to be performed on the ovdc.
:return result: result of the operation.
:rtype: dict
"""
result = {}
if op == CseOperation.OVDC_UPDATE:
ovdc_id = self.req_spec.get(RequestKey.OVDC_ID)
org_name = self.req_spec.get(RequestKey.ORG_NAME)
pks_plans = self.req_spec.get(RequestKey.PKS_PLAN_NAME)
pks_cluster_domain = self.req_spec.get(
RequestKey.PKS_CLUSTER_DOMAIN) # noqa: E501
container_provider = self.req_spec.get(RequestKey.K8S_PROVIDER)
ctr_prov_ctx = construct_ctr_prov_ctx_from_pks_cache(
ovdc_id=ovdc_id,
org_name=org_name,
pks_plans=pks_plans,
pks_cluster_domain=pks_cluster_domain,
container_provider=container_provider)
if container_provider == K8sProviders.PKS:
if is_pks_enabled():
create_pks_compute_profile(ctr_prov_ctx,
self.tenant_auth_token,
self.req_spec)
else:
raise CseServerError(
'CSE is not configured to work with PKS.')
task = OvdcManager().set_ovdc_container_provider_metadata(
ovdc_id=ovdc_id,
container_prov_data=ctr_prov_ctx,
container_provider=container_provider)
result = {'task_href': task.get('href')}
elif op == CseOperation.OVDC_INFO:
ovdc_id = self.req_spec.get(RequestKey.OVDC_ID)
result = OvdcManager().get_ovdc_container_provider_metadata(
ovdc_id=ovdc_id)
elif op == CseOperation.OVDC_LIST:
list_pks_plans = str_to_bool(
self.req_spec.get(RequestKey.LIST_PKS_PLANS)) # noqa: E501
result = self._list_ovdcs(list_pks_plans=list_pks_plans)
return result
def ovdc_update(request_data, tenant_auth_token):
"""Request handler for ovdc enable, disable operations.
Required data: org_name, ovdc_name, k8s_provider
Conditional data:
if k8s_provider is 'ent-pks': pks_plan_name, pks_cluster_domain
:return: Dictionary with org VDC update task href.
"""
# TODO the data flow here should be better understood.
# org_name and ovdc_name seem redundant if we already have ovdc_id
required = [
RequestKey.ORG_NAME, RequestKey.OVDC_NAME, RequestKey.K8S_PROVIDER,
RequestKey.OVDC_ID
]
validated_data = request_data
req_utils.validate_payload(validated_data, required)
k8s_provider = validated_data[RequestKey.K8S_PROVIDER]
k8s_provider_info = {K8S_PROVIDER_KEY: k8s_provider}
if k8s_provider == K8sProvider.PKS:
if not utils.is_pks_enabled():
raise CseServerError('CSE is not configured to work with PKS.')
required = [RequestKey.PKS_PLAN_NAME, RequestKey.PKS_CLUSTER_DOMAIN]
req_utils.validate_payload(validated_data, required)
k8s_provider_info = ovdc_utils.construct_k8s_metadata_from_pks_cache(
ovdc_id=validated_data[RequestKey.OVDC_ID],
org_name=validated_data[RequestKey.ORG_NAME],
pks_plans=validated_data[RequestKey.PKS_PLAN_NAME],
pks_cluster_domain=validated_data[RequestKey.PKS_CLUSTER_DOMAIN],
k8s_provider=k8s_provider)
ovdc_utils.create_pks_compute_profile(k8s_provider_info,
tenant_auth_token,
validated_data)
task = ovdc_utils.update_ovdc_k8s_provider_metadata(
ovdc_id=validated_data[RequestKey.OVDC_ID],
k8s_provider_data=k8s_provider_info,
k8s_provider=k8s_provider)
return {'task_href': task.get('href')}
def get_broker_from_k8s_metadata(k8s_metadata,
tenant_auth_token,
is_jwt_token):
"""Get broker from ovdc k8s metadata.
If PKS is not enabled, always return VcdBroker
If PKS is enabled
if no ovdc metadata exists or k8s provider is None, raise server error
else return the broker according to ovdc k8s provider
"""
if utils.is_pks_enabled():
if not k8s_metadata or k8s_metadata.get(K8S_PROVIDER_KEY) == K8sProvider.NONE: # noqa: E501
raise CseServerError("Org VDC is not enabled for Kubernetes "
"cluster deployment")
if k8s_metadata.get(K8S_PROVIDER_KEY) == K8sProvider.PKS:
return PksBroker(k8s_metadata, tenant_auth_token, is_jwt_token)
return VcdBroker(tenant_auth_token, is_jwt_token)
def _get_broker_based_on_ctr_prov_ctx(self, ctr_prov_ctx):
# If system is equipped with PKS, use the metadata on ovdc to determine
# the correct broker, otherwise fallback to vCD for cluster deployment.
# However if the system is enabled for PKS and has no metadata on odvc
# or isn't enabled for container deployment raise appropriate
# exception.
if is_pks_enabled():
if ctr_prov_ctx:
if ctr_prov_ctx.get(K8S_PROVIDER_KEY) == K8sProviders.PKS:
return PKSBroker(self.tenant_auth_token,
self.req_spec,
pks_ctx=ctr_prov_ctx)
elif ctr_prov_ctx.get(K8S_PROVIDER_KEY) == K8sProviders.NATIVE:
return VcdBroker(self.tenant_auth_token, self.req_spec)
else:
return VcdBroker(self.tenant_auth_token, self.req_spec)
raise CseServerError("Org VDC is not enabled for Kubernetes cluster "
"deployment")
def construct_ctr_prov_ctx_from_pks_cache(ovdc_id, org_name, pks_plans,
pks_cluster_domain,
container_provider):
client = None
try:
ctr_prov_context = {}
ctr_prov_context[K8S_PROVIDER_KEY] = container_provider
if container_provider == K8sProviders.PKS:
if not is_pks_enabled():
raise CseServerError('CSE is not configured to work with PKS.')
client = get_sys_admin_client()
ovdc = get_vdc(client=client, vdc_id=ovdc_id,
is_admin_operation=True)
pks_cache = get_pks_cache()
pvdc_id = get_pvdc_id(ovdc)
pvdc_info = pks_cache.get_pvdc_info(pvdc_id)
if not pvdc_info:
LOGGER.debug(f"pvdc '{pvdc_id}' is not backed "
f"by PKS-managed-vSphere resources")
raise CseServerError(f"VDC '{ovdc.get_resource().get('name')}'"
" is not eligible to provide resources"
" for PKS clusters.")
pks_account_info = pks_cache.get_pks_account_info(
org_name, pvdc_info.vc)
nsxt_info = pks_cache.get_nsxt_info(pvdc_info.vc)
pks_compute_profile_name = \
_construct_pks_compute_profile_name(ovdc_id)
ctr_prov_context = construct_pks_context(
pks_account_info=pks_account_info,
pvdc_info=pvdc_info,
nsxt_info=nsxt_info,
pks_compute_profile_name=pks_compute_profile_name,
pks_plans=pks_plans,
pks_cluster_domain=pks_cluster_domain,
credentials_required=True)
return ctr_prov_context
finally:
if client:
client.logout()
def construct_k8s_metadata_from_pks_cache(sysadmin_client: vcd_client.Client,
ovdc_id, org_name, pks_plans,
pks_cluster_domain, k8s_provider):
vcd_utils.raise_error_if_not_sysadmin(sysadmin_client)
ctr_prov_context = {
K8S_PROVIDER_KEY: k8s_provider,
}
if k8s_provider == K8sProvider.PKS:
if not utils.is_pks_enabled():
raise e.CseServerError('CSE is not configured to work with PKS.')
ovdc = vcd_utils.get_vdc(client=sysadmin_client,
vdc_id=ovdc_id,
is_admin_operation=True)
pks_cache = utils.get_pks_cache()
pvdc_id = vcd_utils.get_pvdc_id(sysadmin_client, ovdc)
pvdc_info = pks_cache.get_pvdc_info(pvdc_id)
if not pvdc_info:
LOGGER.debug(f"pvdc '{pvdc_id}' is not backed "
f"by PKS-managed-vSphere resources")
raise e.CseServerError(f"VDC '{ovdc.get_resource().get('name')}'"
" is not eligible to provide resources"
" for PKS clusters.")
pks_account_info = pks_cache.get_pks_account_info(
org_name, pvdc_info.vc)
nsxt_info = pks_cache.get_nsxt_info(pvdc_info.vc)
pks_compute_profile_name = _construct_pks_compute_profile_name(
sysadmin_client, ovdc_id)
ctr_prov_context = construct_pks_context(
pks_account_info=pks_account_info,
pvdc_info=pvdc_info,
nsxt_info=nsxt_info,
pks_compute_profile_name=pks_compute_profile_name,
pks_plans=pks_plans,
pks_cluster_domain=pks_cluster_domain,
credentials_required=True)
return ctr_prov_context
def _raise_error_if_pks_not_enabled():
if not utils.is_pks_enabled():
raise CseServerError('CSE is not configured to work with PKS.')
def ovdc_update(request_data, op_ctx: ctx.OperationContext):
"""Request handler for ovdc enable, disable operations.
Required data: org_name, ovdc_name, k8s_provider
Conditional data:
if k8s_provider is 'ent-pks': pks_plan_name, pks_cluster_domain
:return: Dictionary with org VDC update task href.
"""
# TODO the data flow here should be better understood.
# org_name and ovdc_name seem redundant if we already have ovdc_id
required = [
RequestKey.ORG_NAME, RequestKey.OVDC_NAME, RequestKey.K8S_PROVIDER,
RequestKey.OVDC_ID
]
validated_data = request_data
req_utils.validate_payload(validated_data, required)
k8s_provider = validated_data[RequestKey.K8S_PROVIDER]
k8s_provider_info = {K8S_PROVIDER_KEY: k8s_provider}
# Record the telemetry data
cse_params = copy.deepcopy(validated_data)
cse_operation = CseOperation.OVDC_DISABLE if k8s_provider == K8sProvider.NONE else CseOperation.OVDC_ENABLE # noqa: E501
record_user_action_details(cse_operation=cse_operation,
cse_params=cse_params) # noqa: E501
try:
if k8s_provider == K8sProvider.PKS:
if not utils.is_pks_enabled():
raise e.CseServerError('CSE server is not '
'configured to work with PKS.')
required = [
RequestKey.PKS_PLAN_NAME, RequestKey.PKS_CLUSTER_DOMAIN
]
req_utils.validate_payload(validated_data, required)
# Check if target ovdc is not already enabled for other non PKS k8 providers # noqa: E501
ovdc_metadata = ovdc_utils.get_ovdc_k8s_provider_metadata(
op_ctx.sysadmin_client,
ovdc_id=validated_data[RequestKey.OVDC_ID])
ovdc_k8_provider = ovdc_metadata.get(K8S_PROVIDER_KEY)
if ovdc_k8_provider != K8sProvider.NONE and \
ovdc_k8_provider != k8s_provider:
raise e.CseServerError(
"Ovdc already enabled for different K8 provider"
) # noqa: E501
k8s_provider_info = ovdc_utils.construct_k8s_metadata_from_pks_cache( # noqa: E501
op_ctx.sysadmin_client,
ovdc_id=validated_data[RequestKey.OVDC_ID],
org_name=validated_data[RequestKey.ORG_NAME],
pks_plans=validated_data[RequestKey.PKS_PLAN_NAME],
pks_cluster_domain=validated_data[
RequestKey.PKS_CLUSTER_DOMAIN], # noqa: E501
k8s_provider=k8s_provider)
ovdc_utils.create_pks_compute_profile(validated_data, op_ctx,
k8s_provider_info)
task = ovdc_utils.update_ovdc_k8s_provider_metadata(
op_ctx.sysadmin_client,
validated_data[RequestKey.OVDC_ID],
k8s_provider_data=k8s_provider_info,
k8s_provider=k8s_provider)
# Telemetry - Record successful enabling/disabling of ovdc
record_user_action(cse_operation, status=OperationStatus.SUCCESS)
return {'task_href': task.get('href')}
except Exception as err:
# Telemetry - Record failed enabling/disabling of ovdc
record_user_action(cse_operation, status=OperationStatus.FAILED)
raise err
