def ValidateExclusivity(cr_manifest, parent_ref, intended_membership, release_track=None): """Validate the exclusivity state of the cluster. Args: cr_manifest: the YAML manifest of the Membership CR fetched from the cluster. parent_ref: the parent collection that the cluster is to be registered to. intended_membership: the ID of the membership to be created. release_track: the release_track used in the gcloud command, or None if it is not available. Returns: the ValidateExclusivityResponse from API. Raises: apitools.base.py.HttpError: if the request returns an HTTP error. """ # TODO(b/145955278): Use release_track to select the right Exclusivity API. release_track = base.ReleaseTrack.BETA client = gkehub_api_util.GetApiClientForTrack(release_track) return client.projects_locations_memberships.ValidateExclusivity( client.MESSAGES_MODULE. GkehubProjectsLocationsMembershipsValidateExclusivityRequest( parent=parent_ref, crManifest=cr_manifest, intendedMembership=intended_membership))
def GenerateExclusivityManifest(crd_manifest, cr_manifest, membership_ref, release_track=None): """Generate the CR(D) manifests to apply to the registered cluster. Args: crd_manifest: the YAML manifest of the Membership CRD fetched from the cluster. cr_manifest: the YAML manifest of the Membership CR fetched from the cluster. membership_ref: the full resource name of the membership. release_track: the release_track used in the gcloud command, or None if it is not available. Returns: the GenerateExclusivityManifestResponse from API. Raises: apitools.base.py.HttpError: if the request returns an HTTP error. """ # TODO(b/145955278): remove static mapping after Exclusivity is promoted. release_track = base.ReleaseTrack.BETA client = gkehub_api_util.GetApiClientForTrack(release_track) return client.projects_locations_memberships.GenerateExclusivityManifest( client.MESSAGES_MODULE. GkehubProjectsLocationsMembershipsGenerateExclusivityManifestRequest( name=membership_ref, crdManifest=crd_manifest, crManifest=cr_manifest))
def ProjectForClusterUUID(uuid, projects, release_track=None): """Retrieves the project that the cluster UUID has a Membership with. Args: uuid: the UUID of the cluster. projects: sequence of project IDs to consider. release_track: the release_track used in the gcloud command, or None if it is not available. Returns: a project ID. Raises: apitools.base.py.HttpError: if any request returns an HTTP error """ client = gkehub_api_util.GetApiClientForTrack(release_track) for project in projects: if project: parent = 'projects/{}/locations/global'.format(project) membership_response = client.projects_locations_memberships.List( client.MESSAGES_MODULE. GkehubProjectsLocationsMembershipsListRequest(parent=parent)) for membership in membership_response.resources: membership_uuid = _ClusterUUIDForMembershipName( membership.name) if membership_uuid == uuid: return project return None
def UpdateMembership(name, membership, update_mask, release_track, external_id=None, issuer_url=None, oidc_jwks=None): """UpdateMembership updates membership resource in the GKE Hub API. Args: name: The full resource name of the membership to update, e.g. projects/foo/locations/global/memberships/name. membership: Membership resource that needs to be updated. update_mask: Field names of membership resource to be updated. release_track: The release_track used in the gcloud command. external_id: the unique id associated with the cluster, or None if it is not available. issuer_url: The discovery URL for the cluster's service account token issuer. oidc_jwks: The JSON Web Key Set string containing public keys for validating service account tokens. Set to None if the issuer_url is publicly-reachable. Still requires issuer_url to be set. Returns: The updated Membership resource. Raises: - apitools.base.py.HttpError: if the request returns an HTTP error - exceptions raised by waiter.WaitFor() """ client = gkehub_api_util.GetApiClientForTrack(release_track) messages = client.MESSAGES_MODULE request = messages.GkehubProjectsLocationsMembershipsPatchRequest( membership=membership, name=name, updateMask=update_mask) if release_track is not base.ReleaseTrack.GA: if issuer_url: request.membership.authority = messages.Authority( issuer=issuer_url) if release_track is base.ReleaseTrack.ALPHA: if oidc_jwks: request.membership.authority.oidcJwks = oidc_jwks.encode( 'utf-8') else: # If oidc_jwks is None, unset membership.oidc_jwks, and let the API # determine when that's an error, not the client, to avoid problems # like cl/339713504 fixed (see unsetting membership.authority, below). request.membership.authority.oidcJwks = None else: # if issuer_url is None, unset membership.authority to disable WI. request.membership.authority = None if external_id: request.membership.externalId = external_id op = client.projects_locations_memberships.Patch(request) op_resource = resources.REGISTRY.ParseRelativeName( op.name, collection='gkehub.projects.locations.operations') return waiter.WaitFor( waiter.CloudOperationPoller(client.projects_locations_memberships, client.projects_locations_operations), op_resource, 'Waiting for membership to be updated')
def CreateMembership(project, membership_id, description, gke_cluster_self_link=None, external_id=None, release_track=None, issuer_url=None, oidc_jwks=None): """Creates a Membership resource in the GKE Hub API. Args: project: the project in which to create the membership membership_id: the value to use for the membership_id description: the value to put in the description field gke_cluster_self_link: the selfLink for the cluster if it is a GKE cluster, or None if it is not external_id: the unique id associated with the cluster, or None if it is not available. release_track: the release_track used in the gcloud command, or None if it is not available. issuer_url: the discovery URL for the cluster's service account token issuer. Set to None to skip enabling Workload Identity. oidc_jwks: the JSON Web Key Set containing public keys for validating service account tokens. Set to None if the issuer_url is publicly-routable. Still requires issuer_url to be set. Returns: the created Membership resource. Raises: - apitools.base.py.HttpError: if the request returns an HTTP error - exceptions raised by waiter.WaitFor() """ client = gkehub_api_util.GetApiClientForTrack(release_track) messages = client.MESSAGES_MODULE parent_ref = ParentRef(project, 'global') request = messages.GkehubProjectsLocationsMembershipsCreateRequest( membership=messages.Membership(description=description), parent=parent_ref, membershipId=membership_id, ) if gke_cluster_self_link: endpoint = messages.MembershipEndpoint(gkeCluster=messages.GkeCluster( resourceLink=gke_cluster_self_link)) request.membership.endpoint = endpoint if external_id: request.membership.externalId = external_id if issuer_url: request.membership.authority = messages.Authority(issuer=issuer_url) if release_track is not base.ReleaseTrack.GA: if oidc_jwks: request.membership.authority.oidcJwks = oidc_jwks.encode( 'utf-8') op = client.projects_locations_memberships.Create(request) op_resource = resources.REGISTRY.ParseRelativeName( op.name, collection='gkehub.projects.locations.operations') return waiter.WaitFor( waiter.CloudOperationPoller(client.projects_locations_memberships, client.projects_locations_operations), op_resource, 'Waiting for membership to be created')
def GenerateConnectAgentManifest(membership_ref, image_pull_secret_content=None, is_upgrade=None, namespace=None, proxy=None, registry=None, version=None, release_track=None): """Generated the Connect Agent to apply to the registered cluster. Args: membership_ref: the full resource name of the membership. image_pull_secret_content: The image pull secret content to use for private registries or None if it is not available. is_upgrade: Is this is an upgrade operation, or None if it is not available. namespace: The namespace of the Connect Agent, or None if it is not available. proxy: The proxy address or None if it is not available. registry: The registry to pull the Connect Agent image if not using gcr.io/gkeconnect, or None if it is not available. version: The version of the Connect Agent to install/upgrade, or None if it is not available. release_track: the release_track used in the gcloud command, or None if it is not available. Returns: the GenerateConnectManifest from API. Raises: apitools.base.py.HttpError: if the request returns an HTTP error. """ client = gkehub_api_util.GetApiClientForTrack(release_track) messages = client.MESSAGES_MODULE request = messages.GkehubProjectsLocationsMembershipsGenerateConnectManifestRequest( name=membership_ref) # Add optional flag values. if image_pull_secret_content: request.imagePullSecretContent = image_pull_secret_content.encode( 'ascii') if is_upgrade: request.isUpgrade = is_upgrade if namespace: request.namespace = namespace if proxy: request.proxy = proxy.encode('ascii') if registry: request.registry = registry if version: request.version = version return client.projects_locations_memberships.GenerateConnectManifest( request)
def CreateMembership(project, membership_id, description, gke_cluster_self_link=None, external_id=None, release_track=None): """Creates a Membership resource in the GKE Hub API. Args: project: the project in which to create the membership membership_id: the value to use for the membership_id description: the value to put in the description field gke_cluster_self_link: the selfLink for the cluster if it is a GKE cluster, or None if it is not external_id: the unique id associated with the cluster, or None if it is not available. release_track: the release_track used in the gcloud command, or None if it is not available. Returns: the created Membership resource. Raises: - apitools.base.py.HttpError: if the request returns an HTTP error - exceptions raised by waiter.WaitFor() """ client = gkehub_api_util.GetApiClientForTrack(release_track) messages = client.MESSAGES_MODULE parent_ref = ParentRef(project, 'global') request = messages.GkehubProjectsLocationsMembershipsCreateRequest( membership=messages.Membership(description=description), parent=parent_ref, membershipId=membership_id, ) if gke_cluster_self_link: endpoint = messages.MembershipEndpoint(gkeCluster=messages.GkeCluster( resourceLink=gke_cluster_self_link)) request.membership.endpoint = endpoint if external_id: request.membership.externalId = external_id op = client.projects_locations_memberships.Create(request) op_resource = resources.REGISTRY.ParseRelativeName( op.name, collection='gkehub.projects.locations.operations') return waiter.WaitFor( waiter.CloudOperationPoller(client.projects_locations_memberships, client.projects_locations_operations), op_resource, 'Waiting for membership to be created')
def UpdateMembership(name, membership, update_mask, release_track, external_id=None, issuer_url=None): """UpdateMembership updates membership resource in the GKE Hub API. Args: name: The full resource name of the membership to update, e.g. projects/foo/locations/global/memberships/name. membership: Membership resource that needs to be updated. update_mask: Field names of membership resource to be updated. release_track: The release_track used in the gcloud command. external_id: the unique id associated with the cluster, or None if it is not available. issuer_url: The discovery URL for the cluster's service account token issuer. Returns: The updated Membership resource. Raises: - apitools.base.py.HttpError: if the request returns an HTTP error - exceptions raised by waiter.WaitFor() """ client = gkehub_api_util.GetApiClientForTrack(release_track) messages = client.MESSAGES_MODULE request = messages.GkehubProjectsLocationsMembershipsPatchRequest( membership=membership, name=name, updateMask=update_mask) if issuer_url: request.membership.authority = messages.Authority(issuer=issuer_url) if external_id: request.membership.externalId = external_id op = client.projects_locations_memberships.Patch(request) op_resource = resources.REGISTRY.ParseRelativeName( op.name, collection='gkehub.projects.locations.operations') return waiter.WaitFor( waiter.CloudOperationPoller(client.projects_locations_memberships, client.projects_locations_operations), op_resource, 'Waiting for membership to be updated')
def GetMembership(name, release_track=None): """Gets a Membership resource from the GKE Hub API. Args: name: the full resource name of the membership to get, e.g., projects/foo/locations/global/memberships/name. release_track: the release_track used in the gcloud command, or None if it is not available. Returns: a Membership resource Raises: apitools.base.py.HttpError: if the request returns an HTTP error """ client = gkehub_api_util.GetApiClientForTrack(release_track) return client.projects_locations_memberships.Get( client.MESSAGES_MODULE.GkehubProjectsLocationsMembershipsGetRequest( name=name))
def DeleteMembership(name, release_track=None): """Deletes a membership from the GKE Hub. Args: name: the full resource name of the membership to delete, e.g., projects/foo/locations/global/memberships/name. release_track: the release_track used in the gcloud command, or None if it is not available. Raises: apitools.base.py.HttpError: if the request returns an HTTP error """ client = gkehub_api_util.GetApiClientForTrack(release_track) op = client.projects_locations_memberships.Delete( client.MESSAGES_MODULE.GkehubProjectsLocationsMembershipsDeleteRequest( name=name)) op_resource = resources.REGISTRY.ParseRelativeName( op.name, collection='gkehub.projects.locations.operations') waiter.WaitFor( waiter.CloudOperationPollerNoResources( client.projects_locations_operations), op_resource, 'Waiting for membership to be deleted')