def maybe_assign_ownership(resource):
if resource["kind"] in _CLUSTER_SCOPED_KINDS:
# Cluster-scoped resources cannot be owned by a namespaced resource:
# https://kubernetes.io/docs/concepts/workloads/controllers/garbage-collection/#owners-and-dependents
log.info(
"Application '{:s}' does not own cluster-scoped '{:s}/{:s}'",
app_name, resource["kind"], resource["metadata"]["name"])
if included_kinds is None or resource["kind"] in included_kinds:
log.info("Application '{:s}' owns '{:s}/{:s}'", app_name,
resource["kind"], resource["metadata"]["name"])
resource = copy.deepcopy(resource)
set_app_resource_ownership(app_uid=app_uid,
app_name=app_name,
app_api_version=app_api_version,
resource=resource)
if deployer_name and deployer_uid and should_be_deployer_owned(
resource):
log.info("ServiceAccount '{:s}' owns '{:s}/{:s}'", deployer_name,
resource["kind"], resource["metadata"]["name"])
resource = copy.deepcopy(resource)
set_service_account_resource_ownership(account_uid=deployer_uid,
account_name=deployer_name,
resource=resource)
return resource
def main():
parser = ArgumentParser(description=_PROG_HELP)
parser.add_argument("--app_name",
required=True,
help="the name of the application instance")
parser.add_argument("--app_uid",
required=True,
help="the uid of the application instance")
parser.add_argument("--app_api_version",
required=True,
help="apiVersion of the Application CRD")
parser.add_argument("--manifests",
required=True,
help="the configuration for tests")
parser.add_argument("--out_manifests",
required=True,
help="the file to write non-test resources to")
parser.add_argument("--out_test_manifests",
required=True,
help="the file to write test resources to")
args = parser.parse_args()
if os.path.isfile(args.manifests):
resources = load_resources_yaml(args.manifests)
else:
resources = []
for filename in os.listdir(args.manifests):
resources += load_resources_yaml(
os.path.join(args.manifests, filename))
test_resources = []
nontest_resources = []
for resource in resources:
full_name = "{}/{}".format(resource['kind'],
deep_get(resource, 'metadata', 'name'))
if deep_get(resource, 'metadata', 'annotations',
GOOGLE_CLOUD_TEST) == 'test':
print("INFO Tester resource: {}".format(full_name))
set_app_resource_ownership(app_uid=args.app_uid,
app_name=args.app_name,
app_api_version=args.app_api_version,
resource=resource)
test_resources.append(resource)
else:
print("INFO Prod resource: {}".format(full_name))
nontest_resources.append(resource)
if nontest_resources:
with open(args.out_manifests, "w", encoding='utf-8') as outfile:
yaml.safe_dump_all(nontest_resources,
outfile,
default_flow_style=False)
if test_resources:
with open(args.out_test_manifests, "a",
encoding='utf-8') as test_outfile:
yaml.safe_dump_all(test_resources,
test_outfile,
default_flow_style=False)
def test_app_resource_ownership(self):
resource = {'metadata': {'ownerReferences': []}}
set_app_resource_ownership(APP_UID, APP_NAME, APP_API_VERSION,
resource)
self.assertListElementsEqual(resource['metadata']['ownerReferences'],
[APP_OWNER_REF])
def maybe_assign_ownership(resource):
if resource["kind"] in _CLUSTER_SCOPED_KINDS:
# Cluster-scoped resources cannot be owned by a namespaced resource:
# https://kubernetes.io/docs/concepts/workloads/controllers/garbage-collection/#owners-and-dependents
# Set the namespace as owner if provided, otherwise leave unowned.
if namespace and namespace_uid:
log.info("Namespace '{:s}' owns '{:s}/{:s}'", namespace,
resource["kind"], resource["metadata"]["name"])
set_namespace_resource_ownership(namespace_uid=namespace_uid,
namespace_name=namespace,
resource=resource)
else:
log.info(
"Application '{:s}' does not own cluster-scoped '{:s}/{:s}'",
app_name, resource["kind"], resource["metadata"]["name"])
# Deployer-owned resources should not be owned by the Application, as
# they should be deleted with the deployer service account (not the app).
if deployer_name and deployer_uid and should_be_deployer_owned(
resource):
log.info("ServiceAccount '{:s}' owns '{:s}/{:s}'", deployer_name,
resource["kind"], resource["metadata"]["name"])
resource = copy.deepcopy(resource)
set_service_account_resource_ownership(account_uid=deployer_uid,
account_name=deployer_name,
resource=resource)
elif included_kinds is None or resource["kind"] in included_kinds:
log.info("Application '{:s}' owns '{:s}/{:s}'", app_name,
resource["kind"], resource["metadata"]["name"])
resource = copy.deepcopy(resource)
set_app_resource_ownership(app_uid=app_uid,
app_name=app_name,
app_api_version=app_api_version,
resource=resource)
return resource