def _get_k8s_api_client(self):
cluster_uuid = self.context["tenant"]["cluster"]
cluster = self._get_cluster(cluster_uuid)
cluster_template = self._get_cluster_template(
cluster.cluster_template_id)
key_file = None
cert_file = None
ca_certs = None
if not cluster_template.tls_disabled:
dir = self.context["ca_certs_directory"]
key_file = cluster_uuid + ".key"
key_file = os.path.join(dir, key_file)
cert_file = cluster_uuid + ".crt"
cert_file = os.path.join(dir, cert_file)
ca_certs = cluster_uuid + "_ca.crt"
ca_certs = os.path.join(dir, ca_certs)
if hasattr(k8s_config, "ConfigurationObject"):
# k8sclient < 4.0.0
config = k8s_config.ConfigurationObject()
else:
config = k8s_config.Configuration()
config.host = cluster.api_address
config.ssl_ca_cert = ca_certs
config.cert_file = cert_file
config.key_file = key_file
client = api_client.ApiClient(config=config)
return core_v1_api.CoreV1Api(client)
def setUpClass(cls):
super(BaseK8sTest, cls).setUpClass()
cls.kube_api_url = cls.cs.clusters.get(cls.cluster.uuid).api_address
config = k8s_config.ConfigurationObject()
config.host = cls.kube_api_url
config.ssl_ca_cert = cls.ca_file
config.cert_file = cls.cert_file
config.key_file = cls.key_file
k8s_client = api_client.ApiClient(config=config)
cls.k8s_api = core_v1_api.CoreV1Api(k8s_client)
def setUp(self):
super(BaseK8sTest, self).setUp()
self.kube_api_url = self.cs.clusters.get(self.cluster.uuid).api_address
config = k8s_config.ConfigurationObject()
config.host = self.kube_api_url
config.ssl_ca_cert = self.ca_file
config.cert_file = self.cert_file
config.key_file = self.key_file
k8s_client = api_client.ApiClient(config=config)
self.k8s_api = core_v1_api.CoreV1Api(k8s_client)
# TODO(coreypobrien) https://bugs.launchpad.net/magnum/+bug/1551824
utils.wait_for_condition(self._is_api_ready, 5, 600)
def get_k8sClient(self, auth_plugin):
config = client.ConfigurationObject()
config.host = auth_plugin['auth_url']
if ('username' in auth_plugin) and ('password' in auth_plugin):
config.username = auth_plugin['username']
config.password = auth_plugin['password']
else:
config.api_key_prefix['authorization'] = 'Bearer'
config.api_key['authorization'] = auth_plugin['bearer_token']
if auth_plugin['ssl_ca_cert'] is not None:
config.ssl_ca_cert = auth_plugin['ssl_ca_cert']
config.verify_ssl = True
else:
config.verify_ssl = False
k8s_client = api_client.ApiClient(config=config)
return k8s_client
def __init__(self, spec, name_generator=None, atomic_inst=None):
super(Kubernetes, self).__init__(None,
name_generator=name_generator,
atomic_inst=atomic_inst)
self._spec = spec
# NOTE(andreykurilin): KubernetesClient doesn't provide any __version__
# property to identify the client version (you are welcome to fix
# this code if I'm wrong). Let's check for some backward incompatible
# changes to identify the way to communicate with it.
if hasattr(k8s_config, "ConfigurationObject"):
# Actually, it is `k8sclient < 4.0.0`, so it can be
# kubernetesclient 2.0 or even less, but it doesn't make any
# difference for us
self._k8s_client_version = 3
else:
self._k8s_client_version = 4
if self._k8s_client_version == 3:
config = k8s_config.ConfigurationObject()
else:
config = k8s_config.Configuration()
config.host = self._spec["server"]
config.ssl_ca_cert = self._spec["certificate-authority"]
if self._spec.get("api_key"):
config.api_key = {"authorization": self._spec["api_key"]}
if self._spec.get("api_key_prefix"):
config.api_key_prefix = {
"authorization": self._spec["api_key_prefix"]
}
else:
config.cert_file = self._spec["client-certificate"]
config.key_file = self._spec["client-key"]
if self._spec.get("tls_insecure", False):
config.verify_ssl = False
if self._k8s_client_version == 3:
api = api_client.ApiClient(config=config)
else:
api = api_client.ApiClient(configuration=config)
self.api = api
self.v1_client = core_v1_api.CoreV1Api(api)
def __init__(self, context, cluster):
self.ca_file = None
self.cert_file = None
self.key_file = None
if cluster.magnum_cert_ref:
(self.ca_file, self.key_file,
self.cert_file) = create_client_files(cluster, context)
config = k8s_config.ConfigurationObject()
config.host = cluster.api_address
config.ssl_ca_cert = self.ca_file.name
config.cert_file = self.cert_file.name
config.key_file = self.key_file.name
# build a connection with Kubernetes master
client = api_client.ApiClient(config=config)
super(K8sAPI, self).__init__(client)
def get_k8sClient(self, auth_plugin):
config = client.ConfigurationObject()
config.host = auth_plugin['auth_url']
if ('username' in auth_plugin) and ('password' in auth_plugin)\
and (auth_plugin['password'] is not None):
config.username = auth_plugin['username']
config.password = auth_plugin['password']
basic_token = config.get_basic_auth_token()
config.api_key['authorization'] = basic_token
if 'bearer_token' in auth_plugin:
config.api_key_prefix['authorization'] = 'Bearer'
config.api_key['authorization'] = auth_plugin['bearer_token']
ca_cert_file = auth_plugin.get('ca_cert_file')
if ca_cert_file is not None:
config.ssl_ca_cert = ca_cert_file
config.verify_ssl = True
else:
config.verify_ssl = False
k8s_client = api_client.ApiClient(config=config)
return k8s_client
def __init__(self,
k8sAPI_url=None,
username=None,
password=None,
bearer_token=None,
ca_cert=None):
print("bearer token:", bearer_token)
config = client.ConfigurationObject()
config.host = k8sAPI_url
if username and password:
config.username = username
config.password = password
else:
config.api_key_prefix['authorization'] = 'Bearer'
config.api_key['authorization'] = bearer_token
if ca_cert:
config.ssl_ca_cert = ca_cert
config.verify_ssl = True
else:
config.verify_ssl = False
self.k8s_client = api_client.ApiClient(config=config)
def test_client_config(self):
''' test kubernetes client config is set '''
config = client.ConfigurationObject()
watcher = hostess.Watcher(config=config)
self.assertEqual(watcher.v1_api.api_client.config.host,
'https://localhost')