def _get_pks_client(self, token): """Get PKS client. :return: PKS client :rtype: ApiClient """ pks_config = self._get_pks_config(token) client = ApiClient(configuration=pks_config) return client
def __init__(self, api_client=None): if api_client is None: api_client = ApiClient() self.api_client = api_client
def _validate_pks_config_data_integrity( pks_config, msg_update_callback=NullPrinter(), logger_debug=NULL_LOGGER, logger_wire=NULL_LOGGER ): all_pks_servers = \ [entry['name'] for entry in pks_config[PKS_SERVERS_SECTION_KEY]] all_pks_accounts = \ [entry['name'] for entry in pks_config[PKS_ACCOUNTS_SECTION_KEY]] # Create a cache with pks_account to Credentials mapping pks_account_info_table = {} for pks_account in pks_config[PKS_ACCOUNTS_SECTION_KEY]: pks_account_name = pks_account['pks_api_server'] credentials = Credentials( pks_account['username'], pks_account['secret'] ) pks_account_info_table[pks_account_name] = credentials # Check for duplicate pks api server names duplicate_pks_server_names = get_duplicate_items_in_list(all_pks_servers) if len(duplicate_pks_server_names) != 0: raise ValueError( f"Duplicate PKS api server(s) : {duplicate_pks_server_names} found" f" in Section : {PKS_SERVERS_SECTION_KEY}" ) # Check for duplicate pks account names duplicate_pks_account_names = get_duplicate_items_in_list(all_pks_accounts) if len(duplicate_pks_account_names) != 0: raise ValueError( f"Duplicate PKS account(s) : {duplicate_pks_account_names} found" f" in Section : {PKS_ACCOUNTS_SECTION_KEY}" ) # Check validity of all PKS api servers referenced in PKS accounts section for pks_account in pks_config[PKS_ACCOUNTS_SECTION_KEY]: pks_server_name = pks_account.get('pks_api_server') if pks_server_name not in all_pks_servers: raise ValueError( f"Unknown PKS api server : {pks_server_name} referenced by " f"PKS account : {pks_account.get('name')} in Section : " f"{PKS_ACCOUNTS_SECTION_KEY}" ) # Check validity of all PKS accounts referenced in Orgs section if PKS_ORGS_SECTION_KEY in pks_config.keys(): for org in pks_config[PKS_ORGS_SECTION_KEY]: referenced_accounts = org.get('pks_accounts') if not referenced_accounts: continue for account in referenced_accounts: if account not in all_pks_accounts: raise ValueError( f"Unknown PKS account : {account} " f"referenced by Org : {org.get('name')} " f"in Section : {PKS_ORGS_SECTION_KEY}" ) # Check validity of all PKS api servers referenced in PVDC section for pvdc in pks_config[PKS_PVDCS_SECTION_KEY]: pks_server_name = pvdc.get('pks_api_server') if pks_server_name not in all_pks_servers: raise ValueError( f"Unknown PKS api server : {pks_server_name} " f"referenced by PVDC : {pvdc.get('name')} in " f"Section : {PKS_PVDCS_SECTION_KEY}" ) # Check validity of all PKS api servers referenced in the pks_api_servers # section for pks_server in pks_config[PKS_SERVERS_SECTION_KEY]: pks_account = pks_account_info_table.get(pks_server.get('name')) pks_configuration = Configuration() pks_configuration.proxy = f"http://{pks_server['proxy']}:80" \ if pks_server.get('proxy') else None pks_configuration.host = \ f"https://{pks_server['host']}:{pks_server['port']}/" \ f"{VERSION_V1}" pks_configuration.access_token = None pks_configuration.username = pks_account.username pks_configuration.verify_ssl = pks_server['verify'] pks_configuration.secret = pks_account.secret pks_configuration.uaac_uri = \ f"https://{pks_server['host']}:{pks_server['uaac_port']}" uaa_client = UaaClient( pks_configuration.uaac_uri, pks_configuration.username, pks_configuration.secret, proxy_uri=pks_configuration.proxy ) token = uaa_client.getToken() if not token: raise ValueError( "Unable to connect to PKS server : " f"{pks_server.get('name')} ({pks_server.get('host')})" ) pks_configuration.token = token client = ApiClient(configuration=pks_configuration) if client: msg_update_callback.general( "Connected to PKS server (" f"{pks_server.get('name')} : {pks_server.get('host')})" ) # Check validity of all PKS api servers referenced in NSX-T section for nsxt_server in pks_config[PKS_NSXT_SERVERS_SECTION_KEY]: pks_server_name = nsxt_server.get('pks_api_server') if pks_server_name not in all_pks_servers: raise ValueError( f"Unknown PKS api server : {pks_server_name} referenced by " f"NSX-T server : {nsxt_server.get('name')} in Section : " f"{PKS_NSXT_SERVERS_SECTION_KEY}" ) # Create a NSX-T client and verify connection # server nsxt_client = NSXTClient( host=nsxt_server.get('host'), username=nsxt_server.get('username'), password=nsxt_server.get('password'), logger_debug=logger_debug, logger_wire=logger_wire, http_proxy=nsxt_server.get('proxy'), https_proxy=nsxt_server.get('proxy'), verify_ssl=nsxt_server.get('verify') ) if not nsxt_client.test_connectivity(): raise ValueError( "Unable to connect to NSX-T server : " f"{nsxt_server.get('name')} ({nsxt_server.get('host')})" ) msg_update_callback.general( f"Connected to NSX-T server ({nsxt_server.get('host')})" ) ipset_manager = IPSetManager(nsxt_client) if nsxt_server.get('nodes_ip_block_ids'): block_not_found = False ip_block_id = '' try: for ip_block_id in nsxt_server.get('nodes_ip_block_ids'): if not ipset_manager.get_ip_block_by_id(ip_block_id): block_not_found = True except HTTPError: block_not_found = True if block_not_found: raise ValueError( f"Unknown Node IP Block : {ip_block_id} referenced by " f"NSX-T server : {nsxt_server.get('name')}.") if nsxt_server.get('pods_ip_block_ids'): block_not_found = False ip_block_id = '' try: for ip_block_id in nsxt_server.get('pods_ip_block_ids'): if not ipset_manager.get_ip_block_by_id(ip_block_id): block_not_found = True except HTTPError: block_not_found = True if block_not_found: raise ValueError( f"Unknown Pod IP Block : {ip_block_id} referenced by " f"NSX-T server : {nsxt_server.get('name')}.") dfw_manager = DFWManager(nsxt_client) fw_section_id = \ nsxt_server.get('distributed_firewall_section_anchor_id') section = dfw_manager.get_firewall_section(id=fw_section_id) if not section: raise ValueError( f"Unknown Firewall section : {fw_section_id} referenced by " f"NSX-T server : {nsxt_server.get('name')}.")