Python KubernetesServiceAccount 예제들

예제 #1

 def test_special_k8s_approved(self):
     # Creating an auto_add_approved group should not change its member list.
     group = PortalGroup.objects.get(special_k8s_accounts=True)
     self.assertEqual(group.members.count(), 0)
     # Create a new user should not change the member list
     User = get_user_model()
     u = User(username="******", email="*****@*****.**")
     u.save()
     self.assertEqual(group.members.count(), 0)
     # walk through approval workflow
     url = reverse('welcome')
     request = self.factory.get(url)
     u.send_access_request(request)
     u.save()
     # Just sending an approval request should not change to member list
     self.assertEqual(group.members.count(), 0)
     # Build full-fledged request object for logged-in admin
     request = self._build_full_request_mock('admin:index')
     # Prepare K8S namespace
     ns = KubernetesNamespace(name="default")
     ns.save()
     new_svc = KubernetesServiceAccount(name="foobar", namespace=ns)
     new_svc.save()
     # Perform approval
     assert (u.approve(request, new_svc))
     u.save()
     # Should lead to addition of user to the add_approved group
     self.assertEqual(group.members.count(), 1)

예제 #2

 def test_new_svc_sync(self):
     self._call_sync()
     default_ns = KubernetesNamespace.objects.get(name="default")
     new_svc = KubernetesServiceAccount(name="foobar", namespace=default_ns)
     new_svc.save()
     self._call_sync()
     svc_names = [svc.metadata.name for svc in api.get_service_accounts()]
     self.assertIn("foobar", svc_names)

예제 #3

def test_new_svc_sync(random_namespace_name):
    run_minikube_sync()
    ns = KubernetesNamespace(name=random_namespace_name)
    ns.save()
    ns.create_in_cluster()
    new_svc = KubernetesServiceAccount(name="foobar", namespace=ns)
    new_svc.save()
    run_minikube_sync()
    svc_list = api.get_service_accounts()
    for svc in svc_list:
        if svc.metadata.name == "foobar" and svc.metadata.namespace == random_namespace_name:
            return
    assert False

예제 #4

def test_user_merge_access_approved(admin_index_request, django_user_model):
    run_minikube_sync()
    primary = django_user_model(
        username="******",
        email="*****@*****.**")
    primary.save()

    ns = KubernetesNamespace(name="default")
    ns.save()
    new_svc = KubernetesServiceAccount(name="foobar", namespace=ns)
    new_svc.save()
    secondary = django_user_model(
        username="******",
        state=User.ACCESS_APPROVED,
        email="*****@*****.**",
        comments="secondary user comment",
        service_account=new_svc)
    secondary.save()

    group1 = PortalGroup(name="testgroup1")
    group1.save()
    group2 = PortalGroup(name="testgroup2")
    group2.save()

    secondary.portal_groups.add(group1)
    secondary.portal_groups.add(group2)
    secondary.save()

    # Build full-fledged request object for logged-in admin
    # approve secondary for cluster access
    secondary.approve(admin_index_request, new_svc)

    # the merge method only accepts a queryset of users since that's what
    # the admin interface creates
    queryset_of_users = django_user_model.objects.filter(
        pk__in=[primary.id, secondary.id])

    # merge both users. shouldn't return anything
    assert(not merge_users(UserAdmin, admin_index_request, queryset_of_users))

    # the primary user has been altered but the old object is still in memory
    # we need to query for the updated user again
    primary = django_user_model.objects.get(pk=primary.id)

    # Does primary have all the values of secondary user?
    assert primary.comments == "secondary user comment"
    assert primary.portal_groups.filter(name=group1.name)
    assert primary.portal_groups.filter(name=group2.name)
    assert primary.has_access_approved

예제 #5

 def test_special_k8s_unapproved(self):
     group = PortalGroup.objects.get(special_k8s_accounts=True)
     ns = KubernetesNamespace(name="default")
     ns.save()
     new_svc = KubernetesServiceAccount(name="foobar", namespace=ns)
     new_svc.save()
     User = get_user_model()
     # create approved user
     u = User(username="******",
              email="*****@*****.**",
              state=UserState.ACCESS_APPROVED,
              service_account=new_svc)
     u.save()
     self.assertEqual(group.members.count(), 1)
     # unapprove
     u.state = UserState.ACCESS_REJECTED
     u.save()
     self.assertEqual(group.members.count(), 0)

예제 #6

def test_special_k8s_unapproved(django_user_model, random_namespace_name):
    run_minikube_sync()
    group = PortalGroup.objects.get(special_k8s_accounts=True)
    ns = KubernetesNamespace(name=random_namespace_name)
    ns.save()
    new_svc = KubernetesServiceAccount(name="foobar", namespace=ns)
    new_svc.save()
    # create approved user
    u = django_user_model(username="******",
             email="*****@*****.**",
             state=User.ACCESS_APPROVED,
             service_account=new_svc)
    u.save()
    assert group.members.count() == 1
    # unapprove
    u.state = User.ACCESS_REJECTED
    u.save()
    assert group.members.count() == 0

예제 #7

    def create_or_get(cls, k8s_ns_name):
        """
        Returns a newly created KubernetesNamespace object with the given name,
        assuming that it does not exist so far.

        When the namespace already exists, this object is returned instead.
        In any case, it is ensured that the cluster is in sync accordingly.
        """
        if cls.objects.filter(name=k8s_ns_name).exists():
            return cls.objects.get(name=k8s_ns_name)
        else:
            new_ns = cls(name=k8s_ns_name)
            if new_ns.create_in_cluster():
                # make sure that new default service account is synced
                from kubeportal.models.kubernetesserviceaccount import KubernetesServiceAccount
                KubernetesServiceAccount.create_missing_in_portal()
                return new_ns
            else:
                return None

예제 #8

    def test_user_merge_access_rejected(self):
        request = self._build_full_request_mock('admin:index')

        User = get_user_model()
        primary = User(username="******", email="*****@*****.**")
        primary.save()

        ns = KubernetesNamespace(name="default")
        ns.save()

        new_svc = KubernetesServiceAccount(name="foobar", namespace=ns)
        new_svc.save()
        # Perform approval
        assert (primary.approve(request, new_svc))
        primary.save()

        secondary = User(username="******",
                         state=UserState.ACCESS_APPROVED,
                         email="*****@*****.**",
                         comments="secondary user comment",
                         service_account=new_svc)
        secondary.save()

        # Build full-fledged request object for logged-in admin
        request = self._build_full_request_mock('admin:index')
        # reject cluster access for secondary
        secondary.reject(request)

        # the merge method only accepts a queryset of users since that's what
        # the admin interface creates
        queryset_of_users = User.objects.filter(
            pk__in=[primary.id, secondary.id])

        # merge both users. shouldn't return anything
        assert (not merge_users(UserAdmin, request, queryset_of_users))

        # the primary user has been altered but the old object is still in memory
        # we need to query for the updated user again
        primary = User.objects.get(pk=primary.id)

        assert primary.has_access_rejected

예제 #9

def sync(request=None):
    '''
    Synchronizes the local shallow copy of Kubernetes data.
    Returns True on success.
    '''
    try:
        res1 = KubernetesNamespace.create_missing_in_portal()
        res2 = KubernetesNamespace.create_missing_in_cluster()
        res3 = KubernetesServiceAccount.create_missing_in_portal()
        res4 = KubernetesServiceAccount.create_missing_in_cluster()
        if request:
            messages.info(request, "Synchronization finished.")
        logger.debug("Synchronization finished.")
        return True == res1 == res2 == res3 == res4
    except client.rest.ApiException as e:
        msg = json.loads(e.body)['message']
        logger.error(
            "API server exception during synchronization: {0}".format(msg))
        if request:
            messages.error(
                request, "Kubernetes returned an error during synchronization: {0}".format(msg))
        return False

예제 #10

def test_user_merge_access_rejected(admin_index_request, django_user_model, random_namespace_name):
    run_minikube_sync()
    primary = django_user_model(
        username="******",
        email="*****@*****.**")
    primary.save()

    ns = KubernetesNamespace(name=random_namespace_name)
    ns.save()

    new_svc = KubernetesServiceAccount(name="foobar", namespace=ns)
    new_svc.save()
    # Perform approval
    assert(primary.approve(admin_index_request, new_svc))

    secondary = django_user_model(
        username="******",
        state=User.ACCESS_APPROVED,
        email="*****@*****.**",
        comments="secondary user comment",
        service_account=new_svc)
    secondary.save()

    # reject cluster access for secondary
    secondary.reject(admin_index_request)

    # the merge method only accepts a queryset of users since that's what
    # the admin interface creates
    queryset_of_users = django_user_model.objects.filter(
        pk__in=[primary.id, secondary.id])

    # merge both users. shouldn't return anything
    assert(not merge_users(UserAdmin, admin_index_request, queryset_of_users))

    # the primary user has been altered but the old object is still in memory
    # we need to query for the updated user again
    primary = django_user_model.objects.get(pk=primary.id)

    assert primary.has_access_rejected

예제 #11

def test_special_k8s_approved(rf, admin_index_request, django_user_model, random_namespace_name):
    run_minikube_sync()
    # Creating an auto_add_approved group should not change its member list.
    group = PortalGroup.objects.get(special_k8s_accounts=True)
    assert group.members.count() == 0
    # Create a new user should not change the member list
    u = django_user_model(username="******", email="*****@*****.**")
    u.save()
    assert group.members.count() == 0
    # walk through approval workflow
    url = reverse('welcome')
    request = rf.get(url)
    u.send_access_request(request)
    # Just sending an approval request should not change to member list
    assert group.members.count() == 0
    # Prepare K8S namespace
    ns = KubernetesNamespace(name=random_namespace_name)
    ns.save()
    new_svc = KubernetesServiceAccount(name="foobar", namespace=ns)
    new_svc.save()
    # Perform approval
    assert(u.approve(admin_index_request, new_svc))
    # Should lead to addition of user to the add_approved group
    assert group.members.count() == 1

예제 #12

    def test_backend_cleanup_view(self):
        User = get_user_model()
        u = User(username="******", email="*****@*****.**")
        u.save()

        # we need an inactive user for the the filter to work
        from dateutil.parser import parse
        u.last_login = parse("2017-09-23 11:21:52.909020")
        u.save()

        ns = KubernetesNamespace(name="aaasdfadfasdfasdf", visible=True)
        ns.save()

        new_svc = KubernetesServiceAccount(name="foobar", namespace=ns)
        new_svc.save()
        new_svc.delete()

        request = self._build_full_request_mock('admin:cleanup')
        assert (request)

예제 #13

def test_backend_cleanup_view(rf, admin_user, random_namespace_name):
    run_minikube_sync()
    User = get_user_model()
    u = User(
        username="******",
        email="*****@*****.**")
    u.save()

    # we need an inactive user for the the filter to work
    u.last_login = parse("2017-09-23 11:21:52.909020 +02:00")
    u.save()

    ns = KubernetesNamespace(name=random_namespace_name)
    ns.save()

    new_svc = KubernetesServiceAccount(name="foobar", namespace=ns)
    new_svc.save()
    new_svc.delete()

    assert admin_request(rf, admin_user, 'admin:cleanup')