def test_user_group_with_template(request, dind_cc, user_mc):
test_user_no_template(request, dind_cc, user_mc)
crdClient = CustomObjectsApi(dind_cc.admin_mc.k8s_client)
user_attribute = crdClient.get_cluster_custom_object(
'management.cattle.io',
'v3',
'userattributes',
user_mc.user.id
)
user_attribute['GroupPrincipals']['local']['Items'] = [{
'metadata': {
'name': 'local_group://test-123'
}
}]
crdClient.replace_cluster_custom_object(
'management.cattle.io',
'v3',
'userattributes',
user_mc.user.id,
user_attribute
)
role_template = {
'clusterId': dind_cc.cluster.id,
'groupPrincipalId': 'local_group://test-123',
'roleTemplateId': 'cluster-member'
}
dind_cc.admin_mc.client.create_clusterRoleTemplateBinding(role_template)
wait_for(kubectl_available(request, dind_cc, user_mc.client))
def top_node(self, node):
custom = CustomObjectsApi(self.api_client)
data = custom.get_cluster_custom_object("metrics.k8s.io", "v1beta1",
"nodes", node)
node = data['metadata']['name']
cpu = parse_resource(data['usage']['cpu'])
memory = parse_resource(data['usage']['memory'])
return NodeMetric(node=node, cpu=cpu, memory=memory / ONE_GIBI)
def get_node_stats(self, node_name):
cust = CustomObjectsApi()
if node_name:
return cust.get_cluster_custom_object('metrics.k8s.io', 'v1beta1',
'nodes', node_name)
else:
return cust.list_cluster_custom_object('metrics.k8s.io', 'v1beta1',
'nodes')
def test_roletemplate_finalizer_cleanup(admin_mc, remove_resource):
""" This ensures that roletemplates cleanup for clusters < v2.2.8
is performed correctly"""
client = admin_mc.client
rt = client.create_roleTemplate(name="rt-" + random_str())
remove_resource(rt)
assert rt.annotations["field.cattle.io/rtUpgrade"] == "true"
# create rt without rancher api with a bad finalizer
api = CustomObjectsApi(admin_mc.k8s_client)
json = {
"apiVersion": "management.cattle.io/v3",
"kind": "RoleTemplate",
"metadata": {
"finalizers": [
"clusterscoped.controller.cattle.io/" +
"cluster-roletemplate-sync_fake", "fake-finalizer"
],
"name":
"test-" + random_str(),
}
}
rt_k8s = api.create_cluster_custom_object(
group="management.cattle.io",
version="v3",
plural="roletemplates",
body=json,
)
rt_name = rt_k8s["metadata"]["name"]
rt_k8s = client.by_id_roleTemplate(id=rt_name)
remove_resource(rt_k8s)
def check_annotation():
rt1 = client.by_id_roleTemplate(rt_k8s.id)
try:
if rt1.annotations["field.cattle.io/rtUpgrade"] == "true":
return True
else:
return False
except (AttributeError, KeyError):
return False
wait_for(check_annotation, fail_handler=lambda: "annotation was not added")
rt1 = api.get_cluster_custom_object(
group="management.cattle.io",
version="v3",
plural="roletemplates",
name=rt_k8s.id,
)
if "finalizers" in rt1["metadata"]:
assert "clusterscoped.controller.cattle.io/grb-sync_fake" \
not in rt1["metadata"]["finalizers"]
def test_globalrolebinding_finalizer_cleanup(admin_mc, remove_resource):
"""This ensures that globalrolebinding cleanup of clusters < v2.2.8
is performed correctly"""
client = admin_mc.client
grb = client.create_globalRoleBinding(globalRoleId="admin",
userId="u-" + random_str())
remove_resource(grb)
assert grb.annotations["field.cattle.io/grbUpgrade"] == "true"
# create a grb without the rancher api with a bad finalizer
api = CustomObjectsApi(admin_mc.k8s_client)
json = {
"apiVersion": "management.cattle.io/v3",
"globalRoleName": "admin",
"kind": "GlobalRoleBinding",
"metadata": {
"finalizers": ["clusterscoped.controller.cattle.io/grb-sync_fake"],
"generation": 1,
"name": "grb-" + random_str(),
},
"userName": "******" + random_str(),
}
grb_k8s = api.create_cluster_custom_object(
group="management.cattle.io",
version="v3",
plural="globalrolebindings",
body=json,
)
grb_name = grb_k8s["metadata"]["name"]
grb_k8s = client.by_id_globalRoleBinding(id=grb_name)
remove_resource(grb_k8s)
def check_annotation():
grb1 = client.by_id_globalRoleBinding(grb_k8s.id)
try:
if grb1.annotations["field.cattle.io/grbUpgrade"] == "true":
return True
else:
return False
except (AttributeError, KeyError):
return False
wait_for(check_annotation, fail_handler=lambda: "annotation was not added")
grb1 = api.get_cluster_custom_object(
group="management.cattle.io",
version="v3",
plural="globalrolebindings",
name=grb_k8s.id,
)
assert ("clusterscoped.controller.cattle.io/grb-sync_fake"
not in grb1["metadata"]["finalizers"])
def test_user_group_with_template(request, dind_cc, user_mc):
test_user_no_template(request, dind_cc, user_mc)
crdClient = CustomObjectsApi(dind_cc.admin_mc.k8s_client)
user_attribute = crdClient.get_cluster_custom_object(
'management.cattle.io', 'v3', 'userattributes', user_mc.user.id)
user_attribute['GroupPrincipals']['local']['Items'] = [{
'metadata': {
'name': 'local_group://test-123'
}
}]
crdClient.replace_cluster_custom_object('management.cattle.io', 'v3',
'userattributes', user_mc.user.id,
user_attribute)
role_template = {
'clusterId': dind_cc.cluster.id,
'groupPrincipalId': 'local_group://test-123',
'roleTemplateId': 'cluster-member'
}
dind_cc.admin_mc.client.create_clusterRoleTemplateBinding(role_template)
wait_for(kubectl_available(request, dind_cc, user_mc.client))
class ClusterImageSet(BaseResource):
"""
A CRD that represents a ClusterImageSet resource that contains the release image URI.
Upon creating a cluster deployment, the release image is fetched by the assisted-service
from the image set.
"""
_api_group = "hive.openshift.io"
_api_version = "v1"
_plural = "clusterimagesets"
def __init__(
self,
kube_api_client: ApiClient,
name: str,
namespace: str = consts.DEFAULT_NAMESPACE,
):
super().__init__(name, namespace)
self.crd_api = CustomObjectsApi(kube_api_client)
def create_from_yaml(self, yaml_data: dict) -> None:
self.crd_api.create_cluster_custom_object(
group=self._api_group,
version=self._api_version,
plural=self._plural,
body=yaml_data,
)
log.info("created cluster imageset %s: %s", self.ref, pformat(yaml_data))
def create(self, releaseImage: str):
body = {
"apiVersion": f"{self._api_group}/{self._api_version}",
"kind": "ClusterImageSet",
"metadata": self.ref.as_dict(),
"spec": {
"releaseImage": releaseImage,
},
}
self.crd_api.create_cluster_custom_object(
group=self._api_group,
version=self._api_version,
plural=self._plural,
body=body,
)
log.info("created cluster imageset %s: %s", self.ref, pformat(body))
def get(self) -> dict:
return self.crd_api.get_cluster_custom_object(
group=self._api_group,
version=self._api_version,
plural=self._plural,
name=self.ref.name,
)
def delete(self) -> None:
self.crd_api.delete_cluster_custom_object(
group=self._api_group,
version=self._api_version,
plural=self._plural,
name=self.ref.name,
)
log.info("deleted cluster imageset %s", self.ref)
class ClusterImageSet(BaseResource):
"""
A CRD that represents a ClusterImageSet resource that contains the release image URI.
Upon creating a cluster deployment, the release image is fetched by the assisted-service
from the image set.
"""
_api_group = 'hive.openshift.io'
_api_version = 'v1'
_plural = 'clusterimagesets'
def __init__(
self,
kube_api_client: ApiClient,
name: str,
namespace: str = env_variables['namespace'],
):
super().__init__(name, namespace)
self.crd_api = CustomObjectsApi(kube_api_client)
def create_from_yaml(self, yaml_data: dict) -> None:
self.crd_api.create_cluster_custom_object(
group=self._api_group,
version=self._api_version,
plural=self._plural,
body=yaml_data,
)
logger.info('created cluster imageset %s: %s', self.ref,
pformat(yaml_data))
def create(self, releaseImage: str):
body = {
'apiVersion': f'{self._api_group}/{self._api_version}',
'kind': 'ClusterImageSet',
'metadata': self.ref.as_dict(),
'spec': {
'releaseImage': releaseImage,
}
}
self.crd_api.create_cluster_custom_object(
group=self._api_group,
version=self._api_version,
plural=self._plural,
body=body,
)
logger.info('created cluster imageset %s: %s', self.ref, pformat(body))
def get(self) -> dict:
return self.crd_api.get_cluster_custom_object(
group=self._api_group,
version=self._api_version,
plural=self._plural,
name=self.ref.name,
)
def delete(self) -> None:
self.crd_api.delete_cluster_custom_object(
group=self._api_group,
version=self._api_version,
plural=self._plural,
name=self.ref.name,
)
logger.info('deleted cluster imageset %s', self.ref)
owner_uid_label = f"{babylon_domain}/owner-uid"
requester_annotation = f"{babylon_domain}/requester"
resource_claim_name_label = f"{poolboy_domain}/resource-claim-name"
resource_claim_namespace_label = f"{poolboy_domain}/resource-claim-namespace"
if os.path.exists('/run/secrets/kubernetes.io/serviceaccount'):
kubernetes.config.load_incluster_config()
else:
kubernetes.config.load_kube_config()
apps_v1_api = AppsV1Api()
core_v1_api = CoreV1Api()
custom_objects_api = CustomObjectsApi()
rbac_authorization_v1_api = RbacAuthorizationV1Api()
openshift_ingress_domain = custom_objects_api.get_cluster_custom_object(
'config.openshift.io', 'v1', 'ingresses', 'cluster')['spec']['domain']
class BookbagBuild:
def __init__(
self,
definition=None,
name=None,
namespace=None,
spec=None,
uid=None,
**_,
):
if definition:
self.name = definition['metadata']['name']
self.namespace = definition['metadata']['namespace']
