def test_user_group_with_template(request, dind_cc, user_mc): test_user_no_template(request, dind_cc, user_mc) crdClient = CustomObjectsApi(dind_cc.admin_mc.k8s_client) user_attribute = crdClient.get_cluster_custom_object( 'management.cattle.io', 'v3', 'userattributes', user_mc.user.id ) user_attribute['GroupPrincipals']['local']['Items'] = [{ 'metadata': { 'name': 'local_group://test-123' } }] crdClient.replace_cluster_custom_object( 'management.cattle.io', 'v3', 'userattributes', user_mc.user.id, user_attribute ) role_template = { 'clusterId': dind_cc.cluster.id, 'groupPrincipalId': 'local_group://test-123', 'roleTemplateId': 'cluster-member' } dind_cc.admin_mc.client.create_clusterRoleTemplateBinding(role_template) wait_for(kubectl_available(request, dind_cc, user_mc.client))
def top_node(self, node): custom = CustomObjectsApi(self.api_client) data = custom.get_cluster_custom_object("metrics.k8s.io", "v1beta1", "nodes", node) node = data['metadata']['name'] cpu = parse_resource(data['usage']['cpu']) memory = parse_resource(data['usage']['memory']) return NodeMetric(node=node, cpu=cpu, memory=memory / ONE_GIBI)
def get_node_stats(self, node_name): cust = CustomObjectsApi() if node_name: return cust.get_cluster_custom_object('metrics.k8s.io', 'v1beta1', 'nodes', node_name) else: return cust.list_cluster_custom_object('metrics.k8s.io', 'v1beta1', 'nodes')
def test_roletemplate_finalizer_cleanup(admin_mc, remove_resource): """ This ensures that roletemplates cleanup for clusters < v2.2.8 is performed correctly""" client = admin_mc.client rt = client.create_roleTemplate(name="rt-" + random_str()) remove_resource(rt) assert rt.annotations["field.cattle.io/rtUpgrade"] == "true" # create rt without rancher api with a bad finalizer api = CustomObjectsApi(admin_mc.k8s_client) json = { "apiVersion": "management.cattle.io/v3", "kind": "RoleTemplate", "metadata": { "finalizers": [ "clusterscoped.controller.cattle.io/" + "cluster-roletemplate-sync_fake", "fake-finalizer" ], "name": "test-" + random_str(), } } rt_k8s = api.create_cluster_custom_object( group="management.cattle.io", version="v3", plural="roletemplates", body=json, ) rt_name = rt_k8s["metadata"]["name"] rt_k8s = client.by_id_roleTemplate(id=rt_name) remove_resource(rt_k8s) def check_annotation(): rt1 = client.by_id_roleTemplate(rt_k8s.id) try: if rt1.annotations["field.cattle.io/rtUpgrade"] == "true": return True else: return False except (AttributeError, KeyError): return False wait_for(check_annotation, fail_handler=lambda: "annotation was not added") rt1 = api.get_cluster_custom_object( group="management.cattle.io", version="v3", plural="roletemplates", name=rt_k8s.id, ) if "finalizers" in rt1["metadata"]: assert "clusterscoped.controller.cattle.io/grb-sync_fake" \ not in rt1["metadata"]["finalizers"]
def test_globalrolebinding_finalizer_cleanup(admin_mc, remove_resource): """This ensures that globalrolebinding cleanup of clusters < v2.2.8 is performed correctly""" client = admin_mc.client grb = client.create_globalRoleBinding(globalRoleId="admin", userId="u-" + random_str()) remove_resource(grb) assert grb.annotations["field.cattle.io/grbUpgrade"] == "true" # create a grb without the rancher api with a bad finalizer api = CustomObjectsApi(admin_mc.k8s_client) json = { "apiVersion": "management.cattle.io/v3", "globalRoleName": "admin", "kind": "GlobalRoleBinding", "metadata": { "finalizers": ["clusterscoped.controller.cattle.io/grb-sync_fake"], "generation": 1, "name": "grb-" + random_str(), }, "userName": "******" + random_str(), } grb_k8s = api.create_cluster_custom_object( group="management.cattle.io", version="v3", plural="globalrolebindings", body=json, ) grb_name = grb_k8s["metadata"]["name"] grb_k8s = client.by_id_globalRoleBinding(id=grb_name) remove_resource(grb_k8s) def check_annotation(): grb1 = client.by_id_globalRoleBinding(grb_k8s.id) try: if grb1.annotations["field.cattle.io/grbUpgrade"] == "true": return True else: return False except (AttributeError, KeyError): return False wait_for(check_annotation, fail_handler=lambda: "annotation was not added") grb1 = api.get_cluster_custom_object( group="management.cattle.io", version="v3", plural="globalrolebindings", name=grb_k8s.id, ) assert ("clusterscoped.controller.cattle.io/grb-sync_fake" not in grb1["metadata"]["finalizers"])
def test_user_group_with_template(request, dind_cc, user_mc): test_user_no_template(request, dind_cc, user_mc) crdClient = CustomObjectsApi(dind_cc.admin_mc.k8s_client) user_attribute = crdClient.get_cluster_custom_object( 'management.cattle.io', 'v3', 'userattributes', user_mc.user.id) user_attribute['GroupPrincipals']['local']['Items'] = [{ 'metadata': { 'name': 'local_group://test-123' } }] crdClient.replace_cluster_custom_object('management.cattle.io', 'v3', 'userattributes', user_mc.user.id, user_attribute) role_template = { 'clusterId': dind_cc.cluster.id, 'groupPrincipalId': 'local_group://test-123', 'roleTemplateId': 'cluster-member' } dind_cc.admin_mc.client.create_clusterRoleTemplateBinding(role_template) wait_for(kubectl_available(request, dind_cc, user_mc.client))
class ClusterImageSet(BaseResource): """ A CRD that represents a ClusterImageSet resource that contains the release image URI. Upon creating a cluster deployment, the release image is fetched by the assisted-service from the image set. """ _api_group = "hive.openshift.io" _api_version = "v1" _plural = "clusterimagesets" def __init__( self, kube_api_client: ApiClient, name: str, namespace: str = consts.DEFAULT_NAMESPACE, ): super().__init__(name, namespace) self.crd_api = CustomObjectsApi(kube_api_client) def create_from_yaml(self, yaml_data: dict) -> None: self.crd_api.create_cluster_custom_object( group=self._api_group, version=self._api_version, plural=self._plural, body=yaml_data, ) log.info("created cluster imageset %s: %s", self.ref, pformat(yaml_data)) def create(self, releaseImage: str): body = { "apiVersion": f"{self._api_group}/{self._api_version}", "kind": "ClusterImageSet", "metadata": self.ref.as_dict(), "spec": { "releaseImage": releaseImage, }, } self.crd_api.create_cluster_custom_object( group=self._api_group, version=self._api_version, plural=self._plural, body=body, ) log.info("created cluster imageset %s: %s", self.ref, pformat(body)) def get(self) -> dict: return self.crd_api.get_cluster_custom_object( group=self._api_group, version=self._api_version, plural=self._plural, name=self.ref.name, ) def delete(self) -> None: self.crd_api.delete_cluster_custom_object( group=self._api_group, version=self._api_version, plural=self._plural, name=self.ref.name, ) log.info("deleted cluster imageset %s", self.ref)
class ClusterImageSet(BaseResource): """ A CRD that represents a ClusterImageSet resource that contains the release image URI. Upon creating a cluster deployment, the release image is fetched by the assisted-service from the image set. """ _api_group = 'hive.openshift.io' _api_version = 'v1' _plural = 'clusterimagesets' def __init__( self, kube_api_client: ApiClient, name: str, namespace: str = env_variables['namespace'], ): super().__init__(name, namespace) self.crd_api = CustomObjectsApi(kube_api_client) def create_from_yaml(self, yaml_data: dict) -> None: self.crd_api.create_cluster_custom_object( group=self._api_group, version=self._api_version, plural=self._plural, body=yaml_data, ) logger.info('created cluster imageset %s: %s', self.ref, pformat(yaml_data)) def create(self, releaseImage: str): body = { 'apiVersion': f'{self._api_group}/{self._api_version}', 'kind': 'ClusterImageSet', 'metadata': self.ref.as_dict(), 'spec': { 'releaseImage': releaseImage, } } self.crd_api.create_cluster_custom_object( group=self._api_group, version=self._api_version, plural=self._plural, body=body, ) logger.info('created cluster imageset %s: %s', self.ref, pformat(body)) def get(self) -> dict: return self.crd_api.get_cluster_custom_object( group=self._api_group, version=self._api_version, plural=self._plural, name=self.ref.name, ) def delete(self) -> None: self.crd_api.delete_cluster_custom_object( group=self._api_group, version=self._api_version, plural=self._plural, name=self.ref.name, ) logger.info('deleted cluster imageset %s', self.ref)
owner_uid_label = f"{babylon_domain}/owner-uid" requester_annotation = f"{babylon_domain}/requester" resource_claim_name_label = f"{poolboy_domain}/resource-claim-name" resource_claim_namespace_label = f"{poolboy_domain}/resource-claim-namespace" if os.path.exists('/run/secrets/kubernetes.io/serviceaccount'): kubernetes.config.load_incluster_config() else: kubernetes.config.load_kube_config() apps_v1_api = AppsV1Api() core_v1_api = CoreV1Api() custom_objects_api = CustomObjectsApi() rbac_authorization_v1_api = RbacAuthorizationV1Api() openshift_ingress_domain = custom_objects_api.get_cluster_custom_object( 'config.openshift.io', 'v1', 'ingresses', 'cluster')['spec']['domain'] class BookbagBuild: def __init__( self, definition=None, name=None, namespace=None, spec=None, uid=None, **_, ): if definition: self.name = definition['metadata']['name'] self.namespace = definition['metadata']['namespace']