def add_acs_resource(resource):
"""Create given ACS `{resource}`. For more information consult the DC/OS documentation:
https://docs.mesosphere.com/1.9/administration/id-and-access-mgt/permissions/user-service-perms/
"""
import json
try:
logger.info('Adding ACS resource: {}'.format(resource))
url = dcos_url_path('acs/api/v1/acls/{}'.format(resource))
auth = DCOSAcsAuth(dcos_acs_token())
req = requests.put(url,
data=json.dumps({'description': resource}),
headers={'Content-Type': 'application/json'},
auth=auth,
verify=verify_ssl())
req.raise_for_status()
assert req.status_code == 201, 'Failed create ACS resource: {}, {}'.format(
req, req.text)
except requests.HTTPError as e:
if (e.response.status_code == 409):
logger.info('ACS resource {} already exists'.format(resource))
else:
logger.error("Unexpected HTTP error: {}, {}".format(
e.response, e.response.text))
raise
except Exception:
logger.exception(
"Unexpected error while adding ACS resource {}".format(resource))
raise
def delete_marathon_path(name, marathon_name='marathon'):
"""Invokes HTTP DELETE for marathon url with name.
For example, name='v2/leader': http DELETE {dcos_url}/service/marathon/v2/leader
"""
url = get_marathon_endpoint(name, marathon_name)
auth = DCOSAcsAuth(dcos_acs_token())
return requests.delete(url, auth=auth, verify=verify_ssl())
def delete_marathon_path(name, marathon_name='marathon'):
"""Invokes HTTP DELETE for marathon url with name.
For example, name='v2/leader': http DELETE {dcos_url}/service/marathon/v2/leader
"""
url = get_marathon_endpoint(name, marathon_name)
auth = DCOSAcsAuth(dcos_acs_token())
return requests.delete(url, auth=auth, verify=verify_ssl())
def test_head_request_to_pods_endpoint():
"""Tests the pods HTTP end-point by firing a HEAD request to it."""
url = urljoin(DCOS_SERVICE_URL, get_pods_url())
auth = DCOSAcsAuth(dcos_acs_token())
result = requests.head(url, auth=auth, verify=verify_ssl())
assert result.status_code == 200
def get_resource(resource):
""":param resource: optional filename or http(s) url for the application or group resource
:type resource: str
:returns: resource
:rtype: dict
"""
if resource is None:
return None
if os.path.isfile(resource):
with util.open_file(resource) as resource_file:
return util.load_json(resource_file)
else:
try:
auth = DCOSAcsAuth(dcos_acs_token())
req = requests.get(resource, auth=auth, verify=verify_ssl())
if req.status_code == 200:
return req.json()
else:
raise Exception
except Exception:
raise DCOSException(
"Can't read from resource: {0}. Please check that it exists.".
format(resource))
def set_service_account_permissions(service_account,
resource='dcos:superuser',
action='full'):
"""Set permissions for given `{service_account}` for passed `{resource}` with
`{action}`. For more information consult the DC/OS documentation:
https://docs.mesosphere.com/1.9/administration/id-and-access-mgt/permissions/user-service-perms/
"""
try:
logger.info('Granting {} permissions to {}/users/{}'.format(
action, resource, service_account))
url = dcos_url_path('acs/api/v1/acls/{}/users/{}/{}'.format(
resource, service_account, action))
auth = DCOSAcsAuth(dcos_acs_token())
req = requests.put(url, auth=auth, verify=verify_ssl())
req.raise_for_status()
msg = 'Failed to grant permissions to the service account: {}, {}'.format(
req, req.text)
assert req.status_code == 204, msg
except requests.HTTPError as e:
if (e.response.status_code == 409):
logger.info(
'Service account {} already has {} permissions set'.format(
service_account, resource))
else:
logger.error("Unexpected HTTP error: {}".format(e.response))
raise
except Exception:
logger.exception(
"Unexpected error when setting service account permissions")
raise
def test_head_request_to_pods_endpoint():
"""Tests the pods HTTP end-point by firing a HEAD request to it."""
url = urljoin(DCOS_SERVICE_URL, get_pods_url())
auth = DCOSAcsAuth(dcos_acs_token())
result = requests.head(url, auth=auth, verify=verify_ssl())
assert result.status_code == 200
def http_get_marathon_path(name, marathon_name='marathon'):
"""Invokes HTTP GET for marathon url with name.
For example, name='ping': http GET {dcos_url}/service/marathon/ping
"""
url = get_marathon_endpoint(name, marathon_name)
headers = {'Accept': '*/*'}
auth = DCOSAcsAuth(dcos_acs_token())
return requests.get(url, headers=headers, auth=auth, verify=verify_ssl())
def http_get_marathon_path(name, marathon_name='marathon'):
"""Invokes HTTP GET for marathon url with name.
For example, name='ping': http GET {dcos_url}/service/marathon/ping
"""
url = get_marathon_endpoint(name, marathon_name)
headers = {'Accept': '*/*'}
auth = DCOSAcsAuth(dcos_acs_token())
return requests.get(url, headers=headers, auth=auth, verify=verify_ssl())
def ensure_permissions():
common.set_service_account_permissions(MOM_EE_SERVICE_ACCOUNT)
url = urljoin(dcos_url(), 'acs/api/v1/acls/dcos:superuser/users/{}'.format(MOM_EE_SERVICE_ACCOUNT))
auth = DCOSAcsAuth(dcos_acs_token())
req = requests.get(url, auth=auth, verify=verify_ssl())
expected = '/acs/api/v1/acls/dcos:superuser/users/{}/full'.format(MOM_EE_SERVICE_ACCOUNT)
assert req.json()['array'][0]['url'] == expected, "Service account permissions couldn't be set"
def test_ui_available(marathon_service_name):
"""Simply verifies that a request to the UI endpoint is successful if Marathon is launched."""
auth = DCOSAcsAuth(dcos_acs_token())
response = requests.get("{}/ui/".format(
dcos_service_url(marathon_service_name)),
auth=auth,
verify=verify_ssl())
assert response.status_code == 200, "HTTP status code is {}, but 200 was expected".format(
response.status_code)
def master_service_status_code(url):
logger.info('Querying %s', url)
auth = DCOSAcsAuth(authentication.dcos_acs_token())
response = requests.get(url=url,
timeout=5,
auth=auth,
verify=verify_ssl())
return response.status_code
def abdicate_marathon_leader(params="", marathon_name='marathon'):
"""
Abdicates current leader. Waits until the HTTP service is stopped.
params arg should include a "?" prefix.
"""
leader_endpoint = get_marathon_endpoint('/v2/leader', marathon_name)
auth = DCOSAcsAuth(dcos_acs_token())
result = requests.delete(leader_endpoint + params, auth=auth, verify=verify_ssl())
wait_until_fail(leader_endpoint)
return result
def ensure_permissions():
common.set_service_account_permissions(MOM_EE_SERVICE_ACCOUNT)
url = urljoin(
dcos_url(), 'acs/api/v1/acls/dcos:superuser/users/{}'.format(
MOM_EE_SERVICE_ACCOUNT))
auth = DCOSAcsAuth(dcos_acs_token())
req = requests.get(url, auth=auth, verify=verify_ssl())
expected = '/acs/api/v1/acls/dcos:superuser/users/{}/full'.format(
MOM_EE_SERVICE_ACCOUNT)
assert req.json()['array'][0][
'url'] == expected, "Service account permissions couldn't be set"
def abdicate_marathon_leader(params="", marathon_name='marathon'):
"""
Abdicates current leader. Waits until the HTTP service is stopped.
params arg should include a "?" prefix.
"""
leader_endpoint = get_marathon_endpoint('/v2/leader', marathon_name)
auth = DCOSAcsAuth(dcos_acs_token())
result = requests.delete(leader_endpoint + params,
auth=auth,
verify=verify_ssl())
wait_until_fail(leader_endpoint)
return result
async def sse_events():
url = dcos_url_path('service/marathon/v2/events')
headers = {'Authorization': 'token={}'.format(dcos_acs_token()),
'Accept': 'text/event-stream'}
ssl_context = get_ssl_context()
verify_ssl = ssl_context is not None
async with aiohttp.ClientSession(headers=headers) as session:
async with session.get(url, verify_ssl=verify_ssl, ssl_context=ssl_context) as response:
async def internal_generator():
client = SSEClient(response.content)
async for event in client.events():
yield json.loads(event.data)
yield internal_generator()
def test_metrics_endpoint(marathon_service_name):
service_url = dcos_service_url(marathon_service_name)
auth = DCOSAcsAuth(dcos_acs_token())
response = requests.get("{}metrics".format(service_url), auth=auth, verify=verify_ssl())
assert response.status_code == 200, "HTTP status code {} is NOT 200".format(response.status_code)
if marathon_version_less_than('1.7'):
metric_name = 'service.mesosphere.marathon.app.count'
else:
metric_name = 'marathon.apps.active.gauge'
response_json = response.json()
logger.info('Found metric gauges: '.format(response_json['gauges']))
assert response_json['gauges'][metric_name] is not None, \
"{} is absent".format(metric_name)
def test_metrics_endpoint(marathon_service_name):
service_url = dcos_service_url(marathon_service_name)
auth = DCOSAcsAuth(dcos_acs_token())
response = requests.get("{}metrics".format(service_url),
auth=auth,
verify=verify_ssl())
assert response.status_code == 200, "HTTP status code {} is NOT 200".format(
response.status_code)
if marathon_version_less_than('1.7'):
metric_name = 'service.mesosphere.marathon.app.count'
else:
metric_name = 'marathon.apps.active.gauge'
response_json = response.json()
logger.info('Found metric gauges: '.format(response_json['gauges']))
assert response_json['gauges'][metric_name] is not None, \
"{} is absent".format(metric_name)
async def sse_events():
url = dcos_url_path('service/marathon/v2/events')
headers = {
'Authorization': 'token={}'.format(dcos_acs_token()),
'Accept': 'text/event-stream'
}
ssl_context = get_ssl_context()
verify_ssl = ssl_context is not None
async with aiohttp.ClientSession(headers=headers) as session:
async with session.get(url,
verify_ssl=verify_ssl,
ssl_context=ssl_context) as response:
async def internal_generator():
client = SSEClient(response.content)
async for event in client.events():
yield json.loads(event.data)
yield internal_generator()
def add_acs_resource(resource):
"""Create given ACS `{resource}`. For more information consult the DC/OS documentation:
https://docs.mesosphere.com/1.9/administration/id-and-access-mgt/permissions/user-service-perms/
"""
import json
try:
logger.info('Adding ACS resource: {}'.format(resource))
url = dcos_url_path('acs/api/v1/acls/{}'.format(resource))
auth = DCOSAcsAuth(dcos_acs_token())
req = requests.put(url, data=json.dumps({'description': resource}),
headers={'Content-Type': 'application/json'}, auth=auth, verify=verify_ssl())
req.raise_for_status()
assert req.status_code == 201, 'Failed create ACS resource: {}, {}'.format(req, req.text)
except requests.HTTPError as e:
if (e.response.status_code == 409):
logger.info('ACS resource {} already exists'.format(resource))
else:
logger.error("Unexpected HTTP error: {}, {}".format(e.response, e.response.text))
raise
except Exception:
logger.exception("Unexpected error while adding ACS resource {}".format(resource))
raise
def get_resource(resource):
""":param resource: optional filename or http(s) url for the application or group resource
:type resource: str
:returns: resource
:rtype: dict
"""
if resource is None:
return None
if os.path.isfile(resource):
with util.open_file(resource) as resource_file:
return util.load_json(resource_file)
else:
try:
auth = DCOSAcsAuth(dcos_acs_token())
req = requests.get(resource, auth=auth, verify=verify_ssl())
if req.status_code == 200:
return req.json()
else:
raise Exception
except Exception:
raise DCOSException("Can't read from resource: {0}. Please check that it exists.".format(resource))
def set_service_account_permissions(service_account, resource='dcos:superuser', action='full'):
"""Set permissions for given `{service_account}` for passed `{resource}` with
`{action}`. For more information consult the DC/OS documentation:
https://docs.mesosphere.com/1.9/administration/id-and-access-mgt/permissions/user-service-perms/
"""
try:
logger.info('Granting {} permissions to {}/users/{}'.format(action, resource, service_account))
url = dcos_url_path('acs/api/v1/acls/{}/users/{}/{}'.format(resource, service_account, action))
auth = DCOSAcsAuth(dcos_acs_token())
req = requests.put(url, auth=auth, verify=verify_ssl())
req.raise_for_status()
msg = 'Failed to grant permissions to the service account: {}, {}'.format(req, req.text)
assert req.status_code == 204, msg
except requests.HTTPError as e:
if (e.response.status_code == 409):
logger.info('Service account {} already has {} permissions set'.format(service_account, resource))
else:
logger.error("Unexpected HTTP error: {}".format(e.response))
raise
except Exception:
logger.exception("Unexpected error when setting service account permissions")
raise
def wait_until_fail(endpoint):
auth = DCOSAcsAuth(dcos_acs_token())
response = requests.delete(endpoint, auth=auth, verify=verify_ssl())
return response.ok
def get_pod_version(pod_id, version_id):
url = urljoin(DCOS_SERVICE_URL, get_pod_versions_url(pod_id, version_id))
auth = DCOSAcsAuth(dcos_acs_token())
return requests.get(url, auth=auth, verify=verify_ssl()).json()
def test_ui_available(marathon_service_name):
"""Simply verifies that a request to the UI endpoint is successful if Marathon is launched."""
auth = DCOSAcsAuth(dcos_acs_token())
response = requests.get("{}/ui/".format(dcos_service_url(marathon_service_name)), auth=auth, verify=verify_ssl())
assert response.status_code == 200, "HTTP status code is {}, but 200 was expected".format(response.status_code)
def wait_until_fail(endpoint):
auth = DCOSAcsAuth(dcos_acs_token())
response = requests.delete(endpoint, auth=auth, verify=verify_ssl())
return response.ok
def get_pod_version(pod_id, version_id):
url = urljoin(DCOS_SERVICE_URL, get_pod_versions_url(pod_id, version_id))
auth = DCOSAcsAuth(dcos_acs_token())
return requests.get(url, auth=auth, verify=verify_ssl()).json()
