def get_params(self, context, cluster_template, cluster, **kwargs):
LOG.info("########## get_params")
extra_params = kwargs.pop('extra_params', {})
label_list = [
'minikube_version', 'kubectl_version',
'occm_container_infra_prefix', 'etcd_version'
]
for label in label_list:
label_value = cluster.labels.get(label)
if label_value:
extra_params[label] = label_value
# handover the ca_key
ca_cert = cert_manager.get_cluster_ca_certificate(cluster, context)
if six.PY3 and isinstance(ca_cert.get_private_key_passphrase(),
six.text_type):
extra_params['ca_key'] = x509.decrypt_key(
ca_cert.get_private_key(),
ca_cert.get_private_key_passphrase().encode()).decode(
).replace("\n", "\\n")
else:
extra_params['ca_key'] = x509.decrypt_key(
ca_cert.get_private_key(),
ca_cert.get_private_key_passphrase()).replace("\n", "\\n")
return super(AtomicMinikubeTemplateDefinition,
self).get_params(context,
cluster_template,
cluster,
extra_params=extra_params,
**kwargs)
def _set_cert_manager_params(self, cluster, extra_params):
cert_manager_api = cluster.labels.get('cert_manager_api')
if strutils.bool_from_string(cert_manager_api):
extra_params['cert_manager_api'] = cert_manager_api
ca_cert = cert_manager.get_cluster_ca_certificate(cluster)
if six.PY3 and isinstance(ca_cert.get_private_key_passphrase(),
six.text_type):
extra_params['ca_key'] = x509.decrypt_key(
ca_cert.get_private_key(),
ca_cert.get_private_key_passphrase().encode()).decode(
).replace("\n", "\\n")
else:
extra_params['ca_key'] = x509.decrypt_key(
ca_cert.get_private_key(),
ca_cert.get_private_key_passphrase()).replace("\n", "\\n")
def _set_cert_manager_params(self, cluster, extra_params):
cert_manager_api = cluster.labels.get('cert_manager_api')
if strutils.bool_from_string(cert_manager_api):
extra_params['cert_manager_api'] = cert_manager_api
ca_cert = cert_manager.get_cluster_ca_certificate(cluster)
if six.PY3 and isinstance(ca_cert.get_private_key_passphrase(),
six.text_type):
extra_params['ca_key'] = x509.decrypt_key(
ca_cert.get_private_key(),
ca_cert.get_private_key_passphrase().encode()
).decode().replace("\n", "\\n")
else:
extra_params['ca_key'] = x509.decrypt_key(
ca_cert.get_private_key(),
ca_cert.get_private_key_passphrase()).replace("\n", "\\n")
def get_params(self, context, cluster_template, cluster, **kwargs):
extra_params = kwargs.pop('extra_params', {})
extra_params['username'] = context.user_name
osc = self.get_osc(context)
extra_params['region_name'] = osc.cinder_region_name()
# set docker_volume_type
# use the configuration default if None provided
docker_volume_type = cluster.labels.get(
'docker_volume_type', CONF.cinder.default_docker_volume_type)
extra_params['docker_volume_type'] = docker_volume_type
extra_params['nodes_affinity_policy'] = \
CONF.cluster.nodes_affinity_policy
if cluster_template.network_driver == 'flannel':
extra_params["pods_network_cidr"] = \
cluster.labels.get('flannel_network_cidr', '10.100.0.0/16')
if cluster_template.network_driver == 'calico':
extra_params["pods_network_cidr"] = \
cluster.labels.get('calico_ipv4pool', '10.100.0.0/16')
label_list = [
'coredns_tag', 'kube_tag', 'container_infra_prefix',
'availability_zone', 'calico_tag', 'calico_kube_controllers_tag',
'calico_ipv4pool', 'calico_ipv4pool_ipip', 'etcd_tag',
'flannel_tag'
]
labels = self._get_relevant_labels(cluster, kwargs)
for label in label_list:
label_value = labels.get(label)
if label_value:
extra_params[label] = label_value
cert_manager_api = cluster.labels.get('cert_manager_api')
if strutils.bool_from_string(cert_manager_api):
extra_params['cert_manager_api'] = cert_manager_api
ca_cert = cert_manager.get_cluster_ca_certificate(cluster)
extra_params['ca_key'] = x509.decrypt_key(
ca_cert.get_private_key(),
ca_cert.get_private_key_passphrase()).replace("\n", "\\n")
plain_openstack_ca = utils.get_openstack_ca()
encoded_openstack_ca = base64.b64encode(plain_openstack_ca.encode())
extra_params['openstack_ca_coreos'] = encoded_openstack_ca.decode()
return super(CoreOSK8sTemplateDefinition,
self).get_params(context,
cluster_template,
cluster,
extra_params=extra_params,
**kwargs)
def get_params(self, context, cluster_template, cluster, **kwargs):
extra_params = kwargs.pop('extra_params', {})
extra_params['username'] = context.user_name
osc = self.get_osc(context)
extra_params['region_name'] = osc.cinder_region_name()
# set docker_volume_type
# use the configuration default if None provided
docker_volume_type = cluster.labels.get(
'docker_volume_type', CONF.cinder.default_docker_volume_type)
extra_params['docker_volume_type'] = docker_volume_type
extra_params['nodes_affinity_policy'] = \
CONF.cluster.nodes_affinity_policy
if cluster_template.network_driver == 'flannel':
extra_params["pods_network_cidr"] = \
cluster.labels.get('flannel_network_cidr', '10.100.0.0/16')
if cluster_template.network_driver == 'calico':
extra_params["pods_network_cidr"] = \
cluster.labels.get('calico_ipv4pool', '192.168.0.0/16')
label_list = ['coredns_tag',
'kube_tag', 'container_infra_prefix',
'availability_zone',
'calico_tag', 'calico_cni_tag',
'calico_kube_controllers_tag', 'calico_ipv4pool',
'etcd_tag', 'flannel_tag']
for label in label_list:
label_value = cluster.labels.get(label)
if label_value:
extra_params[label] = label_value
cert_manager_api = cluster.labels.get('cert_manager_api')
if strutils.bool_from_string(cert_manager_api):
extra_params['cert_manager_api'] = cert_manager_api
ca_cert = cert_manager.get_cluster_ca_certificate(cluster)
extra_params['ca_key'] = x509.decrypt_key(
ca_cert.get_private_key(),
ca_cert.get_private_key_passphrase()).replace("\n", "\\n")
plain_openstack_ca = utils.get_openstack_ca()
encoded_openstack_ca = base64.b64encode(plain_openstack_ca.encode())
extra_params['openstack_ca_coreos'] = encoded_openstack_ca.decode()
return super(CoreOSK8sTemplateDefinition,
self).get_params(context, cluster_template, cluster,
extra_params=extra_params,
**kwargs)
def test_decrypt_key(self, mock_load_pem_private_key, mock_default_backend,
mock_no_encryption_class):
mock_private_key = mock.MagicMock()
mock_load_pem_private_key.return_value = mock_private_key
mock_private_key.private_bytes.return_value = mock.sentinel.decrypted
actual_decrypted = operations.decrypt_key(mock.sentinel.key,
mock.sentinel.passphrase)
mock_load_pem_private_key.assert_called_once_with(
mock.sentinel.key, mock.sentinel.passphrase)
mock_private_key.private_bytes.assert_called_once_with(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=mock_no_encryption_class.return_value)
self.assertEqual(mock.sentinel.decrypted, actual_decrypted)
def test_decrypt_key(self, mock_load_pem_private_key,
mock_default_backend, mock_no_encryption_class):
mock_private_key = mock.MagicMock()
mock_load_pem_private_key.return_value = mock_private_key
mock_private_key.private_bytes.return_value = mock.sentinel.decrypted
actual_decrypted = operations.decrypt_key(mock.sentinel.key,
mock.sentinel.passphrase)
mock_load_pem_private_key.assert_called_once_with(
mock.sentinel.key, mock.sentinel.passphrase)
mock_private_key.private_bytes.assert_called_once_with(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=mock_no_encryption_class.return_value
)
self.assertEqual(mock.sentinel.decrypted, actual_decrypted)
def get_params(self, context, cluster_template, cluster, **kwargs):
extra_params = kwargs.pop('extra_params', {})
extra_params['username'] = context.user_name
osc = self.get_osc(context)
extra_params['region_name'] = osc.cinder_region_name()
# set docker_volume_type
# use the configuration default if None provided
docker_volume_type = cluster.labels.get(
'docker_volume_type', CONF.cinder.default_docker_volume_type)
extra_params['docker_volume_type'] = docker_volume_type
extra_params['nodes_affinity_policy'] = \
CONF.cluster.nodes_affinity_policy
label_list = [
'kube_tag', 'container_infra_prefix', 'availability_zone'
]
for label in label_list:
label_value = cluster.labels.get(label)
if label_value:
extra_params[label] = label_value
cert_manager_api = cluster.labels.get('cert_manager_api')
if strutils.bool_from_string(cert_manager_api):
extra_params['cert_manager_api'] = cert_manager_api
ca_cert = cert_manager.get_cluster_ca_certificate(cluster)
extra_params['ca_key'] = x509.decrypt_key(
ca_cert.get_private_key(),
ca_cert.get_private_key_passphrase()).replace("\n", "\\n")
return super(K8sFedoraTemplateDefinition,
self).get_params(context,
cluster_template,
cluster,
extra_params=extra_params,
**kwargs)
def get_params(self, context, cluster_template, cluster, **kwargs):
extra_params = kwargs.pop('extra_params', {})
extra_params['username'] = context.user_name
osc = self.get_osc(context)
extra_params['region_name'] = osc.cinder_region_name()
# set docker_volume_type
# use the configuration default if None provided
docker_volume_type = cluster.labels.get(
'docker_volume_type', CONF.cinder.default_docker_volume_type)
extra_params['docker_volume_type'] = docker_volume_type
extra_params['nodes_affinity_policy'] = \
CONF.cluster.nodes_affinity_policy
if cluster_template.network_driver == 'flannel':
extra_params["pods_network_cidr"] = \
cluster.labels.get('flannel_network_cidr', '10.100.0.0/16')
if cluster_template.network_driver == 'calico':
extra_params["pods_network_cidr"] = \
cluster.labels.get('calico_ipv4pool', '192.168.0.0/16')
# check cloud provider and cinder options. If cinder is selected,
# the cloud provider needs to be enabled.
cloud_provider_enabled = cluster.labels.get('cloud_provider_enabled',
'true').lower()
if (cluster_template.volume_driver == 'cinder'
and cloud_provider_enabled == 'false'):
raise exception.InvalidParameterValue(
_('"cinder" volume driver needs "cloud_provider_enabled" label '
'to be true or unset.'))
label_list = [
'kube_tag', 'container_infra_prefix', 'availability_zone',
'cgroup_driver', 'calico_tag', 'calico_cni_tag',
'calico_kube_controllers_tag', 'calico_ipv4pool', 'etcd_tag',
'flannel_tag', 'cloud_provider_enabled', 'cloud_provider_tag',
'prometheus_tag', 'grafana_tag', 'heat_container_agent_tag',
'keystone_auth_enabled', 'k8s_keystone_auth_tag', 'tiller_enabled',
'tiller_tag', 'tiller_namespace'
]
for label in label_list:
label_value = cluster.labels.get(label)
if label_value:
extra_params[label] = label_value
csr_keys = x509.generate_csr_and_key(u"Kubernetes Service Account")
extra_params['kube_service_account_key'] = \
csr_keys["public_key"].replace("\n", "\\n")
extra_params['kube_service_account_private_key'] = \
csr_keys["private_key"].replace("\n", "\\n")
cert_manager_api = cluster.labels.get('cert_manager_api')
if strutils.bool_from_string(cert_manager_api):
extra_params['cert_manager_api'] = cert_manager_api
ca_cert = cert_manager.get_cluster_ca_certificate(cluster)
if six.PY3 and isinstance(ca_cert.get_private_key_passphrase(),
six.text_type):
extra_params['ca_key'] = x509.decrypt_key(
ca_cert.get_private_key(),
ca_cert.get_private_key_passphrase().encode()).decode(
).replace("\n", "\\n")
else:
extra_params['ca_key'] = x509.decrypt_key(
ca_cert.get_private_key(),
ca_cert.get_private_key_passphrase()).replace("\n", "\\n")
extra_params['project_id'] = cluster.project_id
return super(K8sFedoraTemplateDefinition,
self).get_params(context,
cluster_template,
cluster,
extra_params=extra_params,
**kwargs)
def get_decrypted_private_key(self):
"""Returns the decrypted private key for the certificate."""
return operations.decrypt_key(self.get_private_key(),
self.get_private_key_passphrase())
def get_decrypted_private_key(self):
"""Returns the decrypted private key for the certificate."""
return operations.decrypt_key(self.get_private_key(),
self.get_private_key_passphrase())
