def test_get_unknown_policy_driver(self):
config = {"name": "n", "policy": {"type": "madeup"}}
cni_plugin = Mock(spec=CniPlugin)
cni_plugin.network_config = config
with assert_raises(SystemExit) as err:
get_policy_driver(cni_plugin)
e = err.exception
assert_equal(e.code, ERR_CODE_GENERIC)
def test_get_unknown_policy_driver(self):
config = {"name": "n", "policy": {"type": "madeup"}}
cni_plugin = Mock(spec=CniPlugin)
cni_plugin.network_config = config
with assert_raises(SystemExit) as err:
get_policy_driver(cni_plugin)
e = err.exception
assert_equal(e.code, ERR_CODE_GENERIC)
def test_missing_cert(self):
config = {"name": "n", "policy": {"type": "k8s", "k8s_client_certificate":"surely this can't exist?"}}
cni_plugin = Mock(spec=CniPlugin)
cni_plugin.network_config = config
cni_plugin.running_under_k8s = True
cni_plugin.k8s_pod_name = "podname"
cni_plugin.k8s_namespace = "namespace"
with assert_raises(SystemExit) as err:
get_policy_driver(cni_plugin)
e = err.exception
assert_equal(e.code, ERR_CODE_GENERIC)
def test_get_policy_driver_value_error(self, m_driver):
# Mock
m_driver.side_effect = ValueError
cni_plugin = Mock(spec=CniPlugin)
cni_plugin.network_config = {"name": "testnetwork"}
cni_plugin.running_under_k8s = False
# Call
with assert_raises(SystemExit) as err:
get_policy_driver(cni_plugin)
e = err.exception
assert_equal(e.code, ERR_CODE_GENERIC)
def test_get_policy_driver_value_error(self, m_driver):
# Mock
m_driver.side_effect = ValueError
cni_plugin = Mock(spec=CniPlugin)
cni_plugin.network_config = {"name": "testnetwork"}
cni_plugin.running_under_k8s = False
# Call
with assert_raises(SystemExit) as err:
get_policy_driver(cni_plugin)
e = err.exception
assert_equal(e.code, ERR_CODE_GENERIC)
def test_get_policy_driver_value_error(self, m_driver):
# Mock
m_driver.side_effect = ValueError
k8s_pod_name = None
k8s_namespace = None
config = {"name": "testnetwork"}
# Call
with assert_raises(SystemExit) as err:
get_policy_driver(k8s_pod_name, k8s_namespace, config)
e = err.exception
assert_equal(e.code, ERR_CODE_GENERIC)
def test_get_policy_driver_k8s_annotations(self):
k8s_pod_name = "podname"
k8s_namespace = "namespace"
config = {"name": "testnetwork"}
config["policy"] = {"type": "k8s-annotations"}
driver = get_policy_driver(k8s_pod_name, k8s_namespace, config)
assert_true(isinstance(driver, KubernetesAnnotationDriver))
def test_get_policy_driver_deny_inbound(self):
k8s_pod_name = "podname"
k8s_namespace = "namespace"
config = {"name": "testnetwork"}
config["policy"] = {"type": "default-deny-inbound"}
driver = get_policy_driver(k8s_pod_name, k8s_namespace, config)
assert_true(isinstance(driver, DefaultDenyInboundDriver))
def test_missing_cert(self):
config = {
"name": "n",
"policy": {
"type": "k8s",
"k8s_client_certificate": "surely this can't exist?"
}
}
cni_plugin = Mock(spec=CniPlugin)
cni_plugin.network_config = config
cni_plugin.running_under_k8s = True
cni_plugin.k8s_pod_name = "podname"
cni_plugin.k8s_namespace = "namespace"
with assert_raises(SystemExit) as err:
get_policy_driver(cni_plugin)
e = err.exception
assert_equal(e.code, ERR_CODE_GENERIC)
def test_get_policy_driver_default_k8s(self):
cni_plugin = Mock(spec=CniPlugin)
cni_plugin.network_config = {"name": "testnetwork"}
cni_plugin.k8s_pod_name = "podname"
cni_plugin.k8s_namespace = "namespace"
cni_plugin.running_under_k8s = True
driver = get_policy_driver(cni_plugin)
assert_true(isinstance(driver, KubernetesNoPolicyDriver))
def test_get_policy_driver_k8s(self):
cni_plugin = Mock(spec=CniPlugin)
cni_plugin.network_config = {"name": "testnetwork", "policy":{"type": "k8s"}}
cni_plugin.k8s_pod_name = "podname"
cni_plugin.k8s_namespace = "namespace"
cni_plugin.running_under_k8s = True
driver = get_policy_driver(cni_plugin)
assert_true(isinstance(driver, KubernetesPolicyDriver))
def test_get_policy_driver_k8s_annotations(self):
cni_plugin = Mock(spec=CniPlugin)
cni_plugin.network_config = {
"name": "testnetwork",
"policy": {
"type": "k8s-annotations"
}
}
cni_plugin.k8s_pod_name = "podname"
cni_plugin.k8s_namespace = "namespace"
cni_plugin.running_under_k8s = True
driver = get_policy_driver(cni_plugin)
assert_true(isinstance(driver, KubernetesAnnotationDriver))
def __init__(self, network_config, env):
self._client = DatastoreClient()
"""
DatastoreClient for access to the Calico datastore.
"""
# Parse CNI_ARGS into dictionary so we can extract values.
cni_args = parse_cni_args(env.get(CNI_ARGS_ENV, ""))
self.k8s_pod_name = cni_args.get(K8S_POD_NAME)
"""
Name of Kubernetes pod if running under Kubernetes, else None.
"""
self.k8s_namespace = cni_args.get(K8S_POD_NAMESPACE)
"""
Name of Kubernetes namespace if running under Kubernetes, else None.
"""
self.network_config = network_config
"""
Network config as provided in the CNI network file passed in
via stdout.
"""
self.network_name = network_config["name"]
"""
Name of the network from the provided network config file.
"""
self.ipam_type = network_config["ipam"]["type"]
"""
Type of IPAM to use, e.g calico-ipam.
"""
self.hostname = network_config.get("hostname", socket.gethostname())
"""
The hostname to register endpoints under.
"""
self.container_engine = get_container_engine(self.k8s_pod_name)
"""
Chooses the correct container engine based on the given configuration.
"""
self.ipam_env = env
"""
Environment dictionary used when calling the IPAM plugin.
"""
self.command = env[CNI_COMMAND_ENV]
assert self.command in [CNI_CMD_DELETE, CNI_CMD_ADD], \
"Invalid CNI command %s" % self.command
"""
The command to execute for this plugin instance. Required.
One of:
- CNI_CMD_ADD
- CNI_CMD_DELETE
"""
self.container_id = env[CNI_CONTAINERID_ENV]
"""
The container's ID in the containerizer. Required.
"""
self.cni_netns = env[CNI_NETNS_ENV]
"""
Relative path to the network namespace of this container.
"""
self.interface = env[CNI_IFNAME_ENV]
"""
Name of the interface to create within the container.
"""
self.cni_path = env[CNI_PATH_ENV]
"""
Path in which to search for CNI plugins.
"""
self.running_under_k8s = self.k8s_namespace and self.k8s_pod_name
if self.running_under_k8s:
self.workload_id = "%s.%s" % (self.k8s_namespace,
self.k8s_pod_name)
self.orchestrator_id = "k8s"
else:
self.workload_id = self.container_id
self.orchestrator_id = "cni"
kubernetes_config = network_config.get("kubernetes", {})
self.kubeconfig_path = kubernetes_config.get("kubeconfig")
self.k8s_node_name = kubernetes_config.get("node_name",
socket.gethostname())
"""
Configure orchestrator specific settings.
workload_id: In Kubernetes, this is the pod's namespace and name.
Otherwise, this is the container ID.
orchestrator_id: Either "k8s" or "cni".
"""
# Ensure that the ipam_env CNI_ARGS contains the IgnoreUnknown=1 option
# See https://github.com/appc/cni/pull/158
# And https://github.com/appc/cni/pull/127
self.ipam_env[CNI_ARGS_ENV] = 'IgnoreUnknown=1'
if env.get(CNI_ARGS_ENV):
# Append any existing args - if they are set.
self.ipam_env[CNI_ARGS_ENV] += ";%s" % env.get(CNI_ARGS_ENV)
self.policy_driver = get_policy_driver(self)
"""
def test_get_policy_driver_default_k8s(self):
k8s_pod_name = "podname"
k8s_namespace = "namespace"
config = {"name": "testnetwork"}
driver = get_policy_driver(k8s_pod_name, k8s_namespace, config)
assert_true(isinstance(driver, KubernetesDefaultPolicyDriver))
def __init__(self, network_config, env):
self._client = DatastoreClient()
"""
DatastoreClient for access to the Calico datastore.
"""
# Parse CNI_ARGS into dictionary so we can extract values.
cni_args = parse_cni_args(env.get(CNI_ARGS_ENV, ""))
self.k8s_pod_name = cni_args.get(K8S_POD_NAME)
"""
Name of Kubernetes pod if running under Kubernetes, else None.
"""
self.k8s_namespace = cni_args.get(K8S_POD_NAMESPACE)
"""
Name of Kubernetes namespace if running under Kubernetes, else None.
"""
self.network_config = network_config
"""
Network config as provided in the CNI network file passed in
via stdout.
"""
self.network_name = network_config["name"]
"""
Name of the network from the provided network config file.
"""
self.ipam_type = network_config["ipam"]["type"]
"""
Type of IPAM to use, e.g calico-ipam.
"""
self.policy_driver = get_policy_driver(self.k8s_pod_name,
self.k8s_namespace,
self.network_config)
"""
Chooses the correct policy driver based on the given configuration
"""
self.container_engine = get_container_engine(self.k8s_pod_name)
"""
Chooses the correct container engine based on the given configuration.
"""
self.ipam_env = env
"""
Environment dictionary used when calling the IPAM plugin.
"""
self.command = env[CNI_COMMAND_ENV]
assert self.command in [CNI_CMD_DELETE, CNI_CMD_ADD], \
"Invalid CNI command %s" % self.command
"""
The command to execute for this plugin instance. Required.
One of:
- CNI_CMD_ADD
- CNI_CMD_DELETE
"""
self.container_id = env[CNI_CONTAINERID_ENV]
"""
The container's ID in the containerizer. Required.
"""
self.cni_netns = env[CNI_NETNS_ENV]
"""
Relative path to the network namespace of this container.
"""
self.interface = env[CNI_IFNAME_ENV]
"""
Name of the interface to create within the container.
"""
self.cni_path = env[CNI_PATH_ENV]
"""
def __init__(self, network_config, env):
self._client = DatastoreClient()
"""
DatastoreClient for access to the Calico datastore.
"""
# Parse CNI_ARGS into dictionary so we can extract values.
cni_args = parse_cni_args(env.get(CNI_ARGS_ENV, ""))
self.k8s_pod_name = cni_args.get(K8S_POD_NAME)
"""
Name of Kubernetes pod if running under Kubernetes, else None.
"""
self.k8s_namespace = cni_args.get(K8S_POD_NAMESPACE)
"""
Name of Kubernetes namespace if running under Kubernetes, else None.
"""
self.network_config = network_config
"""
Network config as provided in the CNI network file passed in
via stdout.
"""
self.network_name = network_config["name"]
"""
Name of the network from the provided network config file.
"""
self.ipam_type = network_config["ipam"]["type"]
"""
Type of IPAM to use, e.g calico-ipam.
"""
self.hostname = network_config.get("hostname", socket.gethostname())
"""
The hostname to register endpoints under.
"""
self.container_engine = get_container_engine(self.k8s_pod_name)
"""
Chooses the correct container engine based on the given configuration.
"""
self.ipam_env = env
"""
Environment dictionary used when calling the IPAM plugin.
"""
self.command = env[CNI_COMMAND_ENV]
assert self.command in [CNI_CMD_DELETE, CNI_CMD_ADD], \
"Invalid CNI command %s" % self.command
"""
The command to execute for this plugin instance. Required.
One of:
- CNI_CMD_ADD
- CNI_CMD_DELETE
"""
self.container_id = env[CNI_CONTAINERID_ENV]
"""
The container's ID in the containerizer. Required.
"""
self.cni_netns = env[CNI_NETNS_ENV]
"""
Relative path to the network namespace of this container.
"""
self.interface = env[CNI_IFNAME_ENV]
"""
Name of the interface to create within the container.
"""
self.cni_path = env[CNI_PATH_ENV]
"""
Path in which to search for CNI plugins.
"""
self.running_under_k8s = self.k8s_namespace and self.k8s_pod_name
if self.running_under_k8s:
self.workload_id = "%s.%s" % (self.k8s_namespace, self.k8s_pod_name)
self.orchestrator_id = "k8s"
else:
self.workload_id = self.container_id
self.orchestrator_id = "cni"
kubernetes_config = network_config.get("kubernetes", {})
self.kubeconfig_path = kubernetes_config.get("kubeconfig")
self.k8s_node_name = kubernetes_config.get("node_name", socket.gethostname())
"""
Configure orchestrator specific settings.
workload_id: In Kubernetes, this is the pod's namespace and name.
Otherwise, this is the container ID.
orchestrator_id: Either "k8s" or "cni".
"""
# Ensure that the ipam_env CNI_ARGS contains the IgnoreUnknown=1 option
# See https://github.com/appc/cni/pull/158
# And https://github.com/appc/cni/pull/127
self.ipam_env[CNI_ARGS_ENV] = 'IgnoreUnknown=1'
if env.get(CNI_ARGS_ENV):
# Append any existing args - if they are set.
self.ipam_env[CNI_ARGS_ENV] += ";%s" % env.get(CNI_ARGS_ENV)
self.policy_driver = get_policy_driver(self)
"""
