class Deployment(object):
def __init__(self, context, deployment_name=None, namespace=None):
self.context = context
self.namespace = namespace
self.kctl = Kubectl(self.context, namespace=namespace)
self.ecr = ECR()
if deployment_name:
self.cache = [
self.kctl.get_object("deployment %s" % deployment_name)
]
else:
self.cache = self.kctl.get_objects(
'deployment',
selector="app=%s,layer=application" % config.project_name)
def update(self,
tag,
constraint,
git_remote,
timeout,
update_config=False,
filename=None):
if not self.ecr.project_repo_exists():
raise HokusaiError("Project repo does not exist. Aborting.")
digest = self.ecr.image_digest_for_tag(tag)
if digest is None:
raise HokusaiError(
"Could not find an image digest for tag %s. Aborting." % tag)
if self.namespace is None:
print_green("Deploying %s to %s..." % (digest, self.context),
newline_after=True)
else:
print_green("Deploying %s to %s/%s..." %
(digest, self.context, self.namespace),
newline_after=True)
"""
This logic should be refactored, but essentially if namespace and filename are provided, the caller is
a review app, while if namespace is None it is either staging or production. If filename is unset for staging
or production it is targeting the 'canonical' app, i.e. staging.yml or production.yml while if it is set it is
trageting a 'canary' app.
For the canonical app, run deploy hooks and post-depoy steps creating deployment tags
For a canary app, skip deploy hooks and post-deploy steps
For review apps, run deploy hooks but skip post-deploy steps
For all deployment rollouts, if update_config or filename targets a yml file, bust the
deployment cache using k8s field selectors and get deployments to watch the rollout from
the yml file spec
"""
# Run the pre-deploy hook for the canonical app or a review app
if config.pre_deploy and (filename is None or
(filename and self.namespace)):
print_green("Running pre-deploy hook '%s'..." % config.pre_deploy,
newline_after=True)
return_code = CommandRunner(self.context,
namespace=self.namespace).run(
tag,
config.pre_deploy,
constraint=constraint,
tty=False)
if return_code:
raise HokusaiError(
"Pre-deploy hook failed with return code %s" % return_code,
return_code=return_code)
# Patch the deployments
deployment_timestamp = datetime.datetime.utcnow().strftime("%s%f")
if filename is None:
kubernetes_yml = os.path.join(CWD, HOKUSAI_CONFIG_DIR,
"%s.yml" % self.context)
else:
kubernetes_yml = filename
# If a review app, a canary app or the canonical app while updating config,
# bust the deployment cache and populate deployments from the yaml file
if filename or update_config:
self.cache = []
for item in yaml.safe_load_all(open(kubernetes_yml, 'r')):
if item['kind'] == 'Deployment':
self.cache.append(item)
# If updating config, path the spec and apply
if update_config:
print_green(
"Patching Deployments in spec %s with image digest %s" %
(kubernetes_yml, digest),
newline_after=True)
payload = []
for item in yaml.safe_load_all(open(kubernetes_yml, 'r')):
if item['kind'] == 'Deployment':
item['spec']['template']['metadata']['labels'][
'deploymentTimestamp'] = deployment_timestamp
item['spec']['progressDeadlineSeconds'] = timeout
for container in item['spec']['template']['spec'][
'containers']:
if self.ecr.project_repo in container['image']:
container['image'] = "%s@%s" % (
self.ecr.project_repo, digest)
payload.append(item)
f = NamedTemporaryFile(delete=False)
f.write(YAML_HEADER)
f.write(yaml.safe_dump_all(payload, default_flow_style=False))
f.close()
print_green("Applying patched spec %s..." % f.name,
newline_after=True)
try:
shout(self.kctl.command("apply -f %s" % f.name),
print_output=True)
finally:
os.unlink(f.name)
# If not updating config, patch the deployments in the cache and call kubectl patch to update
else:
for deployment in self.cache:
containers = [(container['name'], container['image'])
for container in deployment['spec']['template']
['spec']['containers']]
deployment_targets = [{
"name":
name,
"image":
"%s@%s" % (self.ecr.project_repo, digest)
} for name, image in containers
if self.ecr.project_repo in image]
patch = {
"spec": {
"template": {
"metadata": {
"labels": {
"deploymentTimestamp": deployment_timestamp
}
},
"spec": {
"containers": deployment_targets
}
},
"progressDeadlineSeconds": timeout
}
}
print_green("Patching deployment %s..." %
deployment['metadata']['name'],
newline_after=True)
shout(
self.kctl.command(
"patch deployment %s -p '%s'" %
(deployment['metadata']['name'], json.dumps(patch))))
# Watch the rollouts in the cache and if any fail, roll back
print_green("Waiting for deployment rollouts to complete...")
rollout_commands = [
self.kctl.command("rollout status deployment/%s" %
deployment['metadata']['name'])
for deployment in self.cache
]
return_codes = shout_concurrent(rollout_commands, print_output=True)
if any(return_codes):
print_red(
"One or more deployment rollouts failed! Rolling back...",
newline_before=True,
newline_after=True)
rollback_commands = [
self.kctl.command("rollout undo deployment/%s" %
deployment['metadata']['name'])
for deployment in self.cache
]
shout_concurrent(rollback_commands, print_output=True)
raise HokusaiError("Deployment failed!")
post_deploy_success = True
# Run the post-deploy hook for the canonical app or a review app
if config.post_deploy and (filename is None or
(filename and self.namespace)):
print_green("Running post-deploy hook '%s'..." %
config.post_deploy,
newline_after=True)
return_code = CommandRunner(self.context,
namespace=self.namespace).run(
tag,
config.post_deploy,
constraint=constraint,
tty=False)
if return_code:
print_yellow(
"WARNING: Running the post-deploy hook failed with return code %s"
% return_code,
newline_before=True,
newline_after=True)
print_yellow(
"The image digest %s has been rolled out. However, you should run the post-deploy hook '%s' manually, or re-run this deployment."
% (digest, config.post_deploy),
newline_after=True)
post_deploy_success = False
# For the canonical app, create tags
if filename is None:
deployment_tag = "%s--%s" % (
self.context,
datetime.datetime.utcnow().strftime("%Y-%m-%d--%H-%M-%S"))
print_green("Updating ECR deployment tags in %s..." %
self.ecr.project_repo,
newline_after=True)
try:
self.ecr.retag(tag, self.context)
print_green("Updated ECR tag %s -> %s" % (tag, self.context))
self.ecr.retag(tag, deployment_tag)
print_green("Updated ECR tag %s -> %s" % (tag, deployment_tag),
newline_after=True)
except (ValueError, ClientError) as e:
print_yellow(
"WARNING: Updating ECR deployment tags failed due to the error: '%s'"
% str(e),
newline_before=True,
newline_after=True)
print_yellow(
"The tag %s has been rolled out. However, you should create the ECR tags '%s' and '%s' manually, or re-run this deployment."
% (tag, deployment_tag, self.context),
newline_after=True)
post_deploy_success = False
remote = git_remote or config.git_remote
if remote:
print_green("Pushing Git deployment tags to %s..." % remote,
newline_after=True)
try:
shout("git fetch %s" % remote)
shout("git tag -f %s %s" % (self.context, tag),
print_output=True)
shout("git tag -f %s %s" % (deployment_tag, tag),
print_output=True)
shout("git push -f --no-verify %s refs/tags/%s" %
(remote, self.context),
print_output=True)
print_green("Updated Git tag %s -> %s" %
(tag, self.context))
shout("git push -f --no-verify %s refs/tags/%s" %
(remote, deployment_tag),
print_output=True)
print_green("Updated Git tag %s -> %s" %
(tag, deployment_tag),
newline_after=True)
except CalledProcessError as e:
print_yellow(
"WARNING: Creating Git deployment tags failed due to the error: '%s'"
% str(e),
newline_before=True,
newline_after=True)
print_yellow(
"The tag %s has been rolled out. However, you should create the Git tags '%s' and '%s' manually, or re-run this deployment."
% (tag, deployment_tag, self.context),
newline_after=True)
post_deploy_success = False
if post_deploy_success:
print_green("Deployment succeeded!")
else:
raise HokusaiError("One or more post-deploy steps failed!")
def refresh(self):
deployment_timestamp = datetime.datetime.utcnow().strftime("%s%f")
for deployment in self.cache:
patch = {
"spec": {
"template": {
"metadata": {
"labels": {
"deploymentTimestamp": deployment_timestamp
}
}
}
}
}
print_green("Refreshing %s..." % deployment['metadata']['name'],
newline_after=True)
shout(
self.kctl.command(
"patch deployment %s -p '%s'" %
(deployment['metadata']['name'], json.dumps(patch))))
print_green("Waiting for refresh to complete...")
rollout_commands = [
self.kctl.command("rollout status deployment/%s" %
deployment['metadata']['name'])
for deployment in self.cache
]
return_codes = shout_concurrent(rollout_commands, print_output=True)
if any(return_codes):
raise HokusaiError("Refresh failed!")
@property
def names(self):
return [deployment['metadata']['name'] for deployment in self.cache]
class TestECR(HokusaiIntegrationTestCase):
def setUp(self):
self.ecr = ECR()
@httpretty.activate
def test_registry(self):
httpretty.register_uri(
httpretty.POST,
"https://sts.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'sts-get-caller-identity-response.xml')).read(),
content_type="application/xml")
httpretty.register_uri(
httpretty.POST,
"https://api.ecr.us-east-1.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'ecr-repositories-response.json')).read(),
content_type="application/x-amz-json-1.1")
repositories = [
str(repo['repositoryName']) for repo in self.ecr.registry
]
self.assertTrue('hello' in repositories)
self.assertTrue('bar' in repositories)
self.assertTrue('baz' in repositories)
@httpretty.activate
def test_project_repo_exists(self):
httpretty.register_uri(
httpretty.POST,
"https://sts.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'sts-get-caller-identity-response.xml')).read(),
content_type="application/xml")
httpretty.register_uri(
httpretty.POST,
"https://api.ecr.us-east-1.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'ecr-repositories-response.json')).read(),
content_type="application/x-amz-json-1.1")
self.assertTrue(self.ecr.project_repo_exists())
@httpretty.activate
def test_get_project_repo(self):
httpretty.register_uri(
httpretty.POST,
"https://sts.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'sts-get-caller-identity-response.xml')).read(),
content_type="application/xml")
httpretty.register_uri(
httpretty.POST,
"https://api.ecr.us-east-1.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'ecr-repositories-response.json')).read(),
content_type="application/x-amz-json-1.1")
self.assertEqual(self.ecr.project_repo,
'123456789012.dkr.ecr.us-east-1.amazonaws.com/hello')
@httpretty.activate
def test_create_project_repo(self):
httpretty.register_uri(
httpretty.POST,
"https://sts.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'sts-get-caller-identity-response.xml')).read(),
content_type="application/xml")
httpretty.register_uri(
httpretty.POST,
"https://api.ecr.us-east-1.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'ecr-create-repository-response.json')).read(),
content_type="application/x-amz-json-1.1")
httpretty.register_uri(
httpretty.POST,
"https://api.ecr.us-east-1.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'ecr-empty-repositories-response.json')).read(),
content_type="application/x-amz-json-1.1")
self.assertTrue(self.ecr.create_project_repo())
@httpretty.activate
def test_get_login(self):
httpretty.register_uri(
httpretty.POST,
"https://sts.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'sts-get-caller-identity-response.xml')).read(),
content_type="application/xml")
httpretty.register_uri(
httpretty.POST,
"https://api.ecr.us-east-1.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'ecr-authorization-response.json')).read(),
content_type="application/x-amz-json-1.1")
self.assertEqual(
self.ecr.get_login(),
'docker login -u AWS -p 76W8YEUFHDSAE98DFDHSFSDFIUHSDAJKGKSADFGKDF https://123456789012.dkr.ecr.us-east-1.amazonaws.com'
)
@httpretty.activate
def test_images(self):
httpretty.register_uri(
httpretty.POST,
"https://sts.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'sts-get-caller-identity-response.xml')).read(),
content_type="application/xml")
httpretty.register_uri(
httpretty.POST,
"https://api.ecr.us-east-1.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'ecr-images-response.json')).read(),
content_type="application/x-amz-json-1.1")
self.assertEqual(
self.ecr.images[0]['imageTags'],
['a2605e5b93ec4beecde122c53a3fdea18807459c', 'latest'])
self.assertEqual(
self.ecr.images[0]['imageDigest'],
'sha256:8sh968hsn205e8bff53ba8ed1006c7f41dacd17db164efdn6d346204f997shdn'
)
self.assertEqual(self.ecr.images[0]['registryId'], '123456789012')
self.assertEqual(self.ecr.images[0]['repositoryName'], 'hello')
@httpretty.activate
def test_tag_exists(self):
httpretty.register_uri(
httpretty.POST,
"https://sts.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'sts-get-caller-identity-response.xml')).read(),
content_type="application/xml")
httpretty.register_uri(
httpretty.POST,
"https://api.ecr.us-east-1.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'ecr-images-response.json')).read(),
content_type="application/x-amz-json-1.1")
self.assertTrue(
self.ecr.tag_exists('a2605e5b93ec4beecde122c53a3fdea18807459c'))
self.assertTrue(self.ecr.tag_exists('latest'))
@httpretty.activate
def test_tags(self):
httpretty.register_uri(
httpretty.POST,
"https://sts.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'sts-get-caller-identity-response.xml')).read(),
content_type="application/xml")
httpretty.register_uri(
httpretty.POST,
"https://api.ecr.us-east-1.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'ecr-images-response.json')).read(),
content_type="application/x-amz-json-1.1")
self.assertIn('a2605e5b93ec4beecde122c53a3fdea18807459c',
self.ecr.tags())
self.assertIn('latest', self.ecr.tags())
@httpretty.activate
def test_find_git_sha1_image_tag(self):
httpretty.register_uri(
httpretty.POST,
"https://sts.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'sts-get-caller-identity-response.xml')).read(),
content_type="application/xml")
httpretty.register_uri(
httpretty.POST,
"https://api.ecr.us-east-1.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'ecr-images-response.json')).read(),
content_type="application/x-amz-json-1.1")
self.assertEqual(self.ecr.find_git_sha1_image_tag('latest'),
'a2605e5b93ec4beecde122c53a3fdea18807459c')
@httpretty.activate
def test_image_digest_for_tag(self):
httpretty.register_uri(
httpretty.POST,
"https://sts.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'sts-get-caller-identity-response.xml')).read(),
content_type="application/xml")
httpretty.register_uri(
httpretty.POST,
"https://api.ecr.us-east-1.amazonaws.com/",
body=open(
os.path.join(os.getcwd(), 'test', 'fixtures',
'ecr-images-response.json')).read(),
content_type="application/x-amz-json-1.1")
self.assertEqual(
self.ecr.image_digest_for_tag(
'a2605e5b93ec4beecde122c53a3fdea18807459c'),
'sha256:8sh968hsn205e8bff53ba8ed1006c7f41dacd17db164efdn6d346204f997shdn'
)
self.assertEqual(
self.ecr.image_digest_for_tag('latest'),
'sha256:8sh968hsn205e8bff53ba8ed1006c7f41dacd17db164efdn6d346204f997shdn'
)
