import asyncio
import logging
-from juju.controller import Controller
-from juju.client import client
+
import time
from juju.errors import JujuAPIError
Cloud,
CloudCredential,
)
+from juju.controller import Controller
+from juju.client import client
+from juju import tag
+
from n2vc.juju_watcher import JujuModelWatcher
from n2vc.provisioner import AsyncSSHProvisioner
from n2vc.n2vc_conn import N2VCConnector
from osm_common.dbbase import DbException
from kubernetes.client.configuration import Configuration
+RBAC_LABEL_KEY_NAME = "rbac-id"
+
class Libjuju:
def __init__(
try:
# Get application
application = self._get_application(
- model, application_name=application_name,
+ model,
+ application_name=application_name,
)
if application is None:
raise JujuApplicationNotFound("Cannot execute action")
try:
# Get application
application = self._get_application(
- model, application_name=application_name,
+ model,
+ application_name=application_name,
)
# Return list of actions
return metrics
async def add_relation(
- self, model_name: str, endpoint_1: str, endpoint_2: str,
+ self,
+ model_name: str,
+ endpoint_1: str,
+ endpoint_2: str,
):
"""Add relation
await self.disconnect_controller(controller)
async def consume(
- self, offer_url: str, model_name: str,
+ self,
+ offer_url: str,
+ model_name: str,
):
"""
Adds a remote offer to the model. Relations can be created later using "juju relate".
try:
model = await self.get_model(controller, model_name)
application = self._get_application(
- model, application_name=application_name,
+ model,
+ application_name=application_name,
)
await application.set_config(config)
finally:
if not juju_info:
try:
self.db.create(
- DB_DATA.api_endpoints.table, DB_DATA.api_endpoints.filter,
+ DB_DATA.api_endpoints.table,
+ DB_DATA.api_endpoints.filter,
)
except DbException as e:
# Racing condition: check if another N2VC worker has created it
async def add_k8s(
self,
name: str,
+ rbac_id: str,
+ token: str,
+ client_cert_data: str,
configuration: Configuration,
storage_class: str,
credential_name: str = None,
raise Exception("configuration must be provided")
endpoint = configuration.host
- credential = self.get_k8s_cloud_credential(configuration)
- ca_certificates = (
- [credential.attrs["ClientCertificateData"]]
- if "ClientCertificateData" in credential.attrs
- else []
+ credential = self.get_k8s_cloud_credential(
+ configuration,
+ client_cert_data,
+ token,
)
+ credential.attrs[RBAC_LABEL_KEY_NAME] = rbac_id
cloud = client.Cloud(
type_="kubernetes",
auth_types=[credential.auth_type],
endpoint=endpoint,
- ca_certificates=ca_certificates,
+ ca_certificates=[client_cert_data],
config={
"operator-storage": storage_class,
"workload-storage": storage_class,
)
def get_k8s_cloud_credential(
- self, configuration: Configuration,
+ self,
+ configuration: Configuration,
+ client_cert_data: str,
+ token: str = None,
) -> client.CloudCredential:
attrs = {}
- ca_cert = configuration.ssl_ca_cert or configuration.cert_file
- key = configuration.key_file
- api_key = configuration.api_key
- token = None
+ # TODO: Test with AKS
+ key = None # open(configuration.key_file, "r").read()
username = configuration.username
password = configuration.password
- if "authorization" in api_key:
- authorization = api_key["authorization"]
- if "Bearer " in authorization:
- bearer_list = authorization.split(" ")
- if len(bearer_list) == 2:
- [_, token] = bearer_list
- else:
- raise JujuInvalidK8sConfiguration("unknown format of api_key")
- else:
- token = authorization
- if ca_cert:
- attrs["ClientCertificateData"] = open(ca_cert, "r").read()
+ if client_cert_data:
+ attrs["ClientCertificateData"] = client_cert_data
if key:
- attrs["ClientKeyData"] = open(key, "r").read()
+ attrs["ClientKeyData"] = key
if token:
if username or password:
raise JujuInvalidK8sConfiguration("Cannot set both token and user/pass")
auth_type = None
if key:
auth_type = "oauth2"
+ if client_cert_data:
+ auth_type = "oauth2withcert"
if not token:
raise JujuInvalidK8sConfiguration(
"missing token for auth type {}".format(auth_type)
)
attrs["username"] = username
attrs["password"] = password
- if ca_cert:
+ if client_cert_data:
auth_type = "userpasswithcert"
else:
auth_type = "userpass"
- elif ca_cert and token:
+ elif client_cert_data and token:
auth_type = "certificate"
else:
raise JujuInvalidK8sConfiguration("authentication method not supported")
unit = u
break
return unit
+
+ async def get_cloud_credentials(self, cloud_name: str, credential_name: str):
+ controller = await self.get_controller()
+ try:
+ facade = client.CloudFacade.from_connection(controller.connection())
+ cloud_cred_tag = tag.credential(cloud_name, self.username, credential_name)
+ params = [client.Entity(cloud_cred_tag)]
+ return (await facade.Credential(params)).results
+ finally:
+ await self.disconnect_controller(controller)