X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=osm_lcm%2Flcm_helm_conn.py;h=d7db63991fde8e7de4f43908d1fe94e25aad85e2;hb=refs%2Fchanges%2F00%2F13500%2F1;hp=d1ad4c597b624e2a5453a13dfbc87dd61f2a8451;hpb=87f5f03155d092c22f2bdf7303f10abf06f42531;p=osm%2FLCM.git

diff --git a/osm_lcm/lcm_helm_conn.py b/osm_lcm/lcm_helm_conn.py
index d1ad4c5..d7db639 100644
--- a/osm_lcm/lcm_helm_conn.py
+++ b/osm_lcm/lcm_helm_conn.py
@@ -79,21 +79,16 @@ def retryer(max_wait_time_var="_initial_retry_time", delay_time_var="_retry_dela
 
 
 def create_secure_context(
-    trusted: str,
+    trusted: str, client_cert_path: str, client_key_path: str
 ) -> ssl.SSLContext:
     ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
     ctx.verify_mode = ssl.CERT_REQUIRED
     ctx.check_hostname = True
     ctx.minimum_version = ssl.TLSVersion.TLSv1_2
-    # TODO: client TLS
-    # ctx.load_cert_chain(str(client_cert), str(client_key))
+    ctx.load_cert_chain(client_cert_path, client_key_path)
     ctx.load_verify_locations(trusted)
     ctx.set_ciphers("ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20")
     ctx.set_alpn_protocols(["h2"])
-    try:
-        ctx.set_npn_protocols(["h2"])
-    except NotImplementedError:
-        pass
     return ctx
 
 
@@ -101,7 +96,6 @@ class LCMHelmConn(N2VCConnector, LcmBase):
     def __init__(
         self,
         log: object = None,
-        loop: object = None,
         vca_config: VcaConfig = None,
         on_update_db=None,
     ):
@@ -114,7 +108,7 @@ class LCMHelmConn(N2VCConnector, LcmBase):
 
         # parent class constructor
         N2VCConnector.__init__(
-            self, log=log, loop=loop, on_update_db=on_update_db, db=self.db, fs=self.fs
+            self, log=log, on_update_db=on_update_db, db=self.db, fs=self.fs
         )
 
         self.vca_config = vca_config
@@ -191,6 +185,9 @@ class LCMHelmConn(N2VCConnector, LcmBase):
         and credentials object set to None as all credentials should be osm kubernetes .kubeconfig
         """
 
+        if not namespace:
+            namespace = self.vca_config.kubectl_osm_namespace
+
         self.log.info(
             "create_execution_environment: namespace: {}, artifact_path: {}, "
             "chart_model: {}, db_dict: {}, reuse_ee_id: {}".format(
@@ -254,7 +251,7 @@ class LCMHelmConn(N2VCConnector, LcmBase):
                     system_cluster_uuid,
                     kdu_model=kdu_model,
                     kdu_instance=helm_id,
-                    namespace=self.vca_config.kubectl_osm_namespace,
+                    namespace=namespace,
                     params=config,
                     db_dict=db_dict,
                     timeout=progress_timeout,
@@ -268,15 +265,13 @@ class LCMHelmConn(N2VCConnector, LcmBase):
                     system_cluster_uuid,
                     kdu_model=kdu_model,
                     kdu_instance=helm_id,
-                    namespace=self.vca_config.kubectl_osm_namespace,
+                    namespace=namespace,
                     params=config,
                     db_dict=db_dict,
                     timeout=progress_timeout,
                 )
 
-            ee_id = "{}:{}.{}".format(
-                vca_type, self.vca_config.kubectl_osm_namespace, helm_id
-            )
+            ee_id = "{}:{}.{}".format(vca_type, namespace, helm_id)
             return ee_id, None
         except N2VCException:
             raise
@@ -428,6 +423,37 @@ class LCMHelmConn(N2VCConnector, LcmBase):
             certificate_name=certificate_name,
         )
 
+    async def setup_ns_namespace(
+        self,
+        name: str,
+    ):
+        # Obtain system cluster id from database
+        system_cluster_uuid = await self._get_system_cluster_id()
+        await self._k8sclusterhelm3.create_namespace(
+            namespace=name,
+            cluster_uuid=system_cluster_uuid,
+            labels={
+                "pod-security.kubernetes.io/enforce": self.vca_config.eegrpc_pod_admission_policy
+            },
+        )
+        await self._k8sclusterhelm3.setup_default_rbac(
+            name="ee-role",
+            namespace=name,
+            api_groups=[""],
+            resources=["secrets"],
+            verbs=["get"],
+            service_account="default",
+            cluster_uuid=system_cluster_uuid,
+        )
+        await self._k8sclusterhelm3.copy_secret_data(
+            src_secret="osm-ca",
+            dst_secret="osm-ca",
+            src_namespace=self.vca_config.kubectl_osm_namespace,
+            dst_namespace=name,
+            cluster_uuid=system_cluster_uuid,
+            data_key="ca.crt",
+        )
+
     async def register_execution_environment(
         self,
         namespace: str,
@@ -698,8 +724,12 @@ class LCMHelmConn(N2VCConnector, LcmBase):
     async def delete_namespace(
         self, namespace: str, db_dict: dict = None, total_timeout: float = None
     ):
-        # method not implemented for this connector, execution environments must be deleted individually
-        pass
+        # Obtain system cluster id from database
+        system_cluster_uuid = await self._get_system_cluster_id()
+        await self._k8sclusterhelm3.delete_namespace(
+            namespace=namespace,
+            cluster_uuid=system_cluster_uuid,
+        )
 
     async def install_k8s_proxy_charm(
         self,
@@ -772,7 +802,11 @@ class LCMHelmConn(N2VCConnector, LcmBase):
                 else:
                     return "ERROR", "No result received"
 
-        ssl_context = create_secure_context(self.vca_config.ca_store)
+        ssl_context = create_secure_context(
+            self.vca_config.ca_store,
+            self.vca_config.client_cert_path,
+            self.vca_config.client_key_path,
+        )
         channel = Channel(
             ip_addr, self.vca_config.helm_ee_service_port, ssl=ssl_context
         )