Add ModelConfig
[osm/N2VC.git] / n2vc / libjuju.py
index 5a3ddbb..98e31d8 100644 (file)
@@ -14,8 +14,7 @@
 
 import asyncio
 import logging
 
 import asyncio
 import logging
-from juju.controller import Controller
-from juju.client import client
+
 import time
 
 from juju.errors import JujuAPIError
 import time
 
 from juju.errors import JujuAPIError
@@ -29,6 +28,11 @@ from juju.client._definitions import (
     Cloud,
     CloudCredential,
 )
     Cloud,
     CloudCredential,
 )
+from juju.controller import Controller
+from juju.client import client
+from juju import tag
+
+from n2vc.config import ModelConfig
 from n2vc.juju_watcher import JujuModelWatcher
 from n2vc.provisioner import AsyncSSHProvisioner
 from n2vc.n2vc_conn import N2VCConnector
 from n2vc.juju_watcher import JujuModelWatcher
 from n2vc.provisioner import AsyncSSHProvisioner
 from n2vc.n2vc_conn import N2VCConnector
@@ -37,7 +41,6 @@ from n2vc.exceptions import (
     JujuApplicationNotFound,
     JujuLeaderUnitNotFound,
     JujuActionNotFound,
     JujuApplicationNotFound,
     JujuLeaderUnitNotFound,
     JujuActionNotFound,
-    JujuModelAlreadyExists,
     JujuControllerFailedConnecting,
     JujuApplicationExists,
     JujuInvalidK8sConfiguration,
     JujuControllerFailedConnecting,
     JujuApplicationExists,
     JujuInvalidK8sConfiguration,
@@ -46,6 +49,8 @@ from n2vc.utils import DB_DATA
 from osm_common.dbbase import DbException
 from kubernetes.client.configuration import Configuration
 
 from osm_common.dbbase import DbException
 from kubernetes.client.configuration import Configuration
 
+RBAC_LABEL_KEY_NAME = "rbac-id"
+
 
 class Libjuju:
     def __init__(
 
 class Libjuju:
     def __init__(
@@ -59,8 +64,7 @@ class Libjuju:
         log: logging.Logger = None,
         db: dict = None,
         n2vc: N2VCConnector = None,
         log: logging.Logger = None,
         db: dict = None,
         n2vc: N2VCConnector = None,
-        apt_mirror: str = None,
-        enable_os_upgrade: bool = True,
+        model_config: ModelConfig = {},
     ):
         """
         Constructor
     ):
         """
         Constructor
@@ -95,16 +99,11 @@ class Libjuju:
         self.n2vc = n2vc
 
         # Generate config for models
         self.n2vc = n2vc
 
         # Generate config for models
-        self.model_config = {}
-        if apt_mirror:
-            self.model_config["apt-mirror"] = apt_mirror
-        self.model_config["enable-os-refresh-update"] = enable_os_upgrade
-        self.model_config["enable-os-upgrade"] = enable_os_upgrade
+        self.model_config = model_config
 
         self.loop.set_exception_handler(self.handle_exception)
         self.creating_model = asyncio.Lock(loop=self.loop)
 
 
         self.loop.set_exception_handler(self.handle_exception)
         self.creating_model = asyncio.Lock(loop=self.loop)
 
-        self.models = set()
         self.log.debug("Libjuju initialized!")
 
         self.health_check_task = self._create_health_check_task()
         self.log.debug("Libjuju initialized!")
 
         self.health_check_task = self._create_health_check_task()
@@ -112,7 +111,7 @@ class Libjuju:
     def _create_health_check_task(self):
         return self.loop.create_task(self.health_check())
 
     def _create_health_check_task(self):
         return self.loop.create_task(self.health_check())
 
-    async def get_controller(self, timeout: float = 5.0) -> Controller:
+    async def get_controller(self, timeout: float = 15.0) -> Controller:
         """
         Get controller
 
         """
         Get controller
 
@@ -182,22 +181,14 @@ class Libjuju:
         controller = await self.get_controller()
         model = None
         try:
         controller = await self.get_controller()
         model = None
         try:
-            # Raise exception if model already exists
-            if await self.model_exists(model_name, controller=controller):
-                raise JujuModelAlreadyExists(
-                    "Model {} already exists.".format(model_name)
-                )
-
             # Block until other workers have finished model creation
             while self.creating_model.locked():
                 await asyncio.sleep(0.1)
 
             # Block until other workers have finished model creation
             while self.creating_model.locked():
                 await asyncio.sleep(0.1)
 
-            # If the model exists, return it from the controller
-            if model_name in self.models:
-                return
-
             # Create the model
             async with self.creating_model:
             # Create the model
             async with self.creating_model:
+                if await self.model_exists(model_name, controller=controller):
+                    return
                 self.log.debug("Creating model {}".format(model_name))
                 model = await controller.add_model(
                     model_name,
                 self.log.debug("Creating model {}".format(model_name))
                 model = await controller.add_model(
                     model_name,
@@ -205,7 +196,6 @@ class Libjuju:
                     cloud_name=cloud_name,
                     credential_name=credential_name or cloud_name,
                 )
                     cloud_name=cloud_name,
                     credential_name=credential_name or cloud_name,
                 )
-                self.models.add(model_name)
         finally:
             if model:
                 await self.disconnect_model(model)
         finally:
             if model:
                 await self.disconnect_model(model)
@@ -450,6 +440,7 @@ class Libjuju:
                     nonce=params.nonce,
                     machine_id=machine_id,
                     proxy=self.api_proxy,
                     nonce=params.nonce,
                     machine_id=machine_id,
                     proxy=self.api_proxy,
+                    series=params.series,
                 )
             )
 
                 )
             )
 
@@ -654,7 +645,8 @@ class Libjuju:
         try:
             # Get application
             application = self._get_application(
         try:
             # Get application
             application = self._get_application(
-                model, application_name=application_name,
+                model,
+                application_name=application_name,
             )
             if application is None:
                 raise JujuApplicationNotFound("Cannot execute action")
             )
             if application is None:
                 raise JujuApplicationNotFound("Cannot execute action")
@@ -744,7 +736,8 @@ class Libjuju:
         try:
             # Get application
             application = self._get_application(
         try:
             # Get application
             application = self._get_application(
-                model, application_name=application_name,
+                model,
+                application_name=application_name,
             )
 
             # Return list of actions
             )
 
             # Return list of actions
@@ -776,7 +769,10 @@ class Libjuju:
         return metrics
 
     async def add_relation(
         return metrics
 
     async def add_relation(
-        self, model_name: str, endpoint_1: str, endpoint_2: str,
+        self,
+        model_name: str,
+        endpoint_1: str,
+        endpoint_2: str,
     ):
         """Add relation
 
     ):
         """Add relation
 
@@ -811,7 +807,9 @@ class Libjuju:
             await self.disconnect_controller(controller)
 
     async def consume(
             await self.disconnect_controller(controller)
 
     async def consume(
-        self, offer_url: str, model_name: str,
+        self,
+        offer_url: str,
+        model_name: str,
     ):
         """
         Adds a remote offer to the model. Relations can be created later using "juju relate".
     ):
         """
         Adds a remote offer to the model. Relations can be created later using "juju relate".
@@ -841,8 +839,12 @@ class Libjuju:
         """
 
         controller = await self.get_controller()
         """
 
         controller = await self.get_controller()
-        model = await self.get_model(controller, model_name)
+        model = None
         try:
         try:
+            if not await self.model_exists(model_name, controller=controller):
+                return
+
+            model = await self.get_model(controller, model_name)
             self.log.debug("Destroying model {}".format(model_name))
             uuid = model.info.uuid
 
             self.log.debug("Destroying model {}".format(model_name))
             uuid = model.info.uuid
 
@@ -853,10 +855,6 @@ class Libjuju:
             # Disconnect model
             await self.disconnect_model(model)
 
             # Disconnect model
             await self.disconnect_model(model)
 
-            # Destroy model
-            if model_name in self.models:
-                self.models.remove(model_name)
-
             await controller.destroy_model(uuid, force=True, max_wait=0)
 
             # Wait until model is destroyed
             await controller.destroy_model(uuid, force=True, max_wait=0)
 
             # Wait until model is destroyed
@@ -876,6 +874,10 @@ class Libjuju:
             raise Exception(
                 "Timeout waiting for model {} to be destroyed".format(model_name)
             )
             raise Exception(
                 "Timeout waiting for model {} to be destroyed".format(model_name)
             )
+        except Exception as e:
+            if model:
+                await self.disconnect_model(model)
+            raise e
         finally:
             await self.disconnect_controller(controller)
 
         finally:
             await self.disconnect_controller(controller)
 
@@ -914,33 +916,6 @@ class Libjuju:
                 machine = model.machines[machine_id]
                 await machine.destroy(force=True)
 
                 machine = model.machines[machine_id]
                 await machine.destroy(force=True)
 
-    # async def destroy_machine(
-    #     self, model: Model, machine_id: str, total_timeout: float = 3600
-    # ):
-    #     """
-    #     Destroy machine
-
-    #     :param: model:          Model object
-    #     :param: machine_id:     Machine id
-    #     :param: total_timeout:  Timeout in seconds
-    #     """
-    #     machines = await model.get_machines()
-    #     if machine_id in machines:
-    #         machine = machines[machine_id]
-    #         await machine.destroy(force=True)
-    #         # max timeout
-    #         end = time.time() + total_timeout
-
-    #         # wait for machine removal
-    #         machines = await model.get_machines()
-    #         while machine_id in machines and time.time() < end:
-    #             self.log.debug("Waiting for machine {} is destroyed".format(machine_id))
-    #             await asyncio.sleep(0.5)
-    #             machines = await model.get_machines()
-    #         self.log.debug("Machine destroyed: {}".format(machine_id))
-    #     else:
-    #         self.log.debug("Machine not found: {}".format(machine_id))
-
     async def configure_application(
         self, model_name: str, application_name: str, config: dict = None
     ):
     async def configure_application(
         self, model_name: str, application_name: str, config: dict = None
     ):
@@ -958,7 +933,8 @@ class Libjuju:
             try:
                 model = await self.get_model(controller, model_name)
                 application = self._get_application(
             try:
                 model = await self.get_model(controller, model_name)
                 application = self._get_application(
-                    model, application_name=application_name,
+                    model,
+                    application_name=application_name,
                 )
                 await application.set_config(config)
             finally:
                 )
                 await application.set_config(config)
             finally:
@@ -999,7 +975,8 @@ class Libjuju:
         if not juju_info:
             try:
                 self.db.create(
         if not juju_info:
             try:
                 self.db.create(
-                    DB_DATA.api_endpoints.table, DB_DATA.api_endpoints.filter,
+                    DB_DATA.api_endpoints.table,
+                    DB_DATA.api_endpoints.filter,
                 )
             except DbException as e:
                 # Racing condition: check if another N2VC worker has created it
                 )
             except DbException as e:
                 # Racing condition: check if another N2VC worker has created it
@@ -1071,6 +1048,9 @@ class Libjuju:
     async def add_k8s(
         self,
         name: str,
     async def add_k8s(
         self,
         name: str,
+        rbac_id: str,
+        token: str,
+        client_cert_data: str,
         configuration: Configuration,
         storage_class: str,
         credential_name: str = None,
         configuration: Configuration,
         storage_class: str,
         credential_name: str = None,
@@ -1094,17 +1074,17 @@ class Libjuju:
             raise Exception("configuration must be provided")
 
         endpoint = configuration.host
             raise Exception("configuration must be provided")
 
         endpoint = configuration.host
-        credential = self.get_k8s_cloud_credential(configuration)
-        ca_certificates = (
-            [credential.attrs["ClientCertificateData"]]
-            if "ClientCertificateData" in credential.attrs
-            else []
+        credential = self.get_k8s_cloud_credential(
+            configuration,
+            client_cert_data,
+            token,
         )
         )
+        credential.attrs[RBAC_LABEL_KEY_NAME] = rbac_id
         cloud = client.Cloud(
             type_="kubernetes",
             auth_types=[credential.auth_type],
             endpoint=endpoint,
         cloud = client.Cloud(
             type_="kubernetes",
             auth_types=[credential.auth_type],
             endpoint=endpoint,
-            ca_certificates=ca_certificates,
+            ca_certificates=[client_cert_data],
             config={
                 "operator-storage": storage_class,
                 "workload-storage": storage_class,
             config={
                 "operator-storage": storage_class,
                 "workload-storage": storage_class,
@@ -1116,30 +1096,21 @@ class Libjuju:
         )
 
     def get_k8s_cloud_credential(
         )
 
     def get_k8s_cloud_credential(
-        self, configuration: Configuration,
+        self,
+        configuration: Configuration,
+        client_cert_data: str,
+        token: str = None,
     ) -> client.CloudCredential:
         attrs = {}
     ) -> client.CloudCredential:
         attrs = {}
-        ca_cert = configuration.ssl_ca_cert or configuration.cert_file
-        key = configuration.key_file
-        api_key = configuration.api_key
-        token = None
+        # TODO: Test with AKS
+        key = None  # open(configuration.key_file, "r").read()
         username = configuration.username
         password = configuration.password
 
         username = configuration.username
         password = configuration.password
 
-        if "authorization" in api_key:
-            authorization = api_key["authorization"]
-            if "Bearer " in authorization:
-                bearer_list = authorization.split(" ")
-                if len(bearer_list) == 2:
-                    [_, token] = bearer_list
-                else:
-                    raise JujuInvalidK8sConfiguration("unknown format of api_key")
-            else:
-                token = authorization
-        if ca_cert:
-            attrs["ClientCertificateData"] = open(ca_cert, "r").read()
+        if client_cert_data:
+            attrs["ClientCertificateData"] = client_cert_data
         if key:
         if key:
-            attrs["ClientKeyData"] = open(key, "r").read()
+            attrs["ClientKeyData"] = key
         if token:
             if username or password:
                 raise JujuInvalidK8sConfiguration("Cannot set both token and user/pass")
         if token:
             if username or password:
                 raise JujuInvalidK8sConfiguration("Cannot set both token and user/pass")
@@ -1148,6 +1119,8 @@ class Libjuju:
         auth_type = None
         if key:
             auth_type = "oauth2"
         auth_type = None
         if key:
             auth_type = "oauth2"
+            if client_cert_data:
+                auth_type = "oauth2withcert"
             if not token:
                 raise JujuInvalidK8sConfiguration(
                     "missing token for auth type {}".format(auth_type)
             if not token:
                 raise JujuInvalidK8sConfiguration(
                     "missing token for auth type {}".format(auth_type)
@@ -1159,11 +1132,11 @@ class Libjuju:
                 )
             attrs["username"] = username
             attrs["password"] = password
                 )
             attrs["username"] = username
             attrs["password"] = password
-            if ca_cert:
+            if client_cert_data:
                 auth_type = "userpasswithcert"
             else:
                 auth_type = "userpass"
                 auth_type = "userpasswithcert"
             else:
                 auth_type = "userpass"
-        elif ca_cert and token:
+        elif client_cert_data and token:
             auth_type = "certificate"
         else:
             raise JujuInvalidK8sConfiguration("authentication method not supported")
             auth_type = "certificate"
         else:
             raise JujuInvalidK8sConfiguration("authentication method not supported")
@@ -1218,3 +1191,13 @@ class Libjuju:
                 unit = u
                 break
         return unit
                 unit = u
                 break
         return unit
+
+    async def get_cloud_credentials(self, cloud_name: str, credential_name: str):
+        controller = await self.get_controller()
+        try:
+            facade = client.CloudFacade.from_connection(controller.connection())
+            cloud_cred_tag = tag.credential(cloud_name, self.username, credential_name)
+            params = [client.Entity(cloud_cred_tag)]
+            return (await facade.Credential(params)).results
+        finally:
+            await self.disconnect_controller(controller)