X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FN2VC.git;a=blobdiff_plain;f=n2vc%2Flibjuju.py;h=d2c725fa944d7f9ce4d2f3cc6f45dfbf8087762b;hp=12730fde98bb795d51de9011fde8c066f1062e57;hb=475a7221e3598ad1c75ce802c5ad74ef7ecf72f1;hpb=12b29244e5d333341166ea92760b8eb245c16b27;ds=sidebyside diff --git a/n2vc/libjuju.py b/n2vc/libjuju.py index 12730fd..d2c725f 100644 --- a/n2vc/libjuju.py +++ b/n2vc/libjuju.py @@ -39,9 +39,11 @@ from n2vc.exceptions import ( JujuModelAlreadyExists, JujuControllerFailedConnecting, JujuApplicationExists, + JujuInvalidK8sConfiguration, ) from n2vc.utils import DB_DATA from osm_common.dbbase import DbException +from kubernetes.client.configuration import Configuration class Libjuju: @@ -711,6 +713,26 @@ class Libjuju: await self.disconnect_model(model) await self.disconnect_controller(controller) + async def get_metrics(self, model_name: str, application_name: str) -> dict: + """Get the metrics collected by the VCA. + + :param model_name The name or unique id of the network service + :param application_name The name of the application + """ + if not model_name or not application_name: + raise Exception("model_name and application_name must be non-empty strings") + metrics = {} + controller = await self.get_controller() + model = await self.get_model(controller, model_name) + try: + application = self._get_application(model, application_name) + if application is not None: + metrics = await application.get_metrics() + finally: + self.disconnect_model(model) + self.disconnect_controller(controller) + return metrics + async def add_relation( self, model_name: str, endpoint_1: str, endpoint_2: str, ): @@ -1000,59 +1022,99 @@ class Libjuju: finally: await self.disconnect_controller(controller) - async def add_k8s(self, name: str, auth_data: dict, storage_class: str): + async def add_k8s( + self, name: str, configuration: Configuration, storage_class: str + ): """ Add a Kubernetes cloud to the controller Similar to the `juju add-k8s` command in the CLI :param: name: Name for the K8s cloud - :param: auth_data: Dictionary with needed credentials. Format: - { - "server": "192.168.0.21:16443", - "cacert": "-----BEGIN CERTIFI...", - "token": "clhkRExRem5Xd1dCdnFEVXdvRGt...", - - } + :param: configuration: Kubernetes configuration object :param: storage_class: Storage Class to use in the cloud """ - required_auth_data_keys = ["server", "cacert", "token"] - missing_keys = [] - for k in required_auth_data_keys: - if k not in auth_data: - missing_keys.append(k) - if missing_keys: - raise Exception( - "missing keys in auth_data: {}".format(",".join(missing_keys)) - ) if not storage_class: raise Exception("storage_class must be a non-empty string") if not name: raise Exception("name must be a non-empty string") - - endpoint = auth_data["server"] - cacert = auth_data["cacert"] - token = auth_data["token"] - region_name = "{}-region".format(name) - + if not configuration: + raise Exception("configuration must be provided") + + endpoint = configuration.host + credential = self.get_k8s_cloud_credential(configuration) + ca_certificates = ( + [credential.attrs["ClientCertificateData"]] + if "ClientCertificateData" in credential.attrs + else [] + ) cloud = client.Cloud( - auth_types=["certificate"], - ca_certificates=[cacert], + type_="kubernetes", + auth_types=[credential.auth_type], endpoint=endpoint, + ca_certificates=ca_certificates, config={ "operator-storage": storage_class, "workload-storage": storage_class, }, - regions=[client.CloudRegion(endpoint=endpoint, name=region_name)], - type_="kubernetes", ) - cred = client.CloudCredential( - auth_type="certificate", - attrs={"ClientCertificateData": cacert, "Token": token}, - ) - return await self.add_cloud(name, cloud, cred) + return await self.add_cloud(name, cloud, credential) + + def get_k8s_cloud_credential( + self, configuration: Configuration, + ) -> client.CloudCredential: + attrs = {} + ca_cert = configuration.ssl_ca_cert or configuration.cert_file + key = configuration.key_file + api_key = configuration.api_key + token = None + username = configuration.username + password = configuration.password + + if "authorization" in api_key: + authorization = api_key["authorization"] + if "Bearer " in authorization: + bearer_list = authorization.split(" ") + if len(bearer_list) == 2: + [_, token] = bearer_list + else: + raise JujuInvalidK8sConfiguration("unknown format of api_key") + else: + token = authorization + if ca_cert: + attrs["ClientCertificateData"] = open(ca_cert, "r").read() + if key: + attrs["ClientKeyData"] = open(key, "r").read() + if token: + if username or password: + raise JujuInvalidK8sConfiguration("Cannot set both token and user/pass") + attrs["Token"] = token + + auth_type = None + if key: + auth_type = "oauth2" + if not token: + raise JujuInvalidK8sConfiguration( + "missing token for auth type {}".format(auth_type) + ) + elif username: + if not password: + self.log.debug( + "credential for user {} has empty password".format(username) + ) + attrs["username"] = username + attrs["password"] = password + if ca_cert: + auth_type = "userpasswithcert" + else: + auth_type = "userpass" + elif ca_cert and token: + auth_type = "certificate" + else: + raise JujuInvalidK8sConfiguration("authentication method not supported") + return client.CloudCredential(auth_type=auth_type, attrs=attrs,) async def add_cloud( self, name: str, cloud: Cloud, credential: CloudCredential = None