X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FN2VC.git;a=blobdiff_plain;f=n2vc%2Flibjuju.py;h=e5a8c6172dbaca98d7059519195a1991b3e93d7f;hp=aa7afa10ea2938940a5d70906c17efeeb61a3b23;hb=30701e3fbbbd545dabbd69c5145f44c0a5909558;hpb=667696ef11356f3267df58f2a81c6ecebb0e94b9 diff --git a/n2vc/libjuju.py b/n2vc/libjuju.py index aa7afa1..e5a8c61 100644 --- a/n2vc/libjuju.py +++ b/n2vc/libjuju.py @@ -14,8 +14,7 @@ import asyncio import logging -from juju.controller import Controller -from juju.client import client + import time from juju.errors import JujuAPIError @@ -29,6 +28,11 @@ from juju.client._definitions import ( Cloud, CloudCredential, ) +from juju.controller import Controller +from juju.client import client +from juju import tag + +from n2vc.config import ModelConfig from n2vc.juju_watcher import JujuModelWatcher from n2vc.provisioner import AsyncSSHProvisioner from n2vc.n2vc_conn import N2VCConnector @@ -37,7 +41,6 @@ from n2vc.exceptions import ( JujuApplicationNotFound, JujuLeaderUnitNotFound, JujuActionNotFound, - JujuModelAlreadyExists, JujuControllerFailedConnecting, JujuApplicationExists, JujuInvalidK8sConfiguration, @@ -46,6 +49,8 @@ from n2vc.utils import DB_DATA from osm_common.dbbase import DbException from kubernetes.client.configuration import Configuration +RBAC_LABEL_KEY_NAME = "rbac-id" + class Libjuju: def __init__( @@ -59,8 +64,7 @@ class Libjuju: log: logging.Logger = None, db: dict = None, n2vc: N2VCConnector = None, - apt_mirror: str = None, - enable_os_upgrade: bool = True, + model_config: ModelConfig = {}, ): """ Constructor @@ -95,16 +99,11 @@ class Libjuju: self.n2vc = n2vc # Generate config for models - self.model_config = {} - if apt_mirror: - self.model_config["apt-mirror"] = apt_mirror - self.model_config["enable-os-refresh-update"] = enable_os_upgrade - self.model_config["enable-os-upgrade"] = enable_os_upgrade + self.model_config = model_config self.loop.set_exception_handler(self.handle_exception) self.creating_model = asyncio.Lock(loop=self.loop) - self.models = set() self.log.debug("Libjuju initialized!") self.health_check_task = self._create_health_check_task() @@ -112,7 +111,7 @@ class Libjuju: def _create_health_check_task(self): return self.loop.create_task(self.health_check()) - async def get_controller(self, timeout: float = 5.0) -> Controller: + async def get_controller(self, timeout: float = 15.0) -> Controller: """ Get controller @@ -182,22 +181,14 @@ class Libjuju: controller = await self.get_controller() model = None try: - # Raise exception if model already exists - if await self.model_exists(model_name, controller=controller): - raise JujuModelAlreadyExists( - "Model {} already exists.".format(model_name) - ) - # Block until other workers have finished model creation while self.creating_model.locked(): await asyncio.sleep(0.1) - # If the model exists, return it from the controller - if model_name in self.models: - return - # Create the model async with self.creating_model: + if await self.model_exists(model_name, controller=controller): + return self.log.debug("Creating model {}".format(model_name)) model = await controller.add_model( model_name, @@ -205,7 +196,6 @@ class Libjuju: cloud_name=cloud_name, credential_name=credential_name or cloud_name, ) - self.models.add(model_name) finally: if model: await self.disconnect_model(model) @@ -654,7 +644,8 @@ class Libjuju: try: # Get application application = self._get_application( - model, application_name=application_name, + model, + application_name=application_name, ) if application is None: raise JujuApplicationNotFound("Cannot execute action") @@ -744,7 +735,8 @@ class Libjuju: try: # Get application application = self._get_application( - model, application_name=application_name, + model, + application_name=application_name, ) # Return list of actions @@ -776,7 +768,10 @@ class Libjuju: return metrics async def add_relation( - self, model_name: str, endpoint_1: str, endpoint_2: str, + self, + model_name: str, + endpoint_1: str, + endpoint_2: str, ): """Add relation @@ -811,7 +806,9 @@ class Libjuju: await self.disconnect_controller(controller) async def consume( - self, offer_url: str, model_name: str, + self, + offer_url: str, + model_name: str, ): """ Adds a remote offer to the model. Relations can be created later using "juju relate". @@ -841,8 +838,12 @@ class Libjuju: """ controller = await self.get_controller() - model = await self.get_model(controller, model_name) + model = None try: + if not await self.model_exists(model_name, controller=controller): + return + + model = await self.get_model(controller, model_name) self.log.debug("Destroying model {}".format(model_name)) uuid = model.info.uuid @@ -853,10 +854,6 @@ class Libjuju: # Disconnect model await self.disconnect_model(model) - # Destroy model - if model_name in self.models: - self.models.remove(model_name) - await controller.destroy_model(uuid, force=True, max_wait=0) # Wait until model is destroyed @@ -876,6 +873,10 @@ class Libjuju: raise Exception( "Timeout waiting for model {} to be destroyed".format(model_name) ) + except Exception as e: + if model: + await self.disconnect_model(model) + raise e finally: await self.disconnect_controller(controller) @@ -953,15 +954,18 @@ class Libjuju: self.log.debug("Configuring application {}".format(application_name)) if config: + controller = await self.get_controller() + model = None try: - controller = await self.get_controller() model = await self.get_model(controller, model_name) application = self._get_application( - model, application_name=application_name, + model, + application_name=application_name, ) await application.set_config(config) finally: - await self.disconnect_model(model) + if model: + await self.disconnect_model(model) await self.disconnect_controller(controller) def _get_api_endpoints_db(self) -> [str]: @@ -997,7 +1001,8 @@ class Libjuju: if not juju_info: try: self.db.create( - DB_DATA.api_endpoints.table, DB_DATA.api_endpoints.filter, + DB_DATA.api_endpoints.table, + DB_DATA.api_endpoints.filter, ) except DbException as e: # Racing condition: check if another N2VC worker has created it @@ -1069,6 +1074,9 @@ class Libjuju: async def add_k8s( self, name: str, + rbac_id: str, + token: str, + client_cert_data: str, configuration: Configuration, storage_class: str, credential_name: str = None, @@ -1092,17 +1100,17 @@ class Libjuju: raise Exception("configuration must be provided") endpoint = configuration.host - credential = self.get_k8s_cloud_credential(configuration) - ca_certificates = ( - [credential.attrs["ClientCertificateData"]] - if "ClientCertificateData" in credential.attrs - else [] + credential = self.get_k8s_cloud_credential( + configuration, + client_cert_data, + token, ) + credential.attrs[RBAC_LABEL_KEY_NAME] = rbac_id cloud = client.Cloud( type_="kubernetes", auth_types=[credential.auth_type], endpoint=endpoint, - ca_certificates=ca_certificates, + ca_certificates=[client_cert_data], config={ "operator-storage": storage_class, "workload-storage": storage_class, @@ -1114,30 +1122,21 @@ class Libjuju: ) def get_k8s_cloud_credential( - self, configuration: Configuration, + self, + configuration: Configuration, + client_cert_data: str, + token: str = None, ) -> client.CloudCredential: attrs = {} - ca_cert = configuration.ssl_ca_cert or configuration.cert_file - key = configuration.key_file - api_key = configuration.api_key - token = None + # TODO: Test with AKS + key = None # open(configuration.key_file, "r").read() username = configuration.username password = configuration.password - if "authorization" in api_key: - authorization = api_key["authorization"] - if "Bearer " in authorization: - bearer_list = authorization.split(" ") - if len(bearer_list) == 2: - [_, token] = bearer_list - else: - raise JujuInvalidK8sConfiguration("unknown format of api_key") - else: - token = authorization - if ca_cert: - attrs["ClientCertificateData"] = open(ca_cert, "r").read() + if client_cert_data: + attrs["ClientCertificateData"] = client_cert_data if key: - attrs["ClientKeyData"] = open(key, "r").read() + attrs["ClientKeyData"] = key if token: if username or password: raise JujuInvalidK8sConfiguration("Cannot set both token and user/pass") @@ -1146,6 +1145,8 @@ class Libjuju: auth_type = None if key: auth_type = "oauth2" + if client_cert_data: + auth_type = "oauth2withcert" if not token: raise JujuInvalidK8sConfiguration( "missing token for auth type {}".format(auth_type) @@ -1157,11 +1158,11 @@ class Libjuju: ) attrs["username"] = username attrs["password"] = password - if ca_cert: + if client_cert_data: auth_type = "userpasswithcert" else: auth_type = "userpass" - elif ca_cert and token: + elif client_cert_data and token: auth_type = "certificate" else: raise JujuInvalidK8sConfiguration("authentication method not supported") @@ -1216,3 +1217,13 @@ class Libjuju: unit = u break return unit + + async def get_cloud_credentials(self, cloud_name: str, credential_name: str): + controller = await self.get_controller() + try: + facade = client.CloudFacade.from_connection(controller.connection()) + cloud_cred_tag = tag.credential(cloud_name, self.username, credential_name) + params = [client.Entity(cloud_cred_tag)] + return (await facade.Credential(params)).results + finally: + await self.disconnect_controller(controller)