Further fixes to the Kubernetes config provider, and a new set of proper unit tests
This commit is contained in:
Joseph Schorr
parent
babb7bb803
commit
2ae69dc651
8 changed files with 181 additions and 107 deletions
|
|
@ -4,6 +4,7 @@ import json
|
|||
import base64
|
||||
import time
|
||||
|
||||
from cStringIO import StringIO
|
||||
from requests import Request, Session
|
||||
|
||||
from util.config.provider.baseprovider import CannotWriteConfigException, get_yaml
|
||||
|
|
@ -25,15 +26,20 @@ QE_CONFIG_SECRET = os.environ.get('QE_K8S_CONFIG_SECRET', 'quay-enterprise-confi
|
|||
class KubernetesConfigProvider(BaseFileProvider):
|
||||
""" Implementation of the config provider that reads and writes configuration
|
||||
data from a Kubernetes Secret. """
|
||||
def __init__(self, config_volume, yaml_filename, py_filename):
|
||||
def __init__(self, config_volume, yaml_filename, py_filename, api_host=None,
|
||||
service_account_token_path=None):
|
||||
super(KubernetesConfigProvider, self).__init__(config_volume, yaml_filename, py_filename)
|
||||
service_account_token_path = service_account_token_path or SERVICE_ACCOUNT_TOKEN_PATH
|
||||
api_host = api_host or KUBERNETES_API_HOST
|
||||
|
||||
# Load the service account token from the local store.
|
||||
if not os.path.exists(SERVICE_ACCOUNT_TOKEN_PATH):
|
||||
if not os.path.exists(service_account_token_path):
|
||||
raise Exception('Cannot load Kubernetes service account token')
|
||||
|
||||
with open(SERVICE_ACCOUNT_TOKEN_PATH, 'r') as f:
|
||||
with open(service_account_token_path, 'r') as f:
|
||||
self._service_token = f.read()
|
||||
|
||||
self._api_host = api_host
|
||||
|
||||
@property
|
||||
def provider_id(self):
|
||||
|
|
@ -44,13 +50,16 @@ class KubernetesConfigProvider(BaseFileProvider):
|
|||
# in Kubernetes secrets.
|
||||
return "_".join([directory.rstrip('/'), filename])
|
||||
|
||||
def volume_file_exists(self, filename):
|
||||
def volume_file_exists(self, relative_file_path):
|
||||
if '/' in relative_file_path:
|
||||
raise Exception('Expected path from get_volume_path, but found slashes')
|
||||
|
||||
# NOTE: Overridden because we don't have subdirectories, which aren't supported
|
||||
# in Kubernetes secrets.
|
||||
secret = self._lookup_secret()
|
||||
if not secret or not secret.get('data'):
|
||||
return False
|
||||
return filename in secret['data']
|
||||
return relative_file_path in secret['data']
|
||||
|
||||
def list_volume_directory(self, path):
|
||||
# NOTE: Overridden because we don't have subdirectories, which aren't supported
|
||||
|
|
@ -69,22 +78,24 @@ class KubernetesConfigProvider(BaseFileProvider):
|
|||
def save_config(self, config_obj):
|
||||
self._update_secret_file(self.yaml_filename, get_yaml(config_obj))
|
||||
|
||||
def write_volume_file(self, filename, contents):
|
||||
def remove_volume_file(self, relative_file_path):
|
||||
try:
|
||||
self._update_secret_file(filename, contents)
|
||||
self._update_secret_file(relative_file_path, None)
|
||||
except IOError as ioe:
|
||||
raise CannotWriteConfigException(str(ioe))
|
||||
|
||||
def remove_volume_file(self, filename):
|
||||
def save_volume_file(self, flask_file, relative_file_path):
|
||||
# Write the file to a temp location.
|
||||
buf = StringIO()
|
||||
try:
|
||||
self._update_secret_file(filename, None)
|
||||
except IOError as ioe:
|
||||
raise CannotWriteConfigException(str(ioe))
|
||||
try:
|
||||
flask_file.save(buf)
|
||||
except IOError as ioe:
|
||||
raise CannotWriteConfigException(str(ioe))
|
||||
|
||||
def save_volume_file(self, filename, flask_file):
|
||||
filepath = super(KubernetesConfigProvider, self).save_volume_file(filename, flask_file)
|
||||
with open(filepath, 'r') as f:
|
||||
self.write_volume_file(filename, f.read())
|
||||
self._update_secret_file(relative_file_path, buf.getvalue())
|
||||
finally:
|
||||
buf.close()
|
||||
|
||||
def _assert_success(self, response):
|
||||
if response.status_code != 200:
|
||||
|
|
@ -92,7 +103,10 @@ class KubernetesConfigProvider(BaseFileProvider):
|
|||
response.text)
|
||||
raise CannotWriteConfigException('Kubernetes API call failed: %s' % response.text)
|
||||
|
||||
def _update_secret_file(self, filename, value=None):
|
||||
def _update_secret_file(self, relative_file_path, value=None):
|
||||
if '/' in relative_file_path:
|
||||
raise Exception('Expected path from get_volume_path, but found slashes')
|
||||
|
||||
# Check first that the namespace for Quay Enterprise exists. If it does not, report that
|
||||
# as an error, as it seems to be a common issue.
|
||||
namespace_url = 'namespaces/%s' % (QE_NAMESPACE)
|
||||
|
|
@ -119,9 +133,9 @@ class KubernetesConfigProvider(BaseFileProvider):
|
|||
secret['data'] = secret.get('data', {})
|
||||
|
||||
if value is not None:
|
||||
secret['data'][filename] = base64.b64encode(value)
|
||||
secret['data'][relative_file_path] = base64.b64encode(value)
|
||||
else:
|
||||
secret['data'].pop(filename)
|
||||
secret['data'].pop(relative_file_path)
|
||||
|
||||
self._assert_success(self._execute_k8s_api('PUT', secret_url, secret))
|
||||
|
||||
|
|
@ -164,7 +178,7 @@ class KubernetesConfigProvider(BaseFileProvider):
|
|||
|
||||
data = json.dumps(data) if data else None
|
||||
session = Session()
|
||||
url = 'https://%s/api/v1/%s' % (KUBERNETES_API_HOST, relative_url)
|
||||
url = 'https://%s/api/v1/%s' % (self._api_host, relative_url)
|
||||
|
||||
request = Request(method, url, data=data, headers=headers)
|
||||
return session.send(request.prepare(), verify=False, timeout=2)
|
||||
|
|
|
|||
Reference in a new issue