Add cycling deployments and updating config

Add kube config with refactor to kube accessor

Add tests for k8s accessor, some styling changes

config_app/config_util/k8saccessor.py

@@ -0,0 +1,145 @@
+import logging
+import json
+import base64
+import datetime
+
+from requests import Request, Session
+
+from config_app.config_util.k8sconfig import KubernetesConfig
+
+logger = logging.getLogger(__name__)
+
+QE_DEPLOYMENT_LABEL = 'quay-enterprise-component'
+
+class KubernetesAccessorSingleton(object):
+    """ Singleton allowing access to kubernetes operations """
+    _instance = None
+
+    def __init__(self, kube_config=None):
+      self.kube_config = kube_config
+      if kube_config is None:
+        self.kube_config = KubernetesConfig.from_env()
+
+      KubernetesAccessorSingleton._instance = self
+
+    @classmethod
+    def get_instance(cls, kube_config=None):
+      """
+      Singleton getter implementation, returns the instance if one exists, otherwise creates the
+      instance and ties it to the class.
+      :return: KubernetesAccessorSingleton
+      """
+      if cls._instance is None:
+        return cls(kube_config)
+
+      return cls._instance
+
+    def save_file_as_secret(self, name, file_path):
+        with open(file_path) as f:
+            value = f.read()
+            self._update_secret_file(name, value)
+
+    def get_qe_deployments(self):
+      """"
+      Returns all deployments matching the label selector provided in the KubeConfig
+      """
+      deployment_selector_url = 'namespaces/%s/deployments?labelSelector=%s%%3D%s' % (
+        self.kube_config.qe_namespace, QE_DEPLOYMENT_LABEL, self.kube_config.qe_deployment_selector
+      )
+
+      response = self._execute_k8s_api('GET', deployment_selector_url, api_prefix='apis/extensions/v1beta1')
+      if response.status_code != 200:
+        return None
+      return json.loads(response.text)
+
+    def cycle_qe_deployments(self, deployment_names):
+      """"
+      Triggers a rollout of all desired deployments in the qe namespace
+      """
+
+      for name in deployment_names:
+        logger.debug('Cycling deployment %s', name)
+        deployment_url = 'namespaces/%s/deployments/%s' % (self.kube_config.qe_namespace, name)
+
+        # There is currently no command to simply rolling restart all the pods: https://github.com/kubernetes/kubernetes/issues/13488
+        # Instead, we modify the template of the deployment with a dummy env variable to trigger a cycle of the pods
+        # (based off this comment: https://github.com/kubernetes/kubernetes/issues/13488#issuecomment-240393845)
+        self._assert_success(self._execute_k8s_api('PATCH', deployment_url, {
+          'spec': {
+            'template': {
+              'spec': {
+                'containers': [{
+                  'name': 'quay-enterprise-app', 'env': [{
+                    'name': 'RESTART_TIME',
+                    'value': str(datetime.datetime.now())
+                  }]
+                }]
+              }
+            }
+          }
+        }, api_prefix='apis/extensions/v1beta1', content_type='application/strategic-merge-patch+json'))
+
+
+    def _assert_success(self, response):
+        if response.status_code != 200:
+            logger.error('Kubernetes API call failed with response: %s => %s', response.status_code,
+                         response.text)
+            raise Exception('Kubernetes API call failed: %s' % response.text)
+
+    def _update_secret_file(self, relative_file_path, value=None):
+        if '/' in relative_file_path:
+            raise Exception('Expected path from get_volume_path, but found slashes')
+
+        # Check first that the namespace for Quay Enterprise exists. If it does not, report that
+        # as an error, as it seems to be a common issue.
+        namespace_url = 'namespaces/%s' % (self.kube_config.qe_namespace)
+        response = self._execute_k8s_api('GET', namespace_url)
+        if response.status_code // 100 != 2:
+            msg = 'A Kubernetes namespace with name `%s` must be created to save config' % self.kube_config.qe_namespace
+            raise Exception(msg)
+
+        # Check if the secret exists. If not, then we create an empty secret and then update the file
+        # inside.
+        secret_url = 'namespaces/%s/secrets/%s' % (self.kube_config.qe_namespace, self.kube_config.qe_config_secret)
+        secret = self._lookup_secret()
+        if secret is None:
+            self._assert_success(self._execute_k8s_api('POST', secret_url, {
+                "kind": "Secret",
+                "apiVersion": "v1",
+                "metadata": {
+                    "name": self.kube_config.qe_config_secret
+                },
+                "data": {}
+            }))
+
+        # Update the secret to reflect the file change.
+        secret['data'] = secret.get('data', {})
+
+        if value is not None:
+            secret['data'][relative_file_path] = base64.b64encode(value)
+        else:
+            secret['data'].pop(relative_file_path)
+
+        self._assert_success(self._execute_k8s_api('PUT', secret_url, secret))
+
+    def _lookup_secret(self):
+        secret_url = 'namespaces/%s/secrets/%s' % (self.kube_config.qe_namespace, self.kube_config.qe_config_secret)
+        response = self._execute_k8s_api('GET', secret_url)
+        if response.status_code != 200:
+            return None
+        return json.loads(response.text)
+
+    def _execute_k8s_api(self, method, relative_url, data=None, api_prefix='api/v1', content_type='application/json'):
+        headers = {
+            'Authorization': 'Bearer ' + self.kube_config.service_account_token
+        }
+
+        if data:
+            headers['Content-Type'] = content_type
+
+        data = json.dumps(data) if data else None
+        session = Session()
+        url = 'https://%s/%s/%s' % (self.kube_config.api_host, api_prefix, relative_url)
+
+        request = Request(method, url, data=data, headers=headers)
+        return session.send(request.prepare(), verify=False, timeout=2)