Merge "Add support in Armada CLI to pass user bearer tokens to tiller"

armada/cli/apply.py

@@ -129,17 +129,18 @@ SHORT_DESC = "Command installs manifest charts."
     help=("The target manifest to run. Required for specifying "
           "which manifest to run when multiple are available."),
     default=None)
+@click.option('--bearer-token', help="User Bearer token", default=None)
 @click.option('--debug', help="Enable debug logging.", is_flag=True)
 @click.pass_context
 def apply_create(ctx, locations, api, disable_update_post, disable_update_pre,
                  dry_run, enable_chart_cleanup, use_doc_ref, set, tiller_host,
                  tiller_port, tiller_namespace, timeout, values, wait,
-                 target_manifest, debug):
+                 target_manifest, bearer_token, debug):
     CONF.debug = debug
     ApplyManifest(ctx, locations, api, disable_update_post, disable_update_pre,
                   dry_run, enable_chart_cleanup, use_doc_ref, set, tiller_host,
                   tiller_port, tiller_namespace, timeout, values, wait,
-                  target_manifest).safe_invoke()
+                  target_manifest, bearer_token).safe_invoke()
 
 
 class ApplyManifest(CliAction):
@@ -147,7 +148,7 @@ class ApplyManifest(CliAction):
     def __init__(self, ctx, locations, api, disable_update_post,
                  disable_update_pre, dry_run, enable_chart_cleanup,
                  use_doc_ref, set, tiller_host, tiller_port, tiller_namespace,
-                 timeout, values, wait, target_manifest):
+                 timeout, values, wait, target_manifest, bearer_token):
         super(ApplyManifest, self).__init__()
         self.ctx = ctx
         # Filename can also be a URL reference
@@ -166,6 +167,7 @@ class ApplyManifest(CliAction):
         self.values = values
         self.wait = wait
         self.target_manifest = target_manifest
+        self.bearer_token = bearer_token
 
     def output(self, resp):
         for result in resp:
@@ -203,6 +205,7 @@ class ApplyManifest(CliAction):
                     tiller_host=self.tiller_host,
                     tiller_port=self.tiller_port,
                     tiller_namespace=self.tiller_namespace,
+                    bearer_token=self.bearer_token,
                     dry_run=self.dry_run) as tiller:
                 armada = Armada(
                     documents,

armada/cli/delete.py

@@ -66,19 +66,20 @@ SHORT_DESC = "Command deletes releases."
 @click.option('--tiller-host', help="Tiller host IP.")
 @click.option(
     '--tiller-port', help="Tiller host port.", type=int, default=44134)
+@click.option('--bearer-token', help="User Bearer token.", default=None)
 @click.option('--debug', help="Enable debug logging.", is_flag=True)
 @click.pass_context
 def delete_charts(ctx, manifest, releases, no_purge, tiller_host, tiller_port,
-                  debug):
+                  bearer_token, debug):
     CONF.debug = debug
     DeleteChartManifest(ctx, manifest, releases, no_purge, tiller_host,
-                        tiller_port).safe_invoke()
+                        tiller_port, bearer_token).safe_invoke()
 
 
 class DeleteChartManifest(CliAction):
 
     def __init__(self, ctx, manifest, releases, no_purge, tiller_host,
-                 tiller_port):
+                 tiller_port, bearer_token):
 
         super(DeleteChartManifest, self).__init__()
         self.ctx = ctx
@@ -87,11 +88,13 @@ class DeleteChartManifest(CliAction):
         self.purge = not no_purge
         self.tiller_host = tiller_host
         self.tiller_port = tiller_port
+        self.bearer_token = bearer_token
 
     def invoke(self):
         with Tiller(
                 tiller_host=self.tiller_host,
-                tiller_port=self.tiller_port) as tiller:
+                tiller_port=self.tiller_port,
+                bearer_token=self.bearer_token) as tiller:
             self.handle(tiller)
 
     def handle(self, tiller):

armada/cli/rollback.py

@@ -80,22 +80,23 @@ SHORT_DESC = "Command performs a release rollback."
     '--recreate-pods',
     help=("Restarts pods for the resource if applicable."),
     is_flag=True)
+@click.option('--bearer-token', help=("User bearer token."), default=None)
 @click.option('--debug', help="Enable debug logging.", is_flag=True)
 @click.pass_context
 def rollback_charts(ctx, release, version, dry_run, tiller_host, tiller_port,
                     tiller_namespace, timeout, wait, force, recreate_pods,
-                    debug):
+                    bearer_token, debug):
     CONF.debug = debug
     Rollback(ctx, release, version, dry_run, tiller_host, tiller_port,
-             tiller_namespace, timeout, wait, force,
+             tiller_namespace, timeout, wait, force, recreate_pods,
-             recreate_pods).safe_invoke()
+             bearer_token).safe_invoke()
 
 
 class Rollback(CliAction):
 
     def __init__(self, ctx, release, version, dry_run, tiller_host,
                  tiller_port, tiller_namespace, timeout, wait, force,
-                 recreate_pods):
+                 recreate_pods, bearer_token):
         super(Rollback, self).__init__()
         self.ctx = ctx
         self.release = release
@@ -108,12 +109,14 @@ class Rollback(CliAction):
         self.wait = wait
         self.force = force
         self.recreate_pods = recreate_pods
+        self.bearer_token = bearer_token
 
     def invoke(self):
         with Tiller(
                 tiller_host=self.tiller_host,
                 tiller_port=self.tiller_port,
                 tiller_namespace=self.tiller_namespace,
+                bearer_token=self.bearer_token,
                 dry_run=self.dry_run) as tiller:
 
             response = tiller.rollback_release(

armada/cli/tiller.py

@@ -61,19 +61,20 @@ SHORT_DESC = "Command gets Tiller information."
     default=CONF.tiller_namespace)
 @click.option('--releases', help="List of deployed releases.", is_flag=True)
 @click.option('--status', help="Status of Tiller services.", is_flag=True)
+@click.option('--bearer-token', help="User bearer token.", default=None)
 @click.option('--debug', help="Enable debug logging.", is_flag=True)
 @click.pass_context
 def tiller_service(ctx, tiller_host, tiller_port, tiller_namespace, releases,
-                   status, debug):
+                   status, bearer_token, debug):
     CONF.debug = debug
     TillerServices(ctx, tiller_host, tiller_port, tiller_namespace, releases,
-                   status).safe_invoke()
+                   status, bearer_token).safe_invoke()
 
 
 class TillerServices(CliAction):
 
     def __init__(self, ctx, tiller_host, tiller_port, tiller_namespace,
-                 releases, status):
+                 releases, status, bearer_token):
         super(TillerServices, self).__init__()
         self.ctx = ctx
         self.tiller_host = tiller_host
@@ -81,13 +82,15 @@ class TillerServices(CliAction):
         self.tiller_namespace = tiller_namespace
         self.releases = releases
         self.status = status
+        self.bearer_token = bearer_token
 
     def invoke(self):
 
         with Tiller(
                 tiller_host=self.tiller_host,
                 tiller_port=self.tiller_port,
-                tiller_namespace=self.tiller_namespace) as tiller:
+                tiller_namespace=self.tiller_namespace,
+                bearer_token=self.bearer_token) as tiller:
 
             self.handle(tiller)
 

armada/handlers/k8s.py

@@ -41,20 +41,30 @@ class K8s(object):
     Object to obtain the local kube config file
     '''
 
-    def __init__(self):
+    def __init__(self, bearer_token=None):
         '''
         Initialize connection to Kubernetes
         '''
+        self.bearer_token = bearer_token
+        api_client = None
+
         try:
             config.load_incluster_config()
         except config.config_exception.ConfigException:
             config.load_kube_config()
 
-        self.client = client.CoreV1Api()
+        if self.bearer_token:
-        self.batch_api = client.BatchV1Api()
+            # Configure API key authorization: Bearer Token
-        self.batch_v1beta1_api = client.BatchV1beta1Api()
+            configuration = client.Configuration()
-        self.extension_api = client.ExtensionsV1beta1Api()
+            configuration.api_key_prefix['authorization'] = 'Bearer'
-        self.apps_v1_api = client.AppsV1Api()
+            configuration.api_key['authorization'] = self.bearer_token
+            api_client = client.ApiClient(configuration)
+
+        self.client = client.CoreV1Api(api_client)
+        self.batch_api = client.BatchV1Api(api_client)
+        self.batch_v1beta1_api = client.BatchV1beta1Api(api_client)
+        self.extension_api = client.ExtensionsV1beta1Api(api_client)
+        self.apps_v1_api = client.AppsV1Api(api_client)
 
     def delete_job_action(self,
                           name,

armada/handlers/tiller.py

@@ -80,14 +80,16 @@ class Tiller(object):
                  tiller_host=None,
                  tiller_port=None,
                  tiller_namespace=None,
+                 bearer_token=None,
                  dry_run=None):
         self.tiller_host = tiller_host
         self.tiller_port = tiller_port or CONF.tiller_port
         self.tiller_namespace = tiller_namespace or CONF.tiller_namespace
+        self.bearer_token = bearer_token
         self.dry_run = dry_run or False
 
         # init k8s connectivity
-        self.k8s = K8s()
+        self.k8s = K8s(bearer_token=self.bearer_token)
 
         # init Tiller channel
         self.channel = self.get_channel()

doc/source/commands/apply.rst

@@ -54,6 +54,7 @@ Commands
       --target-manifest TEXT        The target manifest to run. Required for
                                     specifying which manifest to run when multiple
                                     are available.
+      --bearer-token                User bearer token.
       --debug                       Enable debug logging.
       --help                        Show this message and exit.
 

doc/source/commands/rollback.rst

@@ -24,6 +24,7 @@ Commands
       --timeout INTEGER             Tiller Host IP
       --version INTEGER             Version of release to rollback to. 0 represents the previous release
       --wait                        Version of release to rollback to. 0 represents the previous release
+      --bearer-token                User bearer token
       --help                        Show this message and exit.
 
 Synopsis

doc/source/commands/tiller.rst

@@ -27,6 +27,7 @@ Commands
       -tn, --tiller-namespace TEXT  Tiller namespace
       --releases                    list of deployed releses
       --status                      Status of Armada services
+      --bearer-token                User bearer token
       --help                        Show this message and exit.
 
 Synopsis

doc/source/operations/guide-use-armada.rst

@@ -224,3 +224,25 @@ for example:
       description: Change value deploy
       chart_group:
         - blog-1
+
+User bearer token
+-----------------
+It is possible to pass the user bearer token from the armada CLI to interact
+with a kubernetes cluster that has been configured with an external Auth-backend
+like openstack-keystone.
+
+.. code:: bash
+
+    Example:
+
+    armada apply --bearer-token [ TOKEN ] --values [ path_to_yaml ] [ FILE ]
+
+    armada tiller --bearer-token [ TOKEN ] --status
+
+.. note::
+    The bearer token option is available for the following commands
+
+    armada apply
+    armada delete
+    armada tiller
+    armada rollback