Merge "Extend vim register function for helm in v2 API"

2023-02-28 17:31:22 +00:00 · 2023-02-28 17:31:22 +00:00 · d457da69d9
parent 674a7e4996 2cbd84c56f
commit d457da69d9
8 changed files with 110 additions and 26 deletions
--- a/roles/setup-default-vim/tasks/main.yaml
+++ b/roles/setup-default-vim/tasks/main.yaml
@ -125,11 +125,14 @@
       dest={{ zuul_work_dir }}/tools/test-setup-k8s-vim.sh
       mode=0755

-  - name: Copy test k8s vim file
+  - name: Copy test k8s vim files
    copy:
       remote_src=True
-       src={{ devstack_base_dir }}/tacker/tacker/tests/etc/samples/local-k8s-vim.yaml
-       dest={{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim.yaml
+       src={{ devstack_base_dir }}/tacker/{{ item }}
+       dest={{ zuul_work_dir }}/{{ item }}
+    with_items:
+       - "tacker/tests/etc/samples/local-k8s-vim.yaml"
+       - "tacker/tests/etc/samples/local-k8s-vim-helm.yaml"

  - name: Copy test k8s vim file for oidc
    copy:
@ -175,13 +178,14 @@
    when:
      - p.stat.exists

-  - name: Replace k8s auth uri in local-k8s-vim.yaml
+  - name: Replace k8s auth uri in k8s vim files
    replace:
       path: "{{ item }}"
       regexp: "https://127.0.0.1:6443"
       replace: "{{ kuryr_k8s_api_url }}"
    with_items:
       - "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim.yaml"
+       - "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim-helm.yaml"
    when:
      - p.stat.exists

@ -207,13 +211,14 @@
      - p.stat.exists
      - keycloak_host is defined

-  - name: Replace k8s auth token in local-k8s-vim.yaml
+  - name: Replace k8s auth token in k8s vim files
    replace:
       path: "{{ item }}"
       regexp: "secret_token"
       replace: "{{ hostvars['controller-k8s'].admin_token.stdout }}"
    with_items:
       - "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim.yaml"
+       - "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim-helm.yaml"
    when:
      - p.stat.exists

@ -249,7 +254,7 @@
    shell: test -f /tmp/agg.crt && cat /tmp/agg.crt
    register: ssl_ca_cert

-  - name: Replace ssl_ca_cert in local-k8s-vim.yaml and local-k8s-vim-oidc.yaml
+  - name: Replace ssl_ca_cert in local-k8s-vim yaml files
    replace:
       path: "{{ item }}"
       regexp: "ssl_ca_cert: .*$"
@ -257,6 +262,7 @@
    with_items:
       - "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim.yaml"
       - "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim-oidc.yaml"
+       - "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim-helm.yaml"
    when:
      - p.stat.exists
      - ssl_ca_cert.rc == 0 and ssl_ca_cert.stdout != ""
--- a/tacker/nfvo/drivers/vim/kubernetes_driver.py
+++ b/tacker/nfvo/drivers/vim/kubernetes_driver.py
@ -66,6 +66,14 @@ class Kubernetes_Driver(abstract_vim_driver.VimAbstractDriver):
        self._validate_vim(auth_cred, file_descriptor)
        self.clean_authenticate_vim(auth_cred, file_descriptor)

+    def _check_extra_field(self, vim_obj):
+        if vim_obj.get('extra') and vim_obj['extra'].get('use_helm'):
+            if not vim_obj['auth_cred'].get('ssl_ca_cert'):
+                error_message = ('If you want to register kubernetes vim with'
+                                 ' helm, please set ssl_ca_cert.')
+                LOG.error(error_message)
+                raise nfvo.VimUnauthorizedException(message=error_message)
+
    def _get_auth_creds(self, vim_obj):
        auth_cred = vim_obj['auth_cred']
        file_descriptor = self._create_ssl_ca_file(auth_cred)
@ -135,6 +143,7 @@ class Kubernetes_Driver(abstract_vim_driver.VimAbstractDriver):
            vim_obj['auth_cred'].pop('key_type')
        if 'secret_uuid' in vim_obj['auth_cred']:
            vim_obj['auth_cred'].pop('secret_uuid')
+        self._check_extra_field(vim_obj)
        self.authenticate_vim(vim_obj)
        self.discover_placement_attr(vim_obj)
        self.encode_vim_auth(vim_obj['id'],
--- a/tacker/tests/etc/samples/local-k8s-vim-helm.yaml
+++ b/tacker/tests/etc/samples/local-k8s-vim-helm.yaml
@ -0,0 +1,7 @@
+auth_url: "https://127.0.0.1:6443"
+bearer_token: "secret_token"
+project_name: "default"
+ssl_ca_cert: None
+type: "kubernetes"
+extra:
+  use_helm: true
--- a/tacker/tests/functional/sol_kubernetes_v2/base_v2.py
+++ b/tacker/tests/functional/sol_kubernetes_v2/base_v2.py
@ -122,14 +122,16 @@ class BaseVnfLcmKubernetesV2Test(base.BaseTestCase):
        return vim_info

    @classmethod
-    def get_k8s_vim_id(cls):
+    def get_k8s_vim_id(cls, use_helm=False):
        vim_list = cls.list_vims(cls)
        if len(vim_list.values()) == 0:
            assert False, "vim_list is Empty: Default VIM is missing"

        for vim_list in vim_list.values():
            for vim in vim_list:
-                if vim['name'] == 'vim-kubernetes':
+                if vim['name'] == 'vim-kubernetes' and not use_helm:
+                    return vim['id']
+                if vim['name'] == 'vim-kubernetes-helm' and use_helm:
                    return vim['id']
        return None

--- a/tacker/tests/functional/sol_kubernetes_v2/paramgen.py
+++ b/tacker/tests/functional/sol_kubernetes_v2/paramgen.py
@ -318,19 +318,25 @@ def test_helm_instantiate_create(vnfd_id):
    }


-def helm_instantiate(auth_url, bearer_token, ssl_ca_cert):
-    vim_id_1 = uuidutils.generate_uuid()
-    vim_1 = {
-        "vimId": vim_id_1,
-        "vimType": "ETSINFV.HELM.V_3",
-        "interfaceInfo": {
-            "endpoint": auth_url,
-            "ssl_ca_cert": ssl_ca_cert
-        },
-        "accessInfo": {
-            "bearer_token": bearer_token
+def helm_instantiate(auth_url=None, bearer_token=None, ssl_ca_cert=None,
+                     vim_id=None):
+    if not vim_id:
+        vim_1 = {
+            "vimId": uuidutils.generate_uuid(),
+            "vimType": "ETSINFV.HELM.V_3",
+            "interfaceInfo": {
+                "endpoint": auth_url,
+                "ssl_ca_cert": ssl_ca_cert
+            },
+            "accessInfo": {
+                "bearer_token": bearer_token
+            }
+        }
+    else:
+        vim_1 = {
+            "vimId": vim_id,
+            "vimType": "ETSINFV.HELM.V_3",
        }
-    }
    return {
        "flavourId": "simple",
        "vimConnectionInfo": {
--- a/tacker/tests/functional/sol_kubernetes_v2/test_helm.py
+++ b/tacker/tests/functional/sol_kubernetes_v2/test_helm.py
@ -37,6 +37,7 @@ class VnfLcmHelmTest(base_v2.BaseVnfLcmKubernetesV2Test):
            cur_dir, "samples/test_helm_change_vnf_pkg")
        cls.vnf_pkg_2, cls.vnfd_id_2 = cls.create_vnf_package(
            test_helm_change_vnf_pkg_path)
+        cls.helm_vim_id = cls.get_k8s_vim_id(use_helm=True)

    @classmethod
    def tearDownClass(cls):
@ -49,6 +50,12 @@ class VnfLcmHelmTest(base_v2.BaseVnfLcmKubernetesV2Test):
        super(VnfLcmHelmTest, self).setUp()

    def test_basic_lcms(self):
+        self._get_basic_lcms_procedure()
+
+    def test_basic_lcms_with_register_helm_vim(self):
+        self._get_basic_lcms_procedure(use_register_vim=True)
+
+    def _get_basic_lcms_procedure(self, use_register_vim=False):
        """Test basic LCM operations

        * About LCM operations:
@ -101,8 +108,12 @@ class VnfLcmHelmTest(base_v2.BaseVnfLcmKubernetesV2Test):
        self.assertEqual('IN_USE', usage_state)

        # 2. Instantiate a VNF instance
-        instantiate_req = paramgen.helm_instantiate(
-            self.auth_url, self.bearer_token, self.ssl_ca_cert)
+        if not use_register_vim:
+            instantiate_req = paramgen.helm_instantiate(
+                self.auth_url, self.bearer_token, self.ssl_ca_cert)
+        else:
+            instantiate_req = paramgen.helm_instantiate(
+                vim_id=self.helm_vim_id)
        resp, body = self.instantiate_vnf_instance(inst_id, instantiate_req)
        self.assertEqual(202, resp.status_code)
        self.check_resp_headers_in_operation_task(resp)
--- a/tacker/tests/unit/nfvo/drivers/vim/test_kubernetes_driver.py
+++ b/tacker/tests/unit/nfvo/drivers/vim/test_kubernetes_driver.py
@ -18,6 +18,7 @@ from unittest import mock
 from oslo_config import cfg

 from tacker import context as t_context
+from tacker.extensions import nfvo
 from tacker.nfvo.drivers.vim import kubernetes_driver
 from tacker.tests.unit import base

@ -134,7 +135,8 @@ class TestKubernetes_Driver(base.TestCase):
            get_core_api_client.assert_called_once_with(auth_obj)

    def _test_register_vim(self, vim_obj, mock_k8s_client,
-                           mock_k8s_coreV1Client):
+                           mock_k8s_coreV1Client,
+                           fernet_obj_encrypt_called_count=1):
        self.kubernetes_api. \
            get_core_api_client.return_value = mock_k8s_client
        self.kubernetes_api. \
@ -147,7 +149,8 @@ class TestKubernetes_Driver(base.TestCase):
        self.kubernetes_api.create_ca_cert_tmp_file.\
            return_value = ('file_descriptor', 'file_path')
        self.kubernetes_driver.register_vim(vim_obj)
-        mock_fernet_obj.encrypt.assert_called_once_with(mock.ANY)
+        self.assertEqual(mock_fernet_obj.encrypt.call_count,
+                         fernet_obj_encrypt_called_count)

    def test_deregister_vim_barbican(self):
        self.keymgr.delete.return_value = None
@ -177,3 +180,36 @@ class TestKubernetes_Driver(base.TestCase):
                         'barbican_key')
        self.assertEqual(vim_obj['auth_cred']['secret_uuid'],
                         'fake-secret-uuid')
+
+    def test_register_vim_with_use_helm_parameter(self):
+        name_value = {'name': 'default'}
+        name = namedtuple("name", name_value.keys())(*name_value.values())
+        metadata_value = {'metadata': name}
+        metadata = namedtuple(
+            "metadata", metadata_value.keys())(*metadata_value.values())
+        items_value = {'items': [metadata]}
+        namespaces = namedtuple(
+            "namespace", items_value.keys())(*items_value.values())
+        attrs = {'list_namespace.return_value': namespaces}
+        mock_k8s_client = mock.Mock()
+        mock_k8s_coreV1Client = mock.Mock(**attrs)
+        auth_obj = {'username': 'test_user',
+                    'password': 'test_password',
+                    'ssl_ca_cert': 'ABC',
+                    'ca_cert_file': 'file_path',
+                    'auth_url': 'https://localhost:6443'}
+        self.vim_obj['extra'] = {'use_helm': True}
+        self.vim_obj['auth_cred']['ssl_ca_cert'] = 'ABC'
+        self._test_register_vim(self.vim_obj, mock_k8s_client,
+                                mock_k8s_coreV1Client,
+                                fernet_obj_encrypt_called_count=2)
+        mock_k8s_coreV1Client.list_namespace.assert_called_once_with()
+        self.kubernetes_api. \
+            get_core_api_client.assert_called_once_with(auth_obj)
+
+    def test_register_vim_with_use_helm_parameter_and_not_set_ssl_ca_cert(
+            self):
+        self.vim_obj['extra'] = {'use_helm': True}
+        del self.vim_obj['auth_cred']['ssl_ca_cert']
+        self.assertRaises(nfvo.VimUnauthorizedException,
+                          self.kubernetes_driver.register_vim, self.vim_obj)
--- a/tools/test-setup-k8s-vim.sh
+++ b/tools/test-setup-k8s-vim.sh
@ -30,11 +30,18 @@ register_vim() {
        $2
 }

-# regiter vim with bearer token
+# register vim with bearer token
 register_vim $conf_dir/local-k8s-vim.yaml vim-kubernetes

-# regiter vim with OpenID Connect info
+# register vim with OpenID Connect info
 if [ -f /tmp/keycloak.crt ]
 then
    register_vim $conf_dir/local-k8s-vim-oidc.yaml vim-kubernetes-oidc
 fi
+
+# register vim with extra used helm
+if [ -f $conf_dir/local-k8s-vim-helm.yaml ]
+then
+    register_vim $conf_dir/local-k8s-vim-helm.yaml vim-kubernetes-helm
+fi
+