openstack/tacker
Code Issues Proposed changes

Merge "Extend vim register function for helm in v2 API"

Browse Source
This commit is contained in:
Zuul
2023-02-28 17:31:22 +00:00
committed by Gerrit Code Review
parent 674a7e4996 2cbd84c56f
commit d457da69d9
8 changed files with 110 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
roles/setup-default-vim/tasks/main.yaml
View File

@@ -125,11 +125,14 @@
dest={{ zuul_work_dir }}/tools/test-setup-k8s-vim.sh dest={{ zuul_work_dir }}/tools/test-setup-k8s-vim.sh
mode=0755 mode=0755
- name: Copy test k8s vim file - name: Copy test k8s vim files
copy: copy:
remote_src=True remote_src=True
src={{ devstack_base_dir }}/tacker/tacker/tests/etc/samples/local-k8s-vim.yaml src={{ devstack_base_dir }}/tacker/{{ item }}
dest={{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim.yaml dest={{ zuul_work_dir }}/{{ item }}
with_items:
- "tacker/tests/etc/samples/local-k8s-vim.yaml"
- "tacker/tests/etc/samples/local-k8s-vim-helm.yaml"
- name: Copy test k8s vim file for oidc - name: Copy test k8s vim file for oidc
copy: copy:
@@ -175,13 +178,14 @@
when: when:
- p.stat.exists - p.stat.exists
- name: Replace k8s auth uri in local-k8s-vim.yaml - name: Replace k8s auth uri in k8s vim files
replace: replace:
path: "{{ item }}" path: "{{ item }}"
regexp: "https://127.0.0.1:6443" regexp: "https://127.0.0.1:6443"
replace: "{{ kuryr_k8s_api_url }}" replace: "{{ kuryr_k8s_api_url }}"
with_items: with_items:
- "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim.yaml" - "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim.yaml"
- "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim-helm.yaml"
when: when:
- p.stat.exists - p.stat.exists
@@ -207,13 +211,14 @@
- p.stat.exists - p.stat.exists
- keycloak_host is defined - keycloak_host is defined
- name: Replace k8s auth token in local-k8s-vim.yaml - name: Replace k8s auth token in k8s vim files
replace: replace:
path: "{{ item }}" path: "{{ item }}"
regexp: "secret_token" regexp: "secret_token"
replace: "{{ hostvars['controller-k8s'].admin_token.stdout }}" replace: "{{ hostvars['controller-k8s'].admin_token.stdout }}"
with_items: with_items:
- "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim.yaml" - "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim.yaml"
- "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim-helm.yaml"
when: when:
- p.stat.exists - p.stat.exists
@@ -249,7 +254,7 @@
shell: test -f /tmp/agg.crt && cat /tmp/agg.crt shell: test -f /tmp/agg.crt && cat /tmp/agg.crt
register: ssl_ca_cert register: ssl_ca_cert
- name: Replace ssl_ca_cert in local-k8s-vim.yaml and local-k8s-vim-oidc.yaml - name: Replace ssl_ca_cert in local-k8s-vim yaml files
replace: replace:
path: "{{ item }}" path: "{{ item }}"
regexp: "ssl_ca_cert: .*$" regexp: "ssl_ca_cert: .*$"
@@ -257,6 +262,7 @@
with_items: with_items:
- "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim.yaml" - "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim.yaml"
- "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim-oidc.yaml" - "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim-oidc.yaml"
- "{{ zuul_work_dir }}/tacker/tests/etc/samples/local-k8s-vim-helm.yaml"
when: when:
- p.stat.exists - p.stat.exists
- ssl_ca_cert.rc == 0 and ssl_ca_cert.stdout != "" - ssl_ca_cert.rc == 0 and ssl_ca_cert.stdout != ""

9
tacker/nfvo/drivers/vim/kubernetes_driver.py
View File

@@ -66,6 +66,14 @@ class Kubernetes_Driver(abstract_vim_driver.VimAbstractDriver):
self._validate_vim(auth_cred, file_descriptor) self._validate_vim(auth_cred, file_descriptor)
self.clean_authenticate_vim(auth_cred, file_descriptor) self.clean_authenticate_vim(auth_cred, file_descriptor)
def _check_extra_field(self, vim_obj):
if vim_obj.get('extra') and vim_obj['extra'].get('use_helm'):
if not vim_obj['auth_cred'].get('ssl_ca_cert'):
error_message = ('If you want to register kubernetes vim with'
' helm, please set ssl_ca_cert.')
LOG.error(error_message)
raise nfvo.VimUnauthorizedException(message=error_message)
def _get_auth_creds(self, vim_obj): def _get_auth_creds(self, vim_obj):
auth_cred = vim_obj['auth_cred'] auth_cred = vim_obj['auth_cred']
file_descriptor = self._create_ssl_ca_file(auth_cred) file_descriptor = self._create_ssl_ca_file(auth_cred)
@@ -135,6 +143,7 @@ class Kubernetes_Driver(abstract_vim_driver.VimAbstractDriver):
vim_obj['auth_cred'].pop('key_type') vim_obj['auth_cred'].pop('key_type')
if 'secret_uuid' in vim_obj['auth_cred']: if 'secret_uuid' in vim_obj['auth_cred']:
vim_obj['auth_cred'].pop('secret_uuid') vim_obj['auth_cred'].pop('secret_uuid')
self._check_extra_field(vim_obj)
self.authenticate_vim(vim_obj) self.authenticate_vim(vim_obj)
self.discover_placement_attr(vim_obj) self.discover_placement_attr(vim_obj)
self.encode_vim_auth(vim_obj['id'], self.encode_vim_auth(vim_obj['id'],

7
tacker/tests/etc/samples/local-k8s-vim-helm.yaml Normal file
View File

@@ -0,0 +1,7 @@
auth_url: "https://127.0.0.1:6443"
bearer_token: "secret_token"
project_name: "default"
ssl_ca_cert: None
type: "kubernetes"
extra:
use_helm: true

6
tacker/tests/functional/sol_kubernetes_v2/base_v2.py
View File

@@ -122,14 +122,16 @@ class BaseVnfLcmKubernetesV2Test(base.BaseTestCase):
return vim_info return vim_info
@classmethod @classmethod
def get_k8s_vim_id(cls): def get_k8s_vim_id(cls, use_helm=False):
vim_list = cls.list_vims(cls) vim_list = cls.list_vims(cls)
if len(vim_list.values()) == 0: if len(vim_list.values()) == 0:
assert False, "vim_list is Empty: Default VIM is missing" assert False, "vim_list is Empty: Default VIM is missing"
for vim_list in vim_list.values(): for vim_list in vim_list.values():
for vim in vim_list: for vim in vim_list:
if vim['name'] == 'vim-kubernetes': if vim['name'] == 'vim-kubernetes' and not use_helm:
return vim['id']
if vim['name'] == 'vim-kubernetes-helm' and use_helm:
return vim['id'] return vim['id']
return None return None

30
tacker/tests/functional/sol_kubernetes_v2/paramgen.py
View File

@@ -318,19 +318,25 @@ def test_helm_instantiate_create(vnfd_id):
} }
def helm_instantiate(auth_url, bearer_token, ssl_ca_cert): def helm_instantiate(auth_url=None, bearer_token=None, ssl_ca_cert=None,
vim_id_1 = uuidutils.generate_uuid() vim_id=None):
vim_1 = { if not vim_id:
"vimId": vim_id_1, vim_1 = {
"vimType": "ETSINFV.HELM.V_3", "vimId": uuidutils.generate_uuid(),
"interfaceInfo": { "vimType": "ETSINFV.HELM.V_3",
"endpoint": auth_url, "interfaceInfo": {
"ssl_ca_cert": ssl_ca_cert "endpoint": auth_url,
}, "ssl_ca_cert": ssl_ca_cert
"accessInfo": { },
"bearer_token": bearer_token "accessInfo": {
"bearer_token": bearer_token
}
}
else:
vim_1 = {
"vimId": vim_id,
"vimType": "ETSINFV.HELM.V_3",
} }
}
return { return {
"flavourId": "simple", "flavourId": "simple",
"vimConnectionInfo": { "vimConnectionInfo": {

15
tacker/tests/functional/sol_kubernetes_v2/test_helm.py
View File

@@ -37,6 +37,7 @@ class VnfLcmHelmTest(base_v2.BaseVnfLcmKubernetesV2Test):
cur_dir, "samples/test_helm_change_vnf_pkg") cur_dir, "samples/test_helm_change_vnf_pkg")
cls.vnf_pkg_2, cls.vnfd_id_2 = cls.create_vnf_package( cls.vnf_pkg_2, cls.vnfd_id_2 = cls.create_vnf_package(
test_helm_change_vnf_pkg_path) test_helm_change_vnf_pkg_path)
cls.helm_vim_id = cls.get_k8s_vim_id(use_helm=True)
@classmethod @classmethod
def tearDownClass(cls): def tearDownClass(cls):
@@ -49,6 +50,12 @@ class VnfLcmHelmTest(base_v2.BaseVnfLcmKubernetesV2Test):
super(VnfLcmHelmTest, self).setUp() super(VnfLcmHelmTest, self).setUp()
def test_basic_lcms(self): def test_basic_lcms(self):
self._get_basic_lcms_procedure()
def test_basic_lcms_with_register_helm_vim(self):
self._get_basic_lcms_procedure(use_register_vim=True)
def _get_basic_lcms_procedure(self, use_register_vim=False):
"""Test basic LCM operations """Test basic LCM operations
* About LCM operations: * About LCM operations:
@@ -101,8 +108,12 @@ class VnfLcmHelmTest(base_v2.BaseVnfLcmKubernetesV2Test):
self.assertEqual('IN_USE', usage_state) self.assertEqual('IN_USE', usage_state)
# 2. Instantiate a VNF instance # 2. Instantiate a VNF instance
instantiate_req = paramgen.helm_instantiate( if not use_register_vim:
self.auth_url, self.bearer_token, self.ssl_ca_cert) instantiate_req = paramgen.helm_instantiate(
self.auth_url, self.bearer_token, self.ssl_ca_cert)
else:
instantiate_req = paramgen.helm_instantiate(
vim_id=self.helm_vim_id)
resp, body = self.instantiate_vnf_instance(inst_id, instantiate_req) resp, body = self.instantiate_vnf_instance(inst_id, instantiate_req)
self.assertEqual(202, resp.status_code) self.assertEqual(202, resp.status_code)
self.check_resp_headers_in_operation_task(resp) self.check_resp_headers_in_operation_task(resp)

40
tacker/tests/unit/nfvo/drivers/vim/test_kubernetes_driver.py
View File

@@ -18,6 +18,7 @@ from unittest import mock
from oslo_config import cfg from oslo_config import cfg
from tacker import context as t_context from tacker import context as t_context
from tacker.extensions import nfvo
from tacker.nfvo.drivers.vim import kubernetes_driver from tacker.nfvo.drivers.vim import kubernetes_driver
from tacker.tests.unit import base from tacker.tests.unit import base
@@ -134,7 +135,8 @@ class TestKubernetes_Driver(base.TestCase):
get_core_api_client.assert_called_once_with(auth_obj) get_core_api_client.assert_called_once_with(auth_obj)
def _test_register_vim(self, vim_obj, mock_k8s_client, def _test_register_vim(self, vim_obj, mock_k8s_client,
mock_k8s_coreV1Client): mock_k8s_coreV1Client,
fernet_obj_encrypt_called_count=1):
self.kubernetes_api. \ self.kubernetes_api. \
get_core_api_client.return_value = mock_k8s_client get_core_api_client.return_value = mock_k8s_client
self.kubernetes_api. \ self.kubernetes_api. \
@@ -147,7 +149,8 @@ class TestKubernetes_Driver(base.TestCase):
self.kubernetes_api.create_ca_cert_tmp_file.\ self.kubernetes_api.create_ca_cert_tmp_file.\
return_value = ('file_descriptor', 'file_path') return_value = ('file_descriptor', 'file_path')
self.kubernetes_driver.register_vim(vim_obj) self.kubernetes_driver.register_vim(vim_obj)
mock_fernet_obj.encrypt.assert_called_once_with(mock.ANY) self.assertEqual(mock_fernet_obj.encrypt.call_count,
fernet_obj_encrypt_called_count)
def test_deregister_vim_barbican(self): def test_deregister_vim_barbican(self):
self.keymgr.delete.return_value = None self.keymgr.delete.return_value = None
@@ -177,3 +180,36 @@ class TestKubernetes_Driver(base.TestCase):
'barbican_key') 'barbican_key')
self.assertEqual(vim_obj['auth_cred']['secret_uuid'], self.assertEqual(vim_obj['auth_cred']['secret_uuid'],
'fake-secret-uuid') 'fake-secret-uuid')
def test_register_vim_with_use_helm_parameter(self):
name_value = {'name': 'default'}
name = namedtuple("name", name_value.keys())(*name_value.values())
metadata_value = {'metadata': name}
metadata = namedtuple(
"metadata", metadata_value.keys())(*metadata_value.values())
items_value = {'items': [metadata]}
namespaces = namedtuple(
"namespace", items_value.keys())(*items_value.values())
attrs = {'list_namespace.return_value': namespaces}
mock_k8s_client = mock.Mock()
mock_k8s_coreV1Client = mock.Mock(**attrs)
auth_obj = {'username': 'test_user',
'password': 'test_password',
'ssl_ca_cert': 'ABC',
'ca_cert_file': 'file_path',
'auth_url': 'https://localhost:6443'}
self.vim_obj['extra'] = {'use_helm': True}
self.vim_obj['auth_cred']['ssl_ca_cert'] = 'ABC'
self._test_register_vim(self.vim_obj, mock_k8s_client,
mock_k8s_coreV1Client,
fernet_obj_encrypt_called_count=2)
mock_k8s_coreV1Client.list_namespace.assert_called_once_with()
self.kubernetes_api. \
get_core_api_client.assert_called_once_with(auth_obj)
def test_register_vim_with_use_helm_parameter_and_not_set_ssl_ca_cert(
self):
self.vim_obj['extra'] = {'use_helm': True}
del self.vim_obj['auth_cred']['ssl_ca_cert']
self.assertRaises(nfvo.VimUnauthorizedException,
self.kubernetes_driver.register_vim, self.vim_obj)

11
tools/test-setup-k8s-vim.sh
View File

@@ -30,11 +30,18 @@ register_vim() {
$2 $2
} }
# regiter vim with bearer token # register vim with bearer token
register_vim $conf_dir/local-k8s-vim.yaml vim-kubernetes register_vim $conf_dir/local-k8s-vim.yaml vim-kubernetes
# regiter vim with OpenID Connect info # register vim with OpenID Connect info
if [ -f /tmp/keycloak.crt ] if [ -f /tmp/keycloak.crt ]
then then
register_vim $conf_dir/local-k8s-vim-oidc.yaml vim-kubernetes-oidc register_vim $conf_dir/local-k8s-vim-oidc.yaml vim-kubernetes-oidc
fi fi
# register vim with extra used helm
if [ -f $conf_dir/local-k8s-vim-helm.yaml ]
then
register_vim $conf_dir/local-k8s-vim-helm.yaml vim-kubernetes-helm
fi