Update OIDC upgrade script for 22.12
These scripts perform helm override check, backup of helm overrides, conversion of helm overrides and upgrade of the oidc-auth-apps application. The original scripts are restored from commit8293b0af
, which was originally written for 21.12 to 22.06 upgrade. This cherry-picks commit8293b0af
, but also adjusts the accepted releases. We will support upgrade of 21.12 to 22.12 release. The script is neuter from 22.06 to 22.12 upgrade. The changes from original commit include: - accept TO_RELEASE 22.12 instead - when from_release and to_release do not match the return with a softer warning, and return 0 instead 1 - use /var/opt/oidc-auth-apps instead of /opt/oidc-auth-apps - use yaml.safe_load() Test Plan: PASS: unit test on python3 PASS: unit test of both scripts PASS: unit test health-check, start, activate PASS: unit test yaml.safeload health-check, start, migrate PASS: unit test helm overrides before/after switch to yaml.safeload PASS: conversion of 21.12 configuration PASS: absent helm overrides PASS: AIO-SX provision 22.12 PASS: AIO-DX provision 22.12 PASS: confirm permissions of /var/opt/oidc-auth-apps/, and scripts PASS: simulate 21.12 to 22.12 upgrade env, upgrade oidc application PASS: simulate 22.06 to 22.12 upgrade env, observe neuter scripts N/A: AIO-SX/AIO-DX upgrade 21.12 to 22.12 N/A: AIO-SX/AIO-DX upgrade 22.06 to 22.12 (neuter scripts) Story: 2009303 Task: 46677 Depends-on: https://review.opendev.org/c/starlingx/config/+/863656 Depends-on: https://review.opendev.org/c/starlingx/oidc-auth-armada-app/+/863436 Change-Id: I53ae6fbf1669cd8fbfca6082716333433d32ab80 Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
This commit is contained in:
parent
2fecb99ae4
commit
2b58eb7ff2
@ -23,12 +23,12 @@ log.configure()
|
||||
|
||||
# This script is only valid for to/from releases:
|
||||
ACCEPTED_FROM = ['21.12']
|
||||
ACCEPTED_TO = ['22.06']
|
||||
ACCEPTED_TO = ['22.12']
|
||||
ACCEPTED_ACTIONS = ['health-check', 'start', 'migrate']
|
||||
|
||||
# this path should have been created by stx-oidc-auth-helm package
|
||||
# with ownership assigned to postgres:postgres
|
||||
BACKUP_PATH = '/opt/oidc-auth-apps'
|
||||
BACKUP_PATH = '/var/opt/oidc-auth-apps'
|
||||
|
||||
# list of charts in oidc-auth-apps; for sanity check only
|
||||
oidc_charts = ['dex', 'oidc-client', 'secret-observer']
|
||||
@ -156,7 +156,7 @@ def backup_overrides(overrides, action='debug'):
|
||||
if name not in oidc_charts:
|
||||
LOG.warning("oidc-auth-apps: mismatch chart name '%s'", name)
|
||||
if chart[field]:
|
||||
document = yaml.load(chart[field])
|
||||
document = yaml.safe_load(chart[field])
|
||||
if not document:
|
||||
LOG.debug("oidc-auth-apps: %s empty document", name)
|
||||
continue
|
||||
@ -345,7 +345,7 @@ def get_chart_override(overrides, chart):
|
||||
# applied, or because it failed to apply without overrides
|
||||
return None
|
||||
# convert the string to python structures
|
||||
return yaml.load(chart_ov['user_overrides'])
|
||||
return yaml.safe_load(chart_ov['user_overrides'])
|
||||
|
||||
|
||||
def validate_overrides(overrides):
|
||||
@ -364,7 +364,7 @@ def validate_overrides(overrides):
|
||||
if not document:
|
||||
LOG.error("oidc-auth-apps: no dex user_overrides to validate")
|
||||
return False
|
||||
validate = yaml.load(validation_yaml)
|
||||
validate = yaml.safe_load(validation_yaml)
|
||||
return validate_document(validate, document)
|
||||
|
||||
|
||||
@ -454,13 +454,13 @@ def main():
|
||||
from_release, to_release, action)
|
||||
return 0
|
||||
elif from_release not in ACCEPTED_FROM:
|
||||
LOG.error("oidc-auth-apps: upgrade script not valid from release %s",
|
||||
from_release)
|
||||
return 1
|
||||
LOG.warning("oidc-auth-apps: not valid from release %s",
|
||||
from_release)
|
||||
return 0
|
||||
elif to_release not in ACCEPTED_TO:
|
||||
LOG.error("oidc-auth-apps: upgrade script not valid to release %s",
|
||||
to_release)
|
||||
return 1
|
||||
LOG.warning("oidc-auth-apps: not valid to release %s",
|
||||
to_release)
|
||||
return 0
|
||||
|
||||
try:
|
||||
conn = psycopg2.connect("dbname=sysinv user=postgres")
|
||||
|
@ -35,11 +35,16 @@ if [ "$FROM_RELEASE" != "21.12" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# only run if to 22.12 release
|
||||
if [ "$TO_RELEASE" != "22.12" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
PLATFORM_APPLICATION_PATH='/usr/local/share/applications/helm'
|
||||
PATH=$PATH:/usr/local/sbin
|
||||
|
||||
# conversion script; this script will convert the helm overrides
|
||||
# reading from postgres and putting overrides into /opt/oidc-auth-apps
|
||||
# reading from postgres and putting overrides into /var/opt/oidc-auth-apps
|
||||
CONV_SCRIPT='/etc/upgrade.d/50-validate-oidc-auth-apps.py'
|
||||
CONV_PARAMS="$FROM_RELEASE $TO_RELEASE migrate"
|
||||
|
||||
@ -68,7 +73,7 @@ ORIGINAL_APP_STATUS=$EXISTING_APP_STATUS
|
||||
|
||||
# oidc-auth-apps has user overrides converted and saved for
|
||||
# re-apply at this time
|
||||
OIDC_OVERRIDES="/opt/oidc-auth-apps/converted"
|
||||
OIDC_OVERRIDES="/var/opt/oidc-auth-apps/converted"
|
||||
OIDC_CHARTS="dex oidc-client secret-observer"
|
||||
function oidc_specific_handling {
|
||||
for chart in $OIDC_CHARTS; do
|
||||
|
Loading…
Reference in New Issue
Block a user