starlingx/distcloud
Code Issues Proposed changes
Files
2b198a80098fddd2b5a8cd8eea2ade98674142c7
distcloud/distributedcloud/dcagent/api/app.py
Victor Romano 4ceac85048 Introduce dcagent API and periodic info gathering 
This commit introduces the new dcagent package. It is comprised of a
periodic process that queries the necessary endpoints to gather the
audit data and an API running on port 8325 (internal) and 8326 (admin).
The api only has one endpoint /v1/dcaudit that accepts only PATCH and
will respond with 'in-sync' or 'out-of-sync' for dcmanager-audit based
on the RegionOne data provided or will return the subcloud data for the
requested endpoints for dcorch-audit.

The agent also supports a key 'use_cache' to be sent in the payload
that will determine if it should use the cache data gathered by the
periodic process or get new information on the fly.

Example of payload using cached data:
  {
    "base_audit": "",
    "firmware_audit": "<regionone-audit-data>",
    "kubernetes_audit": "<regionone-audit-data>",
    "kube_rootca_audit" : "<regionone-audit-data>",
    "software_audit": "<regionone-audit-data>"
  }

Example of payload requesting new information:
  {
    "certificates": "",
    "iuser": "",
    "fernet_repo": "",
    "use_cache": "false"
  }

NOTES:
  - As patch and load audits will be deprecated in the next major
    release, no effort was made to integrate both patch and load audit
    to dcagent.
  - All tests described below were executed applying [1] as well,
    to avoid retesting.

[1]: https://review.opendev.org/c/starlingx/distcloud/+/923351

Test plan:
  - PASS: Run dcmanager audit with dcagent. Verify only one call is
          made to audit the subcloud and the response include the
          correct sync status.
  - PASS: Run dcmanager audit without dcagent. Verify the audit
          works as expected querying each individual endpoint.

Story: 2011106
Task: 50559

Change-Id: I1820ca9688d5d05f8712f9a42f6012f2ec3e2d8a
Signed-off-by: Victor Romano <victor.gluzromano@windriver.com>
2024-07-24 12:39:00 -03:00

74 lines
1.8 KiB
Python
Raw Blame History

#
# Copyright (c) 2024 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
import pecan
from keystonemiddleware import auth_token
from oslo_config import cfg
from oslo_middleware import request_id
from oslo_service import service
from dcagent.common import context as ctx
from dcagent.common.i18n import _
def setup_app(*args, **kwargs):
opts = cfg.CONF.pecan
config = {
"server": {"port": cfg.CONF.bind_port, "host": cfg.CONF.bind_host},
"app": {
"root": "dcagent.api.controllers.root.RootController",
"modules": ["dcagent.api"],
"debug": opts.debug,
"auth_enable": opts.auth_enable,
"errors": {400: "/error", "__force_dict__": True},
},
}
pecan_config = pecan.configuration.conf_from_dict(config)
app = pecan.make_app(
pecan_config.app.root,
debug=False,
wrap_app=_wrap_app,
force_canonical=False,
hooks=lambda: [ctx.AuthHook()],
guess_content_type_from_ext=True,
)
return app
def _wrap_app(app):
app = request_id.RequestId(app)
if cfg.CONF.pecan.auth_enable and cfg.CONF.auth_strategy == "keystone":
conf = dict(cfg.CONF.keystone_authtoken)
# Change auth decisions of requests to the app itself.
conf.update({"delay_auth_decision": True})
# NOTE: Policy enforcement works only if Keystone
# authentication is enabled. No support for other authentication
# types at this point.
return auth_token.AuthProtocol(app, conf)
else:
return app
_launcher = None
def serve(api_service, conf, workers=1):
global _launcher
if _launcher:
raise RuntimeError(_("serve() can only be called once"))
_launcher = service.launch(conf, api_service, workers=workers)
def wait():
_launcher.wait()
View Git Blame Copy Permalink