Merge "openshiftpods: define ca_crt parameter if available"

This commit is contained in:
Zuul 2020-05-18 12:14:53 +00:00 committed by Gerrit Code Review
commit fa2a850cb9
3 changed files with 12 additions and 3 deletions

View File

@ -40,6 +40,7 @@ class OpenshiftPodLauncher(OpenshiftLauncher):
'pod': pod_name,
'namespace': project,
'host': k8s.api_client.configuration.host,
'ca_crt': self.handler.manager.ca_crt,
'skiptls': not k8s.api_client.configuration.verify_ssl,
'token': self.handler.manager.token,
'user': 'zuul-worker',

View File

@ -12,6 +12,7 @@
# License for the specific language governing permissions and limitations
# under the License.
import base64
import logging
import urllib3
import time
@ -34,7 +35,7 @@ class OpenshiftPodsProvider(OpenshiftProvider):
self.provider = provider
self.ready = False
try:
self.token, self.k8s_client = self._get_client(
self.token, self.ca_crt, self.k8s_client = self._get_client(
provider.context)
except kce.ConfigException:
self.log.exception("Couldn't load client from config")
@ -44,6 +45,7 @@ class OpenshiftPodsProvider(OpenshiftProvider):
"config.list_kube_config_contexts()[0]]))\"")
self.token = None
self.k8s_client = None
self.ca_crt = None
self.pod_names = set()
for pool in provider.pools.values():
self.pod_names.update(pool.labels.keys())
@ -51,7 +53,12 @@ class OpenshiftPodsProvider(OpenshiftProvider):
def _get_client(self, context):
conf = config.new_client_from_config(context=context)
token = conf.configuration.api_key.get('authorization', '').split()[-1]
return (token, k8s_client.CoreV1Api(conf))
ca = None
if conf.configuration.ssl_ca_cert:
with open(conf.configuration.ssl_ca_cert) as ca_file:
ca = ca_file.read()
ca = base64.b64encode(ca.encode('utf-8')).decode('utf-8')
return (token, ca, k8s_client.CoreV1Api(conf))
def start(self, zk_conn):
self.log.debug("Starting")

View File

@ -76,7 +76,7 @@ class TestDriverOpenshiftPods(tests.DBTestCase):
self.fake_k8s_client = FakeCoreClient()
def fake_get_client(*args):
return "fake-token", self.fake_k8s_client
return "fake-token", None, self.fake_k8s_client
self.useFixture(fixtures.MockPatchObject(
provider.OpenshiftPodsProvider, '_get_client',
@ -103,6 +103,7 @@ class TestDriverOpenshiftPods(tests.DBTestCase):
self.assertIsNotNone(node.launcher)
self.assertEqual(node.connection_type, 'kubectl')
self.assertEqual(node.connection_port.get('token'), 'fake-token')
self.assertIn('ca_crt', node.connection_port)
self.assertEqual(node.attributes,
{'key1': 'value1', 'key2': 'value2'})