Merge "openshiftpods: define ca_crt parameter if available"
This commit is contained in:
commit
fa2a850cb9
|
@ -40,6 +40,7 @@ class OpenshiftPodLauncher(OpenshiftLauncher):
|
||||||
'pod': pod_name,
|
'pod': pod_name,
|
||||||
'namespace': project,
|
'namespace': project,
|
||||||
'host': k8s.api_client.configuration.host,
|
'host': k8s.api_client.configuration.host,
|
||||||
|
'ca_crt': self.handler.manager.ca_crt,
|
||||||
'skiptls': not k8s.api_client.configuration.verify_ssl,
|
'skiptls': not k8s.api_client.configuration.verify_ssl,
|
||||||
'token': self.handler.manager.token,
|
'token': self.handler.manager.token,
|
||||||
'user': 'zuul-worker',
|
'user': 'zuul-worker',
|
||||||
|
|
|
@ -12,6 +12,7 @@
|
||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
|
import base64
|
||||||
import logging
|
import logging
|
||||||
import urllib3
|
import urllib3
|
||||||
import time
|
import time
|
||||||
|
@ -34,7 +35,7 @@ class OpenshiftPodsProvider(OpenshiftProvider):
|
||||||
self.provider = provider
|
self.provider = provider
|
||||||
self.ready = False
|
self.ready = False
|
||||||
try:
|
try:
|
||||||
self.token, self.k8s_client = self._get_client(
|
self.token, self.ca_crt, self.k8s_client = self._get_client(
|
||||||
provider.context)
|
provider.context)
|
||||||
except kce.ConfigException:
|
except kce.ConfigException:
|
||||||
self.log.exception("Couldn't load client from config")
|
self.log.exception("Couldn't load client from config")
|
||||||
|
@ -44,6 +45,7 @@ class OpenshiftPodsProvider(OpenshiftProvider):
|
||||||
"config.list_kube_config_contexts()[0]]))\"")
|
"config.list_kube_config_contexts()[0]]))\"")
|
||||||
self.token = None
|
self.token = None
|
||||||
self.k8s_client = None
|
self.k8s_client = None
|
||||||
|
self.ca_crt = None
|
||||||
self.pod_names = set()
|
self.pod_names = set()
|
||||||
for pool in provider.pools.values():
|
for pool in provider.pools.values():
|
||||||
self.pod_names.update(pool.labels.keys())
|
self.pod_names.update(pool.labels.keys())
|
||||||
|
@ -51,7 +53,12 @@ class OpenshiftPodsProvider(OpenshiftProvider):
|
||||||
def _get_client(self, context):
|
def _get_client(self, context):
|
||||||
conf = config.new_client_from_config(context=context)
|
conf = config.new_client_from_config(context=context)
|
||||||
token = conf.configuration.api_key.get('authorization', '').split()[-1]
|
token = conf.configuration.api_key.get('authorization', '').split()[-1]
|
||||||
return (token, k8s_client.CoreV1Api(conf))
|
ca = None
|
||||||
|
if conf.configuration.ssl_ca_cert:
|
||||||
|
with open(conf.configuration.ssl_ca_cert) as ca_file:
|
||||||
|
ca = ca_file.read()
|
||||||
|
ca = base64.b64encode(ca.encode('utf-8')).decode('utf-8')
|
||||||
|
return (token, ca, k8s_client.CoreV1Api(conf))
|
||||||
|
|
||||||
def start(self, zk_conn):
|
def start(self, zk_conn):
|
||||||
self.log.debug("Starting")
|
self.log.debug("Starting")
|
||||||
|
|
|
@ -76,7 +76,7 @@ class TestDriverOpenshiftPods(tests.DBTestCase):
|
||||||
self.fake_k8s_client = FakeCoreClient()
|
self.fake_k8s_client = FakeCoreClient()
|
||||||
|
|
||||||
def fake_get_client(*args):
|
def fake_get_client(*args):
|
||||||
return "fake-token", self.fake_k8s_client
|
return "fake-token", None, self.fake_k8s_client
|
||||||
|
|
||||||
self.useFixture(fixtures.MockPatchObject(
|
self.useFixture(fixtures.MockPatchObject(
|
||||||
provider.OpenshiftPodsProvider, '_get_client',
|
provider.OpenshiftPodsProvider, '_get_client',
|
||||||
|
@ -103,6 +103,7 @@ class TestDriverOpenshiftPods(tests.DBTestCase):
|
||||||
self.assertIsNotNone(node.launcher)
|
self.assertIsNotNone(node.launcher)
|
||||||
self.assertEqual(node.connection_type, 'kubectl')
|
self.assertEqual(node.connection_type, 'kubectl')
|
||||||
self.assertEqual(node.connection_port.get('token'), 'fake-token')
|
self.assertEqual(node.connection_port.get('token'), 'fake-token')
|
||||||
|
self.assertIn('ca_crt', node.connection_port)
|
||||||
self.assertEqual(node.attributes,
|
self.assertEqual(node.attributes,
|
||||||
{'key1': 'value1', 'key2': 'value2'})
|
{'key1': 'value1', 'key2': 'value2'})
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue