From 505bf27896a73280c9ee02bc43a4fdde74743cd2 Mon Sep 17 00:00:00 2001 From: Oleg Basov Date: Tue, 30 Mar 2021 19:08:18 +0000 Subject: [PATCH] Import _create_cert_files upstream method Import upstream repo method for creating required spec files (ca, cert, key) from kubeconf This is required for proper `rally create env --from-sysenv` execution, when having only kubeconfig file and without a need for extracting ca,cert,key from it --- rally_plugins/common/opts.py | 5 +++- rally_plugins/platforms/existing.py | 43 +++++++++++++++++++++++++++-- 2 files changed, 44 insertions(+), 4 deletions(-) diff --git a/rally_plugins/common/opts.py b/rally_plugins/common/opts.py index 3fee97b..b3eb2d3 100644 --- a/rally_plugins/common/opts.py +++ b/rally_plugins/common/opts.py @@ -24,7 +24,10 @@ help="Kubernetes total retries to read resource status"), cfg.FloatOpt("status_poll_interval", default=1.0, - help="Kubernetes status poll interval") + help="Kubernetes status poll interval"), + cfg.StrOpt("cert_dir", + default="~/.rally/cert", + help="Directory for storing certification files") ] diff --git a/rally_plugins/platforms/existing.py b/rally_plugins/platforms/existing.py index 7920321..9c4ce7c 100644 --- a/rally_plugins/platforms/existing.py +++ b/rally_plugins/platforms/existing.py @@ -13,12 +13,17 @@ # under the License. import os +import shutil import traceback +import uuid +from rally.common import cfg from rally.env import platform from rally_plugins.services.kube import kube as k8s_service +CONF = cfg.CONF + @platform.configure(name="existing", platform="kubernetes") class KubernetesPlatform(platform.Platform): @@ -122,6 +127,11 @@ def check_health(self): return {"available": True} def cleanup(self, task_uuid=None): + for key in ("certificate-authority", "client-certificate", + "client-key"): + if key in self.spec: + if os.path.exists(self.spec[key]): + os.remove(self.spec[key]) return { "message": "Coming soon!", "discovered": 0, @@ -138,6 +148,32 @@ def info(self): version = k8s_service.Kubernetes(self.platform_data).get_version() return {"info": version} + @staticmethod + def _create_cert_files(cert_auth, ccert, ckey): + """Store certification key files + + :param cert_auth: certificate authority file + :param ccert: client certificate file + :param ckey: client key file + """ + certs = os.path.abspath(os.path.expanduser(CONF.kubernetes.cert_dir)) + if not os.path.exists(certs): + os.makedirs(certs) + + name_uuid = str(uuid.uuid4()) + new_cert_auth = os.path.join(certs, name_uuid + "_cert_auth") + new_ccert = os.path.join(certs, name_uuid + "_ccert") + new_ckey = os.path.join(certs, name_uuid + "_ckey") + shutil.copyfile(cert_auth, new_cert_auth) + shutil.copyfile(ccert, new_ccert) + shutil.copyfile(ckey, new_ckey) + + return { + "cert_auth": new_cert_auth, + "ccert": new_ccert, + "ckey": new_ckey + } + @classmethod def _get_doc(cls): doc = cls.__doc__.strip() @@ -220,13 +256,14 @@ def create_spec_from_sys_environ(cls, sys_environ): if ckey and ccert: ckey = os.path.abspath(os.path.expanduser(ckey)) ccert = os.path.abspath(os.path.expanduser(ccert)) + cfiles = cls._create_cert_files(cert_auth, ccert, ckey) return { "available": True, "spec": { "server": host, - "certificate-authority": cert_auth, - "client-certificate": ccert, - "client-key": ckey, + "certificate-authority": cfiles.get("cert_auth"), + "client-certificate": cfiles.get("ccert"), + "client-key": cfiles.get("ckey"), "tls_insecure": tls_insecure } }