From 7ea7c4c8d4f368d831fc145684661594f4f6561c Mon Sep 17 00:00:00 2001 From: jh245g Date: Thu, 2 Aug 2018 11:10:49 -0400 Subject: Support basic authentication in config repo Change-Id: Ic2f40abfbb54bf006f750e4aab7993cb1f4bd5c5 Issue-ID: CCSDK-425 Signed-off-by: jh245g --- .gitignore | 3 +++ helm/plugin/tasks.py | 30 +++++++++++++++++++++++------- helm/plugin/workflows.py | 14 +++++++++++++- 3 files changed, 39 insertions(+), 8 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5ac9468 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +# IntelliJ +.idea/* +*.iml \ No newline at end of file diff --git a/helm/plugin/tasks.py b/helm/plugin/tasks.py index 9d03fba..5ff7df8 100644 --- a/helm/plugin/tasks.py +++ b/helm/plugin/tasks.py @@ -30,6 +30,7 @@ from cloudify.exceptions import OperationRetry from cloudify_rest_client.exceptions import CloudifyClientError import pip import json +import base64 import yaml import urllib2 from cloudify.decorators import operation @@ -71,10 +72,12 @@ def configure_admin_conf(): admin_file_dest = os.path.join(os.path.expanduser('~'), 'admin.conf') execute_command( - 'sudo cp {0} {1}'.format('/etc/kubernetes/admin.conf', admin_file_dest)) + 'sudo cp {0} {1}'.format('/etc/kubernetes/admin.conf', + admin_file_dest)) execute_command('sudo chown {0}:{1} {2}'.format(uid, gid, admin_file_dest)) - with open(os.path.join(os.path.expanduser('~'), '.bashrc'), 'a') as outfile: + with open(os.path.join(os.path.expanduser('~'), '.bashrc'), + 'a') as outfile: outfile.write('export KUBECONFIG=$HOME/admin.conf') os.environ['KUBECONFIG'] = admin_file_dest @@ -87,7 +90,8 @@ def get_current_helm_value(chart_name): if str_to_bool(ctx.node.properties['tls-enable']): getValueCommand = subprocess.Popen( ["helm", "get", "values", "-a", chart_name, '--host', tiller_host, - '--tls', '--tls-ca-cert', config_dir + 'ca.cert.pem', '--tls-cert', + '--tls', '--tls-ca-cert', config_dir + 'ca.cert.pem', + '--tls-cert', config_dir + 'helm.cert.pem', '--tls-key', config_dir + 'helm.key.pem'], stdout=subprocess.PIPE) else: @@ -216,7 +220,18 @@ def config(**kwargs): if configJson == '' and configUrl == '': ctx.logger.debug("Will use default HELM value") elif configJson == '' and configUrl != '': - response = urllib2.urlopen(configUrl) + if configUrl.find("@"): + head, end = configUrl.rsplit('@', 1) + head, auth = head.rsplit('//', 1) + configUrl = head + '//' + end + username, password = auth.rsplit(':', 1) + request = urllib2.Request(configUrl) + base64string = base64.encodestring( + '%s:%s' % (username, password)).replace('\n', '') + request.add_header("Authorization", "Basic %s" % base64string) + response = urllib2.urlopen(request) + else: + response = urllib2.urlopen(configUrl) if configUrlInputFormat == 'json': configObj = json.load(response) elif configUrlInputFormat == 'yaml': @@ -293,10 +308,11 @@ def stop(**kwargs): # Delete helm chart command = 'helm delete --purge ' + chartName + tiller_host() + tls() output = execute_command(command) - config_dir = config_dir_root + str(ctx.deployment.id) - shutil.rmtree(config_dir) if output == False: raise NonRecoverableError("helm delete failed") + config_file = config_dir_root + str( + ctx.deployment.id) + '/' + component + '.yaml' + os.remove(config_file) @operation @@ -322,7 +338,7 @@ def upgrade(**kwargs): with open(configPath, 'w') as outfile: yaml.safe_dump(configJson, outfile, default_flow_style=False) # configure_admin_conf() - upgradeCommand = 'helm upgrade ' + chartName + ' ' + chart + ' -f ' +\ + upgradeCommand = 'helm upgrade ' + chartName + ' ' + chart + ' -f ' + \ configPath + tiller_host() + tls() output = execute_command(upgradeCommand) if output == False: diff --git a/helm/plugin/workflows.py b/helm/plugin/workflows.py index c21f27c..9870bdf 100644 --- a/helm/plugin/workflows.py +++ b/helm/plugin/workflows.py @@ -21,6 +21,7 @@ from cloudify.exceptions import NonRecoverableError import urllib2 import json import yaml +import base64 @workflow @@ -37,7 +38,18 @@ def upgrade(node_instance_id, config_json, config_url, config_format, if config_json == '' and config_url == '': kwargs['config'] = config_json elif config_json == '' and config_url != '': - response = urllib2.urlopen(config_url) + if config_url.find("@"): + head, end = config_url.rsplit('@', 1) + head, auth = head.rsplit('//', 1) + config_url = head + '//' + end + username, password = auth.rsplit(':', 1) + request = urllib2.Request(config_url) + base64string = base64.encodestring( + '%s:%s' % (username, password)).replace('\n', '') + request.add_header("Authorization", "Basic %s" % base64string) + response = urllib2.urlopen(request) + else: + response = urllib2.urlopen(config_url) if config_format == 'json': kwargs['config'] = json.load(response) elif config_format == 'yaml': -- cgit 1.2.3-korg