diff options
author | Igor D.C <igor.duarte.cardoso@intel.com> | 2020-09-26 02:19:38 +0000 |
---|---|---|
committer | Igor D.C <igor.duarte.cardoso@intel.com> | 2020-09-26 02:40:02 +0000 |
commit | 582abd0500190c0a7d66c0e7cf92466ed0ec5d88 (patch) | |
tree | 8c61719261fec34a1f2f3b29e3f33cbc9809a33b /src/dcm | |
parent | 8c0cc1278cc4d84863b076b2014b9bc9d8805218 (diff) |
Implement rest of Apply operation in DCM
"Rest of" meaning the Apply operation now effectively
instantiates logical cloud resources on K8s cluster.
More specifically, this commit now enables:
- DCM calling rsync over gRPC on apply
- The following K8s resources are now being created per cluster:
- namespace, csr, resourcequotas, roles, rolebindings
- Tested-working for multiple clusters simultaneously
- Generating and storing logical cloud user private key in MongoDB
This commit doesn't include any logic to request
or retrieve CSR approvals and signed user certificates.
Issue-ID: MULTICLOUD-1143
Change-Id: I92c4270678d05a5cb531791cef199a7dd79403d3
Signed-off-by: Igor D.C <igor.duarte.cardoso@intel.com>
Diffstat (limited to 'src/dcm')
-rw-r--r-- | src/dcm/pkg/module/apply.go | 111 |
1 files changed, 88 insertions, 23 deletions
diff --git a/src/dcm/pkg/module/apply.go b/src/dcm/pkg/module/apply.go index 84eb7ef7..a1a9697e 100644 --- a/src/dcm/pkg/module/apply.go +++ b/src/dcm/pkg/module/apply.go @@ -29,6 +29,7 @@ import ( "github.com/onap/multicloud-k8s/src/orchestrator/pkg/appcontext" "github.com/onap/multicloud-k8s/src/orchestrator/pkg/grpc/installappclient" + "github.com/onap/multicloud-k8s/src/orchestrator/pkg/infra/db" log "github.com/onap/multicloud-k8s/src/orchestrator/pkg/infra/logutils" "github.com/onap/multicloud-k8s/src/orchestrator/pkg/module/controller" pkgerrors "github.com/pkg/errors" @@ -152,12 +153,10 @@ func createRoleBinding(logicalcloud LogicalCloud) (string, error) { } return string(rBData), nil - } func createQuota(quota []Quota, namespace string) (string, error) { lcQuota := quota[0] - q := Resource{ ApiVersion: "v1", Kind: "ResourceQuota", @@ -176,23 +175,22 @@ func createQuota(quota []Quota, namespace string) (string, error) { } return string(qData), nil - } -func createUserCSR(logicalcloud LogicalCloud) (string, error) { +func createUserCSR(logicalcloud LogicalCloud) (string, string, error) { KEYSIZE := 4096 userName := logicalcloud.Specification.User.UserName key, err := rsa.GenerateKey(rand.Reader, KEYSIZE) if err != nil { - return "", err + return "", "", err } csrTemplate := x509.CertificateRequest{Subject: pkix.Name{CommonName: userName}} csrCert, err := x509.CreateCertificateRequest(rand.Reader, &csrTemplate, key) if err != nil { - return "", err + return "", "", err } //Encode csr @@ -205,8 +203,8 @@ func createUserCSR(logicalcloud LogicalCloud) (string, error) { ApiVersion: "certificates.k8s.io/v1beta1", Kind: "CertificateSigningRequest", MetaData: MetaDatas{ - Name: strings.Join([]string{logicalcloud.MetaData.LogicalCloudName, "-user-csr"}, ""), - Namespace: logicalcloud.Specification.NameSpace, + Name: strings.Join([]string{logicalcloud.MetaData.LogicalCloudName, "-user-csr"}, ""), + // Namespace: logicalcloud.Specification.NameSpace, }, Specification: Specs{ Request: base64.StdEncoding.EncodeToString(csr), @@ -216,11 +214,20 @@ func createUserCSR(logicalcloud LogicalCloud) (string, error) { csrData, err := yaml.Marshal(&csrObj) if err != nil { - return "", err + return "", "", err } - return string(csrData), nil + keyData := base64.StdEncoding.EncodeToString(pem.EncodeToMemory( + &pem.Block{ + Type: "RSA PRIVATE KEY", + Bytes: x509.MarshalPKCS1PrivateKey(key), + }, + )) + if err != nil { + return "", "", err + } + return string(csrData), string(keyData), nil } /* @@ -243,7 +250,27 @@ func queryDBAndSetRsyncInfo() (installappclient.RsyncInfo, error) { } /* -callRsyncUninstall method shall take in the app context id and invoke the rsync service via grpc +callRsyncInstall method shall take in the app context id and invokes the rsync service via grpc +*/ +func callRsyncInstall(contextid interface{}) error { + rsyncInfo, err := queryDBAndSetRsyncInfo() + log.Info("Calling the Rsync ", log.Fields{ + "RsyncName": rsyncInfo.RsyncName, + }) + if err != nil { + return err + } + + appContextID := fmt.Sprintf("%v", contextid) + err = installappclient.InvokeInstallApp(appContextID) + if err != nil { + return err + } + return nil +} + +/* +callRsyncUninstall method shall take in the app context id and invokes the rsync service via grpc */ func callRsyncUninstall(contextid interface{}) error { rsyncInfo, err := queryDBAndSetRsyncInfo() @@ -262,20 +289,12 @@ func callRsyncUninstall(contextid interface{}) error { return nil } -// TODO: -// Install istio -// Store user key for user creation -// Code to run kubectl commands for user -// kubectl certificate approve lc1-user-cert -// kubectl get csr lc1-user-cert -o jsonpath='{.status.certificate}' | base64 --decode > user.crt -// kubectl config set-credentials user --client-certificate=<user.crt> --client-key=<user.key> -// kubectl config set-context user-context --cluster=cluster-name --namespace=lc1 --user=user - func CreateEtcdContext(logicalcloud LogicalCloud, clusterList []Cluster, quotaList []Quota) error { APP := "logical-cloud" logicalCloudName := logicalcloud.MetaData.LogicalCloudName + project := "test-project" // FIXME(igordc): temporary, need to do some rework in the LC structs //Resource Names namespaceName := strings.Join([]string{logicalcloud.MetaData.LogicalCloudName, "+namespace"}, "") @@ -305,9 +324,9 @@ func CreateEtcdContext(logicalcloud LogicalCloud, clusterList []Cluster, return pkgerrors.Wrap(err, "Error Creating Quota YAML for logical cloud") } - csr, err := createUserCSR(logicalcloud) + csr, key, err := createUserCSR(logicalcloud) if err != nil { - return pkgerrors.Wrap(err, "Error Creating User CSR for logical cloud") + return pkgerrors.Wrap(err, "Error Creating User CSR and Key for logical cloud") } context := appcontext.AppContext{} @@ -379,6 +398,22 @@ func CreateEtcdContext(logicalcloud LogicalCloud, clusterList []Cluster, return pkgerrors.Wrap(err, "Error adding CSR Resource to AppContext") } + // Add private key to MongoDB + lckey := LogicalCloudKey{ + LogicalCloudName: logicalcloud.MetaData.LogicalCloudName, + Project: project, + } + err = db.DBconn.Insert("orchestrator", lckey, nil, "privatekey", key) + if err != nil { + cleanuperr := context.DeleteCompositeApp() + if cleanuperr != nil { + log.Warn("Error cleaning AppContext after DB insert failure", log.Fields{ + "logical-cloud": logicalcloud.MetaData.LogicalCloudName, + }) + } + return pkgerrors.Wrap(err, "Error adding private key to DB") + } + // Add Role resource to each cluster _, err = context.AddResource(clusterHandle, roleName, role) if err != nil { @@ -426,11 +461,17 @@ func CreateEtcdContext(logicalcloud LogicalCloud, clusterList []Cluster, if err != nil { return pkgerrors.Wrap(err, "Error creating resource order JSON") } - resDependency, err := json.Marshal(map[string]map[string]string{"resdependency": map[string]string{namespaceName: "go", quotaName: strings.Join([]string{"wait on ", namespaceName}, ""), csrName: strings.Join([]string{"wait on ", quotaName}, ""), roleName: strings.Join([]string{"wait on ", csrName}, ""), roleBindingName: strings.Join([]string{"wait on ", roleName}, "")}}) + // Add App Order and App Dependency + appOrder, err := json.Marshal(map[string][]string{"apporder": []string{APP}}) + if err != nil { + return pkgerrors.Wrap(err, "Error creating resource order JSON") + } + appDependency, err := json.Marshal(map[string]map[string]string{"appdependency": map[string]string{APP: "go"}}) + if err != nil { return pkgerrors.Wrap(err, "Error creating resource dependency JSON") } @@ -461,6 +502,30 @@ func CreateEtcdContext(logicalcloud LogicalCloud, clusterList []Cluster, return pkgerrors.Wrap(err, "Error adding instruction dependency to AppContext") } + // Add App-level Order and Dependency + _, err = context.AddInstruction(handle, "app", "order", string(appOrder)) + _, err = context.AddInstruction(handle, "app", "dependency", string(appDependency)) + } + // save the context in the logicalcloud db record + lckey := LogicalCloudKey{ + LogicalCloudName: logicalcloud.MetaData.LogicalCloudName, + Project: project, + } + err = db.DBconn.Insert("orchestrator", lckey, nil, "lccontext", ctxVal) + if err != nil { + cleanuperr := context.DeleteCompositeApp() + if cleanuperr != nil { + log.Warn("Error cleaning AppContext after DB insert failure", log.Fields{ + "logical-cloud": logicalcloud.MetaData.LogicalCloudName, + }) + } + return pkgerrors.Wrap(err, "Error adding AppContext to DB") + } + + // call resource synchronizer to instantiate the CRs in the cluster + err = callRsyncInstall(ctxVal) + if err != nil { + return err } return nil |