aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--deployments/Dockerfile5
-rw-r--r--src/k8splugin/api/api.go7
-rw-r--r--src/k8splugin/api/brokerhandler.go164
-rw-r--r--src/k8splugin/api/brokerhandler_test.go224
-rw-r--r--src/k8splugin/cmd/main.go11
-rw-r--r--src/k8splugin/go.mod3
-rw-r--r--src/k8splugin/go.sum1
-rw-r--r--src/k8splugin/internal/app/client.go146
-rw-r--r--src/k8splugin/internal/app/client_test.go6
-rw-r--r--src/k8splugin/internal/app/instance.go4
-rw-r--r--src/k8splugin/internal/auth/auth.go107
-rw-r--r--src/k8splugin/internal/auth/auth_test.go47
-rw-r--r--src/k8splugin/mock_files/mock_certs/auth_test_certificate.pem21
-rw-r--r--src/k8splugin/mock_files/mock_certs/auth_test_key.pem28
-rw-r--r--src/k8splugin/plugins/generic/plugin.go109
15 files changed, 863 insertions, 20 deletions
diff --git a/deployments/Dockerfile b/deployments/Dockerfile
index 961f6766..1dcb5a30 100644
--- a/deployments/Dockerfile
+++ b/deployments/Dockerfile
@@ -31,10 +31,11 @@ RUN apt-get update && apt-get install -y -qq apt-transport-https curl \
&& apt-get update && apt install -y -qq ovn-common
WORKDIR /opt/multicloud/k8s
-ADD ./k8plugin ./
-ADD ./*.so ./
RUN chown onap:onap /opt/multicloud/k8s -R
+ADD --chown=onap ./k8plugin ./
+ADD --chown=onap ./bin/*.so ./
+
USER onap
CMD ["./k8plugin"]
diff --git a/src/k8splugin/api/api.go b/src/k8splugin/api/api.go
index 54147d2e..4bf8d6a6 100644
--- a/src/k8splugin/api/api.go
+++ b/src/k8splugin/api/api.go
@@ -39,6 +39,13 @@ func NewRouter(defClient rb.DefinitionManager,
// (TODO): Fix update method
// instRouter.HandleFunc("/{vnfInstanceId}", UpdateHandler).Methods("PUT")
+ brokerHandler := brokerInstanceHandler{client: instClient}
+ instRouter.HandleFunc("/{cloud-owner}/{cloud-region}/infra_workload", brokerHandler.createHandler).Methods("POST")
+ instRouter.HandleFunc("/{cloud-owner}/{cloud-region}/infra_workload/{instID}",
+ brokerHandler.getHandler).Methods("GET")
+ instRouter.HandleFunc("/{cloud-owner}/{cloud-region}/infra_workload/{instID}",
+ brokerHandler.deleteHandler).Methods("DELETE")
+
//Setup resource bundle definition routes
if defClient == nil {
defClient = rb.NewDefinitionClient()
diff --git a/src/k8splugin/api/brokerhandler.go b/src/k8splugin/api/brokerhandler.go
new file mode 100644
index 00000000..28e44231
--- /dev/null
+++ b/src/k8splugin/api/brokerhandler.go
@@ -0,0 +1,164 @@
+/*
+Copyright 2018 Intel Corporation.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package api
+
+import (
+ "encoding/json"
+ "io"
+ "net/http"
+
+ "k8splugin/internal/app"
+
+ "github.com/gorilla/mux"
+)
+
+// Used to store the backend implementation objects
+// Also simplifies the mocking needed for unit testing
+type brokerInstanceHandler struct {
+ // Interface that implements the Instance operations
+ client app.InstanceManager
+}
+
+type brokerRequest struct {
+ GenericVnfID string `json:"generic-vnf-id"`
+ VFModuleID string `json:"vf-module-id"`
+ VFModuleModelInvariantID string `json:"vf-module-model-invariant-id"`
+ VFModuleModelVersionID string `json:"vf-module-model-version-id"`
+ VFModuleModelCustomizationID string `json:"vf-module-model-customization-id"`
+ OOFDirectives map[string]interface{} `json:"oof_directives"`
+ SDNCDirections map[string]interface{} `json:"sdnc_directives"`
+ UserDirectives map[string]interface{} `json:"user_directives"`
+ TemplateType string `json:"template_type"`
+ TemplateData map[string]interface{} `json:"template_data"`
+}
+
+type brokerPOSTResponse struct {
+ TemplateType string `json:"template_type"`
+ WorkloadID string `json:"workload_id"`
+ TemplateResponse map[string][]string `json:"template_response"`
+}
+
+type brokerGETResponse struct {
+ TemplateType string `json:"template_type"`
+ WorkloadID string `json:"workload_id"`
+ WorkloadStatus string `json:"workload_status"`
+}
+
+func (b brokerInstanceHandler) createHandler(w http.ResponseWriter, r *http.Request) {
+ vars := mux.Vars(r)
+ cloudRegion := vars["cloud-region"]
+
+ var req brokerRequest
+ err := json.NewDecoder(r.Body).Decode(&req)
+ switch {
+ case err == io.EOF:
+ http.Error(w, "Body empty", http.StatusBadRequest)
+ return
+ case err != nil:
+ http.Error(w, err.Error(), http.StatusUnprocessableEntity)
+ return
+ }
+
+ // Check body for expected parameters
+ if req.VFModuleModelCustomizationID == "" {
+ http.Error(w, "vf-module-model-customization-id is empty", http.StatusBadRequest)
+ return
+ }
+
+ rbName, ok := req.UserDirectives["definition-name"]
+ if !ok {
+ http.Error(w, "definition-name is missing from user-directives", http.StatusBadRequest)
+ return
+ }
+
+ rbVersion, ok := req.UserDirectives["definition-version"]
+ if !ok {
+ http.Error(w, "definition-version is missing from user-directives", http.StatusBadRequest)
+ return
+ }
+
+ profileName, ok := req.UserDirectives["profile-name"]
+ if !ok {
+ http.Error(w, "profile-name is missing from user-directives", http.StatusBadRequest)
+ return
+ }
+
+ // Setup the resource parameters for making the request
+ var instReq app.InstanceRequest
+ instReq.RBName = rbName.(string)
+ instReq.RBVersion = rbVersion.(string)
+ instReq.ProfileName = profileName.(string)
+ instReq.CloudRegion = cloudRegion
+
+ resp, err := b.client.Create(instReq)
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+
+ brokerResp := brokerPOSTResponse{
+ TemplateType: "heat",
+ WorkloadID: resp.ID,
+ TemplateResponse: resp.Resources,
+ }
+
+ w.Header().Set("Content-Type", "application/json")
+ w.WriteHeader(http.StatusCreated)
+ err = json.NewEncoder(w).Encode(brokerResp)
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+}
+
+// getHandler retrieves information about an instance via the ID
+func (b brokerInstanceHandler) getHandler(w http.ResponseWriter, r *http.Request) {
+ vars := mux.Vars(r)
+ instanceID := vars["instID"]
+
+ resp, err := b.client.Get(instanceID)
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+
+ brokerResp := brokerGETResponse{
+ TemplateType: "heat",
+ WorkloadID: resp.ID,
+ WorkloadStatus: "CREATED",
+ }
+
+ w.Header().Set("Content-Type", "application/json")
+ w.WriteHeader(http.StatusOK)
+ err = json.NewEncoder(w).Encode(brokerResp)
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+}
+
+// deleteHandler method terminates an instance via the ID
+func (b brokerInstanceHandler) deleteHandler(w http.ResponseWriter, r *http.Request) {
+ vars := mux.Vars(r)
+ instanceID := vars["instID"]
+
+ err := b.client.Delete(instanceID)
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+
+ w.Header().Set("Content-Type", "application/json")
+ w.WriteHeader(http.StatusAccepted)
+}
diff --git a/src/k8splugin/api/brokerhandler_test.go b/src/k8splugin/api/brokerhandler_test.go
new file mode 100644
index 00000000..f35a835b
--- /dev/null
+++ b/src/k8splugin/api/brokerhandler_test.go
@@ -0,0 +1,224 @@
+/*
+Copyright 2018 Intel Corporation.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package api
+
+import (
+ "bytes"
+ "encoding/json"
+ "io"
+ "io/ioutil"
+ "net/http"
+ "net/http/httptest"
+ "reflect"
+ "testing"
+
+ "k8splugin/internal/app"
+
+ pkgerrors "github.com/pkg/errors"
+)
+
+func TestBrokerCreateHandler(t *testing.T) {
+ testCases := []struct {
+ label string
+ input io.Reader
+ expected brokerPOSTResponse
+ expectedCode int
+ instClient *mockInstanceClient
+ }{
+ {
+ label: "Missing body failure",
+ expectedCode: http.StatusBadRequest,
+ },
+ {
+ label: "Invalid JSON request format",
+ input: bytes.NewBuffer([]byte("invalid")),
+ expectedCode: http.StatusUnprocessableEntity,
+ },
+ {
+ label: "Missing parameter failure",
+ input: bytes.NewBuffer([]byte(`{
+ "vf-module-model-customization-id": "84sdfkio938",
+ "user_directives": {
+ "definition-name": "test-rbdef",
+ "definition-version": "v1" }
+ }`)),
+ expectedCode: http.StatusBadRequest,
+ },
+ {
+ label: "Succesfully create an Instance",
+ input: bytes.NewBuffer([]byte(`{
+ "vf-module-model-customization-id": "84sdfkio938",
+ "user_directives": {
+ "definition-name": "test-rbdef",
+ "definition-version": "v1",
+ "profile-name": "profile1"
+ }
+ }`)),
+ expected: brokerPOSTResponse{
+ WorkloadID: "HaKpys8e",
+ TemplateType: "heat",
+ TemplateResponse: map[string][]string{
+ "deployment": []string{"test-deployment"},
+ "service": []string{"test-service"},
+ },
+ },
+ expectedCode: http.StatusCreated,
+ instClient: &mockInstanceClient{
+ items: []app.InstanceResponse{
+ {
+ ID: "HaKpys8e",
+ RBName: "test-rbdef",
+ RBVersion: "v1",
+ ProfileName: "profile1",
+ CloudRegion: "region1",
+ Namespace: "testnamespace",
+ Resources: map[string][]string{
+ "deployment": []string{"test-deployment"},
+ "service": []string{"test-service"},
+ },
+ },
+ },
+ },
+ },
+ }
+
+ for _, testCase := range testCases {
+ t.Run(testCase.label, func(t *testing.T) {
+
+ request := httptest.NewRequest("POST", "/v1/cloudowner/cloudregion/infra_workload", testCase.input)
+ resp := executeRequest(request, NewRouter(nil, nil, testCase.instClient))
+
+ if testCase.expectedCode != resp.StatusCode {
+ body, _ := ioutil.ReadAll(resp.Body)
+ t.Log(string(body))
+ t.Fatalf("Request method returned: \n%v\n and it was expected: \n%v", resp.StatusCode, testCase.expectedCode)
+ }
+
+ if resp.StatusCode == http.StatusCreated {
+ var response brokerPOSTResponse
+ err := json.NewDecoder(resp.Body).Decode(&response)
+ if err != nil {
+ t.Fatalf("Parsing the returned response got an error (%s)", err)
+ }
+ if !reflect.DeepEqual(testCase.expected, response) {
+ t.Fatalf("TestGetHandler returned:\n result=%v\n expected=%v",
+ response, testCase.expected)
+ }
+ }
+ })
+ }
+}
+
+func TestBrokerGetHandler(t *testing.T) {
+ testCases := []struct {
+ label string
+ input string
+ expectedCode int
+ expectedResponse brokerGETResponse
+ instClient *mockInstanceClient
+ }{
+ {
+ label: "Fail to retrieve Instance",
+ input: "HaKpys8e",
+ expectedCode: http.StatusInternalServerError,
+ instClient: &mockInstanceClient{
+ err: pkgerrors.New("Internal error"),
+ },
+ },
+ {
+ label: "Succesful get an Instance",
+ input: "HaKpys8e",
+ expectedCode: http.StatusOK,
+ expectedResponse: brokerGETResponse{
+ TemplateType: "heat",
+ WorkloadID: "HaKpys8e",
+ WorkloadStatus: "CREATED",
+ },
+ instClient: &mockInstanceClient{
+ items: []app.InstanceResponse{
+ {
+ ID: "HaKpys8e",
+ RBName: "test-rbdef",
+ RBVersion: "v1",
+ ProfileName: "profile1",
+ CloudRegion: "region1",
+ Namespace: "testnamespace",
+ Resources: map[string][]string{
+ "deployment": []string{"test-deployment"},
+ "service": []string{"test-service"},
+ },
+ },
+ },
+ },
+ },
+ }
+
+ for _, testCase := range testCases {
+ t.Run(testCase.label, func(t *testing.T) {
+ request := httptest.NewRequest("GET", "/v1/cloudowner/cloudregion/infra_workload/"+testCase.input, nil)
+ resp := executeRequest(request, NewRouter(nil, nil, testCase.instClient))
+
+ if testCase.expectedCode != resp.StatusCode {
+ t.Fatalf("Request method returned: %v and it was expected: %v",
+ resp.StatusCode, testCase.expectedCode)
+ }
+ if resp.StatusCode == http.StatusOK {
+ var response brokerGETResponse
+ err := json.NewDecoder(resp.Body).Decode(&response)
+ if err != nil {
+ t.Fatalf("Parsing the returned response got an error (%s)", err)
+ }
+ if !reflect.DeepEqual(testCase.expectedResponse, response) {
+ t.Fatalf("TestGetHandler returned:\n result=%v\n expected=%v",
+ response, testCase.expectedResponse)
+ }
+ }
+ })
+ }
+}
+
+func TestBrokerDeleteHandler(t *testing.T) {
+ testCases := []struct {
+ label string
+ input string
+ expectedCode int
+ instClient *mockInstanceClient
+ }{
+ {
+ label: "Fail to destroy VNF",
+ input: "HaKpys8e",
+ expectedCode: http.StatusInternalServerError,
+ instClient: &mockInstanceClient{
+ err: pkgerrors.New("Internal error"),
+ },
+ },
+ {
+ label: "Succesful delete a VNF",
+ input: "HaKpys8e",
+ expectedCode: http.StatusAccepted,
+ instClient: &mockInstanceClient{},
+ },
+ }
+
+ for _, testCase := range testCases {
+ t.Run(testCase.label, func(t *testing.T) {
+ request := httptest.NewRequest("DELETE", "/v1/cloudowner/cloudregion/infra_workload/"+testCase.input, nil)
+ resp := executeRequest(request, NewRouter(nil, nil, testCase.instClient))
+
+ if testCase.expectedCode != resp.StatusCode {
+ t.Fatalf("Request method returned: %v and it was expected: %v", resp.StatusCode, testCase.expectedCode)
+ }
+ })
+ }
+}
diff --git a/src/k8splugin/cmd/main.go b/src/k8splugin/cmd/main.go
index e600c0d6..53b6ab17 100644
--- a/src/k8splugin/cmd/main.go
+++ b/src/k8splugin/cmd/main.go
@@ -24,6 +24,7 @@ import (
"k8splugin/api"
utils "k8splugin/internal"
+ "k8splugin/internal/auth"
"github.com/gorilla/handlers"
)
@@ -55,5 +56,13 @@ func main() {
close(connectionsClose)
}()
- log.Fatal(httpServer.ListenAndServe())
+ tlsConfig, err := auth.GetTLSConfig("ca.cert", "server.cert", "server.key")
+ if err != nil {
+ log.Println("Error Getting TLS Configuration. Starting without TLS...")
+ log.Fatal(httpServer.ListenAndServe())
+ } else {
+ httpServer.TLSConfig = tlsConfig
+ // empty strings because tlsconfig already has this information
+ err = httpServer.ListenAndServeTLS("", "")
+ }
}
diff --git a/src/k8splugin/go.mod b/src/k8splugin/go.mod
index 29a10ecb..531615a6 100644
--- a/src/k8splugin/go.mod
+++ b/src/k8splugin/go.mod
@@ -67,6 +67,7 @@ require (
github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c // indirect
github.com/xdg/stringprep v1.0.0 // indirect
go.mongodb.org/mongo-driver v1.0.0
+ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793
golang.org/x/net v0.0.0-20181201002055-351d144fa1fc
golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890 // indirect
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2 // indirect
@@ -75,7 +76,7 @@ require (
gopkg.in/square/go-jose.v2 v2.2.2 // indirect
gopkg.in/yaml.v2 v2.2.1
k8s.io/api v0.0.0-20181126151915-b503174bad59
- k8s.io/apiextensions-apiserver v0.0.0-20181126155829-0cd23ebeb688 // indirect
+ k8s.io/apiextensions-apiserver v0.0.0-20181126155829-0cd23ebeb688
k8s.io/apimachinery v0.0.0-20181126123746-eddba98df674
k8s.io/apiserver v0.0.0-20181126153457-92fdef3a232a // indirect
k8s.io/cli-runtime v0.0.0-20190107235426-31214e12222d // indirect
diff --git a/src/k8splugin/go.sum b/src/k8splugin/go.sum
index f22fe8da..e5f34549 100644
--- a/src/k8splugin/go.sum
+++ b/src/k8splugin/go.sum
@@ -257,6 +257,7 @@ k8s.io/client-go v9.0.0+incompatible h1:/PdJjifJTjMFe0G4ESclZDcwF1+bFePTJ2xf+MXj
k8s.io/client-go v9.0.0+incompatible/go.mod h1:7vJpHMYJwNQCWgzmNV+VYUl1zCObLyodBc8nIyt8L5s=
k8s.io/client-go v10.0.0+incompatible h1:h3fciHPG0O5QEzATTFoRw/YGtDsU6pxrMrAhxiTtcq0=
k8s.io/client-go v10.0.0+incompatible/go.mod h1:7vJpHMYJwNQCWgzmNV+VYUl1zCObLyodBc8nIyt8L5s=
+k8s.io/client-go v11.0.0+incompatible h1:X3ykd+Z4G8MojP9TVDOR+h/IrpYJEolfR8W2B/FGKrk=
k8s.io/helm v2.12.1+incompatible h1:Fw6it7ALJfqbbX95U3is3aswD6E8nh4aUYtvgzfna8A=
k8s.io/helm v2.12.1+incompatible/go.mod h1:LZzlS4LQBHfciFOurYBFkCMTaZ0D1l+p0teMg7TSULI=
k8s.io/helm v2.12.2+incompatible h1:vtddbkiGNMOd8maDDZDc111Rm9E5JeeNWDndows18i8=
diff --git a/src/k8splugin/internal/app/client.go b/src/k8splugin/internal/app/client.go
index fa5fdfd5..cd1ec8a2 100644
--- a/src/k8splugin/internal/app/client.go
+++ b/src/k8splugin/internal/app/client.go
@@ -21,17 +21,30 @@ import (
utils "k8splugin/internal"
pkgerrors "github.com/pkg/errors"
+ "k8s.io/apimachinery/pkg/api/meta"
+ "k8s.io/client-go/discovery"
+ "k8s.io/client-go/dynamic"
"k8s.io/client-go/kubernetes"
+ "k8s.io/client-go/restmapper"
"k8s.io/client-go/tools/clientcmd"
"k8s.io/helm/pkg/tiller"
)
-type kubernetesClient struct {
- clientSet *kubernetes.Clientset
+// KubernetesResource is the interface that is implemented
+type KubernetesResource interface {
+ Create(yamlFilePath string, namespace string, client *KubernetesClient) (string, error)
+ Delete(kind string, name string, namespace string, client *KubernetesClient) error
+}
+
+type KubernetesClient struct {
+ clientSet *kubernetes.Clientset
+ dynamicClient dynamic.Interface
+ discoverClient *discovery.DiscoveryClient
+ restMapper meta.RESTMapper
}
// GetKubeClient loads the Kubernetes configuation values stored into the local configuration file
-func (k *kubernetesClient) init(configPath string) error {
+func (k *KubernetesClient) init(configPath string) error {
if configPath == "" {
return pkgerrors.New("config not passed and is not found in ~/.kube. ")
}
@@ -46,10 +59,20 @@ func (k *kubernetesClient) init(configPath string) error {
return err
}
+ k.dynamicClient, err = dynamic.NewForConfig(config)
+ if err != nil {
+ return pkgerrors.Wrap(err, "Creating dynamic client")
+ }
+
+ k.discoverClient, err = discovery.NewDiscoveryClientForConfig(config)
+ if err != nil {
+ return pkgerrors.Wrap(err, "Creating discovery client")
+ }
+
return nil
}
-func (k *kubernetesClient) ensureNamespace(namespace string) error {
+func (k *KubernetesClient) ensureNamespace(namespace string) error {
namespacePlugin, ok := utils.LoadedPlugins["namespace"]
if !ok {
return pkgerrors.New("No plugin for namespace resource found")
@@ -82,7 +105,51 @@ func (k *kubernetesClient) ensureNamespace(namespace string) error {
return nil
}
-func (k *kubernetesClient) createKind(kind string, files []string, namespace string) ([]string, error) {
+func (k *KubernetesClient) createGeneric(kind string, files []string, namespace string) ([]string, error) {
+
+ log.Println("Processing items of Kind: " + kind)
+
+ //Check if have the mapper before loading the plugin
+ err := k.updateMapper()
+ if err != nil {
+ return nil, pkgerrors.Wrap(err, "Unable to create RESTMapper")
+ }
+
+ pluginObject, ok := utils.LoadedPlugins["generic"]
+ if !ok {
+ return nil, pkgerrors.New("No generic plugin found")
+ }
+
+ symbol, err := pluginObject.Lookup("ExportedVariable")
+ if err != nil {
+ return nil, pkgerrors.Wrap(err, "No ExportedVariable symbol found")
+ }
+
+ genericPlugin, ok := symbol.(KubernetesResource)
+ if !ok {
+ return nil, pkgerrors.New("ExportedVariable is not KubernetesResource type")
+ }
+
+ //Iterate over each file of a particular kind here
+ var resourcesCreated []string
+ for _, f := range files {
+ if _, err := os.Stat(f); os.IsNotExist(err) {
+ return nil, pkgerrors.New("File " + f + "does not exists")
+ }
+
+ log.Println("Processing file: " + f)
+
+ name, err := genericPlugin.Create(f, namespace, k)
+ if err != nil {
+ return nil, pkgerrors.Wrap(err, "Error in generic plugin")
+ }
+
+ resourcesCreated = append(resourcesCreated, name)
+ }
+ return resourcesCreated, nil
+}
+
+func (k *KubernetesClient) createKind(kind string, files []string, namespace string) ([]string, error) {
log.Println("Processing items of Kind: " + kind)
@@ -103,7 +170,8 @@ func (k *kubernetesClient) createKind(kind string, files []string, namespace str
typePlugin, ok := utils.LoadedPlugins[strings.ToLower(kind)]
if !ok {
- return nil, pkgerrors.New("No plugin for kind " + kind + " found")
+ log.Println("No plugin for kind " + kind + " found. Using generic Plugin")
+ return k.createGeneric(kind, files, namespace)
}
symCreateResourceFunc, err := typePlugin.Lookup("Create")
@@ -123,7 +191,7 @@ func (k *kubernetesClient) createKind(kind string, files []string, namespace str
return resourcesCreated, nil
}
-func (k *kubernetesClient) createResources(resMap map[string][]string,
+func (k *KubernetesClient) createResources(resMap map[string][]string,
namespace string) (map[string][]string, error) {
err := k.ensureNamespace(namespace)
@@ -163,17 +231,47 @@ func (k *kubernetesClient) createResources(resMap map[string][]string,
return createdResourceMap, nil
}
-func (k *kubernetesClient) deleteKind(kind string, resources []string, namespace string) error {
+func (k *KubernetesClient) deleteGeneric(kind string, resources []string, namespace string) error {
+ log.Println("Deleting items of Kind: " + kind)
+
+ pluginObject, ok := utils.LoadedPlugins["generic"]
+ if !ok {
+ return pkgerrors.New("No generic plugin found")
+ }
+
+ symbol, err := pluginObject.Lookup("ExportedVariable")
+ if err != nil {
+ return pkgerrors.Wrap(err, "No ExportedVariable symbol found")
+ }
+
+ //Assert that it implements the KubernetesResource
+ genericPlugin, ok := symbol.(KubernetesResource)
+ if !ok {
+ return pkgerrors.New("ExportedVariable is not KubernetesResource type")
+ }
+
+ for _, res := range resources {
+ err = genericPlugin.Delete(kind, res, namespace, k)
+ if err != nil {
+ return pkgerrors.Wrap(err, "Error in generic plugin")
+ }
+ }
+
+ return nil
+}
+
+func (k *KubernetesClient) deleteKind(kind string, resources []string, namespace string) error {
log.Println("Deleting items of Kind: " + kind)
typePlugin, ok := utils.LoadedPlugins[strings.ToLower(kind)]
if !ok {
- return pkgerrors.New("No plugin for resource " + kind + " found")
+ log.Println("No plugin for kind " + kind + " found. Using generic Plugin")
+ return k.deleteGeneric(kind, resources, namespace)
}
symDeleteResourceFunc, err := typePlugin.Lookup("Delete")
if err != nil {
- return pkgerrors.Wrap(err, "Error fetching "+kind+" plugin")
+ return pkgerrors.Wrap(err, "Error findinf Delete symbol in plugin")
}
for _, res := range resources {
@@ -187,7 +285,7 @@ func (k *kubernetesClient) deleteKind(kind string, resources []string, namespace
return nil
}
-func (k *kubernetesClient) deleteResources(resMap map[string][]string, namespace string) error {
+func (k *KubernetesClient) deleteResources(resMap map[string][]string, namespace string) error {
//TODO: Investigate if deletion should be in a particular order
for kind, resourceNames := range resMap {
err := k.deleteKind(kind, resourceNames, namespace)
@@ -198,3 +296,29 @@ func (k *kubernetesClient) deleteResources(resMap map[string][]string, namespace
return nil
}
+
+func (k *KubernetesClient) updateMapper() error {
+ //Create restMapper if not already done
+ if k.restMapper != nil {
+ return nil
+ }
+
+ groupResources, err := restmapper.GetAPIGroupResources(k.discoverClient)
+ if err != nil {
+ return pkgerrors.Wrap(err, "Get GroupResources")
+ }
+
+ k.restMapper = restmapper.NewDiscoveryRESTMapper(groupResources)
+ return nil
+}
+
+//GetMapper returns the RESTMapper that was created for this client
+func (k *KubernetesClient) GetMapper() meta.RESTMapper {
+ return k.restMapper
+}
+
+//GetDynamicClient returns the dynamic client that is needed for
+//unstructured REST calls to the apiserver
+func (k *KubernetesClient) GetDynamicClient() dynamic.Interface {
+ return k.dynamicClient
+}
diff --git a/src/k8splugin/internal/app/client_test.go b/src/k8splugin/internal/app/client_test.go
index 5999cfa0..b3436431 100644
--- a/src/k8splugin/internal/app/client_test.go
+++ b/src/k8splugin/internal/app/client_test.go
@@ -45,7 +45,7 @@ func LoadMockPlugins(krdLoadedPlugins map[string]*plugin.Plugin) error {
func TestInit(t *testing.T) {
t.Run("Successfully create Kube Client", func(t *testing.T) {
- kubeClient := kubernetesClient{}
+ kubeClient := KubernetesClient{}
err := kubeClient.init("../../mock_files/mock_configs/mock_config")
if err != nil {
t.Fatalf("TestGetKubeClient returned an error (%s)", err)
@@ -71,7 +71,7 @@ func TestCreateResources(t *testing.T) {
t.Fatalf("LoadMockPlugins returned an error (%s)", err)
}
- k8 := kubernetesClient{
+ k8 := KubernetesClient{
clientSet: &kubernetes.Clientset{},
}
@@ -100,7 +100,7 @@ func TestDeleteResources(t *testing.T) {
t.Fatalf("LoadMockPlugins returned an error (%s)", err)
}
- k8 := kubernetesClient{
+ k8 := KubernetesClient{
clientSet: &kubernetes.Clientset{},
}
diff --git a/src/k8splugin/internal/app/instance.go b/src/k8splugin/internal/app/instance.go
index a5b35fef..93305c30 100644
--- a/src/k8splugin/internal/app/instance.go
+++ b/src/k8splugin/internal/app/instance.go
@@ -118,7 +118,7 @@ func (v *InstanceClient) Create(i InstanceRequest) (InstanceResponse, error) {
return InstanceResponse{}, pkgerrors.Wrap(err, "Error resolving helm charts")
}
- k8sClient := kubernetesClient{}
+ k8sClient := KubernetesClient{}
err = k8sClient.init(os.Getenv("KUBE_CONFIG_DIR") + "/" + i.CloudRegion)
if err != nil {
return InstanceResponse{}, pkgerrors.Wrap(err, "Getting CloudRegion Information")
@@ -183,7 +183,7 @@ func (v *InstanceClient) Delete(id string) error {
return pkgerrors.Wrap(err, "Error getting Instance")
}
- k8sClient := kubernetesClient{}
+ k8sClient := KubernetesClient{}
err = k8sClient.init(os.Getenv("KUBE_CONFIG_DIR") + "/" + inst.CloudRegion)
if err != nil {
return pkgerrors.Wrap(err, "Getting CloudRegion Information")
diff --git a/src/k8splugin/internal/auth/auth.go b/src/k8splugin/internal/auth/auth.go
new file mode 100644
index 00000000..3da8f2af
--- /dev/null
+++ b/src/k8splugin/internal/auth/auth.go
@@ -0,0 +1,107 @@
+/*
+ * Copyright 2018 Intel Corporation, Inc
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package auth
+
+import (
+ "crypto/tls"
+ "crypto/x509"
+ "encoding/base64"
+ "encoding/pem"
+ "io/ioutil"
+ "log"
+
+ pkgerrors "github.com/pkg/errors"
+)
+
+// GetTLSConfig initializes a tlsConfig using the CA's certificate
+// This config is then used to enable the server for mutual TLS
+func GetTLSConfig(caCertFile string, certFile string, keyFile string) (*tls.Config, error) {
+
+ // Initialize tlsConfig once
+ caCert, err := ioutil.ReadFile(caCertFile)
+
+ if err != nil {
+ return nil, pkgerrors.Wrap(err, "Read CA Cert file")
+ }
+
+ caCertPool := x509.NewCertPool()
+ caCertPool.AppendCertsFromPEM(caCert)
+
+ tlsConfig := &tls.Config{
+ // Change to RequireAndVerify once we have mandatory certs
+ ClientAuth: tls.VerifyClientCertIfGiven,
+ ClientCAs: caCertPool,
+ MinVersion: tls.VersionTLS12,
+ }
+
+ certPEMBlk, err := readPEMBlock(certFile)
+ if err != nil {
+ return nil, pkgerrors.Wrap(err, "Read Cert File")
+ }
+
+ keyPEMBlk, err := readPEMBlock(keyFile)
+ if err != nil {
+ return nil, pkgerrors.Wrap(err, "Read Key File")
+ }
+
+ tlsConfig.Certificates = make([]tls.Certificate, 1)
+ tlsConfig.Certificates[0], err = tls.X509KeyPair(certPEMBlk, keyPEMBlk)
+ if err != nil {
+ return nil, pkgerrors.Wrap(err, "Load x509 cert and key")
+ }
+
+ tlsConfig.BuildNameToCertificate()
+ return tlsConfig, nil
+}
+
+func readPEMBlock(filename string) ([]byte, error) {
+
+ pemData, err := ioutil.ReadFile(filename)
+ if err != nil {
+ return nil, pkgerrors.Wrap(err, "Read PEM File")
+ }
+
+ pemBlock, rest := pem.Decode(pemData)
+ if len(rest) > 0 {
+ log.Println("Pemfile has extra data")
+ }
+
+ if x509.IsEncryptedPEMBlock(pemBlock) {
+ password, err := ioutil.ReadFile(filename + ".pass")
+ if err != nil {
+ return nil, pkgerrors.Wrap(err, "Read Password File")
+ }
+
+ pByte, err := base64.StdEncoding.DecodeString(string(password))
+ if err != nil {
+ return nil, pkgerrors.Wrap(err, "Decode PEM Password")
+ }
+
+ pemData, err = x509.DecryptPEMBlock(pemBlock, pByte)
+ if err != nil {
+ return nil, pkgerrors.Wrap(err, "Decrypt PEM Data")
+ }
+ var newPEMBlock pem.Block
+ newPEMBlock.Type = pemBlock.Type
+ newPEMBlock.Bytes = pemData
+ // Converting back to PEM from DER data you get from
+ // DecryptPEMBlock
+ pemData = pem.EncodeToMemory(&newPEMBlock)
+ }
+
+ return pemData, nil
+}
diff --git a/src/k8splugin/internal/auth/auth_test.go b/src/k8splugin/internal/auth/auth_test.go
new file mode 100644
index 00000000..49494eee
--- /dev/null
+++ b/src/k8splugin/internal/auth/auth_test.go
@@ -0,0 +1,47 @@
+/*
+* Copyright 2018 TechMahindra
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+ */
+
+package auth
+
+import (
+ "crypto/tls"
+ "testing"
+)
+
+//Unit test to varify GetTLSconfig func and varify the tls config min version to be 771
+//Assuming cert file name as auth_test.cert
+func TestGetTLSConfig(t *testing.T) {
+ _, err := GetTLSConfig("filedoesnotexist.cert", "filedoesnotexist.cert", "filedoesnotexist.cert")
+ if err == nil {
+ t.Errorf("Test failed, expected error but got none")
+ }
+ tlsConfig, err := GetTLSConfig("../../mock_files/mock_certs/auth_test_certificate.pem",
+ "../../mock_files/mock_certs/auth_test_certificate.pem",
+ "../../mock_files/mock_certs/auth_test_key.pem")
+ if err != nil {
+ t.Fatal("Test Failed as GetTLSConfig returned error: " + err.Error())
+ }
+ expected := tls.VersionTLS12
+ actual := tlsConfig.MinVersion
+ if tlsConfig != nil {
+ if int(actual) != expected {
+ t.Errorf("Test Failed due to version mismatch")
+ }
+ if tlsConfig == nil {
+ t.Errorf("Test Failed due to GetTLSConfig returned nil")
+ }
+ }
+}
diff --git a/src/k8splugin/mock_files/mock_certs/auth_test_certificate.pem b/src/k8splugin/mock_files/mock_certs/auth_test_certificate.pem
new file mode 100644
index 00000000..42e77491
--- /dev/null
+++ b/src/k8splugin/mock_files/mock_certs/auth_test_certificate.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIJAKAHJi8eUs73MA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTgwNTE1MDQ0MDQwWhcNMTkwNTE1MDQ0MDQwWjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA5PHDk+RRFh5o3Xe2nZuLn0Vo+5BjnHp/ul2NNYSG00Slc8F86gW4xcNA
+wm6xC8tYCSangV2lFG3E8H2L7SCEVaM5VDV2GCOpOoMihc+2Qenk/YbHwuYenwjo
+OgTK4aCItqjcAJ2DB1KC7AxARxHBDu9Kif+M/pc49so+G9ObQuS8k2vmTTaRYkMK
+ZvbTJcWsc0vbNnPhxcG5PVj4unlaREM+yQDm18/glUkkBNnYKMHABRvPnBrDktTT
+BQWsqkbQTw7ZuLOrl9rCzVTstZX9wEXarrstIdQJj3KZjbFOp2opND8bjNIjcdVt
+iRFnP1nHQYr7EgRqcx/YMJZ+gmCy3wIDAQABo1AwTjAdBgNVHQ4EFgQU9qPNwwIu
+kZh41sJqFtnMC2blSYMwHwYDVR0jBBgwFoAU9qPNwwIukZh41sJqFtnMC2blSYMw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEA4+daLY1wE10IMPaOKurG
+QBvfYeO/rgNXGeg0TisTIKAfx/We9Hmwo/37Bd2Nk5gxfy/DIJ4lMbrzXjgWITlm
+XOrS5QfluwvaEcREtHFtPFa3NZqn2VzKNDFTR+rJj7I5o600NKdcPrGeQ1i/vny2
+K0g68ogw2jfufcuePvZTYGst8RclomPr7ZXxI24kIjcE1MbiViy68sQueTXBEr5s
+Th6RsvPfVnLxjR/m/V6VJl31nn4T6hbmKzXCHo/X7aC3I8Isui4bQGKgfAxyBkhE
+0T7tP+GgymiEKQ6qJ/1c4HFFSuFRUQjLnK7uJu9jM/HMKoLCPayx6birHZRIMF94
+pg==
+-----END CERTIFICATE-----
diff --git a/src/k8splugin/mock_files/mock_certs/auth_test_key.pem b/src/k8splugin/mock_files/mock_certs/auth_test_key.pem
new file mode 100644
index 00000000..5f01f572
--- /dev/null
+++ b/src/k8splugin/mock_files/mock_certs/auth_test_key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDk8cOT5FEWHmjd
+d7adm4ufRWj7kGOcen+6XY01hIbTRKVzwXzqBbjFw0DCbrELy1gJJqeBXaUUbcTw
+fYvtIIRVozlUNXYYI6k6gyKFz7ZB6eT9hsfC5h6fCOg6BMrhoIi2qNwAnYMHUoLs
+DEBHEcEO70qJ/4z+lzj2yj4b05tC5LyTa+ZNNpFiQwpm9tMlxaxzS9s2c+HFwbk9
+WPi6eVpEQz7JAObXz+CVSSQE2dgowcAFG8+cGsOS1NMFBayqRtBPDtm4s6uX2sLN
+VOy1lf3ARdquuy0h1AmPcpmNsU6naik0PxuM0iNx1W2JEWc/WcdBivsSBGpzH9gw
+ln6CYLLfAgMBAAECggEAYB3H2D0QddLKf8AUoNJ+qZ1AV+zkhPtAyIMiF4fN+sBl
+HdXrlWxViGFSvM4v8h2qlhzuUfd4qLz042ox5pmyNSnTlbDkJXpDP9dyFO+BOubx
+Ribhksd9r5LTvBfq/RKikt0NkAyQx/AyGtuB2NRxUs3PY2QwU2o1dhauQIx0MH5/
+6D8PgQf6+5njKQaKa4e8Kp4kB+KjnALvt6JgYuNJUHWap+nnDbuuVy5dl1bKkAZ+
+qa7CITKWO4kE2EqaCb2asFc2w3538+w72UJZtwQCmOaxtKpRSl9fQXu54N8jIGoZ
+1FvEj5x3X6QkglE+iVJYaX3RmiJ3uzZ2LICDr89vEQKBgQD7fquIw4p1idSxz3Cm
+5o3Y5kD0CKm61ZaRJWKd+tNlSsxubmV9HROYW6vj2xEPSDvyp1na00pDXxMJQLLc
+O5Awd1SaU+d45jnoi70fsEY8X0WH1rDTYfnU+zQBmpbGqX5qTIfpy4yoADiUD1CQ
+EBdaSBWiKPx2jFSct58TwDP9YwKBgQDpC64TScZYz7uQq4gAbDso/7TjNwgt/Bw8
+JgLSdx1UdUclh81smTujsouyCFwJSvRjKik8e/Qt0f5patukFbFRINxUGUDhOKbA
+7zqeNQbeYaP7Rvw+3z01CU2BTBmB/EWa2xWDam8B9xQvjiHSOrubqkt3sIQJb045
+hzuigdV7VQKBgQD7Gnd0nyCwyMSIIMGuswYv6X4y6i9lr3qdQ4GakOTe/vbsz+cf
+K5f0CJuwbnszEgFg/zzVIx/D8rqUA3hSMlp+ObdMO7gi22Q4TsWvTRZjkxBeV7rH
+48xJneNIMqyWgIcK5YzSn3y6BTZ4hm3+2UInz09iUJ/6UZTtwNzhIIgIVwKBgQCT
+LxRHDE4gIzrT+PHRSonmr/DfnA8nc9WlS2B26lH02IkRs/5Su0iGb6p4y3zNRbCp
+vKQElki2c60ZiSqlLCosEfP1jWmDlRMEQVMlPlpTMxmtBr0jPDzc9T4lDhoCFYEk
+d3/T2vG3LQRrsHm92+hHPTuioTIS/2BJRxar4RIibQKBgQC8zoayoQ7zfEYxy3Ax
+OSao8g85hj0EAJk/VKQP2POgz6KoPay3JE9D7P7OvkebTyv/pijAuTPby4XipCNI
+K0JbFC2Kn7RW/ZV23UdnoO9crh2omOh+/52prStWXKoc+/pJe70Af+4rU7FUiI7F
+y1mIE9krIoVis6iYsyFEmkP7iw==
+-----END PRIVATE KEY-----
diff --git a/src/k8splugin/plugins/generic/plugin.go b/src/k8splugin/plugins/generic/plugin.go
new file mode 100644
index 00000000..b0cf609c
--- /dev/null
+++ b/src/k8splugin/plugins/generic/plugin.go
@@ -0,0 +1,109 @@
+/*
+Copyright 2018 Intel Corporation.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+ "log"
+
+ pkgerrors "github.com/pkg/errors"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+ "k8s.io/apimachinery/pkg/runtime/schema"
+ "k8s.io/client-go/kubernetes/scheme"
+
+ utils "k8splugin/internal"
+ "k8splugin/internal/app"
+)
+
+type genericPlugin struct {
+}
+
+var kindToGVRMap = map[string]schema.GroupVersionResource{
+ "ConfigMap": schema.GroupVersionResource{Group: "", Version: "v1", Resource: "configmaps"},
+ "StatefulSet": schema.GroupVersionResource{Group: "apps", Version: "v1", Resource: "statefulsets"},
+ "Job": schema.GroupVersionResource{Group: "batch", Version: "v1", Resource: "jobs"},
+ "Pod": schema.GroupVersionResource{Group: "", Version: "v1", Resource: "pods"},
+ "DaemonSet": schema.GroupVersionResource{Group: "apps", Version: "v1", Resource: "daemonsets"},
+ "CustomResourceDefinition": schema.GroupVersionResource{
+ Group: "apiextensions.k8s.io", Version: "v1beta1", Resource: "customresourcedefinitions",
+ },
+}
+
+// Create deployment object in a specific Kubernetes cluster
+func (g genericPlugin) Create(yamlFilePath string, namespace string, client *app.KubernetesClient) (string, error) {
+ if namespace == "" {
+ namespace = "default"
+ }
+
+ //Decode the yaml file to create a runtime.Object
+ obj, err := utils.DecodeYAML(yamlFilePath, nil)
+ if err != nil {
+ return "", pkgerrors.Wrap(err, "Decode deployment object error")
+ }
+
+ //Convert the runtime.Object to an unstructured Object
+ unstruct := &unstructured.Unstructured{}
+ err = scheme.Scheme.Convert(obj, unstruct, nil)
+ if err != nil {
+ return "", pkgerrors.Wrap(err, "Converting to unstructured object")
+ }
+
+ dynClient := client.GetDynamicClient()
+ mapper := client.GetMapper()
+
+ gvk := unstruct.GroupVersionKind()
+ mapping, err := mapper.RESTMapping(schema.GroupKind{Group: gvk.Group, Kind: gvk.Kind}, gvk.Version)
+ if err != nil {
+ return "", pkgerrors.Wrap(err, "Mapping kind to resource error")
+ }
+
+ gvr := mapping.Resource
+
+ createdObj, err := dynClient.Resource(gvr).Namespace(namespace).Create(unstruct, metav1.CreateOptions{})
+ if err != nil {
+ return "", pkgerrors.Wrap(err, "Create object error")
+ }
+
+ return createdObj.GetName(), nil
+}
+
+// Delete an existing deployment hosted in a specific Kubernetes cluster
+func (g genericPlugin) Delete(kind string, name string, namespace string, client *app.KubernetesClient) error {
+ if namespace == "" {
+ namespace = "default"
+ }
+
+ deletePolicy := metav1.DeletePropagationForeground
+ opts := &metav1.DeleteOptions{
+ PropagationPolicy: &deletePolicy,
+ }
+
+ dynClient := client.GetDynamicClient()
+ gvr, ok := kindToGVRMap[kind]
+ if !ok {
+ return pkgerrors.New("GVR not found for: " + kind)
+ }
+
+ log.Printf("Using gvr: %s, %s, %s", gvr.Group, gvr.Version, gvr.Resource)
+
+ err := dynClient.Resource(gvr).Namespace(namespace).Delete(name, opts)
+ if err != nil {
+ return pkgerrors.Wrap(err, "Delete object error")
+ }
+
+ return nil
+}
+
+// ExportedVariable is what we will look for when calling the generic plugin
+var ExportedVariable genericPlugin