diff --git a/armada/cli/apply.py b/armada/cli/apply.py index 209b960f..41fa7719 100644 --- a/armada/cli/apply.py +++ b/armada/cli/apply.py @@ -129,17 +129,18 @@ SHORT_DESC = "Command installs manifest charts." help=("The target manifest to run. Required for specifying " "which manifest to run when multiple are available."), default=None) +@click.option('--bearer-token', help="User Bearer token", default=None) @click.option('--debug', help="Enable debug logging.", is_flag=True) @click.pass_context def apply_create(ctx, locations, api, disable_update_post, disable_update_pre, dry_run, enable_chart_cleanup, use_doc_ref, set, tiller_host, tiller_port, tiller_namespace, timeout, values, wait, - target_manifest, debug): + target_manifest, bearer_token, debug): CONF.debug = debug ApplyManifest(ctx, locations, api, disable_update_post, disable_update_pre, dry_run, enable_chart_cleanup, use_doc_ref, set, tiller_host, tiller_port, tiller_namespace, timeout, values, wait, - target_manifest).safe_invoke() + target_manifest, bearer_token).safe_invoke() class ApplyManifest(CliAction): @@ -147,7 +148,7 @@ class ApplyManifest(CliAction): def __init__(self, ctx, locations, api, disable_update_post, disable_update_pre, dry_run, enable_chart_cleanup, use_doc_ref, set, tiller_host, tiller_port, tiller_namespace, - timeout, values, wait, target_manifest): + timeout, values, wait, target_manifest, bearer_token): super(ApplyManifest, self).__init__() self.ctx = ctx # Filename can also be a URL reference @@ -166,6 +167,7 @@ class ApplyManifest(CliAction): self.values = values self.wait = wait self.target_manifest = target_manifest + self.bearer_token = bearer_token def output(self, resp): for result in resp: @@ -203,6 +205,7 @@ class ApplyManifest(CliAction): tiller_host=self.tiller_host, tiller_port=self.tiller_port, tiller_namespace=self.tiller_namespace, + bearer_token=self.bearer_token, dry_run=self.dry_run) as tiller: armada = Armada( documents, diff --git a/armada/cli/delete.py b/armada/cli/delete.py index bb92d91f..292dba0f 100644 --- a/armada/cli/delete.py +++ b/armada/cli/delete.py @@ -66,19 +66,20 @@ SHORT_DESC = "Command deletes releases." @click.option('--tiller-host', help="Tiller host IP.") @click.option( '--tiller-port', help="Tiller host port.", type=int, default=44134) +@click.option('--bearer-token', help="User Bearer token.", default=None) @click.option('--debug', help="Enable debug logging.", is_flag=True) @click.pass_context def delete_charts(ctx, manifest, releases, no_purge, tiller_host, tiller_port, - debug): + bearer_token, debug): CONF.debug = debug DeleteChartManifest(ctx, manifest, releases, no_purge, tiller_host, - tiller_port).safe_invoke() + tiller_port, bearer_token).safe_invoke() class DeleteChartManifest(CliAction): def __init__(self, ctx, manifest, releases, no_purge, tiller_host, - tiller_port): + tiller_port, bearer_token): super(DeleteChartManifest, self).__init__() self.ctx = ctx @@ -87,11 +88,13 @@ class DeleteChartManifest(CliAction): self.purge = not no_purge self.tiller_host = tiller_host self.tiller_port = tiller_port + self.bearer_token = bearer_token def invoke(self): with Tiller( tiller_host=self.tiller_host, - tiller_port=self.tiller_port) as tiller: + tiller_port=self.tiller_port, + bearer_token=self.bearer_token) as tiller: self.handle(tiller) def handle(self, tiller): diff --git a/armada/cli/rollback.py b/armada/cli/rollback.py index 89bf9f2c..f3bc5e81 100644 --- a/armada/cli/rollback.py +++ b/armada/cli/rollback.py @@ -80,22 +80,23 @@ SHORT_DESC = "Command performs a release rollback." '--recreate-pods', help=("Restarts pods for the resource if applicable."), is_flag=True) +@click.option('--bearer-token', help=("User bearer token."), default=None) @click.option('--debug', help="Enable debug logging.", is_flag=True) @click.pass_context def rollback_charts(ctx, release, version, dry_run, tiller_host, tiller_port, tiller_namespace, timeout, wait, force, recreate_pods, - debug): + bearer_token, debug): CONF.debug = debug Rollback(ctx, release, version, dry_run, tiller_host, tiller_port, - tiller_namespace, timeout, wait, force, - recreate_pods).safe_invoke() + tiller_namespace, timeout, wait, force, recreate_pods, + bearer_token).safe_invoke() class Rollback(CliAction): def __init__(self, ctx, release, version, dry_run, tiller_host, tiller_port, tiller_namespace, timeout, wait, force, - recreate_pods): + recreate_pods, bearer_token): super(Rollback, self).__init__() self.ctx = ctx self.release = release @@ -108,12 +109,14 @@ class Rollback(CliAction): self.wait = wait self.force = force self.recreate_pods = recreate_pods + self.bearer_token = bearer_token def invoke(self): with Tiller( tiller_host=self.tiller_host, tiller_port=self.tiller_port, tiller_namespace=self.tiller_namespace, + bearer_token=self.bearer_token, dry_run=self.dry_run) as tiller: response = tiller.rollback_release( diff --git a/armada/cli/tiller.py b/armada/cli/tiller.py index 7d73b15e..22a3b15c 100644 --- a/armada/cli/tiller.py +++ b/armada/cli/tiller.py @@ -61,19 +61,20 @@ SHORT_DESC = "Command gets Tiller information." default=CONF.tiller_namespace) @click.option('--releases', help="List of deployed releases.", is_flag=True) @click.option('--status', help="Status of Tiller services.", is_flag=True) +@click.option('--bearer-token', help="User bearer token.", default=None) @click.option('--debug', help="Enable debug logging.", is_flag=True) @click.pass_context def tiller_service(ctx, tiller_host, tiller_port, tiller_namespace, releases, - status, debug): + status, bearer_token, debug): CONF.debug = debug TillerServices(ctx, tiller_host, tiller_port, tiller_namespace, releases, - status).safe_invoke() + status, bearer_token).safe_invoke() class TillerServices(CliAction): def __init__(self, ctx, tiller_host, tiller_port, tiller_namespace, - releases, status): + releases, status, bearer_token): super(TillerServices, self).__init__() self.ctx = ctx self.tiller_host = tiller_host @@ -81,13 +82,15 @@ class TillerServices(CliAction): self.tiller_namespace = tiller_namespace self.releases = releases self.status = status + self.bearer_token = bearer_token def invoke(self): with Tiller( tiller_host=self.tiller_host, tiller_port=self.tiller_port, - tiller_namespace=self.tiller_namespace) as tiller: + tiller_namespace=self.tiller_namespace, + bearer_token=self.bearer_token) as tiller: self.handle(tiller) diff --git a/armada/handlers/k8s.py b/armada/handlers/k8s.py index 61a635da..33f18598 100644 --- a/armada/handlers/k8s.py +++ b/armada/handlers/k8s.py @@ -41,20 +41,30 @@ class K8s(object): Object to obtain the local kube config file ''' - def __init__(self): + def __init__(self, bearer_token=None): ''' Initialize connection to Kubernetes ''' + self.bearer_token = bearer_token + api_client = None + try: config.load_incluster_config() except config.config_exception.ConfigException: config.load_kube_config() - self.client = client.CoreV1Api() - self.batch_api = client.BatchV1Api() - self.batch_v1beta1_api = client.BatchV1beta1Api() - self.extension_api = client.ExtensionsV1beta1Api() - self.apps_v1_api = client.AppsV1Api() + if self.bearer_token: + # Configure API key authorization: Bearer Token + configuration = client.Configuration() + configuration.api_key_prefix['authorization'] = 'Bearer' + configuration.api_key['authorization'] = self.bearer_token + api_client = client.ApiClient(configuration) + + self.client = client.CoreV1Api(api_client) + self.batch_api = client.BatchV1Api(api_client) + self.batch_v1beta1_api = client.BatchV1beta1Api(api_client) + self.extension_api = client.ExtensionsV1beta1Api(api_client) + self.apps_v1_api = client.AppsV1Api(api_client) def delete_job_action(self, name, diff --git a/armada/handlers/tiller.py b/armada/handlers/tiller.py index dc0a9bfb..aaa16b93 100644 --- a/armada/handlers/tiller.py +++ b/armada/handlers/tiller.py @@ -80,14 +80,16 @@ class Tiller(object): tiller_host=None, tiller_port=None, tiller_namespace=None, + bearer_token=None, dry_run=None): self.tiller_host = tiller_host self.tiller_port = tiller_port or CONF.tiller_port self.tiller_namespace = tiller_namespace or CONF.tiller_namespace + self.bearer_token = bearer_token self.dry_run = dry_run or False # init k8s connectivity - self.k8s = K8s() + self.k8s = K8s(bearer_token=self.bearer_token) # init Tiller channel self.channel = self.get_channel() diff --git a/doc/source/commands/apply.rst b/doc/source/commands/apply.rst index fabc895b..4e713b75 100644 --- a/doc/source/commands/apply.rst +++ b/doc/source/commands/apply.rst @@ -54,6 +54,7 @@ Commands --target-manifest TEXT The target manifest to run. Required for specifying which manifest to run when multiple are available. + --bearer-token User bearer token. --debug Enable debug logging. --help Show this message and exit. diff --git a/doc/source/commands/rollback.rst b/doc/source/commands/rollback.rst index a8620bd3..aeb6da1f 100644 --- a/doc/source/commands/rollback.rst +++ b/doc/source/commands/rollback.rst @@ -24,6 +24,7 @@ Commands --timeout INTEGER Tiller Host IP --version INTEGER Version of release to rollback to. 0 represents the previous release --wait Version of release to rollback to. 0 represents the previous release + --bearer-token User bearer token --help Show this message and exit. Synopsis diff --git a/doc/source/commands/tiller.rst b/doc/source/commands/tiller.rst index 276cb5aa..7f84e570 100644 --- a/doc/source/commands/tiller.rst +++ b/doc/source/commands/tiller.rst @@ -27,6 +27,7 @@ Commands -tn, --tiller-namespace TEXT Tiller namespace --releases list of deployed releses --status Status of Armada services + --bearer-token User bearer token --help Show this message and exit. Synopsis diff --git a/doc/source/operations/guide-use-armada.rst b/doc/source/operations/guide-use-armada.rst index c9b8e3fd..567a67f5 100644 --- a/doc/source/operations/guide-use-armada.rst +++ b/doc/source/operations/guide-use-armada.rst @@ -224,3 +224,25 @@ for example: description: Change value deploy chart_group: - blog-1 + +User bearer token +----------------- +It is possible to pass the user bearer token from the armada CLI to interact +with a kubernetes cluster that has been configured with an external Auth-backend +like openstack-keystone. + +.. code:: bash + + Example: + + armada apply --bearer-token [ TOKEN ] --values [ path_to_yaml ] [ FILE ] + + armada tiller --bearer-token [ TOKEN ] --status + +.. note:: + The bearer token option is available for the following commands + + armada apply + armada delete + armada tiller + armada rollback