Merge "Add support in Armada CLI to pass user bearer tokens to tiller"

This commit is contained in:
Zuul 2019-02-28 14:47:02 +00:00 committed by Gerrit Code Review
commit 3c60a576f9
10 changed files with 71 additions and 22 deletions

View File

@ -129,17 +129,18 @@ SHORT_DESC = "Command installs manifest charts."
help=("The target manifest to run. Required for specifying "
"which manifest to run when multiple are available."),
default=None)
@click.option('--bearer-token', help="User Bearer token", default=None)
@click.option('--debug', help="Enable debug logging.", is_flag=True)
@click.pass_context
def apply_create(ctx, locations, api, disable_update_post, disable_update_pre,
dry_run, enable_chart_cleanup, use_doc_ref, set, tiller_host,
tiller_port, tiller_namespace, timeout, values, wait,
target_manifest, debug):
target_manifest, bearer_token, debug):
CONF.debug = debug
ApplyManifest(ctx, locations, api, disable_update_post, disable_update_pre,
dry_run, enable_chart_cleanup, use_doc_ref, set, tiller_host,
tiller_port, tiller_namespace, timeout, values, wait,
target_manifest).safe_invoke()
target_manifest, bearer_token).safe_invoke()
class ApplyManifest(CliAction):
@ -147,7 +148,7 @@ class ApplyManifest(CliAction):
def __init__(self, ctx, locations, api, disable_update_post,
disable_update_pre, dry_run, enable_chart_cleanup,
use_doc_ref, set, tiller_host, tiller_port, tiller_namespace,
timeout, values, wait, target_manifest):
timeout, values, wait, target_manifest, bearer_token):
super(ApplyManifest, self).__init__()
self.ctx = ctx
# Filename can also be a URL reference
@ -166,6 +167,7 @@ class ApplyManifest(CliAction):
self.values = values
self.wait = wait
self.target_manifest = target_manifest
self.bearer_token = bearer_token
def output(self, resp):
for result in resp:
@ -203,6 +205,7 @@ class ApplyManifest(CliAction):
tiller_host=self.tiller_host,
tiller_port=self.tiller_port,
tiller_namespace=self.tiller_namespace,
bearer_token=self.bearer_token,
dry_run=self.dry_run) as tiller:
armada = Armada(
documents,

View File

@ -66,19 +66,20 @@ SHORT_DESC = "Command deletes releases."
@click.option('--tiller-host', help="Tiller host IP.")
@click.option(
'--tiller-port', help="Tiller host port.", type=int, default=44134)
@click.option('--bearer-token', help="User Bearer token.", default=None)
@click.option('--debug', help="Enable debug logging.", is_flag=True)
@click.pass_context
def delete_charts(ctx, manifest, releases, no_purge, tiller_host, tiller_port,
debug):
bearer_token, debug):
CONF.debug = debug
DeleteChartManifest(ctx, manifest, releases, no_purge, tiller_host,
tiller_port).safe_invoke()
tiller_port, bearer_token).safe_invoke()
class DeleteChartManifest(CliAction):
def __init__(self, ctx, manifest, releases, no_purge, tiller_host,
tiller_port):
tiller_port, bearer_token):
super(DeleteChartManifest, self).__init__()
self.ctx = ctx
@ -87,11 +88,13 @@ class DeleteChartManifest(CliAction):
self.purge = not no_purge
self.tiller_host = tiller_host
self.tiller_port = tiller_port
self.bearer_token = bearer_token
def invoke(self):
with Tiller(
tiller_host=self.tiller_host,
tiller_port=self.tiller_port) as tiller:
tiller_port=self.tiller_port,
bearer_token=self.bearer_token) as tiller:
self.handle(tiller)
def handle(self, tiller):

View File

@ -80,22 +80,23 @@ SHORT_DESC = "Command performs a release rollback."
'--recreate-pods',
help=("Restarts pods for the resource if applicable."),
is_flag=True)
@click.option('--bearer-token', help=("User bearer token."), default=None)
@click.option('--debug', help="Enable debug logging.", is_flag=True)
@click.pass_context
def rollback_charts(ctx, release, version, dry_run, tiller_host, tiller_port,
tiller_namespace, timeout, wait, force, recreate_pods,
debug):
bearer_token, debug):
CONF.debug = debug
Rollback(ctx, release, version, dry_run, tiller_host, tiller_port,
tiller_namespace, timeout, wait, force,
recreate_pods).safe_invoke()
tiller_namespace, timeout, wait, force, recreate_pods,
bearer_token).safe_invoke()
class Rollback(CliAction):
def __init__(self, ctx, release, version, dry_run, tiller_host,
tiller_port, tiller_namespace, timeout, wait, force,
recreate_pods):
recreate_pods, bearer_token):
super(Rollback, self).__init__()
self.ctx = ctx
self.release = release
@ -108,12 +109,14 @@ class Rollback(CliAction):
self.wait = wait
self.force = force
self.recreate_pods = recreate_pods
self.bearer_token = bearer_token
def invoke(self):
with Tiller(
tiller_host=self.tiller_host,
tiller_port=self.tiller_port,
tiller_namespace=self.tiller_namespace,
bearer_token=self.bearer_token,
dry_run=self.dry_run) as tiller:
response = tiller.rollback_release(

View File

@ -61,19 +61,20 @@ SHORT_DESC = "Command gets Tiller information."
default=CONF.tiller_namespace)
@click.option('--releases', help="List of deployed releases.", is_flag=True)
@click.option('--status', help="Status of Tiller services.", is_flag=True)
@click.option('--bearer-token', help="User bearer token.", default=None)
@click.option('--debug', help="Enable debug logging.", is_flag=True)
@click.pass_context
def tiller_service(ctx, tiller_host, tiller_port, tiller_namespace, releases,
status, debug):
status, bearer_token, debug):
CONF.debug = debug
TillerServices(ctx, tiller_host, tiller_port, tiller_namespace, releases,
status).safe_invoke()
status, bearer_token).safe_invoke()
class TillerServices(CliAction):
def __init__(self, ctx, tiller_host, tiller_port, tiller_namespace,
releases, status):
releases, status, bearer_token):
super(TillerServices, self).__init__()
self.ctx = ctx
self.tiller_host = tiller_host
@ -81,13 +82,15 @@ class TillerServices(CliAction):
self.tiller_namespace = tiller_namespace
self.releases = releases
self.status = status
self.bearer_token = bearer_token
def invoke(self):
with Tiller(
tiller_host=self.tiller_host,
tiller_port=self.tiller_port,
tiller_namespace=self.tiller_namespace) as tiller:
tiller_namespace=self.tiller_namespace,
bearer_token=self.bearer_token) as tiller:
self.handle(tiller)

View File

@ -41,20 +41,30 @@ class K8s(object):
Object to obtain the local kube config file
'''
def __init__(self):
def __init__(self, bearer_token=None):
'''
Initialize connection to Kubernetes
'''
self.bearer_token = bearer_token
api_client = None
try:
config.load_incluster_config()
except config.config_exception.ConfigException:
config.load_kube_config()
self.client = client.CoreV1Api()
self.batch_api = client.BatchV1Api()
self.batch_v1beta1_api = client.BatchV1beta1Api()
self.extension_api = client.ExtensionsV1beta1Api()
self.apps_v1_api = client.AppsV1Api()
if self.bearer_token:
# Configure API key authorization: Bearer Token
configuration = client.Configuration()
configuration.api_key_prefix['authorization'] = 'Bearer'
configuration.api_key['authorization'] = self.bearer_token
api_client = client.ApiClient(configuration)
self.client = client.CoreV1Api(api_client)
self.batch_api = client.BatchV1Api(api_client)
self.batch_v1beta1_api = client.BatchV1beta1Api(api_client)
self.extension_api = client.ExtensionsV1beta1Api(api_client)
self.apps_v1_api = client.AppsV1Api(api_client)
def delete_job_action(self,
name,

View File

@ -80,14 +80,16 @@ class Tiller(object):
tiller_host=None,
tiller_port=None,
tiller_namespace=None,
bearer_token=None,
dry_run=None):
self.tiller_host = tiller_host
self.tiller_port = tiller_port or CONF.tiller_port
self.tiller_namespace = tiller_namespace or CONF.tiller_namespace
self.bearer_token = bearer_token
self.dry_run = dry_run or False
# init k8s connectivity
self.k8s = K8s()
self.k8s = K8s(bearer_token=self.bearer_token)
# init Tiller channel
self.channel = self.get_channel()

View File

@ -54,6 +54,7 @@ Commands
--target-manifest TEXT The target manifest to run. Required for
specifying which manifest to run when multiple
are available.
--bearer-token User bearer token.
--debug Enable debug logging.
--help Show this message and exit.

View File

@ -24,6 +24,7 @@ Commands
--timeout INTEGER Tiller Host IP
--version INTEGER Version of release to rollback to. 0 represents the previous release
--wait Version of release to rollback to. 0 represents the previous release
--bearer-token User bearer token
--help Show this message and exit.
Synopsis

View File

@ -27,6 +27,7 @@ Commands
-tn, --tiller-namespace TEXT Tiller namespace
--releases list of deployed releses
--status Status of Armada services
--bearer-token User bearer token
--help Show this message and exit.
Synopsis

View File

@ -224,3 +224,25 @@ for example:
description: Change value deploy
chart_group:
- blog-1
User bearer token
-----------------
It is possible to pass the user bearer token from the armada CLI to interact
with a kubernetes cluster that has been configured with an external Auth-backend
like openstack-keystone.
.. code:: bash
Example:
armada apply --bearer-token [ TOKEN ] --values [ path_to_yaml ] [ FILE ]
armada tiller --bearer-token [ TOKEN ] --status
.. note::
The bearer token option is available for the following commands
armada apply
armada delete
armada tiller
armada rollback