forked from openshift/openshift-client-python
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig.py
More file actions
185 lines (148 loc) · 7.41 KB
/
config.py
File metadata and controls
185 lines (148 loc) · 7.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
from __future__ import absolute_import
import openshift_client as oc
import base64
import json
def get_kubeconfig():
"""
:return: Returns the current kubeconfig as a python dict
"""
return json.loads(oc.invoke('config',
cmd_args=['view',
'-o=json',
'--raw',
],
no_namespace=True).out().strip())
def _get_kubeconfig_model(_kc_model=None):
if _kc_model:
return _kc_model
else:
return oc.Model(dict_to_model=get_kubeconfig())
def get_kubeconfig_cluster_names(_kc_model=None):
"""
:param _kc_model: Internally used to cache kubeconfig info.
:return: Returns a list of all the cluster names in the kubeconfig.
"""
kc = _get_kubeconfig_model(_kc_model=_kc_model)
names = []
for cluster_entry in kc.clusters:
names.append(cluster_entry.name)
return names
def get_kubeconfig_current_context_name(_kc_model=None):
"""
:param _kc_model: Internally used to cache kubeconfig info.
:return: Returns the name of the current context in your kubeconfig
"""
kc = _get_kubeconfig_model(_kc_model=_kc_model)
return kc['current-context']
def get_kubeconfig_context(context_name=None, _kc_model=None):
"""
:param _kc_model: Internally used to cache kubeconfig info.
:param context_name: The context to retrieve or None to retrieve the current context.
:return: Returns a dict of the specified context or current context. e.g. {cluster:..., namespace:...., user:....}
"""
kc = _get_kubeconfig_model(_kc_model=_kc_model)
if context_name is None:
context_name = get_kubeconfig_current_context_name(_kc_model=kc)
for context_entry in kc.contexts:
if context_entry.name == context_name:
return context_entry.context._primitive()
return None
def get_kubeconfig_current_cluster_name(_kc_model=None):
"""
:param _kc_model: Internally used to cache kubeconfig info.
:return: Returns the cluster associated with the current context.
"""
kc = _get_kubeconfig_model(_kc_model=_kc_model)
current_context_name = get_kubeconfig_current_context_name(_kc_model=kc)
return get_kubeconfig_context(context_name=current_context_name, _kc_model=kc)['cluster']
def get_kubeconfig_cluster(cluster_name=None, _kc_model=None):
"""
:param cluster_name: The context to retrieve or None for current context dict
:param _kc_model: Internally used to cache kubeconfig info.
:return: Returns a raw bytes from kubeconfig in a dict of the specified cluster or current cluster.
e.g. {server:.. certificate-authority-data:.}. Note that since the bytes are raw, an entry like
certificate-data-authority would need to be decoded to get PEM content.
"""
kc = _get_kubeconfig_model(_kc_model=_kc_model)
if cluster_name is None:
cluster_name = get_kubeconfig_current_cluster_name(_kc_model=kc)
for cluster_entry in kc.clusters:
if cluster_entry.name == cluster_name:
return cluster_entry.cluster._primitive()
return None
def set_kubeconfig_insecure_skip_tls_verify(active, cluster_name=None, _kc_model=None):
"""
Sets or removes insecure-skip-tls-verify for the specified cluster (or the current cluster if
not specified).
:param active: If True, enable insecure-skip-tls-verify for the the cluster
:param cluster_name: The cluster name to modify. If not specified, the current context's cluster will be modified.
:param _kc_model: Internally used to cache kubeconfig info.
"""
if not cluster_name:
cluster_name = get_kubeconfig_current_cluster_name(_kc_model=_kc_model)
oc.invoke('config',
cmd_args=['set-cluster',
cluster_name,
'--insecure-skip-tls-verify={}'.format(str(active).lower()),
],
no_namespace=True)
def remove_kubeconfig_certifcate_authority(cluster_name=None, _kc_model=None):
"""
When you installer a valid certificate for your api endpoint, you may want to
use your host's local certificate authorities. To do that, references to certificate
authorities must be removed from your kubeconfig.
:param cluster_name: The cluster name to modify. If not specified, the current context's cluster will be modified.
:param _kc_model: Internally used to cache kubeconfig info.
"""
if not cluster_name:
cluster_name = get_kubeconfig_current_cluster_name(_kc_model=_kc_model)
# Setting insecure will remove any other certificate-authority data from the cluster's entry
set_kubeconfig_insecure_skip_tls_verify(True, cluster_name=cluster_name, _kc_model=_kc_model)
# Now set it back to false, removing the insecure-skip-tls-verify entry from kubeconfig
set_kubeconfig_insecure_skip_tls_verify(False, cluster_name=cluster_name, _kc_model=_kc_model)
def get_kubeconfig_certificate_authority_data(cluster_name=None, _kc_model=None):
"""
Returns the certificate authority data (if any) for the specified cluster.
:param cluster_name: The cluster name to inspect. If not specified, the ca data will be
returned for the current context's cluster.
:param _kc_model: Internally used to cache kubeconfig info.
:return: The PEM encoded x509 data or None if the cluster did not posses a certificate-authority-data
field.
"""
kc = _get_kubeconfig_model(_kc_model=_kc_model)
if not cluster_name:
cluster_name = get_kubeconfig_current_cluster_name(_kc_model=kc)
cluster_dict = get_kubeconfig_cluster(cluster_name, _kc_model=kc)
data = cluster_dict.get('certificate-authority-data', None)
if data:
# the data is base64 encoded PEM, so decode it.
return base64.b64decode(data)
return None
def set_kubeconfig_certificate_authority_data(ca_data, cluster_name=None, _kc_model=None):
"""
Sets the certificate authority data for one or more clusters in the kubeconfig.
:param ca_data: The certificate authority data (PEM format). The chain will be encoded into
base64 before being set in the kubeconfig.
:param cluster_name: The cluster name to affect. If not specified, the ca data will be
set for the current context.
:param _kc_model: Internally used to cache kubeconfig info.
:return: n/a
"""
kc = _get_kubeconfig_model(_kc_model=_kc_model)
if not cluster_name:
cluster_name = get_kubeconfig_current_cluster_name(_kc_model=kc)
# The kubeconfig cluster entry may have an existing certificate-authority file or have
# insecure-skip-tls-verify set to true. Have ca-data set alongside either of these is
# an invalid state for the kubeconfig, so we use a trick: setting insecure-skip-tls-verify
# will clear existing certificate authority entries. When we set it back to true, we can
# safely poke in the ca-data
remove_kubeconfig_certifcate_authority(cluster_name=cluster_name, _kc_model=kc)
b64_data = base64.b64encode(ca_data)
# Now we can poke in the value that we need
oc.invoke('config',
# https://github.com/kubernetes/kubectl/issues/501#issuecomment-406890261
cmd_args=['set',
'clusters.{}.certificate-authority-data'.format(cluster_name),
b64_data
],
no_namespace=True)