RD-4494-write-workflow-eks-token-refresh (#182)

* refresh_and_store_token * readyy for CR * fix create and ctx.node_instances * update constants at the top and name function * update version Co-authored-by: nely <[email protected]>
cloudify-cosmo · Apr 18, 2022 · 5594866 · 5594866
1 parent 2cc9b2e
commit 5594866
Show file tree

Hide file tree

Showing 3 changed files with 94 additions and 8 deletions.
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
@@ -151,4 +151,6 @@
 2.13.7: RD-4205 Fix issue with file content
 2.13.8:
   - RD-1899 Speed up uninstall workflow.
-  - RD-4411 Add update resource test.
+  - RD-4411 Add update resource test.
+2.13.9:
+  -RD-4494-write-workflow-eks-token-refresh.
diff --git a/cloudify_kubernetes/workflows.py b/cloudify_kubernetes/workflows.py
@@ -15,14 +15,19 @@
 import ast
 import json
 
+from cloudify.workflows import ctx
 from cloudify.decorators import workflow
+from cloudify.manager import get_rest_client
 from cloudify.exceptions import NonRecoverableError
-from cloudify.workflows import ctx
+from cloudify_rest_client.exceptions import CloudifyClientError
 
 from . import utils
 
-RESOURCE_START_OPERATION = 'cloudify.interfaces.lifecycle.poststart'
-RESOURCE_UPDATE_OPERATION = 'cloudify.interfaces.lifecycle.update'
+POSTSTART = 'cloudify.interfaces.lifecycle.poststart'
+UPDATE = 'cloudify.interfaces.lifecycle.update'
+CHECKDRIFT = 'cloudify.interfaces.lifecycle.check_drift'
+DELETE = 'cloudify.interfaces.lifecycle.delete'
+CREATE = 'cloudify.interfaces.lifecycle.create'
 
 
 def execute_node_instance_operation(_node_instance,
@@ -111,8 +116,7 @@ def update_resource_definition(node_instance_id,
     # the latest version of the resource definition.
     node_instance.logger.info(
         'Executing start in order to get the current state.')
-    execute_node_instance_operation(
-        node_instance, RESOURCE_START_OPERATION)
+    execute_node_instance_operation(node_instance, POSTSTART)
     node_instance.logger.info(
         'Executed start in order to get the current state.')
 
@@ -121,7 +125,68 @@ def update_resource_definition(node_instance_id,
         'Executing update in order to push the new changes.')
     execute_node_instance_operation(
         node_instance,
-        RESOURCE_UPDATE_OPERATION,
+        UPDATE,
         _params={utils.DEFINITION_ADDITIONS: resource_definition_changes})
     node_instance.logger.info(
         'Executed update in order to push the new changes.')
+
+
+def refresh_and_store_token(ctx,
+                            kubernetes_cluster_node_instance_id,
+                            deployment_capability_name,
+                            service_account_node_instance_id,
+                            secret_token_node_instance_id,
+                            store_token_and_kubeconfig_id):
+
+    cluster_ni = lookup_node_instance(
+        kubernetes_cluster_node_instance_id)
+    execute_node_instance_operation(cluster_ni, POSTSTART)
+    execute_node_instance_operation(cluster_ni, CHECKDRIFT)
+
+    create_secrets_kubernetes_config(deployment_capability_name)
+
+    service_account_ni = lookup_node_instance(service_account_node_instance_id)
+    execute_node_instance_operation(service_account_ni, UPDATE)
+    execute_node_instance_operation(service_account_ni, POSTSTART)
+
+    secret_token_ni = lookup_node_instance(secret_token_node_instance_id)
+    execute_node_instance_operation(secret_token_ni, DELETE)
+    execute_node_instance_operation(secret_token_ni, CREATE)
+
+    store_token_and_kubeconfig_ni = lookup_node_instance(
+        store_token_and_kubeconfig_id)
+    execute_node_instance_operation(store_token_and_kubeconfig_ni, CREATE)
+
+
+def create_secrets_kubernetes_config(deployment_capability_name):
+    client = get_rest_client()
+
+    capabilities = client.deployments.capabilities. \
+        get(ctx.deployment.id).get('capabilities', {})
+    kubernetes_config = capabilities.get(deployment_capability_name, {}) \
+        .get('file_content', {})
+    ctx.logger.info('This is the capability: {}'.format(kubernetes_config))
+
+    try:
+        client.secrets.create('kubernetes_config', str(kubernetes_config))
+    except CloudifyClientError as err:
+        ctx.logger.error('{}'.format(str(err)))
+
+
+def lookup_node_instance(provided_node_instance_id):
+    try:
+        desired_node_instance = ctx.get_node_instance(
+            provided_node_instance_id)
+
+    except RuntimeError:
+        desired_node_instance = None
+        for node_instance in ctx.node_instances:
+            if node_instance.node_id == provided_node_instance_id:
+                desired_node_instance = node_instance
+                break
+    if not desired_node_instance:
+        raise NonRecoverableError(
+            'A valid node instance or node ID for a '
+            'X node was not found'
+        )
+    return desired_node_instance
diff --git a/plugin.yaml b/plugin.yaml
@@ -3,7 +3,7 @@ plugins:
   kubernetes:
     executor: central_deployment_agent
     package_name: cloudify-kubernetes-plugin
-    package_version: '2.13.8'
+    package_version: '2.13.9'
 
 data_types:
 
@@ -671,3 +671,22 @@ workflows:
         description: The id of the node-instance that you want to modify.
       resource_definition_changes:
         description: The changes to the resource definition that you are making.
+
+  refresh_and_store_token:
+    mapping: kubernetes.cloudify_kubernetes.workflows.refresh_and_store_token
+    parameters:
+      kubernetes_cluster_node_instance_id:
+        type: string
+        default: eks_cluster
+      deployment_capability_name:
+        type: string
+        default: connection_details
+      service_account_node_instance_id:
+        type: string
+        default: new_service_account
+      secret_token_node_instance_id:
+        type: string
+        default: secret
+      store_token_and_kubeconfig_id:
+        type: string
+        default: store_token_and_kubeconfig