Skip to content

Commit

Permalink
Add kube config support
Browse files Browse the repository at this point in the history
  • Loading branch information
mbohlool committed Nov 17, 2016
1 parent 634a1b9 commit 033e180
Show file tree
Hide file tree
Showing 5 changed files with 193 additions and 1 deletion.
2 changes: 2 additions & 0 deletions .swagger-codegen-ignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
.gitignore
git_push.sh
test/*
requirements.txt
setup.py
15 changes: 15 additions & 0 deletions k8sutil/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# Copyright 2016 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

from .kube_config import load_kube_config
172 changes: 172 additions & 0 deletions k8sutil/kube_config.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,172 @@
# Copyright 2016 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import atexit
import base64
import os
import tempfile

import urllib3
import yaml
from k8sclient import configuration
from oauth2client.client import GoogleCredentials

_temp_files = []


def _cleanup_temp_files():
for f in _temp_files:
os.remove(f)


def _create_temp_file_with_content(content):
if len(_temp_files) == 0:
atexit.register(_cleanup_temp_files)
_, name = tempfile.mkstemp()
_temp_files.append(name)
if isinstance(content, str):
content = content.encode('utf8')
with open(name, 'wb') as fd:
fd.write(base64.decodestring(content))
return name


def _file_from_file_or_data(o, file_key_name, data_key_name=None):
if not data_key_name:
data_key_name = file_key_name + "-data"
if data_key_name in o:
return _create_temp_file_with_content(o[data_key_name])
if file_key_name in o:
return o[file_key_name]


def _data_from_file_or_data(o, file_key_name, data_key_name=None):
if not data_key_name:
data_key_name = file_key_name + "_data"
if data_key_name in o:
return o[data_key_name]
if file_key_name in o:
with open(o[file_key_name], 'r') as f:
data = f.read()
return data


def _load_gcp_token(user):
if 'auth-provider' not in user:
return
if 'name' not in user['auth-provider']:
return
if user['auth-provider']['name'] != 'gcp':
return
# Ignore configs in auth-provider and rely on GoogleCredentials
# caching and refresh mechanism.
# TODO: support gcp command based token ("cmd-path" config).
return (GoogleCredentials
.get_application_default()
.get_access_token()
.access_token)


def _load_authentication(user):
"""Read authentication from kube-config user section.
This function goes through various authetication methods in user section of
kubeconfig and stops if it founds a valid authentication method. The order
of authentication methods is:
1. GCP auth-provider
2. token_data
3. token field (point to a token file)
4. username/password
"""
# Read authentication
token = _load_gcp_token(user)
if not token:
token = _data_from_file_or_data(user, 'tokenFile', 'token')
if token:
configuration.api_key['authorization'] = "bearer " + token
else:
if 'username' in user and 'password' in user:
configuration.api_key['authorization'] = urllib3.util.make_headers(
basic_auth=user['username'] + ':' +
user['password']).get('authorization')


def _load_cluster_info(cluster, user):
"""Loads cluster information from kubeconfig such as host and SSL certs."""
if 'server' in cluster:
configuration.host = cluster['server']
if configuration.host.startswith("https"):
configuration.ssl_ca_cert = _file_from_file_or_data(
cluster, 'certificate-authority')
configuration.cert_file = _file_from_file_or_data(
user, 'client-certificate')
configuration.key_file = _file_from_file_or_data(
user, 'client-key')


class _node:
"""Remembers each key's path and construct a relevant exception message
in case of missing keys."""

def __init__(self, name, value):
self._name = name
self._value = value

def __contains__(self, key):
return key in self._value

def __getitem__(self, key):
if key in self._value:
v = self._value[key]
if isinstance(v, dict) or isinstance(v, list):
return _node('%s/%s' % (self._name, key), v)
else:
return v
raise Exception(
'Invalid kube-config file. Expected key %s in %s'
% (key, self._name))

def get_with_name(self, name):
if not isinstance(self._value, list):
raise Exception(
'Invalid kube-config file. Expected %s to be a list'
% self._name)
for v in self._value:
if 'name' not in v:
raise Exception(
'Invalid kube-config file. '
'Expected all values in %s list to have \'name\' key'
% self._name)
if v['name'] == name:
return _node('%s[name=%s]' % (self._name, name), v)
raise Exception(
"Cannot find object with name %s in %s list" % (name, self._name))


def load_kube_config(config_file):
"""Loads authentication and cluster information from kube-config file
and store them in k8sclient.configuration."""

with open(config_file) as f:
config = _node('kube-config', yaml.load(f))

current_context = config['contexts'].get_with_name(
config['current-context'])['context']
user = config['users'].get_with_name(current_context['user'])['user']
cluster = config['clusters'].get_with_name(
current_context['cluster'])['cluster']

_load_cluster_info(cluster, user)
_load_authentication(user)
3 changes: 3 additions & 0 deletions requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,6 @@ six == 1.8.0
python_dateutil >= 2.5.3
setuptools >= 21.0.0
urllib3 >= 1.15.1
pyyaml >= 3.12
oauth2client >= 4.0.0

2 changes: 1 addition & 1 deletion setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
# prerequisite: setuptools
# http://pypi.python.org/pypi/setuptools

REQUIRES = ["urllib3 >= 1.15", "six >= 1.10", "certifi", "python-dateutil"]
REQUIRES = ["urllib3 >= 1.15", "six >= 1.10", "certifi", "python-dateutil", "pyyaml", "oauth2client"]

setup(
name=NAME,
Expand Down

0 comments on commit 033e180

Please sign in to comment.