From f49f70e89623e3e44ebc194f08c629793012ec66 Mon Sep 17 00:00:00 2001 From: sethho Date: Thu, 11 Jul 2024 11:12:28 -0400 Subject: [PATCH] making vn2 use a config file --- src/confcom/azext_confcom/_params.py | 74 +------------------ src/confcom/azext_confcom/custom.py | 62 ++++------------ src/confcom/azext_confcom/template_util.py | 4 + .../azext_confcom/virtual_kubelet_proxy.py | 5 +- src/confcom/samples/kubelet_config.json | 13 ++++ src/confcom/setup.py | 2 +- 6 files changed, 37 insertions(+), 123 deletions(-) create mode 100644 src/confcom/samples/kubelet_config.json diff --git a/src/confcom/azext_confcom/_params.py b/src/confcom/azext_confcom/_params.py index ee74c45301d..80190952ae1 100644 --- a/src/confcom/azext_confcom/_params.py +++ b/src/confcom/azext_confcom/_params.py @@ -134,80 +134,14 @@ def load_arguments(self, _): required=False, help="Path to the virtual kubelet yaml file", ) - - c.argument( - "configmaps", - options_list=("--configmaps"), - required=False, - help="Kubernetes config map filename", - ) - c.argument( - "kubernetes_port", - options_list=("--kubernetes-port"), - required=False, - help="KUBERNETES_PORT environment variable (default 'tcp://10.0.0.1:443')", - ) - c.argument( - "kubernetes_port_tcp", - options_list=("--kubernetes-port-tcp"), - required=False, - help="KUBERNETES_PORT_443_TCP environment variable (default 'tcp://10.0.0.1:443')", - ) c.argument( - "kubernetes_port_tcp_addr", - options_list=("--kubernetes-port-tcp-addr"), + "podspec_config", + options_list=("--podspec-config", "-c"), required=False, - help="KUBERNETES_PORT_443_TCP_ADDRESS environment variable (default '10.0.0.1')", - ) - c.argument( - "kubernetes_port_tcp_proto", - options_list=("--kubernetes-port-tcp-proto"), - required=False, - help="KUBERNETES_PORT_443_TCP_PROTO environment variable (default 'tcp')", - ) - c.argument( - "kubernetes_service_host", - options_list=("--kubernetes-service-host"), - required=False, - help="KUBERNETES_SERVICE_HOST environment variable (default '10.0.0.1')", - ) - c.argument( - "kubernetes_service_port", - options_list=("--kubernetes-service-port"), - required=False, - help="KUBERNETES_SERVICE_PORT environment variable (default '443')", - ) - c.argument( - "kubernetes_service_port_https", - options_list=("--kubernetes-service-port-https"), - required=False, - help="KUBERNETES_SERVICE_PORT_HTTPS environment variable (default '443')", - ) - c.argument( - "kubernetes_tcp_port", - options_list=("--kubernetes-tcp-port"), - required=False, - help="KUBERNETES_PORT_443_TCP_PORT environment variable (default '443')", - ) - c.argument( - "output_file_name", - options_list=("--output-file-name"), - required=False, - help="Name of the output file (default 'arm-template.json')", - ) - c.argument( - "print_json", - options_list=("--print-json"), - required=False, - help="Whether or not to print ARM template", - ) - c.argument( - "secrets", - options_list=("--secrets"), - required=False, - help="Kubernetes secrets filename", + help="Path to the podspec config file", ) + with self.argument_context("confcom katapolicygen") as c: c.argument( "yaml_path", diff --git a/src/confcom/azext_confcom/custom.py b/src/confcom/azext_confcom/custom.py index 3480570d95f..1d40cf00cad 100644 --- a/src/confcom/azext_confcom/custom.py +++ b/src/confcom/azext_confcom/custom.py @@ -9,11 +9,11 @@ from pkg_resources import parse_version from knack.log import get_logger from azext_confcom.config import ( - DEFAULT_REGO_FRAGMENTS, DATA_FOLDER, - VIRTUAL_KUBELET_YAML_METADATA, - VIRTUAL_KUBELET_YAML_ANNOTATIONS, - VIRTUAL_KUBELET_YAML_SKU, - VIRTUAL_KUBELET_YAML_SKU_NAME, + DEFAULT_REGO_FRAGMENTS, DATA_FOLDER, + VIRTUAL_KUBELET_YAML_METADATA, + VIRTUAL_KUBELET_YAML_ANNOTATIONS, + VIRTUAL_KUBELET_YAML_SKU, + VIRTUAL_KUBELET_YAML_SKU_NAME, VIRTUAL_KUBELET_YAML_POLICY, ) from azext_confcom import os_util @@ -55,36 +55,12 @@ def acipolicygen_confcom( print_existing_policy: bool = False, faster_hashing: bool = False, - configmaps: str = "", - kubernetes_port: str = "", - kubernetes_port_tcp: str = "", - kubernetes_port_tcp_addr: str = "", - kubernetes_port_tcp_proto: str = "", - kubernetes_service_host: str = "", - kubernetes_service_port: str = "", - kubernetes_service_port_https: str = "", - kubernetes_tcp_port: str = "", - output_file_name: str = "arm-template.json", - print_json: str = "", - secrets: str = "", + podspec_config: str = "", ): - virtual_kubelet_args = [ - configmaps, - kubernetes_port, - kubernetes_port_tcp, - kubernetes_port_tcp_addr, - kubernetes_port_tcp_proto, - kubernetes_service_host, - kubernetes_service_port, - kubernetes_service_port_https, - kubernetes_tcp_port, - output_file_name, - print_json, - secrets, - ] - - - if any(virtual_kubelet_args) and not virtual_kubelet_yaml_path: + + virtual_kubelet_data = os_util.load_json_from_file(podspec_config) + + if any(virtual_kubelet_data) and not virtual_kubelet_yaml_path: error_out( "Virtual Kubelet arguments can only be used with a Virtual Kubelet YAML file" ) @@ -92,18 +68,7 @@ def acipolicygen_confcom( virtual_kubelet_proxy = VirtualKubeletProxy() virtual_kubelet_proxy.generate_arm_template( virtual_kubelet_yaml_path, - configmaps=configmaps, - kubernetes_port=kubernetes_port, - kubernetes_port_tcp=kubernetes_port_tcp, - kubernetes_port_tcp_addr=kubernetes_port_tcp_addr, - kubernetes_port_tcp_proto=kubernetes_port_tcp_proto, - kubernetes_service_host=kubernetes_service_host, - kubernetes_service_port=kubernetes_service_port, - kubernetes_service_port_https=kubernetes_service_port_https, - kubernetes_tcp_port=kubernetes_tcp_port, - output_file_name=output_file_name, - print_json=print_json, - secrets=secrets, + **virtual_kubelet_data, ) arm_template = virtual_kubelet_proxy.get_arm_template_path() @@ -193,17 +158,18 @@ def acipolicygen_confcom( if validate_sidecar: exit_code = validate_sidecar_in_policy(policy, output_type == security_policy.OutputType.PRETTY_PRINT) - elif virtual_kubelet_yaml_path: + elif virtual_kubelet_yaml_path and not (print_policy_to_terminal or outraw or outraw_pretty_print): virtual_kubelet_yaml = os_util.load_yaml_from_file(virtual_kubelet_yaml_path) # Metadata to be added to virutal kubelet YAML needed_metadata = { VIRTUAL_KUBELET_YAML_METADATA: { VIRTUAL_KUBELET_YAML_ANNOTATIONS: { - VIRTUAL_KUBELET_YAML_SKU: VIRTUAL_KUBELET_YAML_SKU_NAME, + VIRTUAL_KUBELET_YAML_SKU: VIRTUAL_KUBELET_YAML_SKU_NAME, VIRTUAL_KUBELET_YAML_POLICY: policy.get_serialized_output(), } } } + # Update virtual kubelet YAML with metadata deep_dict_update(needed_metadata, virtual_kubelet_yaml) os_util.write_yaml_to_file(virtual_kubelet_yaml_path, virtual_kubelet_yaml) diff --git a/src/confcom/azext_confcom/template_util.py b/src/confcom/azext_confcom/template_util.py index 35f8ffcc525..81dbcd34ffc 100644 --- a/src/confcom/azext_confcom/template_util.py +++ b/src/confcom/azext_confcom/template_util.py @@ -55,6 +55,7 @@ def case_insensitive_dict_get(dictionary, search_key) -> Any: return dictionary[key] return None + def deep_dict_update(source: dict, destination: dict): """ https://stackoverflow.com/questions/20656135/python-deep-merge-dictionary-data @@ -62,6 +63,9 @@ def deep_dict_update(source: dict, destination: dict): for key, value in source.items(): if isinstance(value, dict): node = destination.setdefault(key, {}) + if node is None: + destination[key] = {} + node = destination[key] deep_dict_update(value, node) else: destination[key] = value diff --git a/src/confcom/azext_confcom/virtual_kubelet_proxy.py b/src/confcom/azext_confcom/virtual_kubelet_proxy.py index ec1dfbb42ec..34e2880399f 100644 --- a/src/confcom/azext_confcom/virtual_kubelet_proxy.py +++ b/src/confcom/azext_confcom/virtual_kubelet_proxy.py @@ -104,7 +104,6 @@ def generate_arm_template( kubernetes_service_port_https: str = "", kubernetes_tcp_port: str = "", output_file_name: str = "arm-template.json", - print_json: str = "", secrets: str = "", ) -> None: VirtualKubeletProxy.arm_template_path = output_file_name @@ -142,8 +141,6 @@ def generate_arm_template( arg_list += ["--kubernetes-tcp-port", f"{kubernetes_tcp_port}"] if output_file_name: arg_list += ["--output-file-name", f"{output_file_name}"] - if print_json: - arg_list += ["--print-json", f"{print_json}"] if secrets: arg_list += ["--secrets", f"{secrets}"] @@ -183,4 +180,4 @@ def convert_to_pod_spec_helper(pod_dict): for key in possible_keys: if key in pod_dict: return convert_to_pod_spec_helper(pod_dict[key]) - return {} \ No newline at end of file + return {} diff --git a/src/confcom/samples/kubelet_config.json b/src/confcom/samples/kubelet_config.json new file mode 100644 index 00000000000..99092bd4569 --- /dev/null +++ b/src/confcom/samples/kubelet_config.json @@ -0,0 +1,13 @@ +{ + "configmaps": ".yaml", + "kubernetes_port": "", + "kubernetes_port_tcp": "", + "kubernetes_port_tcp_addr": "", + "kubernetes_port_tcp_proto": "", + "kubernetes_service_host": "", + "kubernetes_service_port": "", + "kubernetes_service_port_https": "", + "kubernetes_tcp_port": "", + "output_file_name": "arm-template.json", + "secrets": ".yaml" +} \ No newline at end of file diff --git a/src/confcom/setup.py b/src/confcom/setup.py index 0250293aaff..e94d3ec74a2 100644 --- a/src/confcom/setup.py +++ b/src/confcom/setup.py @@ -18,7 +18,7 @@ logger.warn("Wheel is not available, disabling bdist_wheel hook") -VERSION = "0.4.0" +VERSION = "0.4.2-alpha" # The full list of classifiers is available at # https://pypi.python.org/pypi?%3Aaction=list_classifiers