K8s script change to handle change in default cluster_project value

User can set or unset cluster_project value in k8s as part of provisioning Also, if it is not set during provisioning, the defaults keep on changing as part of develeopment Due to above reason, the code has to handle the changes dynamically ans set or reset the project isolation accordingly. This commit takes care of that Change-Id: If705c35603541b18b2f13b4f0bdd976894538b3b Closes-bug: #1762041
Juniper · Apr 8, 2018 · f1e3d22 · f1e3d22
1 parent ae08fa0
commit f1e3d22
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 42 deletions.
diff --git a/common/k8s/base.py b/common/k8s/base.py
@@ -1032,58 +1032,60 @@ def setup_vn(self,
                                         vn_name=vn_name,
                                         option=option))
 
-    def delete_cluster_project(self):
+    def modify_cluster_project(self, project_name = None):
         """
-        This method is used to enable the project isolation by deleting the 
-        definition of cluster_project from kubernetes.conf.
-        It also returns the project it is deleting so that the same can be configured
-        as part of cleanup
+        In case project isolation is disabled, it enables it.
+        In case project isolation is enabled, it disables it.
         """
-        cmd = 'grep "^[ \t]*cluster_project" /entrypoint.sh'
+        cmd = 'grep "^[ \t]*cluster_project" /etc/contrail/contrail-kubernetes.conf'
         cp_line = self.inputs.run_cmd_on_server(self.inputs.kube_manager_ips[0],
                                                 cmd, container='contrail-kube-manager')
-        if 'cluster_project' in cp_line:
+        if cp_line:
             m = re.match('[ ]*cluster_project.*project(.*)', cp_line)
             if m:
+                self.logger.debug("Cluster_project is set in this sanity run. "
+                            "Resetting it for few tests to validate project isolation")
                 project = m.group(1).strip("'\": }").split(",")[0].strip("'\"")
                 cmd = 'sed -i "/^cluster_project/d" /entrypoint.sh'
-                for kube_manager in self.inputs.kube_manager_ips:
-                    self.inputs.run_cmd_on_server(kube_manager, cmd, 
-                                              container='contrail-kube-manager')
+                operation = "reset"
             else:
-                project = None
-                return project
-        else:
-            self.logger.warn("cluster_project not set. Hence skipping delete")
-            return
-        self.addCleanup(self.add_cluster_project,
-                         project_name = project)
+                no_match = True
+        elif not cp_line or no_match:
+            self.logger.debug("Cluster_project not set in this sanity run. "
+                        "Setting it to default project for few tests")
+            cmd = r'crudini --set /entrypoint.sh KUBERNETES cluster_project \\${KUBERNETES_CLUSTER_PROJECT:-\\"{\'domain\':\'default-domain\'\,\'project\':\'default\'}\\"}'
+            operation = "set"
+            project = "default" 
+        for kube_manager in self.inputs.kube_manager_ips:
+            self.inputs.run_cmd_on_server(kube_manager, cmd, 
+                                          container='contrail-kube-manager',
+                                          shell_prefix = None)
         self.restart_kube_manager()
-    #end delete_cluster_project
+        self.addCleanup(self.revert_cluster_project,
+                         project_name = project,
+                         operation = operation)
+        return operation
+    #end modify_cluster_project
 
-    def add_cluster_project(self, project_name = None):
+    def revert_cluster_project(self, project_name = None, operation = None):
         """
-        This method is used to add cluster_project in kubernetes.conf.
-        This will inturn disable project level isolation as well.
+        This method reverts the value of cluster_project after performing few 
+        sanity tests.
         """
-        if project_name ==None:
-            self.logger.warn("No project to be added as cluster_project")
-            return
-        cmd = 'grep "^[ \t]*cluster_project" /entrypoint.sh'
-        cp_line = self.inputs.run_cmd_on_server(self.inputs.kube_manager_ips[0],
-                                                cmd, container='contrail-kube-manager')
-        if 'cluster_project' in cp_line:
-            self.logger.warn("cluster_project already present in kubernetes.conf")
-            return
-        #cmd = r'sed  -i "/KUBERNETES/a cluster_project = {\\"project\\": \\"%s\\", \\"domain\\": \\"default-domain\\"}" /etc/contrail/contrail-kubernetes.conf' \
-        #        % project_name
-        cmd = r'crudini --set /entrypoint.sh KUBERNETES cluster_project \\${KUBERNETES_CLUSTER_PROJECT:-\\"{\'domain\':\'default-domain\'\,\'project\':\'%s\'}\\"}'\
+        if operation =="set":
+            self.logger.debug("Cluster_project need to be reverted to Null value"
+                            "It was set to default project for few cases")
+            cmd = r'crudini --set /entrypoint.sh KUBERNETES cluster_project \\${KUBERNETES_CLUSTER_PROJECT:-\\"{}\\"}'
+        else:
+            self.logger.debug("Cluster_project need to be reverted to a valid value"
+                            "It was set to Null for few cases")
+            cmd = r'crudini --set /entrypoint.sh KUBERNETES cluster_project \\${KUBERNETES_CLUSTER_PROJECT:-\\"{\'domain\':\'default-domain\'\,\'project\':\'%s\'}\\"}'\
               % project_name
-
         for kube_manager in self.inputs.kube_manager_ips:
             self.inputs.run_cmd_on_server(kube_manager, cmd, 
                                           container='contrail-kube-manager',
                                           shell_prefix = None)
         self.restart_kube_manager()
-    #end add_cluster_project
-
+        #cmd = r'sed  -i "/KUBERNETES/a cluster_project = {\\"project\\": \\"%s\\", \\"domain\\": \\"default-domain\\"}" /etc/contrail/contrail-kubernetes.conf' \
+        #        % project_name
+    #end revert_cluster_project
diff --git a/serial_scripts/k8s_scripts/test_isolation.py b/serial_scripts/k8s_scripts/test_isolation.py
@@ -330,17 +330,21 @@ def tearDownClass(cls):
     def setup_common_namespaces_pods(self, prov_service = False,
                                     prov_ingress = False,
                                     isolation = False):
-        self.delete_cluster_project()
+        operation = self.modify_cluster_project()
         service_ns1, ingress_ns1 = None, None
         service_ns2, ingress_ns2 = None, None
         namespace1_name = get_random_name("ns1")
         namespace2_name = get_random_name("ns2")
         namespace1 = self.setup_namespace(name = namespace1_name)
         namespace2 = self.setup_namespace(name = namespace2_name, isolation = isolation)
         assert namespace1.verify_on_setup()
-        assert namespace1.project_isolation
         assert namespace2.verify_on_setup()
-        assert namespace2.project_isolation
+        if operation=="reset":
+            assert namespace1.project_isolation
+            assert namespace2.project_isolation
+        else:
+            assert (namespace1.project_isolation == False)
+            assert (namespace2.project_isolation == False)
         ns_1_label = "namespace1"
         ns_2_label = "namespace2"
         client1_ns1 = self.setup_nginx_pod(namespace=namespace1_name,

diff --git a/serial_scripts/k8s_scripts/test_policy.py b/serial_scripts/k8s_scripts/test_policy.py
@@ -19,15 +19,19 @@ def tearDownClass(cls):
         super(TestNetworkPolicyProjectIsolation, cls).tearDownClass()
 
     def setup_common_namespaces_pods(self):
-        self.delete_cluster_project()
+        operation = self.modify_cluster_project()
         namespace1 = self.setup_namespace(name = "ns1")
         namespace2 = self.setup_namespace(name = "ns2")
         namespace1.set_labels({'test_site': "ns1"})
         namespace2.set_labels({'test_site': "ns2"})
         assert namespace1.verify_on_setup()
-        assert namespace1.project_isolation
         assert namespace2.verify_on_setup()
-        assert namespace2.project_isolation
+        if operation=="reset":
+            assert namespace1.project_isolation
+            assert namespace2.project_isolation
+        else:
+            assert (namespace1.project_isolation == False)
+            assert (namespace2.project_isolation == False)
         client1_ns1 = self.setup_busybox_pod(namespace="ns1",
                                              labels={'app': "c1_ns1"})
         client2_ns1 = self.setup_busybox_pod(namespace="ns1",