cerbuerus chagnes

Signed-off-by: Paige Patton <prubenda@redhat.com>

Author: paigerube14

krkn/cerberus/setup.py

@@ -2,19 +2,33 @@
 import requests
 import sys
 import json
+from krkn_lib.utils.functions import get_yaml_item_value
 
+check_application_routes = ""
+cerberus_url = None
+exit_on_failure = False
+cerberus_enabled = False
 
-def get_status(config, start_time, end_time):
+def set_url(config):
+    global exit_on_failure
+    exit_on_failure = get_yaml_item_value(config["kraken"], "exit_on_failure", False)
+    global cerberus_enabled
+    cerberus_enabled = get_yaml_item_value(config["cerberus"],"cerberus_enabled", False)
+    if cerberus_enabled:
+        global cerberus_url
+        cerberus_url = get_yaml_item_value(config["cerberus"],"cerberus_url", "")
+        global check_application_routes
+        check_application_routes = \
+            get_yaml_item_value(config["cerberus"],"check_applicaton_routes","")
+
+def get_status(start_time, end_time):
     """
     Get cerberus status
     """
     cerberus_status = True
     check_application_routes = False
     application_routes_status = True
-    if config["cerberus"]["cerberus_enabled"]:
-        cerberus_url = config["cerberus"]["cerberus_url"]
-        check_application_routes = \
-            config["cerberus"]["check_applicaton_routes"]
+    if cerberus_enabled:
         if not cerberus_url:
             logging.error(
                 "url where Cerberus publishes True/False signal "
@@ -61,40 +75,38 @@ def get_status(config, start_time, end_time):
     return cerberus_status
 
 
-def publish_kraken_status(config, failed_post_scenarios, start_time, end_time):
+def publish_kraken_status( start_time, end_time):
     """
     Publish kraken status to cerberus
     """
-    cerberus_status = get_status(config, start_time, end_time)
+    cerberus_status = get_status(start_time, end_time)
     if not cerberus_status:
-        if failed_post_scenarios:
-            if config["kraken"]["exit_on_failure"]:
-                logging.info(
-                    "Cerberus status is not healthy and post action scenarios "
-                    "are still failing, exiting kraken run"
-                )
-                sys.exit(1)
-            else:
-                logging.info(
-                    "Cerberus status is not healthy and post action scenarios "
-                    "are still failing"
-                )
+        if exit_on_failure:
+            logging.info(
+                "Cerberus status is not healthy and post action scenarios "
+                "are still failing, exiting kraken run"
+            )
+            sys.exit(1)
+        else:
+            logging.info(
+                "Cerberus status is not healthy and post action scenarios "
+                "are still failing"
+            )
     else:
-        if failed_post_scenarios:
-            if config["kraken"]["exit_on_failure"]:
-                logging.info(
-                    "Cerberus status is healthy but post action scenarios "
-                    "are still failing, exiting kraken run"
-                )
-                sys.exit(1)
-            else:
-                logging.info(
-                    "Cerberus status is healthy but post action scenarios "
-                    "are still failing"
-                )
+        if exit_on_failure:
+            logging.info(
+                "Cerberus status is healthy but post action scenarios "
+                "are still failing, exiting kraken run"
+            )
+            sys.exit(1)
+        else:
+            logging.info(
+                "Cerberus status is healthy but post action scenarios "
+                "are still failing"
+            )
 
 
-def application_status(cerberus_url, start_time, end_time):
+def application_status( start_time, end_time):
     """
     Check application availability
     """

krkn/scenario_plugins/abstract_scenario_plugin.py

@@ -4,7 +4,7 @@
 from krkn_lib.models.telemetry import ScenarioTelemetry
 from krkn_lib.telemetry.ocp import KrknTelemetryOpenshift
 
-from krkn import utils
+from krkn import utils, cerberus
 
 
 class AbstractScenarioPlugin(ABC):
@@ -13,7 +13,6 @@ def run(
         self,
         run_uuid: str,
         scenario: str,
-        krkn_config: dict[str, any],
         lib_telemetry: KrknTelemetryOpenshift,
         scenario_telemetry: ScenarioTelemetry,
     ) -> int:
@@ -78,10 +77,10 @@ def run_scenarios(
                 logging.info(
                     f"Running {self.__class__.__name__}: {self.get_scenario_types()} -> {scenario_config}"
                 )
+                start_time = int(time.time())
                 return_value = self.run(
                     run_uuid,
                     scenario_config,
-                    krkn_config,
                     telemetry,
                     scenario_telemetry,
                 )
@@ -114,6 +113,9 @@ def run_scenarios(
             if scenario_telemetry.exit_status != 0:
                 failed_scenarios.append(scenario_config)
             scenario_telemetries.append(scenario_telemetry)
+            end_time = int(time.time())
+            cerberus.publish_kraken_status(start_time, end_time)
             logging.info(f"wating {wait_duration} before running the next scenario")
             time.sleep(wait_duration)
+            
         return failed_scenarios, scenario_telemetries

krkn/scenario_plugins/application_outage/application_outage_scenario_plugin.py

@@ -14,11 +14,9 @@ def run(
         self,
         run_uuid: str,
         scenario: str,
-        krkn_config: dict[str, any],
         lib_telemetry: KrknTelemetryOpenshift,
         scenario_telemetry: ScenarioTelemetry,
     ) -> int:
-        wait_duration = krkn_config["tunings"]["wait_duration"]
         try:
             with open(scenario, "r") as f:
                 app_outage_config_yaml = yaml.full_load(f)
@@ -73,14 +71,8 @@ def run(
                     policy_name, namespace
                 )
 
-                logging.info(
-                    "End of scenario. Waiting for the specified duration: %s"
-                    % wait_duration
-                )
-                time.sleep(wait_duration)
-
                 end_time = int(time.time())
-                cerberus.publish_kraken_status(krkn_config, [], start_time, end_time)
+                
         except Exception as e:
             logging.error(
                 "ApplicationOutageScenarioPlugin exiting due to Exception %s" % e

krkn/scenario_plugins/application_outage/network_policy.yaml

@@ -0,0 +1,8 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: krkn-deny-1
+spec:
+  podSelector:
+    matchLabels: {alertmanager: main}
+  policyTypes: [Ingress, Egress]

krkn/scenario_plugins/arcaflow/arcaflow_scenario_plugin.py

@@ -0,0 +1,196 @@
+import logging
+import os
+from pathlib import Path
+import arcaflow
+import yaml
+from krkn_lib.models.telemetry import ScenarioTelemetry
+from krkn_lib.telemetry.ocp import KrknTelemetryOpenshift
+from krkn.scenario_plugins.abstract_scenario_plugin import AbstractScenarioPlugin
+from krkn.scenario_plugins.arcaflow.context_auth import ContextAuth
+
+
+class ArcaflowScenarioPlugin(AbstractScenarioPlugin):
+
+    def run(
+        self,
+        run_uuid: str,
+        scenario: str,
+        lib_telemetry: KrknTelemetryOpenshift,
+        scenario_telemetry: ScenarioTelemetry,
+    ) -> int:
+        try:
+            engine_args = self.build_args(scenario)
+            status_code = self.run_workflow(
+                engine_args, lib_telemetry.get_lib_kubernetes().get_kubeconfig_path()
+            )
+            return status_code
+        except Exception as e:
+            logging.error("ArcaflowScenarioPlugin exiting due to Exception %s" % e)
+            return 1
+
+    def get_scenario_types(self) -> [str]:
+        return ["hog_scenarios", "arcaflow_scenario"]
+
+    def run_workflow(
+        self, engine_args: arcaflow.EngineArgs, kubeconfig_path: str
+    ) -> int:
+        self.set_arca_kubeconfig(engine_args, kubeconfig_path)
+        exit_status = arcaflow.run(engine_args)
+        return exit_status
+
+    def build_args(self, input_file: str) -> arcaflow.EngineArgs:
+        """sets the kubeconfig parsed by setArcaKubeConfig as an input to the arcaflow workflow"""
+        current_path = Path().resolve()
+        context = f"{current_path}/{Path(input_file).parent}"
+        workflow = f"{context}/workflow.yaml"
+        config = f"{context}/config.yaml"
+        if not os.path.exists(context):
+            raise Exception(
+                "context folder for arcaflow workflow not found: {}".format(context)
+            )
+        if not os.path.exists(input_file):
+            raise Exception(
+                "input file for arcaflow workflow not found: {}".format(input_file)
+            )
+        if not os.path.exists(workflow):
+            raise Exception(
+                "workflow file for arcaflow workflow not found: {}".format(workflow)
+            )
+        if not os.path.exists(config):
+            raise Exception(
+                "configuration file for arcaflow workflow not found: {}".format(config)
+            )
+
+        engine_args = arcaflow.EngineArgs()
+        engine_args.context = context
+        engine_args.config = config
+        engine_args.workflow = workflow
+        engine_args.input = f"{current_path}/{input_file}"
+        return engine_args
+
+    def set_arca_kubeconfig(
+        self, engine_args: arcaflow.EngineArgs, kubeconfig_path: str
+    ):
+
+        context_auth = ContextAuth()
+        if not os.path.exists(kubeconfig_path):
+            raise Exception("kubeconfig not found in {}".format(kubeconfig_path))
+
+        with open(kubeconfig_path, "r") as stream:
+            try:
+                kubeconfig = yaml.safe_load(stream)
+                context_auth.fetch_auth_data(kubeconfig)
+            except Exception as e:
+                logging.error(
+                    "impossible to read kubeconfig file in: {}".format(kubeconfig_path)
+                )
+                raise e
+
+        kubeconfig_str = self.set_kubeconfig_auth(kubeconfig, context_auth)
+
+        with open(engine_args.input, "r") as stream:
+            input_file = yaml.safe_load(stream)
+            if "input_list" in input_file and isinstance(
+                input_file["input_list"], list
+            ):
+                for index, _ in enumerate(input_file["input_list"]):
+                    if isinstance(input_file["input_list"][index], dict):
+                        input_file["input_list"][index]["kubeconfig"] = kubeconfig_str
+            else:
+                input_file["kubeconfig"] = kubeconfig_str
+            stream.close()
+        with open(engine_args.input, "w") as stream:
+            yaml.safe_dump(input_file, stream)
+
+        with open(engine_args.config, "r") as stream:
+            config_file = yaml.safe_load(stream)
+        if config_file["deployers"]["image"]["deployer_name"] == "kubernetes":
+            kube_connection = self.set_kubernetes_deployer_auth(
+                config_file["deployers"]["image"]["connection"], context_auth
+            )
+            config_file["deployers"]["image"]["connection"] = kube_connection
+            with open(engine_args.config, "w") as stream:
+                yaml.safe_dump(config_file, stream, explicit_start=True, width=4096)
+
+    def set_kubernetes_deployer_auth(
+        self, deployer: any, context_auth: ContextAuth
+    ) -> any:
+        if context_auth.clusterHost is not None:
+            deployer["host"] = context_auth.clusterHost
+        if context_auth.clientCertificateData is not None:
+            deployer["cert"] = context_auth.clientCertificateData
+        if context_auth.clientKeyData is not None:
+            deployer["key"] = context_auth.clientKeyData
+        if context_auth.clusterCertificateData is not None:
+            deployer["cacert"] = context_auth.clusterCertificateData
+        if context_auth.username is not None:
+            deployer["username"] = context_auth.username
+        if context_auth.password is not None:
+            deployer["password"] = context_auth.password
+        if context_auth.bearerToken is not None:
+            deployer["bearerToken"] = context_auth.bearerToken
+        return deployer
+
+    def set_kubeconfig_auth(self, kubeconfig: any, context_auth: ContextAuth) -> str:
+        """
+        Builds an arcaflow-compatible kubeconfig representation and returns it as a string.
+        In order to run arcaflow plugins in kubernetes/openshift the kubeconfig must contain client certificate/key
+        and server certificate base64 encoded within the kubeconfig file itself in *-data fields. That is not always the
+        case, infact kubeconfig may contain filesystem paths to those files, this function builds an arcaflow-compatible
+        kubeconfig file and returns it as a string that can be safely included in input.yaml
+        """
+
+        if "current-context" not in kubeconfig.keys():
+            raise Exception(
+                "invalid kubeconfig file, impossible to determine current-context"
+            )
+        user_id = None
+        cluster_id = None
+        user_name = None
+        cluster_name = None
+        current_context = kubeconfig["current-context"]
+        for context in kubeconfig["contexts"]:
+            if context["name"] == current_context:
+                user_name = context["context"]["user"]
+                cluster_name = context["context"]["cluster"]
+        if user_name is None:
+            raise Exception(
+                "user not set for context {} in kubeconfig file".format(current_context)
+            )
+        if cluster_name is None:
+            raise Exception(
+                "cluster not set for context {} in kubeconfig file".format(
+                    current_context
+                )
+            )
+
+        for index, user in enumerate(kubeconfig["users"]):
+            if user["name"] == user_name:
+                user_id = index
+        for index, cluster in enumerate(kubeconfig["clusters"]):
+            if cluster["name"] == cluster_name:
+                cluster_id = index
+
+        if cluster_id is None:
+            raise Exception(
+                "no cluster {} found in kubeconfig users".format(cluster_name)
+            )
+        if "client-certificate" in kubeconfig["users"][user_id]["user"]:
+            kubeconfig["users"][user_id]["user"][
+                "client-certificate-data"
+            ] = context_auth.clientCertificateDataBase64
+            del kubeconfig["users"][user_id]["user"]["client-certificate"]
+
+        if "client-key" in kubeconfig["users"][user_id]["user"]:
+            kubeconfig["users"][user_id]["user"][
+                "client-key-data"
+            ] = context_auth.clientKeyDataBase64
+            del kubeconfig["users"][user_id]["user"]["client-key"]
+
+        if "certificate-authority" in kubeconfig["clusters"][cluster_id]["cluster"]:
+            kubeconfig["clusters"][cluster_id]["cluster"][
+                "certificate-authority-data"
+            ] = context_auth.clusterCertificateDataBase64
+            del kubeconfig["clusters"][cluster_id]["cluster"]["certificate-authority"]
+        kubeconfig_str = yaml.dump(kubeconfig)
+        return kubeconfig_str

krkn/scenario_plugins/container/container_scenario_plugin.py

@@ -18,7 +18,6 @@ def run(
         self,
         run_uuid: str,
         scenario: str,
-        krkn_config: dict[str, any],
         lib_telemetry: KrknTelemetryOpenshift,
         scenario_telemetry: ScenarioTelemetry,
     ) -> int:
@@ -44,7 +43,6 @@ def run(
                     return 1
                 scenario_telemetry.affected_pods = result
 
-                # publish cerberus status
         except (RuntimeError, Exception):
             logging.error("ContainerScenarioPlugin exiting due to Exception %s")
             return 1