From 22abb1670b6570b3c9b3dc5c305e63796bca1934 Mon Sep 17 00:00:00 2001 From: Michael Haigh Date: Thu, 14 Mar 2024 16:43:53 -0400 Subject: [PATCH] adding --insecure-skip-tls-verify to v3Group Signed-off-by: Michael Haigh --- astraSDK/k8s.py | 136 +++++++++++++++++++++++++++++-------- tkSrc/choices.py | 120 ++++++++++++++++++++++---------- tkSrc/clone.py | 52 ++++++++++---- tkSrc/create.py | 58 +++++++++++++--- tkSrc/deploy.py | 38 ++++++++--- tkSrc/destroy.py | 30 ++++++-- tkSrc/helpers.py | 30 +++++--- tkSrc/ipr.py | 16 ++++- tkSrc/list.py | 169 +++++++++++++++++++++++++++++++++++++--------- tkSrc/manage.py | 35 ++++++++-- tkSrc/parser.py | 8 +++ tkSrc/unmanage.py | 25 +++++-- toolkit.py | 12 +++- 13 files changed, 575 insertions(+), 154 deletions(-) diff --git a/astraSDK/k8s.py b/astraSDK/k8s.py index 07cac55..24c0d23 100644 --- a/astraSDK/k8s.py +++ b/astraSDK/k8s.py @@ -29,7 +29,9 @@ class getResources(KubeCommon): """Get all namespace scoped resources of a specific CRD""" - def __init__(self, quiet=True, output="json", verbose=False, config_context=None): + def __init__( + self, quiet=True, output="json", verbose=False, config_context=None, skip_tls_verify=False + ): """quiet: Will there be CLI output or just return (datastructure) output: table: pretty print the data json: (default) output in JSON @@ -38,12 +40,15 @@ def __init__(self, quiet=True, output="json", verbose=False, config_context=None config_context: the kubeconfig:context mapping to execute against None: use system defaults str "None:": use default kubeconfig w/ specified context - str ":": use specified file and context""" + str ":": use specified file and context + skip_tls_verify: Whether to skip TLS/SSL verification""" self.quiet = quiet self.output = output self.verbose = verbose + self.skip_tls_verify = skip_tls_verify super().__init__(config_context=config_context) self.api_client.configuration.debug = self.verbose + self.api_client.configuration.verify_ssl = not self.skip_tls_verify def main( self, @@ -106,6 +111,7 @@ def formatPrint(self, resp, plural, quiet=None, output=None, verbose=None): tablefmt="grid", ) if verbose: + print(f"verify_ssl: {self.api_client.configuration.verify_ssl}") sys.stdout = sys.__stdout__ self.verbose_log.print() if not quiet: @@ -268,7 +274,9 @@ def getTableInfo(self, plural, headers=False): class getClusterResources(KubeCommon): """Get all cluster scoped resources of a specific CRD""" - def __init__(self, quiet=True, output="json", verbose=False, config_context=None): + def __init__( + self, quiet=True, output="json", verbose=False, config_context=None, skip_tls_verify=False + ): """quiet: Will there be CLI output or just return (datastructure) output: json: (default) output in JSON yaml: output in yaml @@ -276,12 +284,15 @@ def __init__(self, quiet=True, output="json", verbose=False, config_context=None config_context: the kubeconfig:context mapping to execute against None: use system defaults str "None:": use default kubeconfig w/ specified context - str ":": use specified file and context""" + str ":": use specified file and context + skip_tls_verify: Whether to skip TLS/SSL verification""" self.quiet = quiet self.output = output self.verbose = verbose + self.skip_tls_verify = skip_tls_verify super().__init__(config_context=config_context) self.api_client.configuration.debug = self.verbose + self.api_client.configuration.verify_ssl = not self.skip_tls_verify def main( self, @@ -311,6 +322,7 @@ def main( resp = yaml.dump(resp) if self.verbose: + print(f"verify_ssl: {self.api_client.configuration.verify_ssl}") sys.stdout = sys.__stdout__ verbose_log.print() if not self.quiet: @@ -327,7 +339,9 @@ def main( class createResource(KubeCommon): """Creates a cluster scoped Custom Resource""" - def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None): + def __init__( + self, quiet=True, dry_run=False, verbose=False, config_context=None, skip_tls_verify=False + ): """quiet: Will there be CLI output or just return (datastructure) dry-run: False (default): submit and persist the resource True or non-empty str: submit request without persisting the resource @@ -335,12 +349,15 @@ def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None config_context: the kubeconfig:context mapping to execute against None: use system defaults str "None:": use default kubeconfig w/ specified context - str ":": use specified file and context""" + str ":": use specified file and context + skip_tls_verify: Whether to skip TLS/SSL verification""" self.quiet = quiet self.dry_run = dry_run self.verbose = verbose + self.skip_tls_verify = skip_tls_verify super().__init__(config_context=config_context) self.api_client.configuration.debug = self.verbose + self.api_client.configuration.verify_ssl = not self.skip_tls_verify def main( self, @@ -365,6 +382,7 @@ def main( ) if self.verbose: + print(f"verify_ssl: {self.api_client.configuration.verify_ssl}") sys.stdout = sys.__stdout__ verbose_log.print() if not self.quiet: @@ -381,7 +399,9 @@ def main( class destroyResource(KubeCommon): """Destroys a cluster scoped Custom Resource""" - def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None): + def __init__( + self, quiet=True, dry_run=False, verbose=False, config_context=None, skip_tls_verify=False + ): """quiet: Will there be CLI output or just return (datastructure) dry-run: False (default): submit and persist the resource True or non-empty str: submit request without persisting the resource @@ -389,12 +409,15 @@ def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None config_context: the kubeconfig:context mapping to execute against None: use system defaults str "None:": use default kubeconfig w/ specified context - str ":": use specified file and context""" + str ":": use specified file and context + skip_tls_verify: Whether to skip TLS/SSL verification""" self.quiet = quiet self.dry_run = dry_run self.verbose = verbose + self.skip_tls_verify = skip_tls_verify super().__init__(config_context=config_context) self.api_client.configuration.debug = self.verbose + self.api_client.configuration.verify_ssl = not self.skip_tls_verify def main( self, @@ -419,6 +442,7 @@ def main( ) if self.verbose: + print(f"verify_ssl: {self.api_client.configuration.verify_ssl}") sys.stdout = sys.__stdout__ verbose_log.print() if not self.quiet: @@ -433,7 +457,9 @@ def main( class updateClusterResource(KubeCommon): - def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None): + def __init__( + self, quiet=True, dry_run=False, verbose=False, config_context=None, skip_tls_verify=False + ): """quiet: Will there be CLI output or just return (datastructure) dry-run: False (default): submit and persist the resource True or non-empty str: submit request without persisting the resource @@ -441,12 +467,15 @@ def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None config_context: the kubeconfig:context mapping to execute against None: use system defaults str "None:": use default kubeconfig w/ specified context - str ":": use specified file and context""" + str ":": use specified file and context + skip_tls_verify: Whether to skip TLS/SSL verification""" self.quiet = quiet self.dry_run = dry_run self.verbose = verbose + self.skip_tls_verify = skip_tls_verify super().__init__(config_context=config_context) self.api_client.configuration.debug = self.verbose + self.api_client.configuration.verify_ssl = not self.skip_tls_verify def main( self, @@ -466,6 +495,7 @@ def main( ) if self.verbose: + print(f"verify_ssl: {self.api_client.configuration.verify_ssl}") sys.stdout = sys.__stdout__ verbose_log.print() if not self.quiet: @@ -480,7 +510,9 @@ def main( class getNamespaces(KubeCommon): - def __init__(self, quiet=True, output="json", verbose=False, config_context=None): + def __init__( + self, quiet=True, output="json", verbose=False, config_context=None, skip_tls_verify=False + ): """quiet: Will there be CLI output or just return (datastructure) output: json: (default) output in JSON yaml: output in yaml @@ -488,12 +520,15 @@ def __init__(self, quiet=True, output="json", verbose=False, config_context=None config_context: the kubeconfig:context mapping to execute against None: use system defaults str "None:": use default kubeconfig w/ specified context - str ":": use specified file and context""" + str ":": use specified file and context + skip_tls_verify: Whether to skip TLS/SSL verification""" self.quiet = quiet self.output = output self.verbose = verbose + self.skip_tls_verify = skip_tls_verify super().__init__(config_context=config_context) self.api_client.configuration.debug = self.verbose + self.api_client.configuration.verify_ssl = not self.skip_tls_verify def main(self, systemNS=None, nameFilter=None, unassociated=False, minuteFilter=False): """Default behavior (systemNS=None) is to remove typical system namespaces from the @@ -552,6 +587,7 @@ def main(self, systemNS=None, nameFilter=None, unassociated=False, minuteFilter= ) if self.verbose: + print(f"verify_ssl: {self.api_client.configuration.verify_ssl}") sys.stdout = sys.__stdout__ verbose_log.print() if not self.quiet: @@ -566,7 +602,9 @@ def main(self, systemNS=None, nameFilter=None, unassociated=False, minuteFilter= class getSecrets(KubeCommon): """Gets all kubernetes secrets in a specific namespace""" - def __init__(self, quiet=True, output="json", verbose=False, config_context=None): + def __init__( + self, quiet=True, output="json", verbose=False, config_context=None, skip_tls_verify=False + ): """quiet: Will there be CLI output or just return (datastructure) output: table: pretty print the data json: (default) output in JSON @@ -575,12 +613,15 @@ def __init__(self, quiet=True, output="json", verbose=False, config_context=None config_context: the kubeconfig:context mapping to execute against None: use system defaults str "None:": use default kubeconfig w/ specified context - str ":": use specified file and context""" + str ":": use specified file and context + skip_tls_verify: Whether to skip TLS/SSL verification""" self.quiet = quiet self.output = output self.verbose = verbose + self.skip_tls_verify = skip_tls_verify super().__init__(config_context=config_context) self.api_client.configuration.debug = self.verbose + self.api_client.configuration.verify_ssl = not self.skip_tls_verify def main(self, namespace="astra-connector"): api_instance = kubernetes.client.CoreV1Api(self.api_client) @@ -601,6 +642,7 @@ def main(self, namespace="astra-connector"): ) if self.verbose: + print(f"verify_ssl: {self.api_client.configuration.verify_ssl}") sys.stdout = sys.__stdout__ verbose_log.print() if not self.quiet: @@ -615,7 +657,9 @@ def main(self, namespace="astra-connector"): class destroySecret(KubeCommon): """Destroys a kubernetes secret in a specific namespace""" - def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None): + def __init__( + self, quiet=True, dry_run=False, verbose=False, config_context=None, skip_tls_verify=False + ): """quiet: Will there be CLI output or just return (datastructure) dry-run: False (default): submit and persist the resource True or non-empty str: submit request without persisting the resource @@ -623,12 +667,15 @@ def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None config_context: the kubeconfig:context mapping to execute against None: use system defaults str "None:": use default kubeconfig w/ specified context - str ":": use specified file and context""" + str ":": use specified file and context + skip_tls_verify: Whether to skip TLS/SSL verification""" self.quiet = quiet self.dry_run = dry_run self.verbose = verbose + self.skip_tls_verify = skip_tls_verify super().__init__(config_context=config_context) self.api_client.configuration.debug = self.verbose + self.api_client.configuration.verify_ssl = not self.skip_tls_verify def main(self, name, namespace="astra-connector"): api_instance = kubernetes.client.CoreV1Api(self.api_client) @@ -643,6 +690,7 @@ def main(self, name, namespace="astra-connector"): ).to_dict() if self.verbose: + print(f"verify_ssl: {self.api_client.configuration.verify_ssl}") sys.stdout = sys.__stdout__ verbose_log.print() if not self.quiet: @@ -655,7 +703,9 @@ def main(self, name, namespace="astra-connector"): class getStorageClasses(KubeCommon): - def __init__(self, quiet=True, output="json", verbose=False, config_context=None): + def __init__( + self, quiet=True, output="json", verbose=False, config_context=None, skip_tls_verify=False + ): """quiet: Will there be CLI output or just return (datastructure) output: json: (default) output in JSON yaml: output in yaml @@ -663,12 +713,15 @@ def __init__(self, quiet=True, output="json", verbose=False, config_context=None config_context: the kubeconfig:context mapping to execute against None: use system defaults str "None:": use default kubeconfig w/ specified context - str ":": use specified file and context""" + str ":": use specified file and context + skip_tls_verify: Whether to skip TLS/SSL verification""" self.quiet = quiet self.output = output self.verbose = verbose + self.skip_tls_verify = skip_tls_verify super().__init__(config_context=config_context) self.api_client.configuration.debug = self.verbose + self.api_client.configuration.verify_ssl = not self.skip_tls_verify def main(self): api_instance = kubernetes.client.StorageV1Api(self.api_client) @@ -682,6 +735,7 @@ def main(self): resp = yaml.dump(resp) if self.verbose: + print(f"verify_ssl: {self.api_client.configuration.verify_ssl}") sys.stdout = sys.__stdout__ verbose_log.print() if not self.quiet: @@ -696,7 +750,9 @@ def main(self): class createV1Secret(KubeCommon): """Creates a Kubernetes V1 Secret""" - def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None): + def __init__( + self, quiet=True, dry_run=False, verbose=False, config_context=None, skip_tls_verify=False + ): """quiet: Will there be CLI output or just return (datastructure) dry-run: False (default): submit and persist the resource True or non-empty str: submit request without persisting the resource @@ -704,12 +760,15 @@ def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None config_context: the kubeconfig:context mapping to execute against None: use system defaults str "None:": use default kubeconfig w/ specified context - str ":": use specified file and context""" + str ":": use specified file and context + skip_tls_verify: Whether to skip TLS/SSL verification""" self.quiet = quiet self.dry_run = dry_run self.verbose = verbose + self.skip_tls_verify = skip_tls_verify super().__init__(config_context=config_context) self.api_client.configuration.debug = self.verbose + self.api_client.configuration.verify_ssl = not self.skip_tls_verify def main(self, v1SecretObj, namespace="astra-connector"): api_instance = kubernetes.client.CoreV1Api(self.api_client) @@ -724,6 +783,7 @@ def main(self, v1SecretObj, namespace="astra-connector"): ).to_dict() if self.verbose: + print(f"verify_ssl: {self.api_client.configuration.verify_ssl}") sys.stdout = sys.__stdout__ verbose_log.print() if not self.quiet: @@ -738,7 +798,9 @@ class createRegCred(KubeCommon, SDKCommon): """Creates a docker registry credential. By default it uses fields from config.yaml, however any of these fields can be overridden by custom values.""" - def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None): + def __init__( + self, quiet=True, dry_run=False, verbose=False, config_context=None, skip_tls_verify=False + ): """quiet: Will there be CLI output or just return (datastructure) dry-run: False (default): submit and persist the resource True or non-empty str: submit request without persisting the resource @@ -746,11 +808,13 @@ def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None config_context: the kubeconfig:context mapping to execute against None: use system defaults str "None:": use default kubeconfig w/ specified context - str ":": use specified file and context""" + str ":": use specified file and context + skip_tls_verify: Whether to skip TLS/SSL verification""" self.quiet = quiet self.dry_run = dry_run self.verbose = verbose self.config_context = config_context + self.skip_tls_verify = skip_tls_verify super().__init__() def main(self, name=None, registry=None, username=None, password=None, namespace="trident"): @@ -795,13 +859,16 @@ def main(self, name=None, registry=None, username=None, password=None, namespace dry_run=self.dry_run, verbose=self.verbose, config_context=self.config_context, + skip_tls_verify=self.skip_tls_verify, ).main(regCredSecret, namespace=namespace) class createAstraApiToken(KubeCommon, SDKCommon): """Creates an astra-api-token secret based on the contents of config.yaml""" - def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None): + def __init__( + self, quiet=True, dry_run=False, verbose=False, config_context=None, skip_tls_verify=False + ): """quiet: Will there be CLI output or just return (datastructure) dry-run: False (default): submit and persist the resource True or non-empty str: submit request without persisting the resource @@ -809,11 +876,13 @@ def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None config_context: the kubeconfig:context mapping to execute against None: use system defaults str "None:": use default kubeconfig w/ specified context - str ":": use specified file and context""" + str ":": use specified file and context + skip_tls_verify: Whether to skip TLS/SSL verification""" self.quiet = quiet self.dry_run = dry_run self.verbose = verbose self.config_context = config_context + self.skip_tls_verify = skip_tls_verify super().__init__() def main(self, name=None, namespace="astra-connector"): @@ -838,13 +907,16 @@ def main(self, name=None, namespace="astra-connector"): dry_run=self.dry_run, verbose=self.verbose, config_context=self.config_context, + skip_tls_verify=self.skip_tls_verify, ).main(secret, namespace=namespace) class createGenericSecret(KubeCommon, SDKCommon): """Creates a basic Kubernetes secret, the passed data must already be base64 encoded""" - def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None): + def __init__( + self, quiet=True, dry_run=False, verbose=False, config_context=None, skip_tls_verify=False + ): """quiet: Will there be CLI output or just return (datastructure) dry-run: False (default): submit and persist the resource True or non-empty str: submit request without persisting the resource @@ -852,11 +924,13 @@ def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None config_context: the kubeconfig:context mapping to execute against None: use system defaults str "None:": use default kubeconfig w/ specified context - str ":": use specified file and context""" + str ":": use specified file and context + skip_tls_verify: Whether to skip TLS/SSL verification""" self.quiet = quiet self.dry_run = dry_run self.verbose = verbose self.config_context = config_context + self.skip_tls_verify = skip_tls_verify super().__init__() def main(self, name, data, generateName=False, namespace="astra-connector"): @@ -874,13 +948,16 @@ def main(self, name, data, generateName=False, namespace="astra-connector"): dry_run=self.dry_run, verbose=self.verbose, config_context=self.config_context, + skip_tls_verify=self.skip_tls_verify, ).main(secret, namespace=namespace) class createAstraConnector(SDKCommon): """Creates an AstraConnector custom resource""" - def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None): + def __init__( + self, quiet=True, dry_run=False, verbose=False, config_context=None, skip_tls_verify=False + ): """quiet: Will there be CLI output or just return (datastructure) dry-run: False (default): submit and persist the resource True or non-empty str: submit request without persisting the resource @@ -888,11 +965,13 @@ def __init__(self, quiet=True, dry_run=False, verbose=False, config_context=None config_context: the kubeconfig:context mapping to execute against None: use system defaults str "None:": use default kubeconfig w/ specified context - str ":": use specified file and context""" + str ":": use specified file and context + skip_tls_verify: Whether to skip TLS/SSL verification""" self.quiet = quiet self.dry_run = dry_run self.verbose = verbose self.config_context = config_context + self.skip_tls_verify = skip_tls_verify super().__init__() def main( @@ -929,6 +1008,7 @@ def main( dry_run=self.dry_run, verbose=self.verbose, config_context=self.config_context, + skip_tls_verify=self.skip_tls_verify, ).main( body["kind"].lower() + "s", namespace, diff --git a/tkSrc/choices.py b/tkSrc/choices.py index c31f3dd..1217b9b 100644 --- a/tkSrc/choices.py +++ b/tkSrc/choices.py @@ -26,7 +26,7 @@ ENDC = "\033[0m" -def main(argv, verbs, verbPosition, ard, acl, v3): +def main(argv, verbs, verbPosition, ard, acl, v3, v3_skip_tls_verify=False): """This function builds the argparse choices lists. To build these lists, a variety of external calls need to be made. The results of these calls are stored in ard (an instantiation of AstraResourceDicts) so the same call doesn't have to be made again later. The choices lists are @@ -39,21 +39,29 @@ def main(argv, verbs, verbPosition, ard, acl, v3): ard.charts = helpers.updateHelm() acl.charts = ard.buildList("charts", "name") if v3: - ard.buckets = astraSDK.k8s.getResources(config_context=v3).main("appvaults") + ard.buckets = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("appvaults") acl.buckets = ard.buildList("buckets", "metadata.name") elif argv[verbPosition + 1] == "acp": - ard.credentials = astraSDK.k8s.getSecrets(config_context=v3).main( - namespace="trident" - ) + ard.credentials = astraSDK.k8s.getSecrets( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main(namespace="trident") acl.credentials = ard.buildList("credentials", "metadata.name") elif verbs["clone"] or verbs["restore"]: if v3: - ard.apps = astraSDK.k8s.getResources(config_context=v3).main("applications") + ard.apps = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("applications") acl.apps = ard.buildList("apps", "metadata.name") if verbs["restore"]: - ard.backups = astraSDK.k8s.getResources(config_context=v3).main("backups") - ard.snapshots = astraSDK.k8s.getResources(config_context=v3).main("snapshots") + ard.backups = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("backups") + ard.snapshots = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("snapshots") acl.dataProtections = ard.buildList("backups", "metadata.name") + ard.buildList( "snapshots", "metadata.name" ) @@ -70,12 +78,14 @@ def main(argv, verbs, verbPosition, ard, acl, v3): is not None ): ard.storageClasses = astraSDK.k8s.getStorageClasses( - config_context=arg + config_context=arg, skip_tls_verify=v3_skip_tls_verify ).main() acl.storageClasses = ard.buildList("storageClasses", "metadata.name") break else: - ard.storageClasses = astraSDK.k8s.getStorageClasses(config_context=v3).main() + ard.storageClasses = astraSDK.k8s.getStorageClasses( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main() acl.storageClasses = ard.buildList("storageClasses", "metadata.name") else: ard.apps = astraSDK.apps.getApps().main() @@ -101,11 +111,17 @@ def main(argv, verbs, verbPosition, ard, acl, v3): elif verbs["ipr"]: if v3: - ard.apps = astraSDK.k8s.getResources(config_context=v3).main("applications") + ard.apps = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("applications") acl.apps = ard.buildList("apps", "metadata.name") if len(argv) - verbPosition >= 2: - ard.backups = astraSDK.k8s.getResources(config_context=v3).main("backups") - ard.snapshots = astraSDK.k8s.getResources(config_context=v3).main("snapshots") + ard.backups = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("backups") + ard.snapshots = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("snapshots") for a in argv[verbPosition + 1 :]: acl.backups += ard.buildList( "backups", "metadata.name", "spec.applicationRef", a @@ -134,14 +150,18 @@ def main(argv, verbs, verbPosition, ard, acl, v3): or argv[verbPosition + 1] == "snapshot" ): if v3: - ard.apps = astraSDK.k8s.getResources(config_context=v3).main("applications") + ard.apps = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("applications") acl.apps = ard.buildList("apps", "metadata.name") else: ard.apps = astraSDK.apps.getApps().main() acl.apps = ard.buildList("apps", "id") if argv[verbPosition + 1] == "backup" or argv[verbPosition + 1] == "snapshot": if v3: - ard.buckets = astraSDK.k8s.getResources(config_context=v3).main("appvaults") + ard.buckets = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("appvaults") acl.buckets = ard.buildList("buckets", "metadata.name") else: ard.buckets = astraSDK.buckets.getBuckets(quiet=True).main() @@ -151,7 +171,9 @@ def main(argv, verbs, verbPosition, ard, acl, v3): for a in argv[verbPosition + 1 :]: if a in acl.apps: if v3: - ard.snapshots = astraSDK.k8s.getResources(config_context=v3).main( + ard.snapshots = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main( "snapshots", filters=[{"keyFilter": "spec.applicationRef", "valFilter": a}], ) @@ -165,7 +187,9 @@ def main(argv, verbs, verbPosition, ard, acl, v3): acl.scripts = ard.buildList("scripts", "id") if argv[verbPosition + 1] == "protection" or argv[verbPosition + 1] == "schedule": if v3: - ard.buckets = astraSDK.k8s.getResources(config_context=v3).main("appvaults") + ard.buckets = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("appvaults") acl.buckets = ard.buildList("buckets", "metadata.name") if argv[verbPosition + 1] == "replication": ard.destClusters = astraSDK.clusters.getClusters().main(hideUnmanaged=True) @@ -211,7 +235,9 @@ def main(argv, verbs, verbPosition, ard, acl, v3): elif (verbs["manage"] or verbs["define"]) and len(argv) - verbPosition >= 2: if argv[verbPosition + 1] == "app" or argv[verbPosition + 1] == "application": if v3: - ard.namespaces = astraSDK.k8s.getNamespaces(config_context=v3).main() + ard.namespaces = astraSDK.k8s.getNamespaces( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main() acl.namespaces = ard.buildList("namespaces", "metadata.name") else: ard.namespaces = astraSDK.namespaces.getNamespaces().main() @@ -220,7 +246,9 @@ def main(argv, verbs, verbPosition, ard, acl, v3): acl.clusters = list(set(acl.clusters)) elif argv[verbPosition + 1] == "bucket" or argv[verbPosition + 1] == "appVault": if v3: - ard.credentials = astraSDK.k8s.getSecrets(config_context=v3).main() + ard.credentials = astraSDK.k8s.getSecrets( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main() acl.credentials = ard.buildList("credentials", "metadata.name") for c in argv[verbPosition + 1 :]: if c in acl.credentials: @@ -263,7 +291,9 @@ def main(argv, verbs, verbPosition, ard, acl, v3): rc = astraSDK.clouds.manageCloud(quiet=True).main("private", "private") if rc: acl.clouds.append(rc["id"]) - ard.credentials = astraSDK.k8s.getSecrets(config_context=v3).main() + ard.credentials = astraSDK.k8s.getSecrets( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main() acl.credentials = ard.buildList("credentials", "metadata.name") else: ard.clusters = astraSDK.clusters.getClusters().main() @@ -280,9 +310,13 @@ def main(argv, verbs, verbPosition, ard, acl, v3): elif verbs["destroy"] and len(argv) - verbPosition >= 2: if argv[verbPosition + 1] == "backup" and len(argv) - verbPosition >= 3: if v3: - ard.apps = astraSDK.k8s.getResources(config_context=v3).main("applications") + ard.apps = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("applications") acl.apps = ard.buildList("apps", "metadata.name") - ard.backups = astraSDK.k8s.getResources(config_context=v3).main("backups") + ard.backups = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("backups") acl.backups = ard.buildList( "backups", "metadata.name", @@ -303,7 +337,9 @@ def main(argv, verbs, verbPosition, ard, acl, v3): argv ) - verbPosition >= 3: if v3: - ard.credentials = astraSDK.k8s.getSecrets(config_context=v3).main() + ard.credentials = astraSDK.k8s.getSecrets( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main() acl.credentials = ard.buildList("credentials", "metadata.name") else: ard.credentials = astraSDK.credentials.getCredentials().main() @@ -312,9 +348,13 @@ def main(argv, verbs, verbPosition, ard, acl, v3): argv ) - verbPosition >= 3: if v3: - ard.apps = astraSDK.k8s.getResources(config_context=v3).main("applications") + ard.apps = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("applications") acl.apps = ard.buildList("apps", "metadata.name") - ard.hooks = astraSDK.k8s.getResources(config_context=v3).main("exechooks") + ard.hooks = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("exechooks") acl.hooks = ard.buildList( "hooks", "metadata.name", @@ -328,9 +368,13 @@ def main(argv, verbs, verbPosition, ard, acl, v3): acl.hooks = ard.buildList("hooks", "id", fKey="appID", fVal=argv[verbPosition + 2]) elif argv[verbPosition + 1] == "protection" and len(argv) - verbPosition >= 3: if v3: - ard.apps = astraSDK.k8s.getResources(config_context=v3).main("applications") + ard.apps = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("applications") acl.apps = ard.buildList("apps", "metadata.name") - ard.protections = astraSDK.k8s.getResources(config_context=v3).main("schedules") + ard.protections = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("schedules") acl.protections = ard.buildList( "protections", "metadata.name", @@ -353,9 +397,13 @@ def main(argv, verbs, verbPosition, ard, acl, v3): acl.replications = ard.buildList("replications", "id") elif argv[verbPosition + 1] == "snapshot" and len(argv) - verbPosition >= 3: if v3: - ard.apps = astraSDK.k8s.getResources(config_context=v3).main("applications") + ard.apps = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("applications") acl.apps = ard.buildList("apps", "metadata.name") - ard.snapshots = astraSDK.k8s.getResources(config_context=v3).main("snapshots") + ard.snapshots = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("snapshots") acl.snapshots = ard.buildList( "snapshots", "metadata.name", @@ -379,23 +427,27 @@ def main(argv, verbs, verbPosition, ard, acl, v3): elif verbs["unmanage"] and len(argv) - verbPosition >= 2: if argv[verbPosition + 1] == "app" or argv[verbPosition + 1] == "application": if v3: - ard.apps = astraSDK.k8s.getResources(config_context=v3).main("applications") + ard.apps = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("applications") acl.apps = ard.buildList("apps", "metadata.name") else: ard.apps = astraSDK.apps.getApps().main() acl.apps = ard.buildList("apps", "id") elif argv[verbPosition + 1] == "bucket" or argv[verbPosition + 1] == "appVault": if v3: - ard.buckets = astraSDK.k8s.getResources(config_context=v3).main("appvaults") + ard.buckets = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("appvaults") acl.buckets = ard.buildList("buckets", "metadata.name") else: ard.buckets = astraSDK.buckets.getBuckets().main() acl.buckets = ard.buildList("buckets", "id") elif argv[verbPosition + 1] == "cluster": if v3: - ard.connectors = astraSDK.k8s.getResources(config_context=v3).main( - "astraconnectors", version="v1", group="astra.netapp.io" - ) + ard.connectors = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=v3_skip_tls_verify + ).main("astraconnectors", version="v1", group="astra.netapp.io") acl.clusters = ard.buildList("connectors", "spec.astra.clusterId") + ard.buildList( "connectors", "spec.astra.clusterName" ) diff --git a/tkSrc/clone.py b/tkSrc/clone.py index 5f078b3..2aff1c0 100644 --- a/tkSrc/clone.py +++ b/tkSrc/clone.py @@ -219,12 +219,12 @@ def doClone( raise SystemExit(f"Submitting {verb} failed.") -def waitForDpCompletion(dp_resp, cluster): +def waitForDpCompletion(dp_resp, cluster, skip_tls_verify): """Given a data protection creation response, wait for the 'status.state' field to be 'Completed', then return that dict""" dp_name = dp_resp["metadata"]["name"] dp_plural = f"{dp_resp['kind'].lower()}s" - get_K8s_obj = astraSDK.k8s.getResources(config_context=cluster) + get_K8s_obj = astraSDK.k8s.getResources(config_context=cluster, skip_tls_verify=skip_tls_verify) dp = get_K8s_obj.main( dp_plural, filters=[{"keyFilter": "metadata.name", "valFilter": dp_name}] )["items"][0] @@ -258,6 +258,7 @@ def waitForDpCompletion(dp_resp, cluster): def doV3Clone( v3, dry_run, + skip_tls_verify, quiet, verbose, parser, @@ -273,13 +274,14 @@ def doV3Clone( """Performs a live clone by first creating either a snapshot (same-cluster) or backup (cross- cluster) of the sourcApp, and then it calls doV3Restore for the remaining restore operation, which consists of a BackupRestore or SnapshotRestore and an Application definition.""" - bucketDict = helpers.getCommonAppVault(v3, cluster, parser) + bucketDict = helpers.getCommonAppVault(v3, cluster, parser, skip_tls_verify=skip_tls_verify) if dry_run == "client": print(f"# This must be applied on the source cluster specified by '{v3}'") if crossCluster: restoreSourceDict = create.createV3Backup( v3, dry_run, + skip_tls_verify, quiet, verbose, None, @@ -291,6 +293,7 @@ def doV3Clone( restoreSourceDict = create.createV3Snapshot( v3, dry_run, + skip_tls_verify, quiet, verbose, None, @@ -307,10 +310,11 @@ def doV3Clone( + f"{'backup' if crossCluster else 'snapshot'}.status.appArchivePath" ) else: - restoreSourceDict = waitForDpCompletion(restoreSourceDict, v3) + restoreSourceDict = waitForDpCompletion(restoreSourceDict, v3, skip_tls_verify) doV3Restore( v3, dry_run, + skip_tls_verify, quiet, verbose, parser, @@ -328,6 +332,7 @@ def doV3Clone( def setupV3Restore( v3, dry_run, + skip_tls_verify, quiet, verbose, parser, @@ -347,9 +352,13 @@ def setupV3Restore( backup), then calls doV3Restore to create the BackupRestore or SnapshotRestore and Application definitions.""" if ard.needsattr("backups"): - ard.backups = astraSDK.k8s.getResources(config_context=v3).main("backups") + ard.backups = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=skip_tls_verify + ).main("backups") if ard.needsattr("snapshots"): - ard.snapshots = astraSDK.k8s.getResources(config_context=v3).main("snapshots") + ard.snapshots = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=skip_tls_verify + ).main("snapshots") # For restore, we need to figure out if a backup or a snapshot source was provided if restoreSource in ard.buildList("backups", "metadata.name"): restoreSourceDict = ard.getSingleDict("backups", "metadata.name", restoreSource, parser) @@ -362,6 +371,7 @@ def setupV3Restore( restoreSourceDict = create.createV3Backup( v3, dry_run, + skip_tls_verify, quiet, verbose, None, @@ -379,12 +389,13 @@ def setupV3Restore( if dry_run == "client": print("---") else: - restoreSourceDict = waitForDpCompletion(restoreSourceDict, v3) + restoreSourceDict = waitForDpCompletion(restoreSourceDict, v3, skip_tls_verify) else: parser.error(f"the restoreSource '{restoreSource}' is not a valid backup or snapshot") doV3Restore( v3, dry_run, + skip_tls_verify, quiet, verbose, parser, @@ -404,6 +415,7 @@ def setupV3Restore( def doV3Restore( v3, dry_run, + skip_tls_verify, quiet, verbose, parser, @@ -435,7 +447,11 @@ def doV3Restore( appArchivePath=restoreSourceDict["status"]["appArchivePath"], appVaultRef=( helpers.swapAppVaultRef( - restoreSourceDict["spec"]["appVaultRef"], v3, cluster, parser + restoreSourceDict["spec"]["appVaultRef"], + v3, + cluster, + parser, + skip_tls_verify=skip_tls_verify, ) if crossCluster else restoreSourceDict["spec"]["appVaultRef"] @@ -459,7 +475,11 @@ def doV3Restore( else: for v3_dict in v3_gen: astraSDK.k8s.createResource( - quiet=quiet, dry_run=dry_run, verbose=verbose, config_context=cluster + quiet=quiet, + dry_run=dry_run, + verbose=verbose, + config_context=cluster, + skip_tls_verify=skip_tls_verify, ).main( f"{v3_dict['kind'].lower()}s", v3_dict["metadata"]["namespace"], @@ -491,11 +511,14 @@ def main(args, parser, ard): args.newNamespace = args.appName # Handle -f/--fast/plaidMode cases if ard.needsattr("apps"): - ard.apps = astraSDK.k8s.getResources(config_context=args.v3).main("applications") + ard.apps = astraSDK.k8s.getResources( + config_context=args.v3, skip_tls_verify=args.skip_tls_verify + ).main("applications") if args.subcommand == "clone": doV3Clone( args.v3, args.dry_run, + args.skip_tls_verify, args.quiet, args.verbose, parser, @@ -503,7 +526,9 @@ def main(args, parser, ard): args.sourceApp, args.appName, args.cluster, - not helpers.sameK8sCluster(args.v3, args.cluster), + not helpers.sameK8sCluster( + args.v3, args.cluster, skip_tls_verify=args.skip_tls_verify + ), newStorageClass=args.newStorageClass, newNamespace=args.newNamespace, multiNsMapping=args.multiNsMapping, @@ -512,6 +537,7 @@ def main(args, parser, ard): setupV3Restore( args.v3, args.dry_run, + args.skip_tls_verify, args.quiet, args.verbose, parser, @@ -519,7 +545,9 @@ def main(args, parser, ard): args.restoreSource, args.appName, args.cluster, - not helpers.sameK8sCluster(args.v3, args.cluster), + not helpers.sameK8sCluster( + args.v3, args.cluster, skip_tls_verify=args.skip_tls_verify + ), newStorageClass=args.newStorageClass, newNamespace=args.newNamespace, multiNsMapping=args.multiNsMapping, diff --git a/tkSrc/create.py b/tkSrc/create.py index 8ffb176..822e093 100644 --- a/tkSrc/create.py +++ b/tkSrc/create.py @@ -89,7 +89,7 @@ def createCloudCredential(quiet, verbose, path, name, cloudType, parser): raise SystemExit("astraSDK.credentials.createCredential() failed") -def createV3CloudCredential(v3, dry_run, quiet, verbose, path, name, parser): +def createV3CloudCredential(v3, dry_run, skip_tls_verify, quiet, verbose, path, name, parser): """Create a public cloud (AWS/Azure/GCP) credential via a Kubernetes secret""" credDict = helpers.openJson(path, parser) encodedStr = base64.b64encode(json.dumps(credDict).encode("utf-8")).decode("utf-8") @@ -107,7 +107,11 @@ def createV3CloudCredential(v3, dry_run, quiet, verbose, path, name, parser): print("---") return secret_dict return astraSDK.k8s.createGenericSecret( - quiet=quiet, dry_run=dry_run, verbose=verbose, config_context=v3 + quiet=quiet, + dry_run=dry_run, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main(f"{name}-", data, generateName=True, namespace=namespace) @@ -124,7 +128,9 @@ def createS3Credential(quiet, verbose, accessKey, accessSecret, name): raise SystemExit("astraSDK.credentials.createCredential() failed") -def createV3S3Credential(v3, dry_run, quiet, verbose, accessKey, accessSecret, name): +def createV3S3Credential( + v3, dry_run, skip_tls_verify, quiet, verbose, accessKey, accessSecret, name +): """Create a public cloud (AWS/Azure/GCP) credential via a Kubernetes secret""" encodedKey = base64.b64encode(accessKey.encode("utf-8")).decode("utf-8") encodedSecret = base64.b64encode(accessSecret.encode("utf-8")).decode("utf-8") @@ -142,13 +148,18 @@ def createV3S3Credential(v3, dry_run, quiet, verbose, accessKey, accessSecret, n print("---") return secret_dict return astraSDK.k8s.createGenericSecret( - quiet=quiet, dry_run=dry_run, verbose=verbose, config_context=v3 + quiet=quiet, + dry_run=dry_run, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main(f"{name}-", data, generateName=True, namespace=namespace) def createV3Backup( v3, dry_run, + skip_tls_verify, quiet, verbose, name, @@ -175,7 +186,11 @@ def createV3Backup( return v3_dict else: return astraSDK.k8s.createResource( - quiet=quiet, dry_run=dry_run, verbose=verbose, config_context=v3 + quiet=quiet, + dry_run=dry_run, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main( f"{v3_dict['kind'].lower()}s", v3_dict["metadata"]["namespace"], @@ -188,6 +203,7 @@ def createV3Backup( def createV3Hook( v3, dry_run, + skip_tls_verify, quiet, verbose, parser, @@ -229,7 +245,11 @@ def createV3Hook( print(yaml.dump(v3_dict).rstrip("\n")) else: astraSDK.k8s.createResource( - quiet=quiet, dry_run=dry_run, verbose=verbose, config_context=v3 + quiet=quiet, + dry_run=dry_run, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main( f"{v3_dict['kind'].lower()}s", v3_dict["metadata"]["namespace"], @@ -242,6 +262,7 @@ def createV3Hook( def createV3Protection( v3, dry_run, + skip_tls_verify, quiet, verbose, app, @@ -274,7 +295,11 @@ def createV3Protection( print(yaml.dump(v3_dict).rstrip("\n")) else: astraSDK.k8s.createResource( - quiet=quiet, dry_run=dry_run, verbose=verbose, config_context=v3 + quiet=quiet, + dry_run=dry_run, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main( f"{v3_dict['kind'].lower()}s", v3_dict["metadata"]["namespace"], @@ -287,6 +312,7 @@ def createV3Protection( def createV3Snapshot( v3, dry_run, + skip_tls_verify, quiet, verbose, name, @@ -315,7 +341,11 @@ def createV3Snapshot( return v3_dict else: return astraSDK.k8s.createResource( - quiet=quiet, dry_run=dry_run, verbose=verbose, config_context=v3 + quiet=quiet, + dry_run=dry_run, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main( f"{v3_dict['kind'].lower()}s", v3_dict["metadata"]["namespace"], @@ -329,7 +359,9 @@ def main(args, parser, ard): if args.objectType == "backup": if args.v3: if ard.needsattr("buckets"): - ard.buckets = astraSDK.k8s.getResources(config_context=args.v3).main("appvaults") + ard.buckets = astraSDK.k8s.getResources( + config_context=args.v3, skip_tls_verify=args.skip_tls_verify + ).main("appvaults") if args.bucket is None: args.bucket = ard.getSingleDict("buckets", "status.state", "available", parser)[ "metadata" @@ -337,6 +369,7 @@ def main(args, parser, ard): createV3Backup( args.v3, args.dry_run, + args.skip_tls_verify, args.quiet, args.verbose, args.name, @@ -386,6 +419,7 @@ def main(args, parser, ard): createV3Hook( args.v3, args.dry_run, + args.skip_tls_verify, args.quiet, args.verbose, parser, @@ -449,6 +483,7 @@ def main(args, parser, ard): createV3Protection( args.v3, args.dry_run, + args.skip_tls_verify, args.quiet, args.verbose, args.app, @@ -546,7 +581,9 @@ def main(args, parser, ard): elif args.objectType == "snapshot": if args.v3: if ard.needsattr("buckets"): - ard.buckets = astraSDK.k8s.getResources(config_context=args.v3).main("appvaults") + ard.buckets = astraSDK.k8s.getResources( + config_context=args.v3, skip_tls_verify=args.skip_tls_verify + ).main("appvaults") if args.bucket is None: args.bucket = ard.getSingleDict("buckets", "status.state", "available", parser)[ "metadata" @@ -554,6 +591,7 @@ def main(args, parser, ard): createV3Snapshot( args.v3, args.dry_run, + args.skip_tls_verify, args.quiet, args.verbose, args.name, diff --git a/tkSrc/deploy.py b/tkSrc/deploy.py index b391da9..0456846 100644 --- a/tkSrc/deploy.py +++ b/tkSrc/deploy.py @@ -28,7 +28,17 @@ def deployHelm( - chart, appName, namespace, setValues, fileValues, bucket, verbose, quiet, v3=False, dry_run=None + chart, + appName, + namespace, + setValues, + fileValues, + bucket, + verbose, + quiet, + v3=False, + dry_run=None, + skip_tls_verify=False, ): """Deploy a helm chart , naming the app into """ if v3: @@ -44,7 +54,9 @@ def deployHelm( setStr = helpers.createHelmStr("set", setValues) valueStr = helpers.createHelmStr("values", fileValues) - cluster_namespaces = astraSDK.k8s.getNamespaces(config_context=v3).main(systemNS=[]) + cluster_namespaces = astraSDK.k8s.getNamespaces( + config_context=v3, skip_tls_verify=skip_tls_verify + ).main(systemNS=[]) if namespace in [n["metadata"]["name"] for n in cluster_namespaces["items"]]: raise SystemExit(f"Namespace {namespace} already exists!") @@ -56,7 +68,7 @@ def deployHelm( if v3: if dry_run == "client": print("---") - manage.manageV3App(v3, dry_run, quiet, verbose, appName, namespace) + manage.manageV3App(v3, dry_run, skip_tls_verify, quiet, verbose, appName, namespace) backupRetention = "1" snapshotRetention = "1" minute = "0" @@ -72,6 +84,7 @@ def deployHelm( create.createV3Protection( v3, dry_run, + skip_tls_verify, quiet, verbose, appName, @@ -173,7 +186,10 @@ def main(args, parser, ard): if args.v3: # Ensure the trident orchestrator is already running torc = astraSDK.k8s.getClusterResources( - quiet=args.quiet, verbose=args.verbose, config_context=args.v3 + quiet=args.quiet, + verbose=args.verbose, + config_context=args.v3, + skip_tls_verify=args.skip_tls_verify, ).main("tridentorchestrators") if torc is None or len(torc["items"]) == 0: parser.error("trident operator not found on current Kubernetes context") @@ -186,15 +202,16 @@ def main(args, parser, ard): dry_run=args.dry_run, verbose=args.verbose, config_context=args.v3, + skip_tls_verify=args.skip_tls_verify, ).main(registry=args.registry) if not cred: raise SystemExit("astraSDK.k8s.createRegCred() failed") args.regCred = cred["metadata"]["name"] else: if ard.needsattr("credentials"): - ard.credentials = astraSDK.k8s.getSecrets(config_context=args.v3).main( - namespace="trident" - ) + ard.credentials = astraSDK.k8s.getSecrets( + config_context=args.v3, skip_tls_verify=args.skip_tls_verify + ).main(namespace="trident") cred = ard.getSingleDict("credentials", "metadata.name", args.regCred, parser) # Handle default registry if not args.registry: @@ -219,7 +236,11 @@ def main(args, parser, ard): torc_spec["spec"]["imagePullSecrets"] = [args.regCred] # Make the update torc_update = astraSDK.k8s.updateClusterResource( - quiet=args.quiet, dry_run=args.dry_run, verbose=args.verbose, config_context=args.v3 + quiet=args.quiet, + dry_run=args.dry_run, + verbose=args.verbose, + config_context=args.v3, + skip_tls_verify=args.skip_tls_verify, ).main("tridentorchestrators", torc_name, torc_spec) if torc_update: print(f"tridentorchestrator.trident.netapp.io/{torc_name} edited") @@ -242,4 +263,5 @@ def main(args, parser, ard): args.quiet, v3=args.v3, dry_run=args.dry_run, + skip_tls_verify=args.skip_tls_verify, ) diff --git a/tkSrc/destroy.py b/tkSrc/destroy.py index de06fa9..74d6100 100644 --- a/tkSrc/destroy.py +++ b/tkSrc/destroy.py @@ -22,7 +22,11 @@ def main(args, parser, ard): if args.objectType == "backup": if args.v3: rc = astraSDK.k8s.destroyResource( - quiet=args.quiet, dry_run=args.dry_run, verbose=args.verbose, config_context=args.v3 + quiet=args.quiet, + dry_run=args.dry_run, + verbose=args.verbose, + config_context=args.v3, + skip_tls_verify=args.skip_tls_verify, ).main("backups", args.backup) else: rc = astraSDK.backups.destroyBackup(quiet=args.quiet, verbose=args.verbose).main( @@ -44,7 +48,11 @@ def main(args, parser, ard): elif args.objectType == "credential" or args.objectType == "secret": if args.v3: astraSDK.k8s.destroySecret( - quiet=args.quiet, dry_run=args.dry_run, verbose=args.verbose, config_context=args.v3 + quiet=args.quiet, + dry_run=args.dry_run, + verbose=args.verbose, + config_context=args.v3, + skip_tls_verify=args.skip_tls_verify, ).main(args.credential) else: rc = astraSDK.credentials.destroyCredential( @@ -57,7 +65,11 @@ def main(args, parser, ard): elif args.objectType == "hook" or args.objectType == "exechook": if args.v3: rc = astraSDK.k8s.destroyResource( - quiet=args.quiet, dry_run=args.dry_run, verbose=args.verbose, config_context=args.v3 + quiet=args.quiet, + dry_run=args.dry_run, + verbose=args.verbose, + config_context=args.v3, + skip_tls_verify=args.skip_tls_verify, ).main("exechooks", args.hook) else: rc = astraSDK.hooks.destroyHook(quiet=args.quiet, verbose=args.verbose).main( @@ -70,7 +82,11 @@ def main(args, parser, ard): elif args.objectType == "protection" or args.objectType == "schedule": if args.v3: rc = astraSDK.k8s.destroyResource( - quiet=args.quiet, dry_run=args.dry_run, verbose=args.verbose, config_context=args.v3 + quiet=args.quiet, + dry_run=args.dry_run, + verbose=args.verbose, + config_context=args.v3, + skip_tls_verify=args.skip_tls_verify, ).main("schedules", args.protection) else: rc = astraSDK.protections.destroyProtectiontionpolicy( @@ -122,7 +138,11 @@ def main(args, parser, ard): elif args.objectType == "snapshot": if args.v3: rc = astraSDK.k8s.destroyResource( - quiet=args.quiet, dry_run=args.dry_run, verbose=args.verbose, config_context=args.v3 + quiet=args.quiet, + dry_run=args.dry_run, + verbose=args.verbose, + config_context=args.v3, + skip_tls_verify=args.skip_tls_verify, ).main("snapshots", args.snapshot) else: rc = astraSDK.snapshots.destroySnapshot(quiet=args.quiet, verbose=args.verbose).main( diff --git a/tkSrc/helpers.py b/tkSrc/helpers.py index 4edce1c..3149e10 100644 --- a/tkSrc/helpers.py +++ b/tkSrc/helpers.py @@ -512,11 +512,15 @@ def getOperatorURL(version): return f"{base}/download/{version}-main/{filename}" -def sameK8sCluster(cluster1, cluster2): +def sameK8sCluster(cluster1, cluster2, skip_tls_verify=False): """Function which determines if cluster1 and cluster2 are the same underlying Kubernetes clusters or not. Returns True if metadata.uid of the kube-system NS are the same.""" - namespaces1 = astraSDK.k8s.getNamespaces(config_context=cluster1).main(systemNS=[]) - namespaces2 = astraSDK.k8s.getNamespaces(config_context=cluster2).main(systemNS=[]) + namespaces1 = astraSDK.k8s.getNamespaces( + config_context=cluster1, skip_tls_verify=skip_tls_verify + ).main(systemNS=[]) + namespaces2 = astraSDK.k8s.getNamespaces( + config_context=cluster2, skip_tls_verify=skip_tls_verify + ).main(systemNS=[]) ks1 = next(n for n in namespaces1["items"] if n["metadata"]["name"] == "kube-system") ks2 = next(n for n in namespaces2["items"] if n["metadata"]["name"] == "kube-system") if ks1["metadata"]["uid"] == ks2["metadata"]["uid"]: @@ -524,11 +528,15 @@ def sameK8sCluster(cluster1, cluster2): return False -def getCommonAppVault(cluster1, cluster2, parser): +def getCommonAppVault(cluster1, cluster2, parser, skip_tls_verify=False): """Function which takes in two cluster contexts, and finds and returns an appVault that's common between the two of them, as designated by status.uid""" - c1AppVaults = astraSDK.k8s.getResources(config_context=cluster1).main("appvaults") - c2AppVaults = astraSDK.k8s.getResources(config_context=cluster2).main("appvaults") + c1AppVaults = astraSDK.k8s.getResources( + config_context=cluster1, skip_tls_verify=skip_tls_verify + ).main("appvaults") + c2AppVaults = astraSDK.k8s.getResources( + config_context=cluster2, skip_tls_verify=skip_tls_verify + ).main("appvaults") for c1av in c1AppVaults["items"]: for c2av in c2AppVaults["items"]: if c1av.get("status") and c1av["status"].get("uid"): @@ -538,12 +546,16 @@ def getCommonAppVault(cluster1, cluster2, parser): parser.error(f"A common appVault was not found between cluster {cluster1} and {cluster2}") -def swapAppVaultRef(sourceAppVaultRef, sourceCluster, destCluster, parser): +def swapAppVaultRef(sourceAppVaultRef, sourceCluster, destCluster, parser, skip_tls_verify=False): """Function which takes in the name of a sourceCluster's appVaultRef, and then returns the name of the destCluster's same appVaultRef (appVaults can be named differently across clusters due to Astra Control auto-appending a unique identifier).""" - sourceAppVaults = astraSDK.k8s.getResources(config_context=sourceCluster).main("appvaults") - destAppVaults = astraSDK.k8s.getResources(config_context=destCluster).main("appvaults") + sourceAppVaults = astraSDK.k8s.getResources( + config_context=sourceCluster, skip_tls_verify=skip_tls_verify + ).main("appvaults") + destAppVaults = astraSDK.k8s.getResources( + config_context=destCluster, skip_tls_verify=skip_tls_verify + ).main("appvaults") try: sourceAppVault = next( a for a in sourceAppVaults["items"] if a["metadata"]["name"] == sourceAppVaultRef diff --git a/tkSrc/ipr.py b/tkSrc/ipr.py index 698ba25..aa5a922 100644 --- a/tkSrc/ipr.py +++ b/tkSrc/ipr.py @@ -27,6 +27,7 @@ def doV3Ipr( v3, dry_run, + skip_tls_verify, quiet, verbose, parser, @@ -38,11 +39,15 @@ def doV3Ipr( ): if backup: if ard.needsattr("backups"): - ard.backups = astraSDK.k8s.getResources(config_context=v3).main("backups") + ard.backups = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=skip_tls_verify + ).main("backups") iprSourceDict = ard.getSingleDict("backups", "metadata.name", backup, parser) elif snapshot: if ard.needsattr("snapshots"): - ard.snapshots = astraSDK.k8s.getResources(config_context=v3).main("snapshots") + ard.snapshots = astraSDK.k8s.getResources( + config_context=v3, skip_tls_verify=skip_tls_verify + ).main("snapshots") iprSourceDict = ard.getSingleDict("snapshots", "metadata.name", snapshot, parser) template = helpers.setupJinja("ipr") @@ -63,7 +68,11 @@ def doV3Ipr( print(yaml.dump(v3_dict).rstrip("\n")) else: astraSDK.k8s.createResource( - quiet=quiet, dry_run=dry_run, verbose=verbose, config_context=v3 + quiet=quiet, + dry_run=dry_run, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main( f"{v3_dict['kind'].lower()}s", v3_dict["metadata"]["namespace"], @@ -89,6 +98,7 @@ def main(args, parser, ard): doV3Ipr( args.v3, args.dry_run, + args.skip_tls_verify, args.quiet, args.verbose, parser, diff --git a/tkSrc/list.py b/tkSrc/list.py index d695ea9..f537f78 100644 --- a/tkSrc/list.py +++ b/tkSrc/list.py @@ -22,10 +22,14 @@ from tkSrc import helpers -def listV3Apps(v3, quiet, output, verbose, nameFilter=None, namespace=None): +def listV3Apps(v3, quiet, output, verbose, skip_tls_verify=False, nameFilter=None, namespace=None): """List applications Kubernetes custom resources""" return astraSDK.k8s.getResources( - quiet=quiet, output=output, verbose=verbose, config_context=v3 + quiet=quiet, + output=output, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main( "applications", filters=[ @@ -39,10 +43,16 @@ def listV3Apps(v3, quiet, output, verbose, nameFilter=None, namespace=None): ) -def listV3Appvaults(v3, quiet, output, verbose, provider=None, nameFilter=None): +def listV3Appvaults( + v3, quiet, output, verbose, skip_tls_verify=False, provider=None, nameFilter=None +): """List appvaults Kubernetes custom resources""" return astraSDK.k8s.getResources( - quiet=quiet, output=output, verbose=verbose, config_context=v3 + quiet=quiet, + output=output, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main( "appvaults", filters=[ @@ -52,40 +62,58 @@ def listV3Appvaults(v3, quiet, output, verbose, provider=None, nameFilter=None): ) -def listV3Backups(v3, quiet, output, verbose, app=None): +def listV3Backups(v3, quiet, output, verbose, skip_tls_verify=False, app=None): """List backups Kubernetes custom resources""" return astraSDK.k8s.getResources( - quiet=quiet, output=output, verbose=verbose, config_context=v3 + quiet=quiet, + output=output, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main( "backups", filters=[{"keyFilter": "spec.applicationRef", "valFilter": app}], ) -def listV3Connectors(v3, quiet, output, verbose): +def listV3Connectors(v3, quiet, output, verbose, skip_tls_verify=False): """List astraconnectors Kubernetes custom resources""" return astraSDK.k8s.getResources( - quiet=quiet, output=output, verbose=verbose, config_context=v3 + quiet=quiet, + output=output, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main("astraconnectors") -def listV3Hooks(v3, quiet, output, verbose, app=None): +def listV3Hooks(v3, quiet, output, verbose, skip_tls_verify=False, app=None): """List exechooks Kubernetes custom resources""" return astraSDK.k8s.getResources( - quiet=quiet, output=output, verbose=verbose, config_context=v3 + quiet=quiet, + output=output, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main("exechooks", filters=[{"keyFilter": "spec.applicationRef", "valFilter": app}]) -def listV3Hooksruns(v3, quiet, output, verbose, app=None): +def listV3Hooksruns(v3, quiet, output, verbose, skip_tls_verify=False, app=None): """List exechooksruns Kubernetes custom resources""" return astraSDK.k8s.getResources( - quiet=quiet, output=output, verbose=verbose, config_context=v3 + quiet=quiet, + output=output, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main("exechooksruns", filters=[{"keyFilter": "spec.applicationRef", "valFilter": app}]) -def listV3Iprs(v3, quiet, output, verbose, app=None): +def listV3Iprs(v3, quiet, output, verbose, skip_tls_verify=False, app=None): """List both backupinplacerestores and snapshotinplacerestores Kubernetes custom resources""" - resources = astraSDK.k8s.getResources(verbose=verbose, config_context=v3) + resources = astraSDK.k8s.getResources( + verbose=verbose, config_context=v3, skip_tls_verify=skip_tls_verify + ) apps = resources.main("applications") iprs = helpers.combineResources( resources.main("backupinplacerestores"), resources.main("snapshotinplacerestores") @@ -103,17 +131,32 @@ def listV3Iprs(v3, quiet, output, verbose, app=None): def listV3Namespaces( - v3, quiet, output, verbose, nameFilter=None, unassociated=None, minuteFilter=None + v3, + quiet, + output, + verbose, + skip_tls_verify=False, + nameFilter=None, + unassociated=None, + minuteFilter=None, ): """List Kubernetes namespaces""" return astraSDK.k8s.getNamespaces( - quiet=quiet, output=output, verbose=verbose, config_context=v3 + quiet=quiet, + output=output, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main(nameFilter=nameFilter, unassociated=unassociated, minuteFilter=minuteFilter) -def listV3Restores(v3, quiet, output, verbose, sourceNamespace=None, destNamespace=None): +def listV3Restores( + v3, quiet, output, verbose, skip_tls_verify=False, sourceNamespace=None, destNamespace=None +): """List both backuprestores and snapshotrestores Kubernetes custom resources""" - resources = astraSDK.k8s.getResources(verbose=verbose, config_context=v3) + resources = astraSDK.k8s.getResources( + verbose=verbose, config_context=v3, skip_tls_verify=skip_tls_verify + ) restores = helpers.combineResources( resources.main( "backuprestores", @@ -150,24 +193,36 @@ def listV3Restores(v3, quiet, output, verbose, sourceNamespace=None, destNamespa return restores -def listV3Schedules(v3, quiet, output, verbose, app=None): +def listV3Schedules(v3, quiet, output, verbose, skip_tls_verify=False, app=None): """List schedules Kubernetes custom resources""" return astraSDK.k8s.getResources( - quiet=quiet, output=output, verbose=verbose, config_context=v3 + quiet=quiet, + output=output, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main("schedules", filters=[{"keyFilter": "spec.applicationRef", "valFilter": app}]) -def listV3Secrets(v3, quiet, output, verbose): +def listV3Secrets(v3, quiet, output, verbose, skip_tls_verify=False): """List Kubernetes secrets""" return astraSDK.k8s.getSecrets( - quiet=quiet, output=output, verbose=verbose, config_context=v3 + quiet=quiet, + output=output, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main() -def listV3Snapshots(v3, quiet, output, verbose, app=None): +def listV3Snapshots(v3, quiet, output, verbose, skip_tls_verify=False, app=None): """List snapshots Kubernetes custom resources""" return astraSDK.k8s.getResources( - quiet=quiet, output=output, verbose=verbose, config_context=v3 + quiet=quiet, + output=output, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main("snapshots", filters=[{"keyFilter": "spec.applicationRef", "valFilter": app}]) @@ -185,6 +240,7 @@ def main(args): args.quiet, args.output, args.verbose, + skip_tls_verify=args.skip_tls_verify, nameFilter=args.nameFilter, namespace=args.namespace, ) @@ -206,7 +262,14 @@ def main(args): raise SystemExit("astraSDK.apps.getAppAssets() failed") elif args.objectType == "backups": if args.v3: - listV3Backups(args.v3, args.quiet, args.output, args.verbose, app=args.app) + listV3Backups( + args.v3, + args.quiet, + args.output, + args.verbose, + skip_tls_verify=args.skip_tls_verify, + app=args.app, + ) else: rc = astraSDK.backups.getBackups( quiet=args.quiet, verbose=args.verbose, output=args.output @@ -220,6 +283,7 @@ def main(args): args.quiet, args.output, args.verbose, + skip_tls_verify=args.skip_tls_verify, provider=args.provider, nameFilter=args.nameFilter, ) @@ -246,10 +310,14 @@ def main(args): if rc is False: raise SystemExit("astraSDK.clusters.getClusters() failed") elif args.objectType == "connectors" or args.objectType == "astraconnectors": - listV3Connectors(args.v3, args.quiet, args.output, args.verbose) + listV3Connectors( + args.v3, args.quiet, args.output, args.verbose, skip_tls_verify=args.skip_tls_verify + ) elif args.objectType == "credentials" or args.objectType == "secrets": if args.v3: - listV3Secrets(args.v3, args.quiet, args.output, args.verbose) + listV3Secrets( + args.v3, args.quiet, args.output, args.verbose, skip_tls_verify=args.skip_tls_verify + ) else: rc = astraSDK.credentials.getCredentials( quiet=args.quiet, verbose=args.verbose, output=args.output @@ -258,7 +326,14 @@ def main(args): raise SystemExit("astraSDK.credentials.getCredentials() failed") elif args.objectType == "hooks" or args.objectType == "exechooks": if args.v3: - listV3Hooks(args.v3, args.quiet, args.output, args.verbose, app=args.app) + listV3Hooks( + args.v3, + args.quiet, + args.output, + args.verbose, + skip_tls_verify=args.skip_tls_verify, + app=args.app, + ) else: rc = astraSDK.hooks.getHooks( quiet=args.quiet, verbose=args.verbose, output=args.output @@ -267,13 +342,34 @@ def main(args): raise SystemExit("astraSDK.hooks.getHooks() failed") elif args.objectType == "hooksruns" or args.objectType == "exechooksruns": """This is a --v3 only command, per tkSrc/parser.py""" - listV3Hooksruns(args.v3, args.quiet, args.output, args.verbose, app=args.app) + listV3Hooksruns( + args.v3, + args.quiet, + args.output, + args.verbose, + skip_tls_verify=args.skip_tls_verify, + app=args.app, + ) elif args.objectType == "iprs" or args.objectType == "inplacerestores": """This is a --v3 only command, per tkSrc/parser.py""" - listV3Iprs(args.v3, args.quiet, args.output, args.verbose, app=args.app) + listV3Iprs( + args.v3, + args.quiet, + args.output, + args.verbose, + skip_tls_verify=args.skip_tls_verify, + app=args.app, + ) elif args.objectType == "protections" or args.objectType == "schedules": if args.v3: - listV3Schedules(args.v3, args.quiet, args.output, args.verbose, app=args.app) + listV3Schedules( + args.v3, + args.quiet, + args.output, + args.verbose, + skip_tls_verify=args.skip_tls_verify, + app=args.app, + ) else: rc = astraSDK.protections.getProtectionpolicies( quiet=args.quiet, verbose=args.verbose, output=args.output @@ -293,6 +389,7 @@ def main(args): args.quiet, args.output, args.verbose, + skip_tls_verify=args.skip_tls_verify, nameFilter=args.nameFilter, unassociated=args.unassociated, minuteFilter=args.minutes, @@ -327,6 +424,7 @@ def main(args): args.quiet, args.output, args.verbose, + skip_tls_verify=args.skip_tls_verify, sourceNamespace=args.sourceNamespace, destNamespace=args.destNamespace, ) @@ -356,7 +454,14 @@ def main(args): print(base64.b64decode(script["source"]).decode("utf-8")) elif args.objectType == "snapshots": if args.v3: - listV3Snapshots(args.v3, args.quiet, args.output, args.verbose, app=args.app) + listV3Snapshots( + args.v3, + args.quiet, + args.output, + args.verbose, + skip_tls_verify=args.skip_tls_verify, + app=args.app, + ) else: rc = astraSDK.snapshots.getSnaps( quiet=args.quiet, verbose=args.verbose, output=args.output diff --git a/tkSrc/manage.py b/tkSrc/manage.py index cf97e7e..5d0f001 100644 --- a/tkSrc/manage.py +++ b/tkSrc/manage.py @@ -25,6 +25,7 @@ def manageV3App( v3, dry_run, + skip_tls_verify, quiet, verbose, appName, @@ -52,7 +53,11 @@ def manageV3App( print(yaml.dump(v3_dict).rstrip("\n")) else: astraSDK.k8s.createResource( - quiet=quiet, dry_run=dry_run, verbose=verbose, config_context=v3 + quiet=quiet, + dry_run=dry_run, + verbose=verbose, + config_context=v3, + skip_tls_verify=skip_tls_verify, ).main( f"{v3_dict['kind'].lower()}s", v3_dict["metadata"]["namespace"], @@ -82,6 +87,7 @@ def manageBucket(provider, bucketName, storageAccount, serverURL, credential, qu def manageV3Bucket( v3, dry_run, + skip_tls_verify, quiet, verbose, bucketName, @@ -96,7 +102,6 @@ def manageV3Bucket( ): """Manage a bucket via a Kubernetes custom resource""" # Create providerCredentials based on provider input - # TODO: handle AWS if provider == "azure": keyNameList = ["accountKey"] elif provider == "gcp": @@ -126,6 +131,7 @@ def manageV3Bucket( dry_run=dry_run, verbose=verbose, config_context=v3, + skip_tls_verify=skip_tls_verify, ).main( f"{v3_dict['kind'].lower()}s", v3_dict["metadata"]["namespace"], @@ -236,6 +242,7 @@ def main(args, parser, ard): manageV3App( args.v3, args.dry_run, + args.skip_tls_verify, args.quiet, args.verbose, args.appName, @@ -259,7 +266,9 @@ def main(args, parser, ard): elif args.objectType == "bucket" or args.objectType == "appVault": validateBucketArgs(args, parser) if ard.needsattr("credentials"): - ard.credentials = astraSDK.k8s.getSecrets(config_context=args.v3).main() + ard.credentials = astraSDK.k8s.getSecrets( + config_context=args.v3, skip_tls_verify=args.skip_tls_verify + ).main() if args.v3: if args.accessKey or (args.json and args.provider == "aws"): if args.json and args.provider == "aws": @@ -267,6 +276,7 @@ def main(args, parser, ard): crc = create.createV3S3Credential( args.v3, args.dry_run, + args.skip_tls_verify, args.quiet, args.verbose, args.accessKey, @@ -277,6 +287,7 @@ def main(args, parser, ard): crc = create.createV3CloudCredential( args.v3, args.dry_run, + args.skip_tls_verify, args.quiet, args.verbose, args.json, @@ -291,6 +302,7 @@ def main(args, parser, ard): manageV3Bucket( args.v3, args.dry_run, + args.skip_tls_verify, args.quiet, args.verbose, args.bucketName, @@ -345,7 +357,11 @@ def main(args, parser, ard): ) # Create the astra API token secret apiToken = astraSDK.k8s.createAstraApiToken( - quiet=args.quiet, dry_run=args.dry_run, verbose=args.verbose, config_context=args.v3 + quiet=args.quiet, + dry_run=args.dry_run, + verbose=args.verbose, + config_context=args.v3, + skip_tls_verify=args.skip_tls_verify, ).main() # Handle the registry secret if not args.regCred: @@ -354,17 +370,24 @@ def main(args, parser, ard): dry_run=args.dry_run, verbose=args.verbose, config_context=args.v3, + skip_tls_verify=args.skip_tls_verify, ).main(registry=args.registry, namespace="astra-connector") if not cred: raise SystemExit("astraSDK.k8s.createRegCred() failed") args.regCred = cred["metadata"]["name"] else: if ard.needsattr("credentials"): - ard.credentials = astraSDK.k8s.getSecrets(config_context=args.v3).main() + ard.credentials = astraSDK.k8s.getSecrets( + config_context=args.v3, skip_tls_verify=args.skip_tls_verify + ).main() cred = ard.getSingleDict("credentials", "metadata.name", args.regCred, parser) # Create the AstraConnector CR connector = astraSDK.k8s.createAstraConnector( - quiet=args.quiet, dry_run=args.dry_run, verbose=args.verbose, config_context=args.v3 + quiet=args.quiet, + dry_run=args.dry_run, + verbose=args.verbose, + config_context=args.v3, + skip_tls_verify=args.skip_tls_verify, ).main( args.clusterName, args.cloudID, diff --git a/tkSrc/parser.py b/tkSrc/parser.py index 3397afe..8fc6fa5 100644 --- a/tkSrc/parser.py +++ b/tkSrc/parser.py @@ -78,6 +78,14 @@ def __init__(self, acl, plaidMode=False, v3=False): help="client: output YAML to standard out; server: submit request without persisting " "the resource", ) + v3Group.add_argument( + "--insecure-skip-tls-verify", + dest="skip_tls_verify", + default=False, + action="store_true", + help="If specified, the server's certificate will not be checked for validity (this " + "will make your HTTPS connections insecure)", + ) self.acl = acl self.plaidMode = plaidMode self.v3 = v3 diff --git a/tkSrc/unmanage.py b/tkSrc/unmanage.py index 07a42cc..5f992d1 100644 --- a/tkSrc/unmanage.py +++ b/tkSrc/unmanage.py @@ -22,7 +22,11 @@ def main(args, parser, ard): if args.objectType == "app" or args.objectType == "application": if args.v3: astraSDK.k8s.destroyResource( - quiet=args.quiet, dry_run=args.dry_run, verbose=args.verbose, config_context=args.v3 + quiet=args.quiet, + dry_run=args.dry_run, + verbose=args.verbose, + config_context=args.v3, + skip_tls_verify=args.skip_tls_verify, ).main("applications", args.app) else: rc = astraSDK.apps.unmanageApp(quiet=args.quiet, verbose=args.verbose).main(args.app) @@ -31,7 +35,11 @@ def main(args, parser, ard): elif args.objectType == "bucket" or args.objectType == "appVault": if args.v3: astraSDK.k8s.destroyResource( - quiet=args.quiet, dry_run=args.dry_run, verbose=args.verbose, config_context=args.v3 + quiet=args.quiet, + dry_run=args.dry_run, + verbose=args.verbose, + config_context=args.v3, + skip_tls_verify=args.skip_tls_verify, ).main("appvaults", args.bucket) else: rc = astraSDK.buckets.unmanageBucket(quiet=args.quiet, verbose=args.verbose).main( @@ -46,9 +54,9 @@ def main(args, parser, ard): if args.v3: # Ensure we have an AstraConnector CR installed if ard.needsattr("connectors"): - ard.connectors = astraSDK.k8s.getResources(config_context=args.v3).main( - "astraconnectors", version="v1", group="astra.netapp.io" - ) + ard.connectors = astraSDK.k8s.getResources( + config_context=args.v3, skip_tls_verify=args.skip_tls_verify + ).main("astraconnectors", version="v1", group="astra.netapp.io") if ard.connectors is None or len(ard.connectors["items"]) == 0: parser.error("AstraConnector operator not found on current Kubernetes context") elif len(ard.connectors["items"]) > 1: @@ -58,7 +66,11 @@ def main(args, parser, ard): connector = ard.connectors["items"][0] # Destroy the AstraConnector CR and api token secret if astraSDK.k8s.destroyResource( - quiet=args.quiet, dry_run=args.dry_run, verbose=args.verbose, config_context=args.v3 + quiet=args.quiet, + dry_run=args.dry_run, + verbose=args.verbose, + config_context=args.v3, + skip_tls_verify=args.skip_tls_verify, ).main( "astraconnectors", connector["metadata"]["name"], @@ -70,6 +82,7 @@ def main(args, parser, ard): dry_run=args.dry_run, verbose=args.verbose, config_context=args.v3, + skip_tls_verify=args.skip_tls_verify, ).main( connector["spec"]["astra"]["tokenRef"], namespace=connector["metadata"]["namespace"], diff --git a/toolkit.py b/toolkit.py index e3f98ca..e21c658 100755 --- a/toolkit.py +++ b/toolkit.py @@ -30,6 +30,7 @@ def main(argv=sys.argv): ard = tkSrc.classes.AstraResourceDicts() plaidMode = False v3 = False + v3_skip_tls_verify = False if len(argv) > 1: # global_args must manually be kept in sync with __init__() parser args in tkSrc/parser.py @@ -44,6 +45,7 @@ def main(argv=sys.argv): "--fast", "--v3", "--dry-run", + "--insecure-skip-tls-verify", ] # verbs must manually be kept in sync with top_level_commands() in tkSrc/parser.py verbs = { @@ -115,6 +117,10 @@ def main(argv=sys.argv): ): v3 = True v3Position = counter + if ((verbPosition and counter < verbPosition) or (verbPosition is None)) and ( + item == "--insecure-skip-tls-verify" + ): + v3_skip_tls_verify = True # Argparse cares about capitalization, kubectl does not, so transparently fix appvault if verbPosition and len(argv) - verbPosition >= 2 and argv[verbPosition + 1] == "appvault": @@ -149,7 +155,9 @@ def main(argv=sys.argv): # As long as we're not --fast/plaidMode, build the argparse choices lists if not plaidMode: - tkSrc.choices.main(argv, verbs, verbPosition, ard, acl, v3) + tkSrc.choices.main( + argv, verbs, verbPosition, ard, acl, v3, v3_skip_tls_verify=v3_skip_tls_verify + ) else: raise SystemExit( @@ -215,6 +223,8 @@ def main(argv=sys.argv): tkSrc.helpers.checkv3Support(args, parser, v3_dict) if args.dry_run and not args.v3: parser.error("--dry-run can only be used in conjunction with --v3") + elif args.skip_tls_verify and not args.v3: + parser.error("--insecure-skip-tls-verify can only be used in conjunction with --v3") if args.subcommand == "deploy": tkSrc.deploy.main(args, parser, ard)