From 0a8d00c97ef56e4bd44aed291fe9479b5ea92bd7 Mon Sep 17 00:00:00 2001 From: Quan Pham Date: Mon, 11 Aug 2025 17:53:55 -0400 Subject: [PATCH] Removed references to openshift-acct-mgt --- README.md | 18 ++++---- ci/run_functional_tests_openshift.sh | 3 -- .../commands/add_openshift_resource.py | 13 ------ src/coldfront_plugin_cloud/openshift.py | 41 ------------------- src/coldfront_plugin_cloud/tests/base.py | 3 +- .../functional/openshift/test_allocation.py | 1 - .../openshift_vm/test_allocation.py | 2 +- .../unit/test_calculate_quota_unit_hours.py | 10 ----- 8 files changed, 9 insertions(+), 82 deletions(-) diff --git a/README.md b/README.md index 1765d715..ebc97b38 100644 --- a/README.md +++ b/README.md @@ -89,29 +89,25 @@ ESI resource allocations will only have quotas for network resources by default. ### Configuring for OpenShift -Note: OpenShift support requires deploying the [openshift-acct-mgt][] -API service. - -[openshift-acct-mgt]: https://github.com/cci-moc/openshift-acct-mgt - -Authentication for OpenShift is loaded as pairs of environment variables -`OPENSHIFT_{resource_name}_USERNAME` and `OPENSHIFT_{resource_name}_PASSWORD` +Authentication for OpenShift is loaded as a environment variable +`OPENSHIFT_{resource_name}_TOKEN` which should be a access token with appropriate permissions where `{resource_name}` is the name of the coldfront resource as all uppercase (with spaces and `-` replaced by `_`). Each OpenShift resource must have the following attributes set in coldfront: - * `OpenStack Auth URL` - the URL of the `openshift-acct-mgt` endpoint. - * `OpenStack Role for User in Project` - the name of the `ClusterRole` to assign to users + * `OpenShift API URL` - the URL of the Openshift cluster API. + * `OpenShift Role for User in Project` - the name of the `ClusterRole` to assign to users on the namespace. + * `OpenShift Identity Provider Name` - the name of the IDP configured in Openshift Registration of OpenShift coldfront resources can be performed via the UI management dashboard or through the helper command: ```bash $ coldfront add_openshift_resource -usage: coldfront add_openshift_resource [-h] --name NAME --auth-url AUTH_URL [--role ROLE] [--version] [-v {0,1,2,3}] [--settings SETTINGS] [--pythonpath PYTHONPATH] [--traceback] +usage: coldfront add_openshift_resource [-h] --name NAME --api-url API_URL --idp IDP [--role ROLE] [--for-virtualization] [--version] [-v {0,1,2,3}] [--settings SETTINGS] [--pythonpath PYTHONPATH] [--traceback] [--no-color] [--force-color] [--skip-checks] -coldfront add_openshift_resource: error: the following arguments are required: --name, --auth-url +coldfront add_openshift_resource: error: the following arguments are required: --name, --api-url, --idp ``` ### Quotas diff --git a/ci/run_functional_tests_openshift.sh b/ci/run_functional_tests_openshift.sh index 316c1c4b..76d923dc 100755 --- a/ci/run_functional_tests_openshift.sh +++ b/ci/run_functional_tests_openshift.sh @@ -5,8 +5,6 @@ # Tests expect the resource to be name Devstack set -xe -export OPENSHIFT_MICROSHIFT_USERNAME="admin" -export OPENSHIFT_MICROSHIFT_PASSWORD="pass" export OPENSHIFT_MICROSHIFT_TOKEN="$(oc create token -n onboarding onboarding-serviceaccount)" export OPENSHIFT_MICROSHIFT_VERIFY="false" @@ -16,7 +14,6 @@ fi export DJANGO_SETTINGS_MODULE="local_settings" export FUNCTIONAL_TESTS="True" -export OS_AUTH_URL="https://onboarding-onboarding.cluster.local" export OS_API_URL="https://onboarding-onboarding.cluster.local:6443" diff --git a/src/coldfront_plugin_cloud/management/commands/add_openshift_resource.py b/src/coldfront_plugin_cloud/management/commands/add_openshift_resource.py index 729d6c3a..95c8193f 100644 --- a/src/coldfront_plugin_cloud/management/commands/add_openshift_resource.py +++ b/src/coldfront_plugin_cloud/management/commands/add_openshift_resource.py @@ -24,12 +24,6 @@ def add_arguments(self, parser): parser.add_argument( "--name", type=str, required=True, help="Name of OpenShift resource" ) - parser.add_argument( - "--auth-url", - type=str, - required=True, - help="URL of the OpenShift-acct-mgt endpoint", - ) parser.add_argument( "--api-url", type=str, @@ -71,13 +65,6 @@ def handle(self, *args, **options): is_allocatable=True, ) - ResourceAttribute.objects.get_or_create( - resource_attribute_type=ResourceAttributeType.objects.get( - name=attributes.RESOURCE_AUTH_URL - ), - resource=openshift, - value=options["auth_url"], - ) ResourceAttribute.objects.get_or_create( resource_attribute_type=ResourceAttributeType.objects.get( name=attributes.RESOURCE_API_URL diff --git a/src/coldfront_plugin_cloud/openshift.py b/src/coldfront_plugin_cloud/openshift.py index 6d85bd9b..89f1b59f 100644 --- a/src/coldfront_plugin_cloud/openshift.py +++ b/src/coldfront_plugin_cloud/openshift.py @@ -2,10 +2,7 @@ import json import logging import os -import requests -from requests.auth import HTTPBasicAuth import time -from simplejson.errors import JSONDecodeError import kubernetes import kubernetes.dynamic.exceptions as kexc @@ -66,10 +63,6 @@ class NotFound(ApiException): pass -class Conflict(ApiException): - pass - - class OpenShiftResourceAllocator(base.ResourceAllocator): QUOTA_KEY_MAPPING = { attributes.QUOTA_LIMITS_CPU: lambda x: {"limits.cpu": f"{x * 1000}m"}, @@ -116,40 +109,6 @@ def k8_client(self): k8s_client = kubernetes.client.ApiClient(configuration=k8_config) return DynamicClient(k8s_client) - @functools.cached_property - def session(self): - var_name = utils.env_safe_name(self.resource.name) - username = os.getenv(f"OPENSHIFT_{var_name}_USERNAME") - password = os.getenv(f"OPENSHIFT_{var_name}_PASSWORD") - - session = requests.session() - if username and password: - session.auth = HTTPBasicAuth(username, password) - - functional_tests = os.environ.get("FUNCTIONAL_TESTS", "").lower() - verify = os.getenv(f"OPENSHIFT_{var_name}_VERIFY", "").lower() - if functional_tests == "true" or verify == "false": - session.verify = False - - return session - - @staticmethod - def check_response(response: requests.Response): - if 200 <= response.status_code < 300: - try: - return response.json() - except JSONDecodeError: - # https://github.com/CCI-MOC/openshift-acct-mgt/issues/54 - return response.text - if response.status_code == 404: - raise NotFound(f"{response.status_code}: {response.text}") - elif "does not exist" in response.text or "not found" in response.text: - raise NotFound(f"{response.status_code}: {response.text}") - elif "already exists" in response.text: - raise Conflict(f"{response.status_code}: {response.text}") - else: - raise ApiException(f"{response.status_code}: {response.text}") - @staticmethod def is_error_not_found(e_info): return e_info["reason"] == "NotFound" diff --git a/src/coldfront_plugin_cloud/tests/base.py b/src/coldfront_plugin_cloud/tests/base.py index ffcee88a..a1d06b5c 100644 --- a/src/coldfront_plugin_cloud/tests/base.py +++ b/src/coldfront_plugin_cloud/tests/base.py @@ -80,14 +80,13 @@ def new_openstack_resource(name=None, auth_url=None) -> Resource: @staticmethod def new_openshift_resource( - name=None, auth_url=None, api_url=None, idp=None, for_virtualization=False + name=None, api_url=None, idp=None, for_virtualization=False ) -> Resource: resource_name = name or uuid.uuid4().hex call_command( "add_openshift_resource", name=resource_name, - auth_url=auth_url or "https://onboarding-onboarding.cluster.local", api_url=api_url or "https://onboarding-onboarding.cluster.local:6443", idp=idp or "developer", for_virtualization=for_virtualization, diff --git a/src/coldfront_plugin_cloud/tests/functional/openshift/test_allocation.py b/src/coldfront_plugin_cloud/tests/functional/openshift/test_allocation.py index ad66d15d..8b6528d2 100644 --- a/src/coldfront_plugin_cloud/tests/functional/openshift/test_allocation.py +++ b/src/coldfront_plugin_cloud/tests/functional/openshift/test_allocation.py @@ -16,7 +16,6 @@ def setUp(self) -> None: super().setUp() self.resource = self.new_openshift_resource( name="Microshift", - auth_url=os.getenv("OS_AUTH_URL"), api_url=os.getenv("OS_API_URL"), ) diff --git a/src/coldfront_plugin_cloud/tests/functional/openshift_vm/test_allocation.py b/src/coldfront_plugin_cloud/tests/functional/openshift_vm/test_allocation.py index 5817a123..e4c4cb0c 100644 --- a/src/coldfront_plugin_cloud/tests/functional/openshift_vm/test_allocation.py +++ b/src/coldfront_plugin_cloud/tests/functional/openshift_vm/test_allocation.py @@ -11,7 +11,7 @@ def setUp(self) -> None: super().setUp() self.resource = self.new_openshift_resource( name="Microshift", - auth_url=os.getenv("OS_AUTH_URL"), + api_url=os.getenv("OS_API_URL"), for_virtualization=True, ) diff --git a/src/coldfront_plugin_cloud/tests/unit/test_calculate_quota_unit_hours.py b/src/coldfront_plugin_cloud/tests/unit/test_calculate_quota_unit_hours.py index 82267e10..8fdf8165 100644 --- a/src/coldfront_plugin_cloud/tests/unit/test_calculate_quota_unit_hours.py +++ b/src/coldfront_plugin_cloud/tests/unit/test_calculate_quota_unit_hours.py @@ -19,7 +19,6 @@ class TestCalculateAllocationQuotaHours(base.TestBase): def test_new_allocation_quota(self): self.resource = self.new_openshift_resource( name="", - auth_url="", ) with freezegun.freeze_time("2020-03-15 00:01:00"): @@ -88,7 +87,6 @@ def test_new_allocation_quota_expired(self): """Test that expiration doesn't affect invoicing.""" self.resource = self.new_openshift_resource( name="", - auth_url="", ) user = self.new_user() project = self.new_project(pi=user) @@ -122,7 +120,6 @@ def test_new_allocation_quota_denied(self): """Test a simple case of invoicing until a status change.""" self.resource = self.new_openshift_resource( name="", - auth_url="", ) user = self.new_user() project = self.new_project(pi=user) @@ -153,7 +150,6 @@ def test_new_allocation_quota_last_revoked(self): """Test that we correctly distinguish the last transition to an unbilled state.""" self.resource = self.new_openshift_resource( name="", - auth_url="", ) user = self.new_user() project = self.new_project(pi=user) @@ -199,7 +195,6 @@ def test_new_allocation_quota_last_revoked(self): def test_new_allocation_quota_new(self): self.resource = self.new_openshift_resource( name="", - auth_url="", ) user = self.new_user() project = self.new_project(pi=user) @@ -218,7 +213,6 @@ def test_new_allocation_quota_new(self): def test_new_allocation_quota_never_approved(self): self.resource = self.new_openshift_resource( name="", - auth_url="", ) user = self.new_user() project = self.new_project(pi=user) @@ -241,7 +235,6 @@ def test_change_request_decrease(self): """Test for when a change request decreases the quota""" self.resource = self.new_openshift_resource( name="", - auth_url="", ) user = self.new_user() project = self.new_project(pi=user) @@ -288,7 +281,6 @@ def test_change_request_increase(self): """Test for when a change request increases the quota""" self.resource = self.new_openshift_resource( name="", - auth_url="", ) user = self.new_user() project = self.new_project(pi=user) @@ -335,7 +327,6 @@ def test_change_request_decrease_multiple(self): """Test for when multiple different change request decreases the quota""" self.resource = self.new_openshift_resource( name="", - auth_url="", ) user = self.new_user() project = self.new_project(pi=user) @@ -399,7 +390,6 @@ def test_change_request_decrease_multiple(self): def test_new_allocation_quota_change_request(self): self.resource = self.new_openshift_resource( name="", - auth_url="", ) user = self.new_user() project = self.new_project(pi=user)