diff --git a/0001-cern-k8s-Add-embed-certs-to-config.patch b/0001-cern-k8s-Add-embed-certs-to-config.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2b9ef4848d140d5840d39f26cf5528f6c56e8e31
--- /dev/null
+++ b/0001-cern-k8s-Add-embed-certs-to-config.patch
@@ -0,0 +1,150 @@
+From 38b2698e97384adabe44e3f7176f4b9e41f44e1a Mon Sep 17 00:00:00 2001
+From: Ricardo Rocha <rocha.porto@gmail.com>
+Date: Mon, 16 Jul 2018 15:24:21 +0200
+Subject: [PATCH] [cern] [k8s] Add embed certs to config
+
+cherry-picked from: https://review.openstack.org/#/c/582955/
+
+Add embed certs to kubernetes config file to cluster config
+
+Add option --output-certs to cluster config enabling the output of the
+certificates files (ca, key, cert). This is for compatibility with tools
+that require the certificates in separate files.
+
+Change-Id: I595d243bc9f30d813af06aad46a9037afe383ab5
+Story: 1774643
+Task: 21668
+---
+ magnumclient/common/utils.py | 30 ++++++++++++++++++------------
+ magnumclient/osc/v1/clusters.py | 26 +++++++++++++++++---------
+ 2 files changed, 35 insertions(+), 21 deletions(-)
+
+diff --git a/magnumclient/common/utils.py b/magnumclient/common/utils.py
+index af5642f..99676da 100644
+--- a/magnumclient/common/utils.py
++++ b/magnumclient/common/utils.py
+@@ -15,6 +15,7 @@
+ # License for the specific language governing permissions and limitations
+ # under the License.
+
++import base64
+ import json
+ import os
+
+@@ -158,21 +159,23 @@ def handle_json_from_file(json_arg):
+ return json_arg
+
+
+-def config_cluster(cluster, cluster_template, cfg_dir, force=False):
++def config_cluster(cluster, cluster_template, cfg_dir, force=False,
++ certs=None):
+ """Return and write configuration for the given cluster."""
+ if cluster_template.coe == 'kubernetes':
+- return _config_cluster_kubernetes(cluster, cluster_template,
+- cfg_dir, force)
++ return _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
++ force, certs)
+ elif (cluster_template.coe == 'swarm'
+ or cluster_template.coe == 'swarm-mode'):
+- return _config_cluster_swarm(cluster, cluster_template, cfg_dir, force)
++ return _config_cluster_swarm(cluster, cluster_template, cfg_dir,
++ force, certs)
+
+
+-def _config_cluster_kubernetes(cluster, cluster_template,
+- cfg_dir, force=False):
++def _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
++ force=False, certs=None):
+ """Return and write configuration for the given kubernetes cluster."""
+ cfg_file = "%s/config" % cfg_dir
+- if cluster_template.tls_disabled:
++ if cluster_template.tls_disabled or certs is None:
+ cfg = ("apiVersion: v1\n"
+ "clusters:\n"
+ "- cluster:\n"
+@@ -193,7 +196,7 @@ def _config_cluster_kubernetes(cluster, cluster_template,
+ cfg = ("apiVersion: v1\n"
+ "clusters:\n"
+ "- cluster:\n"
+- " certificate-authority: %(cfg_dir)s/ca.pem\n"
++ " certificate-authority-data: %(ca)s\n"
+ " server: %(api_address)s\n"
+ " name: %(name)s\n"
+ "contexts:\n"
+@@ -207,11 +210,13 @@ def _config_cluster_kubernetes(cluster, cluster_template,
+ "users:\n"
+ "- name: admin\n"
+ " user:\n"
+- " client-certificate: %(cfg_dir)s/cert.pem\n"
+- " client-key: %(cfg_dir)s/key.pem\n"
++ " client-certificate-data: %(cert)s\n"
++ " client-key-data: %(key)s\n"
+ % {'name': cluster.name,
+ 'api_address': cluster.api_address,
+- 'cfg_dir': cfg_dir})
++ 'key': base64.b64encode(certs['key']),
++ 'cert': base64.b64encode(certs['cert']),
++ 'ca': base64.b64encode(certs['ca'])})
+
+ if os.path.exists(cfg_file) and not force:
+ raise exc.CommandError("File %s exists, aborting." % cfg_file)
+@@ -225,7 +230,8 @@ def _config_cluster_kubernetes(cluster, cluster_template,
+ return "export KUBECONFIG=%s\n" % cfg_file
+
+
+-def _config_cluster_swarm(cluster, cluster_template, cfg_dir, force=False):
++def _config_cluster_swarm(cluster, cluster_template, cfg_dir,
++ force=False, certs=None):
+ """Return and write configuration for the given swarm cluster."""
+ tls = "" if cluster_template.tls_disabled else True
+ if 'csh' in os.environ['SHELL']:
+diff --git a/magnumclient/osc/v1/clusters.py b/magnumclient/osc/v1/clusters.py
+index c6857b7..8e85b96 100644
+--- a/magnumclient/osc/v1/clusters.py
++++ b/magnumclient/osc/v1/clusters.py
+@@ -293,6 +293,12 @@ class ConfigCluster(command.Command):
+ dest='force',
+ default=False,
+ help=_('Overwrite files if existing.'))
++ parser.add_argument(
++ '--output-certs',
++ action='store_true',
++ dest='output_certs',
++ default=False,
++ help=_('Output certificates in separate files.'))
+
+ return parser
+
+@@ -319,21 +325,23 @@ class ConfigCluster(command.Command):
+ 'cluster_uuid': cluster.uuid,
+ }
+
++ tls = None
+ if not cluster_template.tls_disabled:
+ tls = magnum_utils.generate_csr_and_key()
+ tls['ca'] = mag_client.certificates.get(**opts).pem
+ opts['csr'] = tls['csr']
+ tls['cert'] = mag_client.certificates.create(**opts).pem
+- for k in ('key', 'cert', 'ca'):
+- fname = "%s/%s.pem" % (parsed_args.dir, k)
+- if os.path.exists(fname) and not parsed_args.force:
+- raise Exception("File %s exists, aborting." % fname)
+- else:
+- f = open(fname, "w")
+- f.write(tls[k])
+- f.close()
++ if parsed_args.output_certs:
++ for k in ('key', 'cert', 'ca'):
++ fname = "%s/%s.pem" % (parsed_args.dir, k)
++ if os.path.exists(fname) and not parsed_args.force:
++ raise Exception("File %s exists, aborting." % fname)
++ else:
++ with open(fname, "w") as f:
++ f.write(tls[k])
+
+ print(magnum_utils.config_cluster(cluster,
+ cluster_template,
+ parsed_args.dir,
+- force=parsed_args.force))
++ force=parsed_args.force,
++ certs=tls))
diff --git a/0001-cern-Keystone-auth-support.patch b/0002-cern-Keystone-auth-support.patch
similarity index 77%
rename from 0001-cern-Keystone-auth-support.patch
rename to 0002-cern-Keystone-auth-support.patch
index bd8c200aa8a01692c31f4d9e89c102628330c9d2..92250f7b141fbab47dd8f955258ebe734f9cd4fc 100644
--- a/0001-cern-Keystone-auth-support.patch
+++ b/0002-cern-Keystone-auth-support.patch
@@ -1,9 +1,9 @@
-From 185bfbed7194362c6629c95a6d343e05a72c0799 Mon Sep 17 00:00:00 2001
+From e9972adb8c0ef942c81a129b257cd18be4a93d02 Mon Sep 17 00:00:00 2001
From: Feilong Wang <flwang@catalyst.net.nz>
Date: Thu, 6 Dec 2018 10:59:04 +1300
Subject: [PATCH] [cern] Keystone auth support
-cherry-picked-from: https://review.openstack.org/#/c/623092/
+cherry-picked from: https://review.openstack.org/#/c/623092/
Add Keystone auth support for generated kubeconfig
@@ -11,52 +11,46 @@ Task: 28296
Story: 1755770
Change-Id: I743fe75f39477ba336636607fd9bc2e542342ca0
-
-Conflicts:
- magnumclient/common/utils.py
- magnumclient/osc/v1/clusters.py
---
- magnumclient/common/utils.py | 91 +++++++++++++++++++++++----------
- magnumclient/osc/v1/clusters.py | 25 +++++++--
- 2 files changed, 85 insertions(+), 31 deletions(-)
+ magnumclient/common/utils.py | 88 +++++++++++++++++++++++----------
+ magnumclient/osc/v1/clusters.py | 26 ++++++++--
+ 2 files changed, 82 insertions(+), 32 deletions(-)
diff --git a/magnumclient/common/utils.py b/magnumclient/common/utils.py
-index af5642f..56a138a 100644
+index 99676da..52219c9 100644
--- a/magnumclient/common/utils.py
+++ b/magnumclient/common/utils.py
-@@ -158,18 +158,19 @@ def handle_json_from_file(json_arg):
- return json_arg
+@@ -160,11 +160,11 @@ def handle_json_from_file(json_arg):
--def config_cluster(cluster, cluster_template, cfg_dir, force=False):
-+def config_cluster(cluster, cluster_template, cfg_dir, force=False,
+ def config_cluster(cluster, cluster_template, cfg_dir, force=False,
+- certs=None):
+ certs=None, use_keystone=False):
"""Return and write configuration for the given cluster."""
if cluster_template.coe == 'kubernetes':
-- return _config_cluster_kubernetes(cluster, cluster_template,
-- cfg_dir, force)
-+ return _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
+ return _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
+- force, certs)
+ force, certs, use_keystone)
elif (cluster_template.coe == 'swarm'
or cluster_template.coe == 'swarm-mode'):
- return _config_cluster_swarm(cluster, cluster_template, cfg_dir, force)
+ return _config_cluster_swarm(cluster, cluster_template, cfg_dir,
+@@ -172,7 +172,7 @@ def config_cluster(cluster, cluster_template, cfg_dir, force=False,
--def _config_cluster_kubernetes(cluster, cluster_template,
-- cfg_dir, force=False):
-+def _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
+ def _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
+- force=False, certs=None):
+ force=False, certs=None, use_keystone=False):
"""Return and write configuration for the given kubernetes cluster."""
cfg_file = "%s/config" % cfg_dir
- if cluster_template.tls_disabled:
-@@ -190,28 +191,64 @@ def _config_cluster_kubernetes(cluster, cluster_template,
+ if cluster_template.tls_disabled or certs is None:
+@@ -193,30 +193,64 @@ def _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
"- name: %(name)s'\n"
% {'name': cluster.name, 'api_address': cluster.api_address})
else:
- cfg = ("apiVersion: v1\n"
- "clusters:\n"
- "- cluster:\n"
-- " certificate-authority: %(cfg_dir)s/ca.pem\n"
+- " certificate-authority-data: %(ca)s\n"
- " server: %(api_address)s\n"
- " name: %(name)s\n"
- "contexts:\n"
@@ -70,11 +64,13 @@ index af5642f..56a138a 100644
- "users:\n"
- "- name: admin\n"
- " user:\n"
-- " client-certificate: %(cfg_dir)s/cert.pem\n"
-- " client-key: %(cfg_dir)s/key.pem\n"
+- " client-certificate-data: %(cert)s\n"
+- " client-key-data: %(key)s\n"
- % {'name': cluster.name,
- 'api_address': cluster.api_address,
-- 'cfg_dir': cfg_dir})
+- 'key': base64.b64encode(certs['key']),
+- 'cert': base64.b64encode(certs['cert']),
+- 'ca': base64.b64encode(certs['ca'])})
+ if not use_keystone:
+ cfg = ("apiVersion: v1\n"
+ "clusters:\n"
@@ -137,13 +133,13 @@ index af5642f..56a138a 100644
if os.path.exists(cfg_file) and not force:
raise exc.CommandError("File %s exists, aborting." % cfg_file)
diff --git a/magnumclient/osc/v1/clusters.py b/magnumclient/osc/v1/clusters.py
-index c6857b7..e8ebc46 100644
+index 8e85b96..5e28d82 100644
--- a/magnumclient/osc/v1/clusters.py
+++ b/magnumclient/osc/v1/clusters.py
-@@ -293,6 +293,18 @@ class ConfigCluster(command.Command):
- dest='force',
+@@ -299,6 +299,18 @@ class ConfigCluster(command.Command):
+ dest='output_certs',
default=False,
- help=_('Overwrite files if existing.'))
+ help=_('Output certificates in separate files.'))
+ parser.add_argument(
+ '--use-certificate',
+ action='store_true',
@@ -159,7 +155,7 @@ index c6857b7..e8ebc46 100644
return parser
-@@ -303,6 +315,11 @@ class ConfigCluster(command.Command):
+@@ -309,6 +321,11 @@ class ConfigCluster(command.Command):
the corresponding COE configured to access the cluster.
"""
@@ -171,14 +167,15 @@ index c6857b7..e8ebc46 100644
self.log.debug("take_action(%s)", parsed_args)
mag_client = self.app.client_manager.container_infra
-@@ -333,7 +350,7 @@ class ConfigCluster(command.Command):
- f.write(tls[k])
- f.close()
+@@ -340,8 +357,7 @@ class ConfigCluster(command.Command):
+ with open(fname, "w") as f:
+ f.write(tls[k])
- print(magnum_utils.config_cluster(cluster,
- cluster_template,
- parsed_args.dir,
-- force=parsed_args.force))
+- force=parsed_args.force,
+- certs=tls))
+ print(magnum_utils.config_cluster(
+ cluster, cluster_template, parsed_args.dir,
+ force=parsed_args.force, certs=tls,
diff --git a/python-magnumclient.spec b/python-magnumclient.spec
index 3c5430727fb64ee76baf8573a4b5b12695e2accf..e8f36201f627596f2a43c4148f58fbb5e095b699 100644
--- a/python-magnumclient.spec
+++ b/python-magnumclient.spec
@@ -18,14 +18,16 @@ command-line tool (magnum).
Name: python-%{pname}
Version: 2.10.0
-Release: 1.2%{?dist}
+Release: 1.3%{?dist}
Summary: Client library for Magnum API
License: ASL 2.0
URL: https://launchpad.net/python-magnumclient
Source0: https://tarballs.openstack.org/%{sname}/%{sname}-%{upstream_version}.tar.gz
-Patch0: 0001-cern-Keystone-auth-support.patch
+Patch0: 0001-cern-k8s-Add-embed-certs-to-config.patch
+Patch1: 0002-cern-Keystone-auth-support.patch
+
BuildArch: noarch
@@ -248,6 +250,11 @@ mv magnum.py3 %{buildroot}%{_bindir}/magnum
%endif
%changelog
+* Mon Apr 08 2019 Spyros Trigazis <spyridon.trigazis@cern.ch> 2.10.0-1.3
+- FIX cern cherry-pick
+ [k8s] Add embed certs to config https://review.openstack.org/#/c/582955/
+ Keystone auth support https://review.openstack.org/#/c/623092/
+
* Sat Apr 06 2019 Spyros Trigazis <spyridon.trigazis@cern.ch> 2.10.0-1.2
- cern cherry-pick
Keystone auth support