Merge pull request 'Add support for SpEL to Kubernetes patches and additional manifests' (#16) from feature/23437 into develop

+1

Author: fmichielssen

src/main/java/eu/openanalytics/containerproxy/backend/kubernetes/KubernetesBackend.java

@@ -39,17 +39,20 @@
 import java.util.UUID;
 import java.util.function.BiConsumer;
 import java.util.stream.Collectors;
+import javax.json.JsonPatch;
 
 import javax.inject.Inject;
 
 import org.apache.commons.io.IOUtils;
 
 import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonMappingException;
 import com.fasterxml.jackson.databind.MapperFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
 import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
+import com.fasterxml.jackson.datatype.jsr353.JSR353Module;
 import com.google.common.base.Charsets;
 import com.google.common.base.Splitter;
 
@@ -59,6 +62,8 @@
 import eu.openanalytics.containerproxy.model.runtime.Container;
 import eu.openanalytics.containerproxy.model.runtime.Proxy;
 import eu.openanalytics.containerproxy.model.spec.ContainerSpec;
+import eu.openanalytics.containerproxy.spec.expression.SpecExpressionContext;
+import eu.openanalytics.containerproxy.spec.expression.SpecExpressionResolver;
 import eu.openanalytics.containerproxy.util.Retrying;
 import io.fabric8.kubernetes.api.model.ContainerBuilder;
 import io.fabric8.kubernetes.api.model.ContainerPort;
@@ -258,8 +263,10 @@ protected Container startContainer(ContainerSpec spec, Proxy proxy) throws Excep
 			podSpec.setNodeSelector(Splitter.on(",").withKeyValueSeparator("=").split(nodeSelectorString));
 		}
 
+		JsonPatch patch = readPatchFromSpec(spec, proxy);
+		
 		Pod startupPod = podBuilder.withSpec(podSpec).build();
-		Pod patchedPod = podPatcher.patchWithDebug(startupPod, proxy.getSpec().getKubernetesPodPatchAsJsonpatch());
+		Pod patchedPod = podPatcher.patchWithDebug(startupPod, patch);
 		final String effectiveKubeNamespace = patchedPod.getMetadata().getNamespace(); // use the namespace of the patched Pod, in case the patch changes the namespace.
 		container.getParameters().put(PARAM_NAMESPACE, effectiveKubeNamespace);
 
@@ -333,6 +340,20 @@ protected Container startContainer(ContainerSpec spec, Proxy proxy) throws Excep
 		return container;
 	}
 
+	private JsonPatch readPatchFromSpec(ContainerSpec containerSpec, Proxy proxy) throws JsonMappingException, JsonProcessingException {
+		String patchAsString = proxy.getSpec().getKubernetesPodPatch();
+		if (patchAsString == null) {
+			return null;
+		}
+		
+		// resolve expressions
+		SpecExpressionContext context = SpecExpressionContext.create(containerSpec, proxy, proxy.getSpec());
+		String expressionAwarePatch = expressionResolver.evaluateToString(patchAsString, context);
+		
+		ObjectMapper yamlReader = new ObjectMapper(new YAMLFactory());
+		yamlReader.registerModule(new JSR353Module());
+		return yamlReader.readValue(expressionAwarePatch, JsonPatch.class);
+	}
 
 	/**
 	 * Creates the extra manifests/resources defined in the ProxySpec.
@@ -353,11 +374,14 @@ private void createAdditionalManifstes(Proxy proxy, String namespace) {
 	 * parameter will be used.
 	 */
 	private List<HasMetadata> getAdditionManifestsAsObjects(Proxy proxy, String namespace) {
+		SpecExpressionContext context = SpecExpressionContext.create(proxy, proxy.getSpec());
+
 		ArrayList<HasMetadata> result = new ArrayList<HasMetadata>();
 		for (String manifest : proxy.getSpec().getKubernetesAdditionalManifests()) {
-			HasMetadata object = Serialization.unmarshal(new ByteArrayInputStream(manifest.getBytes())); // used to determine whether the manifest has specified a namespace
+			String expressionManifest = expressionResolver.evaluateToString(manifest, context);
+			HasMetadata object = Serialization.unmarshal(new ByteArrayInputStream(expressionManifest.getBytes())); // used to determine whether the manifest has specified a namespace
 
-			HasMetadata fullObject = kubeClient.load(new ByteArrayInputStream(manifest.getBytes())).get().get(0);
+			HasMetadata fullObject = kubeClient.load(new ByteArrayInputStream(expressionManifest.getBytes())).get().get(0);
 			if (object.getMetadata().getNamespace() == null) {
 				// the load method (in some cases) automatically sets a namepsace when no namespace is provided
 				// therefore we overwrite this namespace with the namsepace of the pod.

src/main/java/eu/openanalytics/containerproxy/model/spec/ProxySpec.java

@@ -20,23 +20,12 @@
  */
 package eu.openanalytics.containerproxy.model.spec;
 
-import java.io.IOException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
 
-import javax.json.JsonPatch;
-import javax.json.JsonValue;
-
-import com.fasterxml.jackson.annotation.JsonIgnore;
-import com.fasterxml.jackson.core.JsonParseException;
-import com.fasterxml.jackson.databind.JsonMappingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
-import com.fasterxml.jackson.datatype.jsr353.JSR353Module;
-
 public class ProxySpec {
 
 	private String id;
@@ -50,7 +39,7 @@ public class ProxySpec {
 
 	private Map<String, String> settings = new HashMap<>();
 
-	private JsonPatch kubernetesPodPatches;
+	private String kubernetesPodPatches;
 	private List<String> kubernetesAdditionalManifests = new ArrayList<>();
 
 	public ProxySpec() {
@@ -124,36 +113,11 @@ public void setSettings(Map<String, String> settings) {
 	/**
 	 * Returns the Kubernetes Pod Patch as JsonValue (i.e. array) for nice representation in API requests.
 	 */
-	public JsonValue getKubernetesPodPatch() {
-		if (this.kubernetesPodPatches == null) {
-			return null;
-		} else {
-			return kubernetesPodPatches.toJsonArray();
-		}
-	}
-
-	/**
-	 * Returns the Kubernetes Pod Patch as a JsonPatch, so it can be directly be used to patch the spec.
-	 * Should not be returned by API responses.
-	 */
-	@JsonIgnore
-	public JsonPatch getKubernetesPodPatchAsJsonpatch() {
+	public String getKubernetesPodPatch() {
 		return kubernetesPodPatches;
 	}
 
-	public void setKubernetesPodPatches(String kubernetesPodPatches) throws JsonParseException, JsonMappingException, IOException {
-		try {
-			// convert the raw YAML string into a JsonPatch
-			ObjectMapper yamlReader = new ObjectMapper(new YAMLFactory());
-			yamlReader.registerModule(new JSR353Module());
-			this.kubernetesPodPatches = yamlReader.readValue(kubernetesPodPatches, JsonPatch.class);
-		} catch (Exception exception) {
-			exception.printStackTrace(); // log the exception for easier debugging
-			throw exception;
-		}
-	}
-
-	private void setKubernetesPodPatches(JsonPatch kubernetesPodPatches) {
+	public void setKubernetesPodPatches(String kubernetesPodPatches) {
 		this.kubernetesPodPatches = kubernetesPodPatches;
 	}
 
@@ -201,7 +165,6 @@ public void copy(ProxySpec target) {
 
 
 		if (kubernetesPodPatches != null) {
-			// JsonPatch is an immutable object
 			target.setKubernetesPodPatches(kubernetesPodPatches);
 		}
 

src/test/java/eu/openanalytics/containerproxy/test/proxy/TestIntegrationOnKube.java

@@ -60,6 +60,7 @@
 import eu.openanalytics.containerproxy.model.runtime.Proxy;
 import eu.openanalytics.containerproxy.model.spec.ProxySpec;
 import eu.openanalytics.containerproxy.service.ProxyService;
+import eu.openanalytics.containerproxy.service.UserService;
 import eu.openanalytics.containerproxy.test.proxy.TestIntegrationOnKube.TestConfiguration;
 import eu.openanalytics.containerproxy.util.ProxyMappingManager;
 import io.fabric8.kubernetes.api.model.ContainerStatus;
@@ -77,6 +78,7 @@
 import io.fabric8.kubernetes.api.model.Service;
 import io.fabric8.kubernetes.api.model.ServiceAccountBuilder;
 import io.fabric8.kubernetes.api.model.ServiceList;
+import io.fabric8.kubernetes.api.model.Volume;
 import io.fabric8.kubernetes.api.model.VolumeMount;
 import io.fabric8.kubernetes.client.KubernetesClient;
 
@@ -248,7 +250,7 @@ public void launchProxyWithEnv() throws Exception {
 		List<EnvVar> envList = pod.getSpec().getContainers().get(0).getEnv();
 		Map<String, EnvVar> env = envList.stream().collect(Collectors.toMap(EnvVar::getName, e -> e));
 		assertTrue(env.containsKey("SHINYPROXY_USERNAME"));
-		assertEquals("null", env.get("SHINYPROXY_USERNAME").getValue()); // value is a String "null"
+		assertEquals("jack", env.get("SHINYPROXY_USERNAME").getValue()); // value is a String "null"
 		assertTrue(env.containsKey("SHINYPROXY_USERGROUPS"));
 		assertEquals(null, env.get("SHINYPROXY_USERGROUPS").getValue());
 		assertTrue(env.containsKey("VAR1"));
@@ -672,6 +674,64 @@ public void launchProxyWithAdditionalManifestsOfWhichOneAlreadyExists() throws E
 		}
 	}
 
+	
+	/**
+	 * Tests the use of Spring Epxression in kubernetes patches and additional manifests.
+	 */
+	@Test
+	public void launchProxyWithExpressionInPatchAndManifests() throws Exception {
+		String specId = environment.getProperty("proxy.specs[9].id");
+
+		ProxySpec baseSpec = proxyService.findProxySpec(s -> s.getId().equals(specId), true);
+		ProxySpec spec = proxyService.resolveProxySpec(baseSpec, null, null);
+		Proxy proxy = proxyService.startProxy(spec, true);
+		String containerId = proxy.getContainers().get(0).getId();
+
+		PodList podList = client.pods().inNamespace(session.getNamespace()).list();
+		assertEquals(1, podList.getItems().size());
+		Pod pod = podList.getItems().get(0);
+		assertEquals("Running", pod.getStatus().getPhase());
+		assertEquals(session.getNamespace(), pod.getMetadata().getNamespace());
+		assertEquals("sp-pod-" + containerId, pod.getMetadata().getName());
+		assertEquals(1, pod.getStatus().getContainerStatuses().size());
+		ContainerStatus container = pod.getStatus().getContainerStatuses().get(0);
+		assertEquals(true, container.getReady());
+		assertEquals("openanalytics/shinyproxy-demo:latest", container.getImage());
+		
+		
+		// check env variables
+		List<EnvVar> envList = pod.getSpec().getContainers().get(0).getEnv();
+		Map<String, EnvVar> env = envList.stream().collect(Collectors.toMap(EnvVar::getName, e -> e));
+		assertTrue(env.containsKey("CUSTOM_USERNAME"));
+		assertTrue(env.containsKey("PROXY_ID"));
+		assertEquals("jack", env.get("CUSTOM_USERNAME").getValue());
+		assertEquals(proxy.getId(), env.get("PROXY_ID").getValue());
+		
+		PersistentVolumeClaimList claimList = client.persistentVolumeClaims().inNamespace(session.getNamespace()).list();
+		assertEquals(1, claimList.getItems().size());
+		PersistentVolumeClaim claim = claimList.getItems().get(0);
+		assertEquals(session.getNamespace(), claim.getMetadata().getNamespace());
+		assertEquals("home-dir-pvc-jack", claim.getMetadata().getName());
+		
+		// check volume mount
+		Volume volume = pod.getSpec().getVolumes().get(0);
+		assertEquals("home-dir-pvc-jack", volume.getName());
+		assertEquals("home-dir-pvc-jack", volume.getPersistentVolumeClaim().getClaimName());
+
+		proxyService.stopProxy(proxy, false, true);
+
+		// Give Kube the time to clean
+		Thread.sleep(2000);
+
+		// all pods should be deleted
+		podList = client.pods().inNamespace(session.getNamespace()).list();
+		assertEquals(0, podList.getItems().size());
+		// all additional manifests should be deleted
+		assertEquals(0, client.persistentVolumeClaims().inNamespace(session.getNamespace()).list().getItems().size());
+
+		assertEquals(0, proxyService.getProxies(null, true).size());
+	}
+	
 	private final String overridenNamespace = "it-b9fa0a24-overriden";
 
 	private void createOverridenNamespace() throws InterruptedException {
@@ -695,6 +755,12 @@ private void deleteOverridenNamespace() throws InterruptedException {
 		}
 	}
 
+	public static class MockedUserService extends UserService {
+		public String getCurrentUserId() {
+			return "jack";
+		}
+	}
+
 	public static class TestConfiguration {
 		@Bean
 		@Primary
@@ -708,6 +774,12 @@ public AbstractFactoryBean<IContainerBackend> backendFactory() {
 			return new TestContainerBackendFactory();
 		}
 
+		@Bean
+		@Primary
+		public UserService mockedUserService() {
+			return new MockedUserService();
+		}
+
 	}
 
 	public static class TestContainerBackendFactory extends AbstractFactoryBean<IContainerBackend>

src/test/resources/application-test.yml

@@ -149,6 +149,46 @@ proxy:
          data:
            password: cGFzc3dvcmQ=
 
+  - id: 01_hello_manifests_espression
+    container-specs:
+    - image: "openanalytics/shinyproxy-demo"
+      cmd: ["R", "-e", "shinyproxy::run_01_hello()"]
+      port-mapping:
+        default: 3838
+    kubernetes-pod-patches: |
+      - op: add
+        path: /spec/containers/0/env/-
+        value: 
+           name: CUSTOM_USERNAME
+           value: "#{proxy.userId}"
+      - op: add
+        path: /spec/containers/0/env/-
+        value: 
+           name: PROXY_ID
+           value: "#{proxy.id}"
+      - op: add
+        path: /spec/volumes
+        value:
+          - name: "home-dir-pvc-#{proxy.userId}"
+            persistentVolumeClaim:
+              claimName: "home-dir-pvc-#{proxy.userId}"
+      - op: add
+        path: /spec/containers/0/volumeMounts
+        value:
+          - mountPath: "/home/#{proxy.userId}"
+            name: "home-dir-pvc-#{proxy.userId}"
+    kubernetes-additional-manifests:
+      - |
+        apiVersion: v1
+        kind: PersistentVolumeClaim
+        metadata:
+          name: "home-dir-pvc-#{proxy.userId}"
+        spec:
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 5Gi
   - id: 02_hello
     container-specs:
     - image: "openanalytics/shinyproxy-demo"