run_td_setup.py
Go to the documentation of this file.
1 # Copyright 2020 gRPC authors.
2 #
3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
6 #
7 # http://www.apache.org/licenses/LICENSE-2.0
8 #
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 # See the License for the specific language governing permissions and
13 # limitations under the License.
14 """Configure Traffic Director for different GRPC Proxyless.
15 
16 This is intended as a debugging / local development helper and not executed
17 as a part of interop test suites.
18 
19 Typical usage examples:
20 
21  # Regular proxyless setup
22  python -m bin.run_td_setup --flagfile=config/local-dev.cfg
23 
24  # Additional commands: cleanup, backend management, etc.
25  python -m bin.run_td_setup --flagfile=config/local-dev.cfg --cmd=cleanup
26 
27  # PSM security setup options: mtls, tls, etc.
28  python -m bin.run_td_setup --flagfile=config/local-dev.cfg --security=mtls
29 
30  # More information and usage options
31  python -m bin.run_td_setup --helpfull
32 """
33 import logging
34 
35 from absl import app
36 from absl import flags
37 
38 from framework import xds_flags
39 from framework import xds_k8s_flags
40 from framework.helpers import rand
41 from framework.infrastructure import gcp
42 from framework.infrastructure import k8s
43 from framework.infrastructure import traffic_director
44 from framework.test_app import server_app
45 
46 logger = logging.getLogger(__name__)
47 # Flags
48 _CMD = flags.DEFINE_enum('cmd',
49  default='create',
50  enum_values=[
51  'cycle', 'create', 'cleanup', 'backends-add',
52  'backends-cleanup', 'unused-xds-port'
53  ],
54  help='Command')
55 _SECURITY = flags.DEFINE_enum('security',
56  default=None,
57  enum_values=[
58  'mtls', 'tls', 'plaintext', 'mtls_error',
59  'server_authz_error'
60  ],
61  help='Configure TD with security')
62 flags.adopt_module_key_flags(xds_flags)
63 flags.adopt_module_key_flags(xds_k8s_flags)
64 # Running outside of a test suite, so require explicit resource_suffix.
65 flags.mark_flag_as_required("resource_suffix")
66 
67 KubernetesServerRunner = server_app.KubernetesServerRunner
68 
69 
70 def main(argv): # pylint: disable=too-many-locals,too-many-branches,too-many-statements
71  if len(argv) > 1:
72  raise app.UsageError('Too many command-line arguments.')
73 
74  command = _CMD.value
75  security_mode = _SECURITY.value
76 
77  project: str = xds_flags.PROJECT.value
78  network: str = xds_flags.NETWORK.value
79 
80  # Resource names.
81  resource_prefix: str = xds_flags.RESOURCE_PREFIX.value
82  resource_suffix: str = xds_flags.RESOURCE_SUFFIX.value
83 
84  # Test server
85  server_name = xds_flags.SERVER_NAME.value
86  server_port = xds_flags.SERVER_PORT.value
87  server_maintenance_port = xds_flags.SERVER_MAINTENANCE_PORT.value
88  server_xds_host = xds_flags.SERVER_XDS_HOST.value
89  server_xds_port = xds_flags.SERVER_XDS_PORT.value
90  server_namespace = KubernetesServerRunner.make_namespace_name(
91  resource_prefix, resource_suffix)
92 
93  gcp_api_manager = gcp.api.GcpApiManager()
94 
95  if security_mode is None:
96  td = traffic_director.TrafficDirectorManager(
97  gcp_api_manager,
98  project=project,
99  network=network,
100  resource_prefix=resource_prefix,
101  resource_suffix=resource_suffix)
102  else:
103  td = traffic_director.TrafficDirectorSecureManager(
104  gcp_api_manager,
105  project=project,
106  network=network,
107  resource_prefix=resource_prefix,
108  resource_suffix=resource_suffix)
109  if server_maintenance_port is None:
110  server_maintenance_port = KubernetesServerRunner.DEFAULT_SECURE_MODE_MAINTENANCE_PORT
111 
112  try:
113  if command in ('create', 'cycle'):
114  logger.info('Create mode')
115  if security_mode is None:
116  logger.info('No security')
117  td.setup_for_grpc(server_xds_host,
118  server_xds_port,
119  health_check_port=server_maintenance_port)
120 
121  elif security_mode == 'mtls':
122  logger.info('Setting up mtls')
123  td.setup_for_grpc(server_xds_host,
124  server_xds_port,
125  health_check_port=server_maintenance_port)
126  td.setup_server_security(server_namespace=server_namespace,
127  server_name=server_name,
128  server_port=server_port,
129  tls=True,
130  mtls=True)
131  td.setup_client_security(server_namespace=server_namespace,
132  server_name=server_name,
133  tls=True,
134  mtls=True)
135 
136  elif security_mode == 'tls':
137  logger.info('Setting up tls')
138  td.setup_for_grpc(server_xds_host,
139  server_xds_port,
140  health_check_port=server_maintenance_port)
141  td.setup_server_security(server_namespace=server_namespace,
142  server_name=server_name,
143  server_port=server_port,
144  tls=True,
145  mtls=False)
146  td.setup_client_security(server_namespace=server_namespace,
147  server_name=server_name,
148  tls=True,
149  mtls=False)
150 
151  elif security_mode == 'plaintext':
152  logger.info('Setting up plaintext')
153  td.setup_for_grpc(server_xds_host,
154  server_xds_port,
155  health_check_port=server_maintenance_port)
156  td.setup_server_security(server_namespace=server_namespace,
157  server_name=server_name,
158  server_port=server_port,
159  tls=False,
160  mtls=False)
161  td.setup_client_security(server_namespace=server_namespace,
162  server_name=server_name,
163  tls=False,
164  mtls=False)
165 
166  elif security_mode == 'mtls_error':
167  # Error case: server expects client mTLS cert,
168  # but client configured only for TLS
169  logger.info('Setting up mtls_error')
170  td.setup_for_grpc(server_xds_host,
171  server_xds_port,
172  health_check_port=server_maintenance_port)
173  td.setup_server_security(server_namespace=server_namespace,
174  server_name=server_name,
175  server_port=server_port,
176  tls=True,
177  mtls=True)
178  td.setup_client_security(server_namespace=server_namespace,
179  server_name=server_name,
180  tls=True,
181  mtls=False)
182 
183  elif security_mode == 'server_authz_error':
184  # Error case: client does not authorize server
185  # because of mismatched SAN name.
186  logger.info('Setting up mtls_error')
187  td.setup_for_grpc(server_xds_host,
188  server_xds_port,
189  health_check_port=server_maintenance_port)
190  # Regular TLS setup, but with client policy configured using
191  # intentionality incorrect server_namespace.
192  td.setup_server_security(server_namespace=server_namespace,
193  server_name=server_name,
194  server_port=server_port,
195  tls=True,
196  mtls=False)
197  td.setup_client_security(
198  server_namespace=f'incorrect-namespace-{rand.rand_string()}',
199  server_name=server_name,
200  tls=True,
201  mtls=False)
202 
203  logger.info('Works!')
204  except Exception: # noqa pylint: disable=broad-except
205  logger.exception('Got error during creation')
206 
207  if command in ('cleanup', 'cycle'):
208  logger.info('Cleaning up')
209  td.cleanup(force=True)
210 
211  if command == 'backends-add':
212  logger.info('Adding backends')
213  k8s_api_manager = k8s.KubernetesApiManager(
214  xds_k8s_flags.KUBE_CONTEXT.value)
215  k8s_namespace = k8s.KubernetesNamespace(k8s_api_manager,
216  server_namespace)
217 
218  neg_name, neg_zones = k8s_namespace.get_service_neg(
219  server_name, server_port)
220 
221  td.load_backend_service()
222  td.backend_service_add_neg_backends(neg_name, neg_zones)
223  td.wait_for_backends_healthy_status()
224  elif command == 'backends-cleanup':
225  td.load_backend_service()
226  td.backend_service_remove_all_backends()
227  elif command == 'unused-xds-port':
228  try:
229  unused_xds_port = td.find_unused_forwarding_rule_port()
230  logger.info('Found unused forwarding rule port: %s',
231  unused_xds_port)
232  except Exception: # noqa pylint: disable=broad-except
233  logger.exception("Couldn't find unused forwarding rule port")
234 
235 
236 if __name__ == '__main__':
237  app.run(main)
framework.helpers
Definition: tools/run_tests/xds_k8s_test_driver/framework/helpers/__init__.py:1
framework.test_app
Definition: tools/run_tests/xds_k8s_test_driver/framework/test_app/__init__.py:1
bin.run_td_setup.main
def main(argv)
Definition: run_td_setup.py:70
framework.infrastructure
Definition: tools/run_tests/xds_k8s_test_driver/framework/infrastructure/__init__.py:1
len
int len
Definition: abseil-cpp/absl/base/internal/low_level_alloc_test.cc:46

grpc
Author(s):
autogenerated on Fri May 16 2025 03:00:08