Skip to content

Commit

Permalink
tests: pep8
Browse files Browse the repository at this point in the history
  • Loading branch information
Diego Rodriguez committed Mar 31, 2020
1 parent 80ec769 commit f2d0796
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 19 deletions.
7 changes: 4 additions & 3 deletions reana_job_controller/config.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,15 +91,16 @@
"""Kerberos configMap name."""

VOMSPROXY_CONTAINER_IMAGE = os.getenv('VOMSPROXY_CONTAINER_IMAGE',
'reanahub/reana-auth-vomsproxy')
'reanahub/reana-auth-vomsproxy')
"""Default docker image of VOMSPROXY sidecar container."""

VOMSPROXY_CONTAINER_NAME = 'voms-proxy'
"""Name of VOMSPROXY sidecar container."""

VOMSPROXY_CERT_CACHE_LOCATION = '/vomsproxy_cache/'
"""Directory of voms-proxy certificate cache, shared between job & VOMSPROXY container.
"""
"""Directory of voms-proxy certificate cache.
This directory is shared between job & VOMSPROXY container."""

VOMSPROXY_CERT_CACHE_FILENAME = 'x509up_proxy'
"""Name of the voms-proxy certificate cache file."""
Expand Down
37 changes: 21 additions & 16 deletions reana_job_controller/kubernetes_job_manager.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,8 @@ class KubernetesJobManager(JobManager):
def __init__(self, docker_img=None, cmd=None, prettified_cmd=None,
env_vars=None, workflow_uuid=None, workflow_workspace=None,
cvmfs_mounts='false', shared_file_system=False, job_name=None,
kerberos=False, kubernetes_uid=None, unpacked_img=False, voms_proxy=False):
kerberos=False, kubernetes_uid=None, unpacked_img=False,
voms_proxy=False):
"""Instanciate kubernetes job manager.
:param docker_img: Docker image.
Expand All @@ -70,7 +71,8 @@ def __init__(self, docker_img=None, cmd=None, prettified_cmd=None,
:type kerberos: bool
:param kubernetes_uid: User ID for job container.
:type kubernetes_uid: int
:param voms_proxy: Decides if a voms-proxy certificate should be provided for job.
:param voms_proxy: Decides if a voms-proxy certificate should be
provided for job.
:type voms_proxy: bool
"""
super(KubernetesJobManager, self).__init__(
Expand Down Expand Up @@ -127,27 +129,28 @@ def execute(self):
secrets_store = REANAUserSecretsStore(user_id)

secret_env_vars = secrets_store.get_env_secrets_as_k8s_spec()
self.job['spec']['template']['spec']['containers'][0]['env'].extend(
job_spec = self.job['spec']['template']['spec']
job_spec['containers'][0]['env'].extend(
secret_env_vars
)

self.job['spec']['template']['spec']['volumes'].append(
job_spec['volumes'].append(
secrets_store.get_file_secrets_volume_as_k8s_specs()
)

secrets_volume_mount = \
secrets_store.get_secrets_volume_mount_as_k8s_spec()
self.job['spec']['template']['spec']['containers'][0]['volumeMounts'] \
job_spec['containers'][0]['volumeMounts'] \
.append(secrets_volume_mount)

self.job['spec']['template']['spec']['containers'][0]['securityContext'] = \
job_spec['containers'][0]['securityContext'] = \
client.V1PodSecurityContext(
run_as_group=WORKFLOW_RUNTIME_USER_GID,
run_as_user=self.kubernetes_uid)

if self.env_vars:
for var, value in self.env_vars.items():
self.job['spec']['template']['spec'][
job_spec[
'containers'][0]['env'].append({'name': var,
'value': value})

Expand All @@ -167,13 +170,13 @@ def execute(self):
for repository, mount_path in cvmfs_map.items():
volume = get_k8s_cvmfs_volume(repository)

(self.job['spec']['template']['spec']['containers'][0]
(job_spec['containers'][0]
['volumeMounts'].append(
{'name': volume['name'],
'mountPath': '/cvmfs/{}'.format(mount_path),
'readOnly': volume['readOnly']}
))
self.job['spec']['template']['spec']['volumes'].append(volume)
job_spec['volumes'].append(volume)

if self.kerberos:
self._add_krb5_init_container(secrets_volume_mount)
Expand Down Expand Up @@ -333,14 +336,15 @@ def _add_voms_proxy_init_container(self, secrets_volume_mount,
volume_mounts = [
{
'name': ticket_cache_volume['name'],
'mountPath': current_app.config['VOMSPROXY_CERT_CACHE_LOCATION']
'mountPath':
current_app.config['VOMSPROXY_CERT_CACHE_LOCATION']
}
]

voms_proxy_file_path = os.path.join(
current_app.config['VOMSPROXY_CERT_CACHE_LOCATION'],
current_app.config['VOMSPROXY_CERT_CACHE_FILENAME']
)
current_app.config['VOMSPROXY_CERT_CACHE_LOCATION'],
current_app.config['VOMSPROXY_CERT_CACHE_FILENAME']
)

voms_proxy_container = {
'image': current_app.config['VOMSPROXY_CONTAINER_IMAGE'],
Expand All @@ -352,8 +356,8 @@ def _add_voms_proxy_init_container(self, secrets_volume_mount,
--cert $(readlink -f /etc/reana/secrets/usercert.pem) \
--pwstdin --out {voms_proxy_file_path}; \
chown {kubernetes_uid} {voms_proxy_file_path}'.format(
voms_proxy_file_path=voms_proxy_file_path, \
kubernetes_uid=self.kubernetes_uid)],
voms_proxy_file_path=voms_proxy_file_path,
kubernetes_uid=self.kubernetes_uid)],
'name': current_app.config['VOMSPROXY_CONTAINER_NAME'],
'imagePullPolicy': 'IfNotPresent',
'volumeMounts': [secrets_volume_mount] + volume_mounts,
Expand All @@ -365,7 +369,8 @@ def _add_voms_proxy_init_container(self, secrets_volume_mount,
self.job['spec']['template']['spec']['containers'][0][
'volumeMounts'].extend(volume_mounts)

# XrootD will look for a valid grid proxy in the location pointed to by the environment variable $X509_USER_PROXY
# XrootD will look for a valid grid proxy in the location pointed to
# by the environment variable $X509_USER_PROXY
self.job['spec']['template']['spec']['containers'][0][
'env'].append({'name': 'X509_USER_PROXY',
'value': voms_proxy_file_path})
Expand Down

0 comments on commit f2d0796

Please sign in to comment.