[DPE-7840] Add get-manifest command to generate manifest of K8s resources without creating them

Author: theoctober19th

spark8t/cli/service_account_registry.py

@@ -50,6 +50,7 @@ class Actions(str, Enum):
     CLEAR_CONFIG = "clear-config"
     PRIMARY = "get-primary"
     LIST = "list"
+    GET_MANIFEST = "get-manifest"
 
     def __str__(self) -> str:
         """Define string representation.
@@ -122,6 +123,13 @@ def create_service_account_registry_parser(parser: ArgumentParser):
         action="store_true",
         help="Boolean to ignore Spark Integration Hub generated options.",
     )
+
+    #  subparser for get-manifest
+    parse_arguments_with(
+        [spark_user_parser],
+        subparsers.add_parser(Actions.GET_MANIFEST.value, parents=[base_parser]),
+    )
+
     #  subparser for sa-conf-del
     parse_arguments_with(
         [spark_user_parser],
@@ -161,6 +169,11 @@ def main(args: Namespace, logger: Logger):
         ) + PropertyFile.parse_conf_overrides(args.conf)
         registry.create(service_account)
 
+    elif args.action == Actions.GET_MANIFEST:
+        service_account = build_service_account_from_args(args, registry)
+        manifest = registry.create(service_account, dry_run=True)
+        print(manifest)
+
     elif args.action == Actions.DELETE:
         user_id = build_service_account_from_args(args, registry).id
         logger.info(user_id)

spark8t/kube_interface/base.py

@@ -154,6 +154,7 @@ def create(
         resource_type: KubernetesResourceType,
         resource_name: str,
         namespace: str | None = None,
+        dry_run: bool = False,
         **extra_args,
     ) -> str:
         """Create a K8s resource.

spark8t/kube_interface/kubectl.py

@@ -296,6 +296,7 @@ def create(
         resource_type: str,
         resource_name: str,
         namespace: str | None = None,
+        dry_run: bool = False,
         **extra_args,
     ):
         """Create a K8s resource.
@@ -310,9 +311,10 @@ def create(
                         e.g. {"resource" : ["pods", "configmaps"]} which would translate to something like
                         --resource=pods --resource=configmaps
         """
+        dry_run_arg = "--dry-run=client" if dry_run else ""
         if resource_type == KubernetesResourceType.NAMESPACE:
-            self.exec(
-                f"create {resource_type} {resource_name}",
+            manifest = self.exec(
+                f"create {resource_type} {resource_name} {dry_run_arg}",
                 namespace=None,
                 output="yaml",
             )
@@ -336,11 +338,12 @@ def create(
                     dir=os.path.expanduser("~"),
                 ) as t:
                     codecs.dump_all_yaml(res, t)
-                    self.exec(
-                        f"apply -f {t.name}",
+                    manifest = self.exec(
+                        f"apply -f {t.name} {dry_run_arg}",
                         namespace=namespace,
                         output="yaml",
                     )
+                    return yaml.dump(manifest)
         else:
             # NOTE: removing 'username' to avoid interference with KUBECONFIG
             # ERROR: more than one authentication method found for admin; found [token basicAuth], only one is allowed
@@ -354,11 +357,12 @@ def create(
                     for v in listify(values)
                 ]
             )
-            self.exec(
-                f"create {resource_type} {resource_name} {formatted_extra_args}",
+            manifest = self.exec(
+                f"create {resource_type} {resource_name} {formatted_extra_args} {dry_run_arg}",
                 namespace=namespace or self.namespace,
                 output="yaml",
             )
+            return yaml.dump(manifest)
 
     def delete(
         self, resource_type: str, resource_name: str, namespace: str | None = None

spark8t/kube_interface/lightkube.py

@@ -306,6 +306,7 @@ def create(
         resource_type: KubernetesResourceType,
         resource_name: str,
         namespace: str | None = None,
+        dry_run: bool = False,
         **extra_args,
     ):
         """Create a K8s resource.
@@ -314,6 +315,7 @@ def create(
             resource_type: type of the resource to be created, e.g. service account, rolebindings, etc.
             resource_name: name of the resource to be created
             namespace: namespace where the resource is
+            dry_run: whether to skip actual creation of resources
             extra_args: extra parameters that should be provided when creating the resource. Note that each parameter
                         will be prepended with the -- in the cmd, e.g. {"role": "view"} will translate as
                         --role=view in the command. List of parameter values against a parameter key are also accepted.
@@ -371,6 +373,7 @@ def create(
                         "metadata": {
                             "name": resource_name,
                             "namespace": namespace,
+                            "labels": {GENERATED_BY_LABELNAME: SPARK8S_LABEL},
                         },
                     }
                 )
@@ -382,7 +385,11 @@ def create(
                 f"Label setting for resource name {resource_type} not supported yet."
             )
 
-        self.client.create(obj=res, name=resource_name, namespace=namespace)
+        if not dry_run:
+            self.client.create(obj=res, name=resource_name, namespace=namespace)
+        if res is None:
+            return ""
+        return codecs.dump_all_yaml([cast(AnyResource, res)])  # mypy: ignore
 
     def delete(
         self,

spark8t/literals.py

@@ -1,6 +1,7 @@
 """Literals and constant module."""
 
 MANAGED_BY_LABELNAME = "app.kubernetes.io/managed-by"
+GENERATED_BY_LABELNAME = "app.kubernetes.io/generated-by"
 PRIMARY_LABELNAME = "app.kubernetes.io/spark8t-primary"
 SPARK8S_LABEL = "spark8t"
 HUB_LABEL = "integrator-hub-conf"  # TODO revert this label to `integration-hub-conf``

spark8t/registry/k8s.py

@@ -134,7 +134,7 @@ def set_primary(self, account_id: str, namespace: str | None = None) -> str | No
 
         return account_id
 
-    def create(self, service_account: ServiceAccount) -> str:
+    def create(self, service_account: ServiceAccount, dry_run=False) -> str:
         """Create a new service account and return ids associated id.
 
         Args:
@@ -150,7 +150,7 @@ def create(self, service_account: ServiceAccount) -> str:
         secretname = self._get_secret_name(username)
 
         # Check if the resources to be created already exist in K8s cluster
-        if self.kube_interface.exists(
+        if not dry_run and self.kube_interface.exists(
             resource_type=KubernetesResourceType.SERVICEACCOUNT,
             resource_name=username,
             namespace=namespace,
@@ -160,7 +160,7 @@ def create(self, service_account: ServiceAccount) -> str:
                 f"A {KubernetesResourceType.SERVICEACCOUNT} with name '{username}' already exists."
             )
 
-        if self.kube_interface.exists(
+        if not dry_run and self.kube_interface.exists(
             resource_type=KubernetesResourceType.ROLE,
             resource_name=rolename,
             namespace=namespace,
@@ -170,7 +170,7 @@ def create(self, service_account: ServiceAccount) -> str:
                 f"A {KubernetesResourceType.ROLE} with name '{rolename}' already exists."
             )
 
-        if self.kube_interface.exists(
+        if not dry_run and self.kube_interface.exists(
             resource_type=KubernetesResourceType.ROLEBINDING,
             resource_name=rolebindingname,
             namespace=namespace,
@@ -180,57 +180,64 @@ def create(self, service_account: ServiceAccount) -> str:
                 f"A {KubernetesResourceType.ROLEBINDING} with name '{rolebindingname}' already exists."
             )
 
-        self.kube_interface.create(
+        sa_manifest = self.kube_interface.create(
             resource_type=KubernetesResourceType.SERVICEACCOUNT,
             resource_name=username,
             namespace=namespace,
+            dry_run=dry_run,
             **{"username": username},
         )
-        self.kube_interface.create(
+        role_manifest = self.kube_interface.create(
             resource_type=KubernetesResourceType.ROLE,
             resource_name=rolename,
             namespace=namespace,
+            dry_run=dry_run,
             **{"username": username},
         )
-        self.kube_interface.create(
+        role_binding_manifest = self.kube_interface.create(
             resource_type=KubernetesResourceType.ROLEBINDING,
             resource_name=rolebindingname,
             namespace=namespace,
             role=rolename,
+            dry_run=dry_run,
             serviceaccount=account_id,
             username=username,
         )
-        self.kube_interface.create(
+        secret_manifest = self.kube_interface.create(
             resource_type=KubernetesResourceType.SECRET_GENERIC,
             resource_name=secretname,
             namespace=namespace,
+            dry_run=dry_run,
         )
-        self.kube_interface.set_label(
-            resource_type=KubernetesResourceType.SERVICEACCOUNT,
-            resource_name=username,
-            label=f"{MANAGED_BY_LABELNAME}={SPARK8S_LABEL}",
-            namespace=namespace,
-        )
-        self.kube_interface.set_label(
-            resource_type=KubernetesResourceType.ROLE,
-            resource_name=rolename,
-            label=f"{MANAGED_BY_LABELNAME}={SPARK8S_LABEL}",
-            namespace=namespace,
-        )
-        self.kube_interface.set_label(
-            resource_type=KubernetesResourceType.ROLEBINDING,
-            resource_name=rolebindingname,
-            label=f"{MANAGED_BY_LABELNAME}={SPARK8S_LABEL}",
-            namespace=namespace,
-        )
-        if service_account.primary is True:
-            self.set_primary(account_id=account_id, namespace=namespace)
-
-        if len(service_account.extra_confs) > 0:
-            self.set_configurations(
-                account_id=account_id, configurations=configurations
+        if not dry_run:
+            self.kube_interface.set_label(
+                resource_type=KubernetesResourceType.SERVICEACCOUNT,
+                resource_name=username,
+                label=f"{MANAGED_BY_LABELNAME}={SPARK8S_LABEL}",
+                namespace=namespace,
             )
-        return account_id
+            self.kube_interface.set_label(
+                resource_type=KubernetesResourceType.ROLE,
+                resource_name=rolename,
+                label=f"{MANAGED_BY_LABELNAME}={SPARK8S_LABEL}",
+                namespace=namespace,
+            )
+            self.kube_interface.set_label(
+                resource_type=KubernetesResourceType.ROLEBINDING,
+                resource_name=rolebindingname,
+                label=f"{MANAGED_BY_LABELNAME}={SPARK8S_LABEL}",
+                namespace=namespace,
+            )
+            if service_account.primary is True:
+                self.set_primary(account_id=account_id, namespace=namespace)
+
+            if len(service_account.extra_confs) > 0:
+                self.set_configurations(
+                    account_id=account_id, configurations=configurations
+                )
+
+        manifests = [sa_manifest, role_manifest, role_binding_manifest, secret_manifest]
+        return "---\n".join(manifests)
 
     def _create_account_secret(self, service_account: ServiceAccount):
         """Create the secret that will contain the user configurations."""

spark8t/resources/templates/role_yaml.tmpl

@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   labels:
-    app.kubernetes.io/managed-by: spark8t
+    app.kubernetes.io/generated-by: spark8t
   name: {{resourcename}}
   namespace: {{namespace}}
 rules:

spark8t/resources/templates/rolebinding_yaml.tmpl

@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   labels:
-    app.kubernetes.io/managed-by: spark8t
+    app.kubernetes.io/generated-by: spark8t
   name: {{resourcename}}
   namespace: {{namespace}}
 roleRef:

spark8t/resources/templates/serviceaccount_yaml.tmpl

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  labels:
-    app.kubernetes.io/managed-by: spark8t
   name: {{resourcename}}
   namespace: {{namespace}}
+  labels:
+    app.kubernetes.io/generated-by: spark8t