add restic integration for doing pod volume backups/restores

Signed-off-by: Steve Kriss <steve@heptio.com>

pkg/podexec/pod_command_executor.go

@@ -0,0 +1,227 @@
+/*
+Copyright 2017 the Heptio Ark contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package podexec
+
+import (
+	"bytes"
+	"net/url"
+	"time"
+
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+
+	kapiv1 "k8s.io/api/core/v1"
+	kscheme "k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/remotecommand"
+
+	api "github.com/heptio/ark/pkg/apis/ark/v1"
+	"github.com/heptio/ark/pkg/util/collections"
+)
+
+const defaultTimeout = 30 * time.Second
+
+// PodCommandExecutor is capable of executing a command in a container in a pod.
+type PodCommandExecutor interface {
+	// ExecutePodCommand executes a command in a container in a pod. If the command takes longer than
+	// the specified timeout, an error is returned.
+	ExecutePodCommand(log logrus.FieldLogger, item map[string]interface{}, namespace, name, hookName string, hook *api.ExecHook) error
+}
+
+type poster interface {
+	Post() *rest.Request
+}
+
+type defaultPodCommandExecutor struct {
+	restClientConfig *rest.Config
+	restClient       poster
+
+	streamExecutorFactory streamExecutorFactory
+}
+
+// NewPodCommandExecutor creates a new PodCommandExecutor.
+func NewPodCommandExecutor(restClientConfig *rest.Config, restClient poster) PodCommandExecutor {
+	return &defaultPodCommandExecutor{
+		restClientConfig: restClientConfig,
+		restClient:       restClient,
+
+		streamExecutorFactory: &defaultStreamExecutorFactory{},
+	}
+}
+
+// ExecutePodCommand uses the pod exec API to execute a command in a container in a pod. If the
+// command takes longer than the specified timeout, an error is returned (NOTE: it is not currently
+// possible to ensure the command is terminated when the timeout occurs, so it may continue to run
+// in the background).
+func (e *defaultPodCommandExecutor) ExecutePodCommand(log logrus.FieldLogger, item map[string]interface{}, namespace, name, hookName string, hook *api.ExecHook) error {
+	if item == nil {
+		return errors.New("item is required")
+	}
+	if namespace == "" {
+		return errors.New("namespace is required")
+	}
+	if name == "" {
+		return errors.New("name is required")
+	}
+	if hookName == "" {
+		return errors.New("hookName is required")
+	}
+	if hook == nil {
+		return errors.New("hook is required")
+	}
+
+	if hook.Container == "" {
+		if err := setDefaultHookContainer(item, hook); err != nil {
+			return err
+		}
+	} else if err := ensureContainerExists(item, hook.Container); err != nil {
+		return err
+	}
+
+	if len(hook.Command) == 0 {
+		return errors.New("command is required")
+	}
+
+	switch hook.OnError {
+	case api.HookErrorModeFail, api.HookErrorModeContinue:
+		// use the specified value
+	default:
+		// default to fail
+		hook.OnError = api.HookErrorModeFail
+	}
+
+	if hook.Timeout.Duration == 0 {
+		hook.Timeout.Duration = defaultTimeout
+	}
+
+	hookLog := log.WithFields(
+		logrus.Fields{
+			"hookName":      hookName,
+			"hookContainer": hook.Container,
+			"hookCommand":   hook.Command,
+			"hookOnError":   hook.OnError,
+			"hookTimeout":   hook.Timeout,
+		},
+	)
+	hookLog.Info("running exec hook")
+
+	req := e.restClient.Post().
+		Resource("pods").
+		Namespace(namespace).
+		Name(name).
+		SubResource("exec")
+
+	req.VersionedParams(&kapiv1.PodExecOptions{
+		Container: hook.Container,
+		Command:   hook.Command,
+		Stdout:    true,
+		Stderr:    true,
+	}, kscheme.ParameterCodec)
+
+	executor, err := e.streamExecutorFactory.NewSPDYExecutor(e.restClientConfig, "POST", req.URL())
+	if err != nil {
+		return err
+	}
+
+	var stdout, stderr bytes.Buffer
+
+	streamOptions := remotecommand.StreamOptions{
+		Stdout: &stdout,
+		Stderr: &stderr,
+	}
+
+	errCh := make(chan error)
+
+	go func() {
+		err = executor.Stream(streamOptions)
+		errCh <- err
+	}()
+
+	var timeoutCh <-chan time.Time
+	if hook.Timeout.Duration > 0 {
+		timer := time.NewTimer(hook.Timeout.Duration)
+		defer timer.Stop()
+		timeoutCh = timer.C
+	}
+
+	select {
+	case err = <-errCh:
+	case <-timeoutCh:
+		return errors.Errorf("timed out after %v", hook.Timeout.Duration)
+	}
+
+	hookLog.Infof("stdout: %s", stdout.String())
+	hookLog.Infof("stderr: %s", stderr.String())
+
+	return err
+}
+
+func ensureContainerExists(pod map[string]interface{}, container string) error {
+	containers, err := collections.GetSlice(pod, "spec.containers")
+	if err != nil {
+		return err
+	}
+	for _, obj := range containers {
+		c, ok := obj.(map[string]interface{})
+		if !ok {
+			return errors.Errorf("unexpected type for container %T", obj)
+		}
+		name, ok := c["name"].(string)
+		if !ok {
+			return errors.Errorf("unexpected type for container name %T", c["name"])
+		}
+		if name == container {
+			return nil
+		}
+	}
+
+	return errors.Errorf("no such container: %q", container)
+}
+
+func setDefaultHookContainer(pod map[string]interface{}, hook *api.ExecHook) error {
+	containers, err := collections.GetSlice(pod, "spec.containers")
+	if err != nil {
+		return err
+	}
+
+	if len(containers) < 1 {
+		return errors.New("need at least 1 container")
+	}
+
+	container, ok := containers[0].(map[string]interface{})
+	if !ok {
+		return errors.Errorf("unexpected type for container %T", pod)
+	}
+
+	name, ok := container["name"].(string)
+	if !ok {
+		return errors.Errorf("unexpected type for container name %T", container["name"])
+	}
+	hook.Container = name
+
+	return nil
+}
+
+type streamExecutorFactory interface {
+	NewSPDYExecutor(config *rest.Config, method string, url *url.URL) (remotecommand.Executor, error)
+}
+
+type defaultStreamExecutorFactory struct{}
+
+func (f *defaultStreamExecutorFactory) NewSPDYExecutor(config *rest.Config, method string, url *url.URL) (remotecommand.Executor, error) {
+	return remotecommand.NewSPDYExecutor(config, method, url)
+}

pkg/podexec/pod_command_executor_test.go

@@ -0,0 +1,266 @@
+/*
+Copyright 2017 the Heptio Ark contributors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package podexec
+
+import (
+	"bytes"
+	"fmt"
+	"net/url"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/heptio/ark/pkg/apis/ark/v1"
+	arktest "github.com/heptio/ark/pkg/util/test"
+	"github.com/pkg/errors"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
+	"github.com/stretchr/testify/require"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/rest"
+	"k8s.io/client-go/tools/remotecommand"
+)
+
+func TestNewPodCommandExecutor(t *testing.T) {
+	restClientConfig := &rest.Config{Host: "foo"}
+	poster := &mockPoster{}
+	pce := NewPodCommandExecutor(restClientConfig, poster).(*defaultPodCommandExecutor)
+	assert.Equal(t, restClientConfig, pce.restClientConfig)
+	assert.Equal(t, poster, pce.restClient)
+	assert.Equal(t, &defaultStreamExecutorFactory{}, pce.streamExecutorFactory)
+}
+
+func TestExecutePodCommandMissingInputs(t *testing.T) {
+	tests := []struct {
+		name         string
+		item         map[string]interface{}
+		podNamespace string
+		podName      string
+		hookName     string
+		hook         *v1.ExecHook
+	}{
+		{
+			name: "missing item",
+		},
+		{
+			name: "missing pod namespace",
+			item: map[string]interface{}{},
+		},
+		{
+			name:         "missing pod name",
+			item:         map[string]interface{}{},
+			podNamespace: "ns",
+		},
+		{
+			name:         "missing hookName",
+			item:         map[string]interface{}{},
+			podNamespace: "ns",
+			podName:      "pod",
+		},
+		{
+			name:         "missing hook",
+			item:         map[string]interface{}{},
+			podNamespace: "ns",
+			podName:      "pod",
+			hookName:     "hook",
+		},
+		{
+			name:         "container not found",
+			item:         arktest.UnstructuredOrDie(`{"kind":"Pod","spec":{"containers":[{"name":"foo"}]}}`).Object,
+			podNamespace: "ns",
+			podName:      "pod",
+			hookName:     "hook",
+			hook: &v1.ExecHook{
+				Container: "missing",
+			},
+		},
+		{
+			name:         "command missing",
+			item:         arktest.UnstructuredOrDie(`{"kind":"Pod","spec":{"containers":[{"name":"foo"}]}}`).Object,
+			podNamespace: "ns",
+			podName:      "pod",
+			hookName:     "hook",
+			hook: &v1.ExecHook{
+				Container: "foo",
+			},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			e := &defaultPodCommandExecutor{}
+			err := e.ExecutePodCommand(arktest.NewLogger(), test.item, test.podNamespace, test.podName, test.hookName, test.hook)
+			assert.Error(t, err)
+		})
+	}
+}
+
+func TestExecutePodCommand(t *testing.T) {
+	tests := []struct {
+		name                  string
+		containerName         string
+		expectedContainerName string
+		command               []string
+		errorMode             v1.HookErrorMode
+		expectedErrorMode     v1.HookErrorMode
+		timeout               time.Duration
+		expectedTimeout       time.Duration
+		hookError             error
+		expectedError         string
+	}{
+		{
+			name:                  "validate defaults",
+			command:               []string{"some", "command"},
+			expectedContainerName: "foo",
+			expectedErrorMode:     v1.HookErrorModeFail,
+			expectedTimeout:       30 * time.Second,
+		},
+		{
+			name:                  "use specified values",
+			command:               []string{"some", "command"},
+			containerName:         "bar",
+			expectedContainerName: "bar",
+			errorMode:             v1.HookErrorModeContinue,
+			expectedErrorMode:     v1.HookErrorModeContinue,
+			timeout:               10 * time.Second,
+			expectedTimeout:       10 * time.Second,
+		},
+		{
+			name:                  "hook error",
+			command:               []string{"some", "command"},
+			expectedContainerName: "foo",
+			expectedErrorMode:     v1.HookErrorModeFail,
+			expectedTimeout:       30 * time.Second,
+			hookError:             errors.New("hook error"),
+			expectedError:         "hook error",
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			hook := v1.ExecHook{
+				Container: test.containerName,
+				Command:   test.command,
+				OnError:   test.errorMode,
+				Timeout:   metav1.Duration{Duration: test.timeout},
+			}
+
+			pod, err := arktest.GetAsMap(`
+{
+	"metadata": {
+		"namespace": "namespace",
+		"name": "name"
+	},
+	"spec": {
+		"containers": [
+			{"name": "foo"},
+			{"name": "bar"}
+		]
+	}
+}`)
+
+			require.NoError(t, err)
+
+			clientConfig := &rest.Config{}
+			poster := &mockPoster{}
+			defer poster.AssertExpectations(t)
+			podCommandExecutor := NewPodCommandExecutor(clientConfig, poster).(*defaultPodCommandExecutor)
+
+			streamExecutorFactory := &mockStreamExecutorFactory{}
+			defer streamExecutorFactory.AssertExpectations(t)
+			podCommandExecutor.streamExecutorFactory = streamExecutorFactory
+
+			baseUrl, _ := url.Parse("https://some.server")
+			contentConfig := rest.ContentConfig{
+				GroupVersion: &schema.GroupVersion{Group: "", Version: "v1"},
+			}
+			postRequest := rest.NewRequest(nil, "POST", baseUrl, "/api/v1", contentConfig, rest.Serializers{}, nil, nil, 0)
+			poster.On("Post").Return(postRequest)
+
+			streamExecutor := &mockStreamExecutor{}
+			defer streamExecutor.AssertExpectations(t)
+
+			expectedCommand := strings.Join(test.command, "&command=")
+			expectedURL, _ := url.Parse(
+				fmt.Sprintf("https://some.server/api/v1/namespaces/namespace/pods/name/exec?command=%s&container=%s&stderr=true&stdout=true", expectedCommand, test.expectedContainerName),
+			)
+			streamExecutorFactory.On("NewSPDYExecutor", clientConfig, "POST", expectedURL).Return(streamExecutor, nil)
+
+			var stdout, stderr bytes.Buffer
+			expectedStreamOptions := remotecommand.StreamOptions{
+				Stdout: &stdout,
+				Stderr: &stderr,
+			}
+			streamExecutor.On("Stream", expectedStreamOptions).Return(test.hookError)
+
+			err = podCommandExecutor.ExecutePodCommand(arktest.NewLogger(), pod, "namespace", "name", "hookName", &hook)
+			if test.expectedError != "" {
+				assert.EqualError(t, err, test.expectedError)
+				return
+			}
+
+			require.NoError(t, err)
+		})
+	}
+}
+
+func TestEnsureContainerExists(t *testing.T) {
+	pod := map[string]interface{}{
+		"spec": map[string]interface{}{
+			"containers": []interface{}{
+				map[string]interface{}{
+					"name": "foo",
+				},
+			},
+		},
+	}
+
+	err := ensureContainerExists(pod, "bar")
+	assert.EqualError(t, err, `no such container: "bar"`)
+
+	err = ensureContainerExists(pod, "foo")
+	assert.NoError(t, err)
+}
+
+type mockStreamExecutorFactory struct {
+	mock.Mock
+}
+
+func (f *mockStreamExecutorFactory) NewSPDYExecutor(config *rest.Config, method string, url *url.URL) (remotecommand.Executor, error) {
+	args := f.Called(config, method, url)
+	return args.Get(0).(remotecommand.Executor), args.Error(1)
+}
+
+type mockStreamExecutor struct {
+	mock.Mock
+	remotecommand.Executor
+}
+
+func (e *mockStreamExecutor) Stream(options remotecommand.StreamOptions) error {
+	args := e.Called(options)
+	return args.Error(0)
+}
+
+type mockPoster struct {
+	mock.Mock
+}
+
+func (p *mockPoster) Post() *rest.Request {
+	args := p.Called()
+	return args.Get(0).(*rest.Request)
+}