Fatal编程技术网
  • python/
  • 带烧瓶的API-Kubernetes Python

带烧瓶的API-Kubernetes Python

python kubernetes

带烧瓶的API-Kubernetes Python,python,kubernetes,Python,Kubernetes,我正在使用Flask开发一个API,将一些POST和GET请求路由到OpenVPN Pod中的Kubernetes Python客户端 但是,当一个请求向我的route revokecert发出POST命令时,它们会执行一个bash脚本,该脚本以一种交互方式用“是”确认我的请求。所以我得到一个返回状态200,但是证书没有被撤销,因为我不知道如何将值“yes”传递给bash 我的疑问是,是否有任何方法将此参数“yes”传递给bash 我已经尝试通过一个运行echo yes的变量,但它不起作用 AP

我正在使用Flask开发一个API,将一些POST和GET请求路由到OpenVPN Pod中的Kubernetes Python客户端

但是,当一个请求向我的route revokecert发出POST命令时,它们会执行一个bash脚本,该脚本以一种交互方式用“是”确认我的请求。所以我得到一个返回状态200,但是证书没有被撤销,因为我不知道如何将值“yes”传递给bash

我的疑问是,是否有任何方法将此参数“yes”传递给bash

我已经尝试通过一个运行echo yes的变量,但它不起作用

API路由配置

import flask
from flask import request, Response
import os
from kubernetes.client.rest import ApiException
import time
from kubernetes import client, config
import kubernetes.client
from kubernetes.stream import stream

app = flask.Flask(__name__)
app.config["DEBUG"] = True

configuration = kubernetes.client.Configuration()
configuration.api_key_prefix['authorization'] = 'Bearer'
configuration.api_key['authorization'] = 'MYTOKEN'
configuration.ssl_ca_cert= 'PATH_TO_CERT'
configuration.host = "DNS_CLUSTER"
api_instance = kubernetes.client.CoreV1Api(
    kubernetes.client.ApiClient(configuration))


@app.route('/', methods=['GET'])
def home():
    return "<h1>API Openvpn</h1>"

@app.route('/api/v1/createcert',methods=['POST'])
def createcert():
    if request.method == 'POST':
        pod_list = api_instance.list_namespaced_pod("openvpn")
        for pod in pod_list.items:
            print("Aplicando configuração ao POD:", pod.metadata.name)
        PodName=(pod.metadata.name)

        id = request.args.get('id', '')
        cmdAddCert = [
        "/etc/openvpn/setup/newClientCert.sh",
        (id),
        "1.1.1.1"
        ]
        resp = stream(api_instance.connect_post_namespaced_pod_exec,name=(PodName), namespace="openvpn", stderr=True,stdin=True, stdout=True, command=cmdAddCert)
    return (resp)

@app.route('/api/v1/createcert',methods=['GET'])
def getcert():
    if request.method == 'GET':
        id = request.args.get('id', '')
        cmdGetCert = [
    "cat",
    f"/etc/openvpn/certs/pki/{id}.ovpn"
    ]

    GetCert = stream(api_instance.connect_post_namespaced_pod_exec,name="openvpn-5c4c45888d-w9jht", namespace="openvpn", stderr=True,stdin=True, stdout=True, command=cmdGetCert)
    
    return Response(GetCert, mimetype='text/plain')

@app.route('/api/v1/revokecert',methods=['POST'])
def revokecert():
    if request.method == 'POST':
        pod_list = api_instance.list_namespaced_pod("openvpn")
        for pod in pod_list.items:
            print(pod.metadata.name)
        PodName=(pod.metadata.name)

        id = request.args.get('id', '')

        cmdrevokeCert = [
        '/etc/openvpn/setup/revokeClientCert.sh',
        (id),
        ]
        resp1 = stream(api_instance.connect_post_namespaced_pod_exec,name=(PodName), namespace="openvpn", stderr=True,stdin=False, tty=False, stdout=True, command=cmdrevokeCert)




app.run()

导入烧瓶
来自flask导入请求、响应
导入操作系统
从kubernetes.client.rest导入ApiException
导入时间
从kubernetes导入客户端,配置
导入kubernetes.client
从kubernetes.stream导入流
app=烧瓶。烧瓶(\uuuuu名称\uuuuuuu)
app.config[“DEBUG”]=True
configuration=kubernetes.client.configuration()
配置。api_密钥_前缀['authorization']='Bearer'
配置.api_密钥['authorization']=“MYTOKEN”
configuration.ssl\u ca\u cert='PATH\u TO\u cert'
configuration.host=“DNS\U群集”
api_实例=kubernetes.client.CoreV1Api(
kubernetes.client.ApiClient(配置))
@app.route('/',方法=['GET'])
def home():
返回“API Openvpn”
@app.route('/api/v1/createcert',methods=['POST'])
def createcert():
如果request.method==“POST”:
pod_list=api_实例。list_命名空间_pod(“openvpn”)
对于pod_列表中的pod项目:
打印(“Aplicando configuração POD:,POD.metadata.name)
PodName=(pod.metadata.name)
id=request.args.get('id','')
cmdAddCert=[
“/etc/openvpn/setup/newClientCert.sh”,
(id),
"1.1.1.1"
]
resp=stream(api\u instance.connect\u post\u namespaced\u pod\u exec,name=(PodName),namespace=“openvpn”,stderr=True,stdin=True,stdout=True,command=cmdAddCert)
返回(resp)
@app.route('/api/v1/createcert',methods=['GET'])
def getcert():
如果request.method==“GET”:
id=request.args.get('id','')
cmdGetCert=[
“猫”,
f“/etc/openvpn/certs/pki/{id}.ovpn”
]
GetCert=stream(api_instance.connect_post_namespaced_pod_exec,name=“openvpn-5C445888D-w9jht”,namespace=“openvpn”,stderr=True,stdin=True,stdout=True,command=cmdGetCert)
返回响应(GetCert,mimetype='text/plain')
@app.route('/api/v1/revokecert',methods=['POST'])
def revokecert():
如果request.method==“POST”:
pod_list=api_实例。list_命名空间_pod(“openvpn”)
对于pod_列表中的pod项目:
打印(pod.metadata.name)
PodName=(pod.metadata.name)
id=request.args.get('id','')
cmdrevokeCert=[
“/etc/openvpn/setup/revokeClientCert.sh”,
(id),
]
resp1=stream(api\u instance.connect\u post\u namespaced\u pod\u exec,name=(PodName),namespace=“openvpn”,stderr=True,stdin=False,tty=False,stdout=True,command=cmdrevokeCert)
app.run()
从API返回后