making vn2 use a config file

src/confcom/azext_confcom/_params.py

@@ -134,80 +134,14 @@ def load_arguments(self, _):
             required=False,
             help="Path to the virtual kubelet yaml file",
         )
-
-        c.argument(
-            "configmaps",
-            options_list=("--configmaps"),
-            required=False,
-            help="Kubernetes config map filename",
-        )
-        c.argument(
-            "kubernetes_port",
-            options_list=("--kubernetes-port"),
-            required=False,
-            help="KUBERNETES_PORT environment variable (default 'tcp://10.0.0.1:443')",
-        )
-        c.argument(
-            "kubernetes_port_tcp",
-            options_list=("--kubernetes-port-tcp"),
-            required=False,
-            help="KUBERNETES_PORT_443_TCP environment variable (default 'tcp://10.0.0.1:443')",
-        )
         c.argument(
-            "kubernetes_port_tcp_addr",
-            options_list=("--kubernetes-port-tcp-addr"),
+            "podspec_config",
+            options_list=("--podspec-config", "-c"),
             required=False,
-            help="KUBERNETES_PORT_443_TCP_ADDRESS environment variable (default '10.0.0.1')",
-        )
-        c.argument(
-            "kubernetes_port_tcp_proto",
-            options_list=("--kubernetes-port-tcp-proto"),
-            required=False,
-            help="KUBERNETES_PORT_443_TCP_PROTO environment variable (default 'tcp')",
-        )
-        c.argument(
-            "kubernetes_service_host",
-            options_list=("--kubernetes-service-host"),
-            required=False,
-            help="KUBERNETES_SERVICE_HOST environment variable (default '10.0.0.1')",
-        )
-        c.argument(
-            "kubernetes_service_port",
-            options_list=("--kubernetes-service-port"),
-            required=False,
-            help="KUBERNETES_SERVICE_PORT environment variable (default '443')",
-        )
-        c.argument(
-            "kubernetes_service_port_https",
-            options_list=("--kubernetes-service-port-https"),
-            required=False,
-            help="KUBERNETES_SERVICE_PORT_HTTPS environment variable (default '443')",
-        )
-        c.argument(
-            "kubernetes_tcp_port",
-            options_list=("--kubernetes-tcp-port"),
-            required=False,
-            help="KUBERNETES_PORT_443_TCP_PORT environment variable (default '443')",
-        )
-        c.argument(
-            "output_file_name",
-            options_list=("--output-file-name"),
-            required=False,
-            help="Name of the output file (default 'arm-template.json')",
-        )
-        c.argument(
-            "print_json",
-            options_list=("--print-json"),
-            required=False,
-            help="Whether or not to print ARM template",
-        )
-        c.argument(
-            "secrets",
-            options_list=("--secrets"),
-            required=False,
-            help="Kubernetes secrets filename",
+            help="Path to the podspec config file",
         )
 
+
     with self.argument_context("confcom katapolicygen") as c:
         c.argument(
             "yaml_path",

src/confcom/azext_confcom/custom.py

@@ -9,11 +9,11 @@
 from pkg_resources import parse_version
 from knack.log import get_logger
 from azext_confcom.config import (
-    DEFAULT_REGO_FRAGMENTS, DATA_FOLDER, 
-    VIRTUAL_KUBELET_YAML_METADATA, 
-    VIRTUAL_KUBELET_YAML_ANNOTATIONS, 
-    VIRTUAL_KUBELET_YAML_SKU, 
-    VIRTUAL_KUBELET_YAML_SKU_NAME, 
+    DEFAULT_REGO_FRAGMENTS, DATA_FOLDER,
+    VIRTUAL_KUBELET_YAML_METADATA,
+    VIRTUAL_KUBELET_YAML_ANNOTATIONS,
+    VIRTUAL_KUBELET_YAML_SKU,
+    VIRTUAL_KUBELET_YAML_SKU_NAME,
     VIRTUAL_KUBELET_YAML_POLICY,
 )
 from azext_confcom import os_util
@@ -55,55 +55,20 @@ def acipolicygen_confcom(
     print_existing_policy: bool = False,
     faster_hashing: bool = False,
 
-    configmaps: str = "",
-    kubernetes_port: str = "",
-    kubernetes_port_tcp: str = "",
-    kubernetes_port_tcp_addr: str = "",
-    kubernetes_port_tcp_proto: str = "",
-    kubernetes_service_host: str = "",
-    kubernetes_service_port: str = "",
-    kubernetes_service_port_https: str = "",
-    kubernetes_tcp_port: str = "",
-    output_file_name: str = "arm-template.json",
-    print_json: str = "",
-    secrets: str = "",
+    podspec_config: str = "",
 ):
-    virtual_kubelet_args = [
-        configmaps,
-        kubernetes_port,
-        kubernetes_port_tcp,
-        kubernetes_port_tcp_addr,
-        kubernetes_port_tcp_proto,
-        kubernetes_service_host,
-        kubernetes_service_port,
-        kubernetes_service_port_https,
-        kubernetes_tcp_port,
-        output_file_name,
-        print_json,
-        secrets,
-    ]
-
-
-    if any(virtual_kubelet_args) and not virtual_kubelet_yaml_path:
+
+    virtual_kubelet_data = os_util.load_json_from_file(podspec_config)
+
+    if any(virtual_kubelet_data) and not virtual_kubelet_yaml_path:
         error_out(
             "Virtual Kubelet arguments can only be used with a Virtual Kubelet YAML file"
         )
     elif virtual_kubelet_yaml_path:
         virtual_kubelet_proxy = VirtualKubeletProxy()
         virtual_kubelet_proxy.generate_arm_template(
             virtual_kubelet_yaml_path,
-            configmaps=configmaps,
-            kubernetes_port=kubernetes_port,
-            kubernetes_port_tcp=kubernetes_port_tcp,
-            kubernetes_port_tcp_addr=kubernetes_port_tcp_addr,
-            kubernetes_port_tcp_proto=kubernetes_port_tcp_proto,
-            kubernetes_service_host=kubernetes_service_host,
-            kubernetes_service_port=kubernetes_service_port,
-            kubernetes_service_port_https=kubernetes_service_port_https,
-            kubernetes_tcp_port=kubernetes_tcp_port,
-            output_file_name=output_file_name,
-            print_json=print_json,
-            secrets=secrets,
+            **virtual_kubelet_data,
         )
         arm_template = virtual_kubelet_proxy.get_arm_template_path()
 
@@ -193,17 +158,18 @@ def acipolicygen_confcom(
 
         if validate_sidecar:
             exit_code = validate_sidecar_in_policy(policy, output_type == security_policy.OutputType.PRETTY_PRINT)
-        elif virtual_kubelet_yaml_path:
+        elif virtual_kubelet_yaml_path and not (print_policy_to_terminal or outraw or outraw_pretty_print):
             virtual_kubelet_yaml = os_util.load_yaml_from_file(virtual_kubelet_yaml_path)
             # Metadata to be added to virutal kubelet YAML
             needed_metadata = {
                 VIRTUAL_KUBELET_YAML_METADATA: {
                     VIRTUAL_KUBELET_YAML_ANNOTATIONS: {
-                        VIRTUAL_KUBELET_YAML_SKU: VIRTUAL_KUBELET_YAML_SKU_NAME, 
+                        VIRTUAL_KUBELET_YAML_SKU: VIRTUAL_KUBELET_YAML_SKU_NAME,
                         VIRTUAL_KUBELET_YAML_POLICY: policy.get_serialized_output(),
                     }
                 }
             }
+
             # Update virtual kubelet YAML with metadata
             deep_dict_update(needed_metadata, virtual_kubelet_yaml)
             os_util.write_yaml_to_file(virtual_kubelet_yaml_path, virtual_kubelet_yaml)

src/confcom/azext_confcom/template_util.py

@@ -55,13 +55,17 @@ def case_insensitive_dict_get(dictionary, search_key) -> Any:
             return dictionary[key]
     return None
 
+
 def deep_dict_update(source: dict, destination: dict):
     """
     https://stackoverflow.com/questions/20656135/python-deep-merge-dictionary-data
     """
     for key, value in source.items():
         if isinstance(value, dict):
             node = destination.setdefault(key, {})
+            if node is None:
+                destination[key] = {}
+                node = destination[key]
             deep_dict_update(value, node)
         else:
             destination[key] = value

src/confcom/azext_confcom/virtual_kubelet_proxy.py

@@ -104,7 +104,6 @@ def generate_arm_template(
         kubernetes_service_port_https: str = "",
         kubernetes_tcp_port: str = "",
         output_file_name: str = "arm-template.json",
-        print_json: str = "",
         secrets: str = "",
     ) -> None:
         VirtualKubeletProxy.arm_template_path = output_file_name
@@ -142,8 +141,6 @@ def generate_arm_template(
             arg_list += ["--kubernetes-tcp-port", f"{kubernetes_tcp_port}"]
         if output_file_name:
             arg_list += ["--output-file-name", f"{output_file_name}"]
-        if print_json:
-            arg_list += ["--print-json", f"{print_json}"]
         if secrets:
             arg_list += ["--secrets", f"{secrets}"]
 
@@ -183,4 +180,4 @@ def convert_to_pod_spec_helper(pod_dict):
     for key in possible_keys:
         if key in pod_dict:
             return convert_to_pod_spec_helper(pod_dict[key])
-    return {}
+    return {}

src/confcom/samples/kubelet_config.json

@@ -0,0 +1,13 @@
+{
+    "configmaps": "<configmap-file>.yaml",
+    "kubernetes_port": "",
+    "kubernetes_port_tcp": "",
+    "kubernetes_port_tcp_addr": "",
+    "kubernetes_port_tcp_proto": "",
+    "kubernetes_service_host": "",
+    "kubernetes_service_port": "",
+    "kubernetes_service_port_https": "",
+    "kubernetes_tcp_port": "",
+    "output_file_name": "arm-template.json",
+    "secrets": "<secrets-file>.yaml"
+}

src/confcom/setup.py

@@ -18,7 +18,7 @@
 
     logger.warn("Wheel is not available, disabling bdist_wheel hook")
 
-VERSION = "0.4.0"
+VERSION = "0.4.2-alpha"
 
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers