summaryrefslogtreecommitdiffstats
path: root/library/kubeclient_ca.py
diff options
context:
space:
mode:
authorScott Dodson <sdodson@redhat.com>2017-02-03 17:09:50 -0500
committerGitHub <noreply@github.com>2017-02-03 17:09:50 -0500
commitc8ddd41e0f1819cd9a23a0b5679b8d0360aec92a (patch)
tree182c37f192c8bec3f190fe57ff7d974c9d96ef8d /library/kubeclient_ca.py
parent87b0f005ee280540ec7afbd39f1a6b99a4c60ea3 (diff)
parent917e871843192b107776ce8459b87f3960e455ed (diff)
downloadopenshift-c8ddd41e0f1819cd9a23a0b5679b8d0360aec92a.tar.gz
openshift-c8ddd41e0f1819cd9a23a0b5679b8d0360aec92a.tar.bz2
openshift-c8ddd41e0f1819cd9a23a0b5679b8d0360aec92a.tar.xz
openshift-c8ddd41e0f1819cd9a23a0b5679b8d0360aec92a.zip
Merge pull request #2671 from abutcher/cert-redeploy-restructure
Restructure certificate redeploy playbooks
Diffstat (limited to 'library/kubeclient_ca.py')
-rw-r--r--library/kubeclient_ca.py90
1 files changed, 90 insertions, 0 deletions
diff --git a/library/kubeclient_ca.py b/library/kubeclient_ca.py
new file mode 100644
index 000000000..163624a76
--- /dev/null
+++ b/library/kubeclient_ca.py
@@ -0,0 +1,90 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# vim: expandtab:tabstop=4:shiftwidth=4
+
+''' kubeclient_ca ansible module '''
+
+import base64
+import yaml
+from ansible.module_utils.basic import AnsibleModule
+
+
+DOCUMENTATION = '''
+---
+module: kubeclient_ca
+short_description: Modify kubeclient certificate-authority-data
+author: Andrew Butcher
+requirements: [ ]
+'''
+EXAMPLES = '''
+- kubeclient_ca:
+ client_path: /etc/origin/master/admin.kubeconfig
+ ca_path: /etc/origin/master/ca-bundle.crt
+
+- slurp:
+ src: /etc/origin/master/ca-bundle.crt
+ register: ca_data
+- kubeclient_ca:
+ client_path: /etc/origin/master/admin.kubeconfig
+ ca_data: "{{ ca_data.content }}"
+'''
+
+
+def main():
+ ''' Modify kubeconfig located at `client_path`, setting the
+ certificate authority data to specified `ca_data` or contents of
+ `ca_path`.
+ '''
+
+ module = AnsibleModule( # noqa: F405
+ argument_spec=dict(
+ client_path=dict(required=True),
+ ca_data=dict(required=False, default=None),
+ ca_path=dict(required=False, default=None),
+ backup=dict(required=False, default=True, type='bool'),
+ ),
+ supports_check_mode=True,
+ mutually_exclusive=[['ca_data', 'ca_path']],
+ required_one_of=[['ca_data', 'ca_path']]
+ )
+
+ client_path = module.params['client_path']
+ ca_data = module.params['ca_data']
+ ca_path = module.params['ca_path']
+ backup = module.params['backup']
+
+ try:
+ with open(client_path) as client_config_file:
+ client_config_data = yaml.safe_load(client_config_file.read())
+
+ if ca_data is None:
+ with open(ca_path) as ca_file:
+ ca_data = base64.standard_b64encode(ca_file.read())
+
+ changes = []
+ # Naively update the CA information for each cluster in the
+ # kubeconfig.
+ for cluster in client_config_data['clusters']:
+ if cluster['cluster']['certificate-authority-data'] != ca_data:
+ cluster['cluster']['certificate-authority-data'] = ca_data
+ changes.append(cluster['name'])
+
+ if not module.check_mode:
+ if len(changes) > 0 and backup:
+ module.backup_local(client_path)
+
+ with open(client_path, 'w') as client_config_file:
+ client_config_string = yaml.dump(client_config_data, default_flow_style=False)
+ client_config_string = client_config_string.replace('\'\'', '""')
+ client_config_file.write(client_config_string)
+
+ return module.exit_json(changed=(len(changes) > 0))
+
+ # ignore broad-except error to avoid stack trace to ansible user
+ # pylint: disable=broad-except
+ except Exception as error:
+ return module.fail_json(msg=str(error))
+
+
+if __name__ == '__main__':
+ main()