diff options
author | Scott Dodson <sdodson@redhat.com> | 2017-02-03 17:09:50 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-02-03 17:09:50 -0500 |
commit | c8ddd41e0f1819cd9a23a0b5679b8d0360aec92a (patch) | |
tree | 182c37f192c8bec3f190fe57ff7d974c9d96ef8d /library/kubeclient_ca.py | |
parent | 87b0f005ee280540ec7afbd39f1a6b99a4c60ea3 (diff) | |
parent | 917e871843192b107776ce8459b87f3960e455ed (diff) | |
download | openshift-c8ddd41e0f1819cd9a23a0b5679b8d0360aec92a.tar.gz openshift-c8ddd41e0f1819cd9a23a0b5679b8d0360aec92a.tar.bz2 openshift-c8ddd41e0f1819cd9a23a0b5679b8d0360aec92a.tar.xz openshift-c8ddd41e0f1819cd9a23a0b5679b8d0360aec92a.zip |
Merge pull request #2671 from abutcher/cert-redeploy-restructure
Restructure certificate redeploy playbooks
Diffstat (limited to 'library/kubeclient_ca.py')
-rw-r--r-- | library/kubeclient_ca.py | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/library/kubeclient_ca.py b/library/kubeclient_ca.py new file mode 100644 index 000000000..163624a76 --- /dev/null +++ b/library/kubeclient_ca.py @@ -0,0 +1,90 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# vim: expandtab:tabstop=4:shiftwidth=4 + +''' kubeclient_ca ansible module ''' + +import base64 +import yaml +from ansible.module_utils.basic import AnsibleModule + + +DOCUMENTATION = ''' +--- +module: kubeclient_ca +short_description: Modify kubeclient certificate-authority-data +author: Andrew Butcher +requirements: [ ] +''' +EXAMPLES = ''' +- kubeclient_ca: + client_path: /etc/origin/master/admin.kubeconfig + ca_path: /etc/origin/master/ca-bundle.crt + +- slurp: + src: /etc/origin/master/ca-bundle.crt + register: ca_data +- kubeclient_ca: + client_path: /etc/origin/master/admin.kubeconfig + ca_data: "{{ ca_data.content }}" +''' + + +def main(): + ''' Modify kubeconfig located at `client_path`, setting the + certificate authority data to specified `ca_data` or contents of + `ca_path`. + ''' + + module = AnsibleModule( # noqa: F405 + argument_spec=dict( + client_path=dict(required=True), + ca_data=dict(required=False, default=None), + ca_path=dict(required=False, default=None), + backup=dict(required=False, default=True, type='bool'), + ), + supports_check_mode=True, + mutually_exclusive=[['ca_data', 'ca_path']], + required_one_of=[['ca_data', 'ca_path']] + ) + + client_path = module.params['client_path'] + ca_data = module.params['ca_data'] + ca_path = module.params['ca_path'] + backup = module.params['backup'] + + try: + with open(client_path) as client_config_file: + client_config_data = yaml.safe_load(client_config_file.read()) + + if ca_data is None: + with open(ca_path) as ca_file: + ca_data = base64.standard_b64encode(ca_file.read()) + + changes = [] + # Naively update the CA information for each cluster in the + # kubeconfig. + for cluster in client_config_data['clusters']: + if cluster['cluster']['certificate-authority-data'] != ca_data: + cluster['cluster']['certificate-authority-data'] = ca_data + changes.append(cluster['name']) + + if not module.check_mode: + if len(changes) > 0 and backup: + module.backup_local(client_path) + + with open(client_path, 'w') as client_config_file: + client_config_string = yaml.dump(client_config_data, default_flow_style=False) + client_config_string = client_config_string.replace('\'\'', '""') + client_config_file.write(client_config_string) + + return module.exit_json(changed=(len(changes) > 0)) + + # ignore broad-except error to avoid stack trace to ansible user + # pylint: disable=broad-except + except Exception as error: + return module.fail_json(msg=str(error)) + + +if __name__ == '__main__': + main() |