diff options
186 files changed, 15124 insertions, 2178 deletions
diff --git a/.tito/packages/openshift-ansible b/.tito/packages/openshift-ansible index 3343cc789..f54838cfb 100644 --- a/.tito/packages/openshift-ansible +++ b/.tito/packages/openshift-ansible @@ -1 +1 @@ -3.6.8-1 ./ +3.6.13-1 ./ diff --git a/Dockerfile.rhel7 b/Dockerfile.rhel7 index f3d45837a..0d5a6038a 100644 --- a/Dockerfile.rhel7 +++ b/Dockerfile.rhel7 @@ -1,26 +1,41 @@ -FROM rhel7 +FROM openshift3/playbook2image -MAINTAINER Troy Dawson <tdawson@redhat.com> +MAINTAINER OpenShift Team <dev@lists.openshift.redhat.com> -LABEL Name="openshift3/installer" -LABEL Vendor="Red Hat" License=GPLv2+ -LABEL Version="v3.1.1.901" -LABEL Release="6" -LABEL BZComponent="aos3-installation-docker" -LABEL Architecture="x86_64" -LABEL io.k8s.description="Ansible code and playbooks for installing Openshift Container Platform." \ - io.k8s.display-name="Openshift Installer" \ - io.openshift.tags="openshift,installer" +LABEL name="openshift3/openshift-ansible" \ + summary="OpenShift's installation and configuration tool" \ + description="A containerized openshift-ansible image to let you run playbooks to install, upgrade, maintain and check an OpenShift cluster" \ + url="https://github.com/openshift/openshift-ansible" \ + io.k8s.display-name="openshift-ansible" \ + io.k8s.description="A containerized openshift-ansible image to let you run playbooks to install, upgrade, maintain and check an OpenShift cluster" \ + io.openshift.expose-services="" \ + io.openshift.tags="openshift,install,upgrade,ansible" \ + com.redhat.component="aos3-installation-docker" \ + version="v3.4.1" \ + release="1" \ + architecture="x86_64" -RUN INSTALL_PKGS="atomic-openshift-utils" && \ - yum install -y --enablerepo=rhel-7-server-ose-3.2-rpms $INSTALL_PKGS && \ - rpm -V $INSTALL_PKGS && \ +# Playbooks, roles and their dependencies are installed from packages. +# Unlike in Dockerfile, we don't invoke the 'assemble' script here +# because all content and dependencies (like 'oc') is already +# installed via yum. +USER root +RUN INSTALL_PKGS="atomic-openshift-utils atomic-openshift-clients" && \ + yum repolist > /dev/null && \ + yum-config-manager --enable rhel-7-server-ose-3.4-rpms && \ + yum install -y $INSTALL_PKGS && \ yum clean all -# Expect user to mount a workdir for container output (installer.cfg, hosts inventory, ansible log) -VOLUME /var/lib/openshift-installer/ -WORKDIR /var/lib/openshift-installer/ +USER ${USER_UID} -RUN mkdir -p /var/lib/openshift-installer/ +# The playbook to be run is specified via the PLAYBOOK_FILE env var. +# This sets a default of openshift_facts.yml as it's an informative playbook +# that can help test that everything is set properly (inventory, sshkeys). +# As the playbooks are installed via packages instead of being copied to +# $APP_HOME by the 'assemble' script, we set the WORK_DIR env var to the +# location of openshift-ansible. +ENV PLAYBOOK_FILE=playbooks/byo/openshift_facts.yml \ + WORK_DIR=/usr/share/ansible/openshift-ansible \ + OPTS="-v" -ENTRYPOINT ["/usr/bin/atomic-openshift-installer", "-c", "/var/lib/openshift-installer/installer.cfg", "--ansible-log-path", "/var/lib/openshift-installer/ansible.log"] +CMD [ "/usr/libexec/s2i/run" ] diff --git a/filter_plugins/openshift_version.py b/filter_plugins/openshift_version.py new file mode 100644 index 000000000..1403e9dcc --- /dev/null +++ b/filter_plugins/openshift_version.py @@ -0,0 +1,129 @@ +#!/usr/bin/python + +# -*- coding: utf-8 -*- +# vim: expandtab:tabstop=4:shiftwidth=4 +""" +Custom version comparison filters for use in openshift-ansible +""" + +# pylint can't locate distutils.version within virtualenv +# https://github.com/PyCQA/pylint/issues/73 +# pylint: disable=no-name-in-module, import-error +from distutils.version import LooseVersion + + +def legacy_gte_function_builder(name, versions): + """ + Build and return a version comparison function. + + Ex: name = 'oo_version_gte_3_1_or_1_1' + versions = {'enterprise': '3.1', 'origin': '1.1'} + + returns oo_version_gte_3_1_or_1_1, a function which based on the + version and deployment type will return true if the provided + version is greater than or equal to the function's version + """ + enterprise_version = versions['enterprise'] + origin_version = versions['origin'] + + def _gte_function(version, deployment_type): + """ + Dynamic function created by gte_function_builder. + + Ex: version = '3.1' + deployment_type = 'openshift-enterprise' + returns True/False + """ + version_gte = False + if 'enterprise' in deployment_type: + if str(version) >= LooseVersion(enterprise_version): + version_gte = True + elif 'origin' in deployment_type: + if str(version) >= LooseVersion(origin_version): + version_gte = True + return version_gte + _gte_function.__name__ = name + return _gte_function + + +def gte_function_builder(name, gte_version): + """ + Build and return a version comparison function. + + Ex: name = 'oo_version_gte_3_6' + version = '3.6' + + returns oo_version_gte_3_6, a function which based on the + version will return true if the provided version is greater + than or equal to the function's version + """ + def _gte_function(version): + """ + Dynamic function created by gte_function_builder. + + Ex: version = '3.1' + returns True/False + """ + version_gte = False + if str(version) >= LooseVersion(gte_version): + version_gte = True + return version_gte + _gte_function.__name__ = name + return _gte_function + + +# pylint: disable=too-few-public-methods +class FilterModule(object): + """ + Filters for version checking. + """ + # Each element of versions is composed of (major, minor_start, minor_end) + # Origin began versioning 3.x with 3.6, so begin 3.x with 3.6. + versions = [(3, 6, 10)] + + def __init__(self): + """ + Creates a new FilterModule for ose version checking. + """ + self._filters = {} + + # For each set of (major, minor, minor_iterations) + for major, minor_start, minor_end in self.versions: + # For each minor version in the range + for minor in range(minor_start, minor_end): + # Create the function name + func_name = 'oo_version_gte_{}_{}'.format(major, minor) + # Create the function with the builder + func = gte_function_builder(func_name, "{}.{}.0".format(major, minor)) + # Add the function to the mapping + self._filters[func_name] = func + + # Create filters with special versioning requirements. + # Treat all Origin 1.x as special case. + legacy_filters = [{'name': 'oo_version_gte_3_1_or_1_1', + 'versions': {'enterprise': '3.0.2.905', + 'origin': '1.1.0'}}, + {'name': 'oo_version_gte_3_1_1_or_1_1_1', + 'versions': {'enterprise': '3.1.1', + 'origin': '1.1.1'}}, + {'name': 'oo_version_gte_3_2_or_1_2', + 'versions': {'enterprise': '3.1.1.901', + 'origin': '1.2.0'}}, + {'name': 'oo_version_gte_3_3_or_1_3', + 'versions': {'enterprise': '3.3.0', + 'origin': '1.3.0'}}, + {'name': 'oo_version_gte_3_4_or_1_4', + 'versions': {'enterprise': '3.4.0', + 'origin': '1.4.0'}}, + {'name': 'oo_version_gte_3_5_or_1_5', + 'versions': {'enterprise': '3.5.0', + 'origin': '1.5.0'}}] + for legacy_filter in legacy_filters: + self._filters[legacy_filter['name']] = legacy_gte_function_builder(legacy_filter['name'], + legacy_filter['versions']) + + def filters(self): + """ + Return the filters mapping. + """ + return self._filters diff --git a/inventory/byo/hosts.openstack b/inventory/byo/hosts.openstack index ea7e905cb..c648078c4 100644 --- a/inventory/byo/hosts.openstack +++ b/inventory/byo/hosts.openstack @@ -15,7 +15,7 @@ ansible_become=yes # Debug level for all OpenShift components (Defaults to 2) debug_level=2 -deployment_type=openshift-enterprise +openshift_deployment_type=openshift-enterprise openshift_additional_repos=[{'id': 'ose-3.1', 'name': 'ose-3.1', 'baseurl': 'http://pulp.dist.prod.ext.phx2.redhat.com/content/dist/rhel/server/7/7Server/x86_64/ose/3.1/os', 'enabled': 1, 'gpgcheck': 0}] diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 033ce8a82..d61f033f8 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -23,7 +23,7 @@ ansible_ssh_user=root debug_level=2 # deployment type valid values are origin, online, atomic-enterprise and openshift-enterprise -deployment_type=origin +openshift_deployment_type=origin # Specify the generic release of OpenShift to install. This is used mainly just during installation, after which we # rely on the version running on the first master. Works best for containerized installs where we can usually @@ -91,6 +91,10 @@ openshift_release=v1.5 # Specify exact version of etcd to configure or upgrade to. # etcd_version="3.1.0" +# Enable etcd debug logging, defaults to false +# etcd_debug=true +# Set etcd log levels by package +# etcd_log_package_levels="etcdserver=WARNING,security=DEBUG" # Upgrade Hooks # @@ -384,6 +388,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # based on the number of nodes matching the openshift registry selector. #openshift_hosted_registry_replicas=2 # +# Validity of the auto-generated certificate in days (optional) +#openshift_hosted_registry_cert_expire_days=730 +# # Disable management of the OpenShift Registry #openshift_hosted_manage_registry=false @@ -750,6 +757,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # by deployment_type=origin #openshift_enable_origin_repo=false +# Validity of the auto-generated certificates in days. +# See also openshift_hosted_registry_cert_expire_days above. +# +#openshift_ca_cert_expire_days=1825 +#openshift_node_cert_expire_days=730 +#openshift_master_cert_expire_days=730 + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 49bcb7405..823d6f58f 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -23,7 +23,7 @@ ansible_ssh_user=root debug_level=2 # deployment type valid values are origin, online, atomic-enterprise, and openshift-enterprise -deployment_type=openshift-enterprise +openshift_deployment_type=openshift-enterprise # Specify the generic release of OpenShift to install. This is used mainly just during installation, after which we # rely on the version running on the first master. Works best for containerized installs where we can usually @@ -91,6 +91,10 @@ openshift_release=v3.5 # Specify exact version of etcd to configure or upgrade to. # etcd_version="3.1.0" +# Enable etcd debug logging, defaults to false +# etcd_debug=true +# Set etcd log levels by package +# etcd_log_package_levels="etcdserver=WARNING,security=DEBUG" # Upgrade Hooks # @@ -384,6 +388,9 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # based on the number of nodes matching the openshift registry selector. #openshift_hosted_registry_replicas=2 # +# Validity of the auto-generated certificate in days (optional) +#openshift_hosted_registry_cert_expire_days=730 +# # Disable management of the OpenShift Registry #openshift_hosted_manage_registry=false @@ -747,6 +754,13 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', # Enable API service auditing, available as of 3.2 #openshift_master_audit_config={"basicAuditEnabled": true} +# Validity of the auto-generated certificates in days. +# See also openshift_hosted_registry_cert_expire_days above. +# +#openshift_ca_cert_expire_days=1825 +#openshift_node_cert_expire_days=730 +#openshift_master_cert_expire_days=730 + # host group for masters [masters] ose3-master[1:3]-ansible.test.example.com diff --git a/openshift-ansible.spec b/openshift-ansible.spec index a80f72c07..02c46724d 100644 --- a/openshift-ansible.spec +++ b/openshift-ansible.spec @@ -9,7 +9,7 @@ %global __requires_exclude ^/usr/bin/ansible-playbook$ Name: openshift-ansible -Version: 3.6.8 +Version: 3.6.13 Release: 1%{?dist} Summary: Openshift and Atomic Enterprise Ansible License: ASL 2.0 @@ -270,6 +270,90 @@ Atomic OpenShift Utilities includes %changelog +* Fri Mar 31 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.13-1 +- fixed decode switch so it works on OSX (stobias@harborfreight.com) +- Wait for firewalld polkit policy to be defined (sdodson@redhat.com) +- Correct copy task to use remote source (rteague@redhat.com) +- validate and normalize inventory variables (lmeyer@redhat.com) +- Fixed spacing. (kwoodson@redhat.com) +- Fixed docs. Fixed add_resource. (kwoodson@redhat.com) +- Fixing linting for spaces. (kwoodson@redhat.com) +- Removing initial setting of metrics image prefix and version + (ewolinet@redhat.com) +- Adding clusterrole to the toolbox. (kwoodson@redhat.com) +- Fixed a bug in oc_volume. (kwoodson@redhat.com) +- Adding a few more test cases. Fixed a bug when key was empty. Safeguard + against yedit module being passed an empty key (kwoodson@redhat.com) +- Added the ability to do multiple edits (kwoodson@redhat.com) +- fix es config merge so template does not need quoting. gen then merge + (jcantril@redhat.com) + +* Thu Mar 30 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.12-1 +- Update example inventory files to mention certificate validity parameters. + (vsemushi@redhat.com) +- openshift_hosted: add openshift_hosted_registry_cert_expire_days parameter. + (vsemushi@redhat.com) +- oc_adm_ca_server_cert.py: re-generate. (vsemushi@redhat.com) +- oc_adm_ca_server_cert: add expire_days parameter. (vsemushi@redhat.com) +- openshift_ca: add openshift_ca_cert_expire_days and + openshift_master_cert_expire_days parameters. (vsemushi@redhat.com) +- redeploy-certificates/registry.yml: add + openshift_hosted_registry_cert_expire_days parameter. (vsemushi@redhat.com) +- openshift_master_certificates: add openshift_master_cert_expire_days + parameter. (vsemushi@redhat.com) +- openshift_node_certificates: add openshift_node_cert_expire_days parameter. + (vsemushi@redhat.com) +- Update Dockerfile.rhel7 to reflect changes to Dockerfile (pep@redhat.com) + +* Wed Mar 29 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.11-1 +- Add etcd_debug and etcd_log_package_levels variables (sdodson@redhat.com) +- Make the OCP available version detection excluder free (jchaloup@redhat.com) +- Add test scaffold for docker_image_availability.py (rhcarvalho@gmail.com) +- Add unit tests for package_version.py (rhcarvalho@gmail.com) +- Add unit tests for package_update.py (rhcarvalho@gmail.com) +- Add unit tests for package_availability.py (rhcarvalho@gmail.com) +- Add unit tests for mixins.py (rhcarvalho@gmail.com) +- Test recursively finding subclasses (rhcarvalho@gmail.com) +- Test OpenShift health check loader (rhcarvalho@gmail.com) +- Rename module_executor -> execute_module (rhcarvalho@gmail.com) +- Use oo_version_gte_3_6+ for future versions and treat 1.x origin as legacy. + Add tests. (abutcher@redhat.com) +- Added 3.5 -> 3.6 upgrade playbooks (skuznets@redhat.com) +- Add oo_version_gte_X_X_or_Y_Y version comparison filters. + (abutcher@redhat.com) + +* Tue Mar 28 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.10-1 +- Use meta/main.yml for role dependencies (rteague@redhat.com) +- Upgrade specific rpms instead of just master/node. (dgoodwin@redhat.com) +- Adding namespace to doc. (kwoodson@redhat.com) +- Add calico. (djosborne10@gmail.com) +- Fixing up test cases, linting, and added a return. (kwoodson@redhat.com) +- first step in ocimage (ihorvath@redhat.com) +- ocimage (ihorvath@redhat.com) +- Setting defaults on openshift_hosted. (kwoodson@redhat.com) +- rebase and regenerate (jdiaz@redhat.com) +- fix up things flagged by flake8 (jdiaz@redhat.com) +- clean up and clarify docs/comments (jdiaz@redhat.com) +- add oc_user ansible module (jdiaz@redhat.com) +- Fix etcd cert generation (djosborne10@gmail.com) + +* Sat Mar 25 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.9-1 +- Found this while searching the metrics role for logging, is this wrong? + (sdodson@redhat.com) +- Fix overriding openshift_{logging,metrics}_image_prefix (sdodson@redhat.com) +- Make linter happy (sdodson@redhat.com) +- Specify enterprise defaults for logging and metrics images + (sdodson@redhat.com) +- Update s2i-dotnetcore content (sdodson@redhat.com) +- Stop all services before upgrading openvswitch (sdodson@redhat.com) +- Bug 1434300 - Log entries are generated in ES after deployed logging stacks + via ansible, but can not be found in kibana. (rmeggins@redhat.com) +- Adding error checking to the delete. (kwoodson@redhat.com) +- Updated comment. (kwoodson@redhat.com) +- Fixed doc. Updated test to change existing key. Updated module spec for + required name param. (kwoodson@redhat.com) +- Adding oc_configmap to lib_openshift. (kwoodson@redhat.com) + * Fri Mar 24 2017 Jenkins CD Merge Bot <tdawson@redhat.com> 3.6.8-1 - vendor patched upstream docker_container module. (jvallejo@redhat.com) - add docker_image_availability check (jvallejo@redhat.com) diff --git a/playbooks/aws/openshift-cluster/config.yml b/playbooks/aws/openshift-cluster/config.yml index d60b68885..8d64b0521 100644 --- a/playbooks/aws/openshift-cluster/config.yml +++ b/playbooks/aws/openshift-cluster/config.yml @@ -33,5 +33,6 @@ openshift_use_openshift_sdn: "{{ lookup('oo_option', 'use_openshift_sdn') }}" os_sdn_network_plugin_name: "{{ lookup('oo_option', 'sdn_network_plugin_name') }}" openshift_use_flannel: "{{ lookup('oo_option', 'use_flannel') }}" + openshift_use_calico: "{{ lookup('oo_option', 'use_calico') }}" openshift_use_fluentd: "{{ lookup('oo_option', 'use_fluentd') }}" openshift_use_dnsmasq: false diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml index 86eff4ca4..4db0720d0 100644 --- a/playbooks/byo/openshift-cluster/config.yml +++ b/playbooks/byo/openshift-cluster/config.yml @@ -7,5 +7,4 @@ vars: openshift_cluster_id: "{{ cluster_id | default('default') }}" openshift_debug_level: "{{ debug_level | default(2) }}" - openshift_deployment_type: "{{ deployment_type }}" openshift_deployment_subtype: "{{ deployment_subtype | default(none) }}" diff --git a/playbooks/byo/openshift-cluster/openshift-logging.yml b/playbooks/byo/openshift-cluster/openshift-logging.yml index eebfcd20d..f8eebe898 100644 --- a/playbooks/byo/openshift-cluster/openshift-logging.yml +++ b/playbooks/byo/openshift-cluster/openshift-logging.yml @@ -32,4 +32,3 @@ vars: openshift_cluster_id: "{{ cluster_id | default('default') }}" openshift_debug_level: "{{ debug_level | default(2) }}" - openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml index d5fd7c424..5feb33be4 100644 --- a/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/docker/upgrade.yml @@ -30,7 +30,6 @@ g_new_master_hosts: [] g_new_node_hosts: [] openshift_cluster_id: "{{ cluster_id | default('default') }}" - openshift_deployment_type: "{{ deployment_type }}" - include: ../../../../common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_6/README.md new file mode 100644 index 000000000..930cc753c --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/README.md @@ -0,0 +1,18 @@ +# v3.5 Major and Minor Upgrade Playbook + +## Overview +This playbook currently performs the +following steps. + + * Upgrade and restart master services + * Unschedule node. + * Upgrade and restart docker + * Upgrade and restart node services + * Modifies the subset of the configuration necessary + * Applies the latest cluster policies + * Updates the default router if one exists + * Updates the default registry if one exists + * Updates image streams and quickstarts + +## Usage +ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/roles b/playbooks/byo/openshift-cluster/upgrades/v3_6/roles new file mode 120000 index 000000000..6bc1a7aef --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/roles @@ -0,0 +1 @@ +../../../../../roles
\ No newline at end of file diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml new file mode 100644 index 000000000..900bbc8d8 --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade.yml @@ -0,0 +1,111 @@ +--- +# +# Full Control Plane + Nodes Upgrade +# +- include: ../../../../common/openshift-cluster/upgrades/init.yml + tags: + - pre_upgrade + +- name: Configure the upgrade target for the common upgrade tasks + hosts: l_oo_all_hosts + tags: + - pre_upgrade + tasks: + - set_fact: + openshift_upgrade_target: '3.6' + openshift_upgrade_min: "{{ '1.5' if deployment_type == 'origin' else '3.5' }}" + +# Pre-upgrade + +- include: ../../../../common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml + tags: + - pre_upgrade + +- name: Update repos and initialize facts on all hosts + hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config + tags: + - pre_upgrade + roles: + - openshift_repos + +- name: Set openshift_no_proxy_internal_hostnames + hosts: oo_masters_to_config:oo_nodes_to_upgrade + tags: + - pre_upgrade + tasks: + - set_fact: + openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + | union(groups['oo_masters_to_config']) + | union(groups['oo_etcd_to_config'] | default([]))) + | oo_collect('openshift.common.hostname') | default([]) | join (',') + }}" + when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and + openshift_generate_no_proxy_hosts | default(True) | bool }}" + +- include: ../../../../common/openshift-cluster/upgrades/pre/verify_inventory_vars.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-cluster/upgrades/disable_excluder.yml + tags: + - pre_upgrade + +# Note: During upgrade the openshift excluder is not unexcluded inside the initialize_openshift_version.yml play. +# So it is necassary to run the play after running disable_excluder.yml. +- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml + tags: + - pre_upgrade + vars: + # Request specific openshift_release and let the openshift_version role handle converting this + # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if + # defined, and overriding the normal behavior of protecting the installed version + openshift_release: "{{ openshift_upgrade_target }}" + openshift_protect_installed_version: False + + # We skip the docker role at this point in upgrade to prevent + # unintended package, container, or config upgrades which trigger + # docker restarts. At this early stage of upgrade we can assume + # docker is configured and running. + skip_docker_role: True + +- include: ../../../../common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-master/validate_restart.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-cluster/upgrades/pre/verify_docker_upgrade_targets.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-cluster/upgrades/v3_6/validator.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-cluster/upgrades/pre/gate_checks.yml + tags: + - pre_upgrade + +# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. + +# Separate step so we can execute in parallel and clear out anything unused +# before we get into the serialized upgrade process which will then remove +# remaining images if possible. +- name: Cleanup unused Docker images + hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config + tasks: + - include: ../../../../common/openshift-cluster/upgrades/cleanup_unused_images.yml + +- include: ../../../../common/openshift-cluster/upgrades/upgrade_control_plane.yml + +- include: ../../../../common/openshift-cluster/upgrades/upgrade_nodes.yml + +- include: ../../../../common/openshift-cluster/upgrades/post_control_plane.yml + +- include: ../../../../common/openshift-cluster/upgrades/v3_6/storage_upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml new file mode 100644 index 000000000..5bd0f7ac5 --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml @@ -0,0 +1,115 @@ +--- +# +# Control Plane Upgrade Playbook +# +# Upgrades masters and Docker (only on standalone etcd hosts) +# +# This upgrade does not include: +# - node service running on masters +# - docker running on masters +# - node service running on dedicated nodes +# +# You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. +# +- include: ../../../../common/openshift-cluster/upgrades/init.yml + tags: + - pre_upgrade + +# Configure the upgrade target for the common upgrade tasks: +- hosts: l_oo_all_hosts + tags: + - pre_upgrade + tasks: + - set_fact: + openshift_upgrade_target: '3.6' + openshift_upgrade_min: "{{ '1.5' if deployment_type == 'origin' else '3.5' }}" + +# Pre-upgrade +- include: ../../../../common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml + tags: + - pre_upgrade + +- name: Update repos on control plane hosts + hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config + tags: + - pre_upgrade + roles: + - openshift_repos + +- name: Set openshift_no_proxy_internal_hostnames + hosts: oo_masters_to_config:oo_nodes_to_upgrade + tags: + - pre_upgrade + tasks: + - set_fact: + openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + | union(groups['oo_masters_to_config']) + | union(groups['oo_etcd_to_config'] | default([]))) + | oo_collect('openshift.common.hostname') | default([]) | join (',') + }}" + when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and + openshift_generate_no_proxy_hosts | default(True) | bool }}" + +- include: ../../../../common/openshift-cluster/upgrades/pre/verify_inventory_vars.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-cluster/upgrades/disable_excluder.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml + tags: + - pre_upgrade + vars: + # Request specific openshift_release and let the openshift_version role handle converting this + # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if + # defined, and overriding the normal behavior of protecting the installed version + openshift_release: "{{ openshift_upgrade_target }}" + openshift_protect_installed_version: False + + # We skip the docker role at this point in upgrade to prevent + # unintended package, container, or config upgrades which trigger + # docker restarts. At this early stage of upgrade we can assume + # docker is configured and running. + skip_docker_role: True + +- include: ../../../../common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-master/validate_restart.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-cluster/upgrades/pre/verify_docker_upgrade_targets.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-cluster/upgrades/v3_6/validator.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-cluster/upgrades/pre/gate_checks.yml + tags: + - pre_upgrade + +# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. + +# Separate step so we can execute in parallel and clear out anything unused +# before we get into the serialized upgrade process which will then remove +# remaining images if possible. +- name: Cleanup unused Docker images + hosts: oo_masters_to_config:oo_etcd_to_config + tasks: + - include: ../../../../common/openshift-cluster/upgrades/cleanup_unused_images.yml + +- include: ../../../../common/openshift-cluster/upgrades/upgrade_control_plane.yml + +- include: ../../../../common/openshift-cluster/upgrades/post_control_plane.yml + +- include: ../../../../common/openshift-cluster/upgrades/v3_6/storage_upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml new file mode 100644 index 000000000..96d89dbdd --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml @@ -0,0 +1,104 @@ +--- +# +# Node Upgrade Playbook +# +# Upgrades nodes only, but requires the control plane to have already been upgraded. +# +- include: ../../../../common/openshift-cluster/upgrades/init.yml + tags: + - pre_upgrade + +# Configure the upgrade target for the common upgrade tasks: +- hosts: l_oo_all_hosts + tags: + - pre_upgrade + tasks: + - set_fact: + openshift_upgrade_target: '3.6' + openshift_upgrade_min: "{{ '1.5' if deployment_type == 'origin' else '3.5' }}" + +# Pre-upgrade +- include: ../../../../common/openshift-cluster/upgrades/initialize_nodes_to_upgrade.yml + tags: + - pre_upgrade + +- name: Update repos on nodes + hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config + roles: + - openshift_repos + tags: + - pre_upgrade + +- name: Set openshift_no_proxy_internal_hostnames + hosts: oo_masters_to_config:oo_nodes_to_upgrade + tags: + - pre_upgrade + tasks: + - set_fact: + openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_upgrade'] + | union(groups['oo_masters_to_config']) + | union(groups['oo_etcd_to_config'] | default([]))) + | oo_collect('openshift.common.hostname') | default([]) | join (',') + }}" + when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and + openshift_generate_no_proxy_hosts | default(True) | bool }}" + +- include: ../../../../common/openshift-cluster/upgrades/pre/verify_inventory_vars.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-cluster/upgrades/disable_excluder.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml + tags: + - pre_upgrade + vars: + # Request specific openshift_release and let the openshift_version role handle converting this + # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if + # defined, and overriding the normal behavior of protecting the installed version + openshift_release: "{{ openshift_upgrade_target }}" + openshift_protect_installed_version: False + + # We skip the docker role at this point in upgrade to prevent + # unintended package, container, or config upgrades which trigger + # docker restarts. At this early stage of upgrade we can assume + # docker is configured and running. + skip_docker_role: True + +- name: Verify masters are already upgraded + hosts: oo_masters_to_config + tags: + - pre_upgrade + tasks: + - fail: msg="Master running {{ openshift.common.version }} must be upgraded to {{ openshift_version }} before node upgrade can be run." + when: openshift.common.version != openshift_version + +- include: ../../../../common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-cluster/upgrades/pre/verify_docker_upgrade_targets.yml + tags: + - pre_upgrade + +- include: ../../../../common/openshift-cluster/upgrades/pre/gate_checks.yml + tags: + - pre_upgrade + +# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. + +# Separate step so we can execute in parallel and clear out anything unused +# before we get into the serialized upgrade process which will then remove +# remaining images if possible. +- name: Cleanup unused Docker images + hosts: oo_nodes_to_upgrade + tasks: + - include: ../../../../common/openshift-cluster/upgrades/cleanup_unused_images.yml + +- include: ../../../../common/openshift-cluster/upgrades/upgrade_nodes.yml diff --git a/playbooks/byo/openshift-etcd/restart.yml b/playbooks/byo/openshift-etcd/restart.yml index 6713f07e3..19403116d 100644 --- a/playbooks/byo/openshift-etcd/restart.yml +++ b/playbooks/byo/openshift-etcd/restart.yml @@ -4,5 +4,3 @@ - always - include: ../../common/openshift-etcd/restart.yml - vars: - openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-master/restart.yml b/playbooks/byo/openshift-master/restart.yml index 2d20f69f4..21e4cff1b 100644 --- a/playbooks/byo/openshift-master/restart.yml +++ b/playbooks/byo/openshift-master/restart.yml @@ -4,5 +4,3 @@ - always - include: ../../common/openshift-master/restart.yml - vars: - openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-master/scaleup.yml b/playbooks/byo/openshift-master/scaleup.yml index 7075bb59e..a5705e990 100644 --- a/playbooks/byo/openshift-master/scaleup.yml +++ b/playbooks/byo/openshift-master/scaleup.yml @@ -27,4 +27,3 @@ vars: openshift_cluster_id: "{{ cluster_id | default('default') }}" openshift_debug_level: "{{ debug_level | default(2) }}" - openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-node/restart.yml b/playbooks/byo/openshift-node/restart.yml index 3985a83bb..6861625b9 100644 --- a/playbooks/byo/openshift-node/restart.yml +++ b/playbooks/byo/openshift-node/restart.yml @@ -4,5 +4,3 @@ - always - include: ../../common/openshift-node/restart.yml - vars: - openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/byo/openshift-node/scaleup.yml b/playbooks/byo/openshift-node/scaleup.yml index 2b10b6c76..88d236b53 100644 --- a/playbooks/byo/openshift-node/scaleup.yml +++ b/playbooks/byo/openshift-node/scaleup.yml @@ -27,6 +27,5 @@ vars: openshift_cluster_id: "{{ cluster_id | default('default') }}" openshift_debug_level: "{{ debug_level | default(2) }}" - openshift_deployment_type: "{{ deployment_type }}" openshift_master_etcd_hosts: "{{ groups.etcd | default([]) }}" openshift_master_etcd_port: 2379 diff --git a/playbooks/byo/rhel_subscribe.yml b/playbooks/byo/rhel_subscribe.yml index 65c0b1c01..8c6d77024 100644 --- a/playbooks/byo/rhel_subscribe.yml +++ b/playbooks/byo/rhel_subscribe.yml @@ -5,8 +5,6 @@ - name: Subscribe hosts, update repos and update OS packages hosts: l_oo_all_hosts - vars: - openshift_deployment_type: "{{ deployment_type }}" roles: - role: rhel_subscribe when: deployment_type in ['atomic-enterprise', 'enterprise', 'openshift-enterprise'] and diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index ff4c4b0d7..1b967b7f1 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -27,9 +27,6 @@ when: openshift_docker_selinux_enabled is not defined - include: disable_excluder.yml - vars: - # the excluders needs to be disabled no matter what status says - with_status_check: false tags: - always diff --git a/playbooks/common/openshift-cluster/enable_dnsmasq.yml b/playbooks/common/openshift-cluster/enable_dnsmasq.yml index ca5177852..5425f448f 100644 --- a/playbooks/common/openshift-cluster/enable_dnsmasq.yml +++ b/playbooks/common/openshift-cluster/enable_dnsmasq.yml @@ -56,8 +56,6 @@ - role: node local_facts: dns_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" - vars: - openshift_deployment_type: "{{ deployment_type }}" roles: - openshift_node_dnsmasq post_tasks: diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml index 18f99728c..9cebecd68 100644 --- a/playbooks/common/openshift-cluster/initialize_facts.yml +++ b/playbooks/common/openshift-cluster/initialize_facts.yml @@ -15,5 +15,3 @@ hostname: "{{ openshift_hostname | default(None) }}" - set_fact: openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" - - set_fact: - openshift_deployment_type: "{{ deployment_type }}" diff --git a/playbooks/common/openshift-cluster/initialize_openshift_version.yml b/playbooks/common/openshift-cluster/initialize_openshift_version.yml index 1f74e929f..07b38920f 100644 --- a/playbooks/common/openshift-cluster/initialize_openshift_version.yml +++ b/playbooks/common/openshift-cluster/initialize_openshift_version.yml @@ -18,18 +18,6 @@ msg: Incompatible versions of yum and subscription-manager found. You may need to update yum and yum-utils. when: "not openshift.common.is_atomic | bool and 'Plugin \"search-disabled-repos\" requires API 2.7. Supported API is 2.6.' in yum_ver_test.stdout" -# TODO(jchaloup): find a different way how to make repoquery --qf '%version` atomic-openshift work without disabling the excluders -- include: disable_excluder.yml - vars: - # the excluders needs to be disabled no matter what status says - with_status_check: false - # Only openshift excluder needs to be temporarily disabled - # So ignore the docker one - enable_docker_excluder: false - tags: - - always - when: openshift_upgrade_target is not defined - - name: Determine openshift_version to configure on first master hosts: oo_first_master roles: @@ -44,13 +32,3 @@ openshift_version: "{{ hostvars[groups.oo_first_master.0].openshift_version }}" roles: - openshift_version - - # Re-enable excluders if they are meant to be enabled (and only during installation, upgrade disables the excluders before this play) -- include: reset_excluder.yml - vars: - # Only openshift excluder needs to be re-enabled - # So ignore the docker one - enable_docker_excluder: false - tags: - - always - when: openshift_upgrade_target is not defined diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml index 6771cc98d..e82996cf4 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/registry.yml @@ -48,10 +48,6 @@ # Replace dc/docker-registry certificate secret contents if set. - block: - - name: Load lib_openshift modules - include_role: - name: lib_openshift - - name: Retrieve registry service IP oc_service: namespace: default @@ -73,6 +69,9 @@ --hostnames="{{ docker_registry_service_ip.results.clusterip }},docker-registry.default.svc.cluster.local,{{ docker_registry_route_hostname }}" --cert={{ openshift.common.config_base }}/master/registry.crt --key={{ openshift.common.config_base }}/master/registry.key + {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} + --expire-days={{ openshift_hosted_registry_cert_expire_days | default(730) }} + {% endif %} - name: Update registry certificates secret oc_secret: diff --git a/playbooks/common/openshift-cluster/std_include.yml b/playbooks/common/openshift-cluster/std_include.yml index 078991b12..74cc1d527 100644 --- a/playbooks/common/openshift-cluster/std_include.yml +++ b/playbooks/common/openshift-cluster/std_include.yml @@ -22,8 +22,6 @@ - always tasks: - include_vars: ../../byo/openshift-cluster/cluster_hosts.yml - - set_fact: - openshift_deployment_type: "{{ deployment_type }}" - include: evaluate_groups.yml tags: diff --git a/playbooks/common/openshift-cluster/update_repos_and_packages.yml b/playbooks/common/openshift-cluster/update_repos_and_packages.yml index b83e4d821..be956fca5 100644 --- a/playbooks/common/openshift-cluster/update_repos_and_packages.yml +++ b/playbooks/common/openshift-cluster/update_repos_and_packages.yml @@ -3,8 +3,6 @@ - name: Subscribe hosts, update repos and update OS packages hosts: oo_hosts_to_update - vars: - openshift_deployment_type: "{{ deployment_type }}" roles: # Explicitly calling openshift_facts because it appears that when # rhel_subscribe is skipped that the openshift_facts dependency for diff --git a/playbooks/common/openshift-cluster/upgrades/init.yml b/playbooks/common/openshift-cluster/upgrades/init.yml index a3b8c489e..bcbc4ee02 100644 --- a/playbooks/common/openshift-cluster/upgrades/init.yml +++ b/playbooks/common/openshift-cluster/upgrades/init.yml @@ -29,7 +29,6 @@ g_new_master_hosts: [] g_new_node_hosts: [] openshift_cluster_id: "{{ cluster_id | default('default') }}" - openshift_deployment_type: "{{ deployment_type }}" - name: Set oo_options hosts: oo_all_hosts diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml index 6f096f705..c00795a8d 100644 --- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml @@ -5,7 +5,6 @@ - name: Upgrade default router and default registry hosts: oo_first_master vars: - openshift_deployment_type: "{{ deployment_type }}" registry_image: "{{ openshift.master.registry_url | replace( '${component}', 'docker-registry' ) | replace ( '${version}', openshift_image_tag ) }}" router_image: "{{ openshift.master.registry_url | replace( '${component}', 'haproxy-router' ) | replace ( '${version}', openshift_image_tag ) }}" oc_cmd: "{{ openshift.common.client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig" diff --git a/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml index df2b664d4..03ac02e9f 100644 --- a/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/rpm_upgrade.yml @@ -1,7 +1,26 @@ --- # We verified latest rpm available is suitable, so just yum update. -- name: Upgrade packages - package: "name={{ openshift.common.service_type }}-{{ component }}{{ openshift_pkg_version }} state=present" + +# Master package upgrade ends up depending on node and sdn packages, we need to be explicit +# with all versions to avoid yum from accidentally jumping to something newer than intended: +- name: Upgrade master packages + package: name={{ item }} state=present + when: component == "master" + with_items: + - "{{ openshift.common.service_type }}{{ openshift_pkg_version }}" + - "{{ openshift.common.service_type }}-master{{ openshift_pkg_version }}" + - "{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}" + - "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version }}" + - "{{ openshift.common.service_type }}-clients{{ openshift_pkg_version }}" + +- name: Upgrade node packages + package: name={{ item }} state=present + when: component == "node" + with_items: + - "{{ openshift.common.service_type }}{{ openshift_pkg_version }}" + - "{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}" + - "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version }}" + - "{{ openshift.common.service_type }}-clients{{ openshift_pkg_version }}" - name: Ensure python-yaml present for config upgrade package: name=PyYAML state=present diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/filter_plugins b/playbooks/common/openshift-cluster/upgrades/v3_6/filter_plugins new file mode 120000 index 000000000..7de3c1dd7 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/filter_plugins @@ -0,0 +1 @@ +../../../../../filter_plugins/
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/roles b/playbooks/common/openshift-cluster/upgrades/v3_6/roles new file mode 120000 index 000000000..415645be6 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/roles @@ -0,0 +1 @@ +../../../../../roles/
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/storage_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/storage_upgrade.yml new file mode 100644 index 000000000..48c69eccd --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/storage_upgrade.yml @@ -0,0 +1,18 @@ +--- +############################################################################### +# Post upgrade - Upgrade job storage +############################################################################### +- name: Upgrade job storage + hosts: oo_first_master + roles: + - { role: openshift_cli } + vars: + # Another spot where we assume docker is running and do not want to accidentally trigger an unsafe + # restart. + skip_docker_role: True + tasks: + - name: Upgrade job storage + command: > + {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig + migrate storage --include=jobs --confirm + run_once: true diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/validator.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/validator.yml new file mode 100644 index 000000000..ac5704f69 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/validator.yml @@ -0,0 +1,10 @@ +--- +############################################################################### +# Pre upgrade checks for known data problems, if this playbook fails you should +# contact support. If you're not supported contact users@lists.openshift.com +############################################################################### +- name: Verify 3.6 specific upgrade checks + hosts: oo_first_master + roles: + - { role: lib_openshift } + tasks: [] diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 68b9db03a..60cf56108 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -48,12 +48,6 @@ - set_fact: openshift_hosted_metrics_resolution: "{{ lookup('oo_option', 'openshift_hosted_metrics_resolution') | default('10s', true) }}" when: openshift_hosted_metrics_resolution is not defined - - set_fact: - openshift_hosted_metrics_deployer_prefix: "{{ lookup('oo_option', 'openshift_hosted_metrics_deployer_prefix') | default('openshift') }}" - when: openshift_hosted_metrics_deployer_prefix is not defined - - set_fact: - openshift_hosted_metrics_deployer_version: "{{ lookup('oo_option', 'openshift_hosted_metrics_deployer_version') | default('latest') }}" - when: openshift_hosted_metrics_deployer_version is not defined roles: - openshift_facts post_tasks: @@ -129,6 +123,8 @@ etcd_cert_prefix: "master.etcd-" - role: nuage_master when: openshift.common.use_nuage | bool + - role: calico_master + when: openshift.common.use_calico | bool post_tasks: - name: Create group for deployment type diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml index c59747081..92f16dc47 100644 --- a/playbooks/common/openshift-master/scaleup.yml +++ b/playbooks/common/openshift-master/scaleup.yml @@ -61,9 +61,6 @@ - openshift_docker - include: ../openshift-cluster/disable_excluder.yml - vars: - # the excluders needs to be disabled no matter what status says - with_status_check: false tags: - always diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml index 6c5a299c1..792ffb4e2 100644 --- a/playbooks/common/openshift-node/config.yml +++ b/playbooks/common/openshift-node/config.yml @@ -82,6 +82,8 @@ etcd_cert_subdir: "openshift-node-{{ openshift.common.hostname }}" etcd_cert_config_dir: "{{ openshift.common.config_base }}/node" when: openshift.common.use_flannel | bool + - role: calico + when: openshift.common.use_calico | bool - role: nuage_node when: openshift.common.use_nuage | bool - role: contiv diff --git a/playbooks/common/openshift-node/scaleup.yml b/playbooks/common/openshift-node/scaleup.yml index d81bd152e..c31aca62b 100644 --- a/playbooks/common/openshift-node/scaleup.yml +++ b/playbooks/common/openshift-node/scaleup.yml @@ -28,9 +28,6 @@ - openshift_docker - include: ../openshift-cluster/disable_excluder.yml - vars: - # the excluders needs to be disabled no matter what status says - with_status_check: false tags: - always diff --git a/playbooks/gce/openshift-cluster/config.yml b/playbooks/gce/openshift-cluster/config.yml index 8e46c5919..2625d4d05 100644 --- a/playbooks/gce/openshift-cluster/config.yml +++ b/playbooks/gce/openshift-cluster/config.yml @@ -32,4 +32,5 @@ openshift_use_openshift_sdn: "{{ lookup('oo_option', 'use_openshift_sdn') }}" os_sdn_network_plugin_name: "{{ lookup('oo_option', 'sdn_network_plugin_name') }}" openshift_use_flannel: "{{ lookup('oo_option', 'use_flannel') }}" + openshift_use_calico: "{{ lookup('oo_option', 'use_calico') }}" openshift_use_fluentd: "{{ lookup('oo_option', 'use_fluentd') }}" diff --git a/playbooks/libvirt/openshift-cluster/config.yml b/playbooks/libvirt/openshift-cluster/config.yml index 44b0f5a3c..f782d6dab 100644 --- a/playbooks/libvirt/openshift-cluster/config.yml +++ b/playbooks/libvirt/openshift-cluster/config.yml @@ -33,5 +33,6 @@ openshift_use_openshift_sdn: "{{ lookup('oo_option', 'use_openshift_sdn') }}" os_sdn_network_plugin_name: "{{ lookup('oo_option', 'sdn_network_plugin_name') }}" openshift_use_flannel: "{{ lookup('oo_option', 'use_flannel') }}" + openshift_use_calico: "{{ lookup('oo_option', 'use_calico') }}" openshift_use_fluentd: "{{ lookup('oo_option', 'use_fluentd') }}" openshift_use_dnsmasq: false diff --git a/playbooks/openstack/openshift-cluster/config.yml b/playbooks/openstack/openshift-cluster/config.yml index 1366c83ca..f9ddb9469 100644 --- a/playbooks/openstack/openshift-cluster/config.yml +++ b/playbooks/openstack/openshift-cluster/config.yml @@ -29,4 +29,5 @@ openshift_use_openshift_sdn: "{{ lookup('oo_option', 'use_openshift_sdn') }}" os_sdn_network_plugin_name: "{{ lookup('oo_option', 'sdn_network_plugin_name') }}" openshift_use_flannel: "{{ lookup('oo_option', 'use_flannel') }}" + openshift_use_calico: "{{ lookup('oo_option', 'use_calico') }}" openshift_use_fluentd: "{{ lookup('oo_option', 'use_fluentd') }}" diff --git a/roles/calico/README.md b/roles/calico/README.md new file mode 100644 index 000000000..99e870521 --- /dev/null +++ b/roles/calico/README.md @@ -0,0 +1,28 @@ +# Calico + +Configure Calico components for the Master host. + +## Requirements + +* Ansible 2.2 + +## Warning: This Calico Integration is in Alpha + +Calico shares the etcd instance used by OpenShift, and distributes client etcd certificates to each node. +For this reason, **we do not (yet) recommend running Calico on any production-like +cluster, or using it for any purpose besides early access testing.** + +## Installation + +To install, set the following inventory configuration parameters: + +* `openshift_use_calico=True` +* `openshift_use_openshift_sdn=False` +* `os_sdn_network_plugin_name='cni'` + + +### Contact Information + +Author: Dan Osborne <dan@projectcalico.org> + +For support, join the `#openshift` channel on the [calico users slack](calicousers.slack.com). diff --git a/roles/calico/defaults/main.yaml b/roles/calico/defaults/main.yaml new file mode 100644 index 000000000..a81fc3af7 --- /dev/null +++ b/roles/calico/defaults/main.yaml @@ -0,0 +1,10 @@ +--- +kubeconfig: "{{openshift.common.config_base}}/node/{{ 'system:node:' + openshift.common.hostname }}.kubeconfig" +etcd_endpoints: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls | join(',') }}" + +cni_conf_dir: "/etc/cni/net.d/" +cni_bin_dir: "/opt/cni/bin/" + +calico_etcd_ca_cert_file: "/etc/origin/calico/calico.etcd-ca.crt" +calico_etcd_cert_file: "/etc/origin/calico/calico.etcd-client.crt" +calico_etcd_key_file: "/etc/origin/calico/calico.etcd-client.key" diff --git a/roles/calico/handlers/main.yml b/roles/calico/handlers/main.yml new file mode 100644 index 000000000..65d75cf00 --- /dev/null +++ b/roles/calico/handlers/main.yml @@ -0,0 +1,8 @@ +--- +- name: restart calico + become: yes + systemd: name=calico state=restarted + +- name: restart docker + become: yes + systemd: name=docker state=restarted diff --git a/roles/calico/meta/main.yml b/roles/calico/meta/main.yml new file mode 100644 index 000000000..102b82bde --- /dev/null +++ b/roles/calico/meta/main.yml @@ -0,0 +1,16 @@ +--- +galaxy_info: + author: Dan Osborne + description: Calico networking + company: Tigera, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- role: openshift_facts diff --git a/roles/calico/tasks/main.yml b/roles/calico/tasks/main.yml new file mode 100644 index 000000000..287fed321 --- /dev/null +++ b/roles/calico/tasks/main.yml @@ -0,0 +1,74 @@ +--- +- include: ../../../roles/etcd_client_certificates/tasks/main.yml + vars: + etcd_cert_prefix: calico.etcd- + etcd_cert_config_dir: "{{ openshift.common.config_base }}/calico" + embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}" + etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" + etcd_cert_subdir: "openshift-calico-{{ openshift.common.hostname }}" + +- name: Assure the calico certs have been generated + stat: + path: "{{ item }}" + with_items: + - "{{ calico_etcd_ca_cert_file }}" + - "{{ calico_etcd_cert_file}}" + - "{{ calico_etcd_key_file }}" + +- name: Configure Calico service unit file + template: + dest: "/lib/systemd/system/calico.service" + src: calico.service.j2 + +- name: Enable calico + become: yes + systemd: + name: calico + daemon_reload: yes + state: started + enabled: yes + register: start_result + +- name: Assure CNI conf dir exists + become: yes + file: path="{{ cni_conf_dir }}" state=directory + +- name: Generate Calico CNI config + become: yes + template: + src: "calico.conf.j2" + dest: "{{ cni_conf_dir }}/10-calico.conf" + +- name: Assures Kuberentes CNI bin dir exists + become: yes + file: path="{{ cni_bin_dir }}" state=directory + +- name: Download Calico CNI Plugin + become: yes + get_url: + url: https://github.com/projectcalico/cni-plugin/releases/download/v1.5.5/calico + dest: "{{ cni_bin_dir }}" + mode: a+x + +- name: Download Calico IPAM Plugin + become: yes + get_url: + url: https://github.com/projectcalico/cni-plugin/releases/download/v1.5.5/calico-ipam + dest: "{{ cni_bin_dir }}" + mode: a+x + +- name: Download and unzip standard CNI plugins + become: yes + unarchive: + remote_src: True + src: https://github.com/containernetworking/cni/releases/download/v0.4.0/cni-amd64-v0.4.0.tgz + dest: "{{ cni_bin_dir }}" + +- name: Assure Calico conf dir exists + become: yes + file: path=/etc/calico/ state=directory + +- name: Set calicoctl.cfg + template: + src: calico.cfg.j2 + dest: "/etc/calico/calicoctl.cfg" diff --git a/roles/calico/templates/calico.cfg.j2 b/roles/calico/templates/calico.cfg.j2 new file mode 100644 index 000000000..722385ed8 --- /dev/null +++ b/roles/calico/templates/calico.cfg.j2 @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: calicoApiConfig +metadata: +spec: + datastoreType: "etcdv2" + etcdEndpoints: "{{ etcd_endpoints }}" + etcdKeyFile: "{{ calico_etcd_key_file }}" + etcdCertFile: "{{ calico_etcd_cert_file }}" + etcdCaCertFile: "{{ calico_etcd_ca_cert_file }}" diff --git a/roles/calico/templates/calico.conf.j2 b/roles/calico/templates/calico.conf.j2 new file mode 100644 index 000000000..3c8c6b046 --- /dev/null +++ b/roles/calico/templates/calico.conf.j2 @@ -0,0 +1,18 @@ +{ + "name": "calico", + "type": "calico", + "ipam": { + "type": "calico-ipam" + }, + "etcd_endpoints": "{{ etcd_endpoints }}", + "etcd_key_file": "{{ calico_etcd_key_file }}", + "etcd_cert_file": "{{ calico_etcd_cert_file }}", + "etcd_ca_cert_file": "{{ calico_etcd_ca_cert_file }}", + "kubernetes": { + "kubeconfig": "{{ kubeconfig }}" + }, + "hostname": "{{ openshift.common.hostname }}", + "policy": { + "type": "k8s" + } +} diff --git a/roles/calico/templates/calico.service.j2 b/roles/calico/templates/calico.service.j2 new file mode 100644 index 000000000..b882a5597 --- /dev/null +++ b/roles/calico/templates/calico.service.j2 @@ -0,0 +1,29 @@ +[Unit] +Description=calico +After=docker.service +Requires=docker.service + +[Service] +Restart=always +ExecStartPre=-/usr/bin/docker rm -f calico-node +ExecStart=/usr/bin/docker run --net=host --privileged \ + --name=calico-node \ + -e WAIT_FOR_DATASTORE=true \ + -e FELIX_DEFAULTENDPOINTTOHOSTACTION=ACCEPT \ + -e CALICO_IPV4POOL_IPIP=always \ + -e FELIX_IPV6SUPPORT=false \ + -e ETCD_ENDPOINTS={{ etcd_endpoints }} \ + -v /etc/origin/calico:/etc/origin/calico \ + -e ETCD_CA_CERT_FILE={{ calico_etcd_ca_cert_file }} \ + -e ETCD_CERT_FILE={{ calico_etcd_cert_file }} \ + -e ETCD_KEY_FILE={{ calico_etcd_key_file }} \ + -e NODENAME={{ openshift.common.hostname }} \ + -v /var/log/calico:/var/log/calico \ + -v /lib/modules:/lib/modules \ + -v /var/run/calico:/var/run/calico \ + calico/node:v1.1.0 + +ExecStop=-/usr/bin/docker stop calico-node + +[Install] +WantedBy=multi-user.target diff --git a/roles/calico_master/README.md b/roles/calico_master/README.md new file mode 100644 index 000000000..2d34a967c --- /dev/null +++ b/roles/calico_master/README.md @@ -0,0 +1,28 @@ +# Calico (Master) + +Configure Calico components for the Master host. + +## Requirements + +* Ansible 2.2 + +## Warning: This Calico Integration is in Alpha + +Calico shares the etcd instance used by OpenShift, and distributes client etcd certificates to each node. +For this reason, **we do not (yet) recommend running Calico on any production-like +cluster, or using it for any purpose besides early access testing.** + +## Installation + +To install, set the following inventory configuration parameters: + +* `openshift_use_calico=True` +* `openshift_use_openshift_sdn=False` +* `os_sdn_network_plugin_name='cni'` + + +### Contact Information + +Author: Dan Osborne <dan@projectcalico.org> + +For support, join the `#openshift` channel on the [calico users slack](calicousers.slack.com). diff --git a/roles/calico_master/defaults/main.yaml b/roles/calico_master/defaults/main.yaml new file mode 100644 index 000000000..db0d17884 --- /dev/null +++ b/roles/calico_master/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +kubeconfig: "{{ openshift.common.config_base }}/master/openshift-master.kubeconfig" diff --git a/roles/calico_master/meta/main.yml b/roles/calico_master/meta/main.yml new file mode 100644 index 000000000..4d70c79cf --- /dev/null +++ b/roles/calico_master/meta/main.yml @@ -0,0 +1,17 @@ +--- +galaxy_info: + author: Dan Osborne + description: Calico networking + company: Tigera, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- role: calico +- role: openshift_facts diff --git a/roles/calico_master/tasks/main.yml b/roles/calico_master/tasks/main.yml new file mode 100644 index 000000000..3358abe23 --- /dev/null +++ b/roles/calico_master/tasks/main.yml @@ -0,0 +1,41 @@ +--- +- name: Assure the calico certs have been generated + stat: + path: "{{ item }}" + with_items: + - "{{ calico_etcd_ca_cert_file }}" + - "{{ calico_etcd_cert_file}}" + - "{{ calico_etcd_key_file }}" + +- name: Create temp directory for policy controller definition + command: mktemp -d /tmp/openshift-ansible-XXXXXXX + register: mktemp + changed_when: False + +- name: Write Calico Policy Controller definition + template: + dest: "{{ mktemp.stdout }}/calico-policy-controller.yml" + src: calico-policy-controller.yml.j2 + +- name: Launch Calico Policy Controller + command: > + {{ openshift.common.client_binary }} create + -f {{ mktemp.stdout }}/calico-policy-controller.yml + --config={{ openshift.common.config_base }}/master/admin.kubeconfig + register: calico_create_output + failed_when: ('already exists' not in calico_create_output.stderr) and ('created' not in calico_create_output.stdout) + changed_when: ('created' in calico_create_output.stdout) + +- name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False + + +- name: oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:calico + oc_adm_policy_user: + user: system:serviceaccount:kube-system:calico + resource_kind: scc + resource_name: privileged + state: present diff --git a/roles/calico_master/templates/calico-policy-controller.yml.j2 b/roles/calico_master/templates/calico-policy-controller.yml.j2 new file mode 100644 index 000000000..66c334ceb --- /dev/null +++ b/roles/calico_master/templates/calico-policy-controller.yml.j2 @@ -0,0 +1,105 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: calico + namespace: kube-system +--- +kind: ClusterRole +apiVersion: v1 +metadata: + name: calico + namespace: kube-system +rules: + - apiGroups: [""] + resources: + - pods + - namespaces + verbs: + - list + - get + - watch + - apiGroups: ["extensions"] + resources: + - networkpolicies + verbs: + - list + - get + - watch +--- +apiVersion: v1 +kind: ClusterRoleBinding +metadata: + name: calico +roleRef: + name: calico +subjects: +- kind: SystemUser + name: kube-system:calico +- kind: ServiceAccount + name: calico + namespace: kube-system +userNames: + - system:serviceaccount:kube-system:calico +--- +# This manifest deploys the Calico policy controller on Kubernetes. +# See https://github.com/projectcalico/k8s-policy +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: calico-policy-controller + namespace: kube-system + labels: + k8s-app: calico-policy + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + scheduler.alpha.kubernetes.io/tolerations: | + [{"key": "dedicated", "value": "master", "effect": "NoSchedule" }, + {"key":"CriticalAddonsOnly", "operator":"Exists"}] +spec: + # The policy controller can only have a single active instance. + replicas: 1 + strategy: + type: Recreate + template: + metadata: + name: calico-policy-controller + namespace: kube-system + labels: + k8s-app: calico-policy + spec: + # The policy controller must run in the host network namespace so that + # it isn't governed by policy that would prevent it from working. + hostNetwork: true + serviceAccountName: calico + containers: + - name: calico-policy-controller + image: quay.io/calico/kube-policy-controller:v0.5.3 + env: + # The location of the Calico etcd cluster. + - name: ETCD_ENDPOINTS + value: {{ etcd_endpoints }} + # Location of the CA certificate for etcd. + - name: ETCD_CA_CERT_FILE + value: {{ calico_etcd_ca_cert_file }} + # Location of the client key for etcd. + - name: ETCD_KEY_FILE + value: {{ calico_etcd_key_file }} + # Location of the client certificate for etcd. + - name: ETCD_CERT_FILE + value: {{ calico_etcd_cert_file }} + # Since we're running in the host namespace and might not have KubeDNS + # access, configure the container's /etc/hosts to resolve + # kubernetes.default to the correct service clusterIP. + - name: CONFIGURE_ETC_HOSTS + value: "true" + volumeMounts: + # Mount in the etcd TLS secrets. + - name: certs + mountPath: /etc/origin/calico + + volumes: + # Mount in the etcd TLS secrets. + - name: certs + hostPath: + path: /etc/origin/calico diff --git a/roles/etcd/meta/main.yml b/roles/etcd/meta/main.yml index 532f9e313..e0c70a181 100644 --- a/roles/etcd/meta/main.yml +++ b/roles/etcd/meta/main.yml @@ -16,6 +16,7 @@ galaxy_info: - cloud - system dependencies: +- role: lib_openshift - role: os_firewall os_firewall_allow: - service: etcd diff --git a/roles/etcd/tasks/system_container.yml b/roles/etcd/tasks/system_container.yml index 3b80164cc..72ffadbd2 100644 --- a/roles/etcd/tasks/system_container.yml +++ b/roles/etcd/tasks/system_container.yml @@ -1,8 +1,4 @@ --- -- name: Load lib_openshift modules - include_role: - name: lib_openshift - - name: Pull etcd system container command: atomic pull --storage=ostree {{ openshift.etcd.etcd_image }} register: pull_result diff --git a/roles/etcd/templates/etcd.conf.j2 b/roles/etcd/templates/etcd.conf.j2 index 990a86c21..9151dd0bd 100644 --- a/roles/etcd/templates/etcd.conf.j2 +++ b/roles/etcd/templates/etcd.conf.j2 @@ -60,3 +60,9 @@ ETCD_PEER_CA_FILE={{ etcd_peer_ca_file }} ETCD_PEER_CERT_FILE={{ etcd_peer_cert_file }} ETCD_PEER_KEY_FILE={{ etcd_peer_key_file }} {% endif -%} + +#[logging] +ETCD_DEBUG="{{ etcd_debug | default(false) | string }}" +{% if etcd_log_package_levels is defined %} +ETCD_LOG_PACKAGE_LEVELS="{{ etcd_log_package_levels }}" +{% endif %} diff --git a/roles/etcd_client_certificates/tasks/main.yml b/roles/etcd_client_certificates/tasks/main.yml index 93f4fd53c..450b65209 100644 --- a/roles/etcd_client_certificates/tasks/main.yml +++ b/roles/etcd_client_certificates/tasks/main.yml @@ -51,7 +51,7 @@ creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/' ~ etcd_cert_prefix ~ 'client.csr' }}" environment: - SAN: "IP:{{ etcd_ip }}" + SAN: "IP:{{ etcd_ip }},DNS:{{ etcd_hostname }}" when: etcd_client_certs_missing | bool delegate_to: "{{ etcd_ca_host }}" diff --git a/roles/etcd_server_certificates/tasks/main.yml b/roles/etcd_server_certificates/tasks/main.yml index 4ae9b79c4..956f5cc55 100644 --- a/roles/etcd_server_certificates/tasks/main.yml +++ b/roles/etcd_server_certificates/tasks/main.yml @@ -40,7 +40,7 @@ creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/' ~ etcd_cert_prefix ~ 'server.csr' }}" environment: - SAN: "IP:{{ etcd_ip }}" + SAN: "IP:{{ etcd_ip }},DNS:{{ etcd_hostname }}" when: etcd_server_certs_missing | bool delegate_to: "{{ etcd_ca_host }}" @@ -73,7 +73,7 @@ creates: "{{ etcd_generated_certs_dir ~ '/' ~ etcd_cert_subdir ~ '/' ~ etcd_cert_prefix ~ 'peer.csr' }}" environment: - SAN: "IP:{{ etcd_ip }}" + SAN: "IP:{{ etcd_ip }},DNS:{{ etcd_hostname }}" when: etcd_server_certs_missing | bool delegate_to: "{{ etcd_ca_host }}" diff --git a/roles/lib_openshift/library/oc_adm_ca_server_cert.py b/roles/lib_openshift/library/oc_adm_ca_server_cert.py index af1d13fe1..2f6026fbf 100644 --- a/roles/lib_openshift/library/oc_adm_ca_server_cert.py +++ b/roles/lib_openshift/library/oc_adm_ca_server_cert.py @@ -130,6 +130,12 @@ options: required: false default: True aliases: [] + expire_days: + description + - Validity of the certificate in days + required: false + default: None + aliases: [] author: - "Kenny Woodson <kwoodson@redhat.com>" extends_documentation_fragment: [] @@ -149,8 +155,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/ca_server_cert -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -184,13 +188,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -206,13 +210,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -234,7 +238,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -323,7 +327,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -423,7 +427,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -542,8 +546,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -604,7 +608,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -630,7 +644,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -662,114 +676,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) + + state = params['state'] - if module.params['src']: + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- @@ -1480,6 +1529,7 @@ class CAServerCert(OpenShiftCLI): 'signer_cert': {'value': params['signer_cert'], 'include': True}, 'signer_key': {'value': params['signer_key'], 'include': True}, 'signer_serial': {'value': params['signer_serial'], 'include': True}, + 'expire_days': {'value': params['expire_days'], 'include': True}, 'backup': {'value': params['backup'], 'include': False}, }) @@ -1538,6 +1588,7 @@ def main(): signer_key=dict(default='/etc/origin/master/ca.key', type='str'), signer_serial=dict(default='/etc/origin/master/ca.serial.txt', type='str'), hostnames=dict(default=[], type='list'), + expire_days=dict(default=None, type='int'), ), supports_check_mode=True, ) diff --git a/roles/lib_openshift/library/oc_adm_manage_node.py b/roles/lib_openshift/library/oc_adm_manage_node.py index 0050ccf62..5f49eef39 100644 --- a/roles/lib_openshift/library/oc_adm_manage_node.py +++ b/roles/lib_openshift/library/oc_adm_manage_node.py @@ -141,8 +141,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/manage_node -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -176,13 +174,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -198,13 +196,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -226,7 +224,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -315,7 +313,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -415,7 +413,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -534,8 +532,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -596,7 +594,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -622,7 +630,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -654,114 +662,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) + + state = params['state'] - if module.params['src']: + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) + + elif params['edits'] is not None: + edits = params['edits'] - if rval[0] and module.params['src']: + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_adm_policy_group.py b/roles/lib_openshift/library/oc_adm_policy_group.py index 3d1dc1c96..7caba04f5 100644 --- a/roles/lib_openshift/library/oc_adm_policy_group.py +++ b/roles/lib_openshift/library/oc_adm_policy_group.py @@ -127,8 +127,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/policy_group -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -162,13 +160,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -184,13 +182,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -212,7 +210,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -301,7 +299,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -401,7 +399,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -520,8 +518,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -582,7 +580,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -608,7 +616,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -640,114 +648,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) + + state = params['state'] - if module.params['src']: + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_adm_policy_user.py b/roles/lib_openshift/library/oc_adm_policy_user.py index 83f2165a3..aac3f7166 100644 --- a/roles/lib_openshift/library/oc_adm_policy_user.py +++ b/roles/lib_openshift/library/oc_adm_policy_user.py @@ -127,8 +127,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/policy_user -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -162,13 +160,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -184,13 +182,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -212,7 +210,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -301,7 +299,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -401,7 +399,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -520,8 +518,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -582,7 +580,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -608,7 +616,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -640,114 +648,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) + + state = params['state'] - if module.params['src']: + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_adm_registry.py b/roles/lib_openshift/library/oc_adm_registry.py index 3a892971b..b0345b026 100644 --- a/roles/lib_openshift/library/oc_adm_registry.py +++ b/roles/lib_openshift/library/oc_adm_registry.py @@ -245,8 +245,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/registry -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -280,13 +278,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -302,13 +300,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -330,7 +328,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -419,7 +417,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -519,7 +517,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -638,8 +636,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -700,7 +698,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -726,7 +734,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -758,114 +766,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) + + state = params['state'] - if module.params['src']: + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_adm_router.py b/roles/lib_openshift/library/oc_adm_router.py index e666e0d09..307269da4 100644 --- a/roles/lib_openshift/library/oc_adm_router.py +++ b/roles/lib_openshift/library/oc_adm_router.py @@ -270,8 +270,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/router -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -305,13 +303,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -327,13 +325,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -355,7 +353,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -444,7 +442,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -544,7 +542,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -663,8 +661,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -725,7 +723,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -751,7 +759,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -783,114 +791,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) - if module.params['src']: + state = params['state'] + + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_clusterrole.py b/roles/lib_openshift/library/oc_clusterrole.py new file mode 100644 index 000000000..308a7d806 --- /dev/null +++ b/roles/lib_openshift/library/oc_clusterrole.py @@ -0,0 +1,1803 @@ +#!/usr/bin/env python +# pylint: disable=missing-docstring +# flake8: noqa: T001 +# ___ ___ _ _ ___ ___ _ _____ ___ ___ +# / __| __| \| | __| _ \ /_\_ _| __| \ +# | (_ | _|| .` | _|| / / _ \| | | _|| |) | +# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____ +# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _| +# | |) | (_) | | .` | (_) || | | _|| |) | | | | +# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_| +# +# Copyright 2016 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# -*- -*- -*- Begin included fragment: lib/import.py -*- -*- -*- +''' + OpenShiftCLI class that wraps the oc commands in a subprocess +''' +# pylint: disable=too-many-lines + +from __future__ import print_function +import atexit +import copy +import json +import os +import re +import shutil +import subprocess +import tempfile +# pylint: disable=import-error +try: + import ruamel.yaml as yaml +except ImportError: + import yaml + +from ansible.module_utils.basic import AnsibleModule + +# -*- -*- -*- End included fragment: lib/import.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: doc/clusterrole -*- -*- -*- + +DOCUMENTATION = ''' +--- +module: oc_clusterrole +short_description: Modify, and idempotently manage openshift clusterroles +description: + - Manage openshift clusterroles +options: + state: + description: + - Supported states, present, absent, list + - present - will ensure object is created or updated to the value specified + - list - will return a clusterrole + - absent - will remove a clusterrole + required: False + default: present + choices: ["present", 'absent', 'list'] + aliases: [] + kubeconfig: + description: + - The path for the kubeconfig file to use for authentication + required: false + default: /etc/origin/master/admin.kubeconfig + aliases: [] + debug: + description: + - Turn on debug output. + required: false + default: False + aliases: [] + name: + description: + - Name of the object that is being queried. + required: false + default: None + aliases: [] + rules: + description: + - A list of dictionaries that have the rule parameters. + - e.g. rules=[{'apiGroups': [""], 'attributeRestrictions': None, 'verbs': ['get'], 'resources': []}] + required: false + default: None + aliases: [] +author: +- "Kenny Woodson <kwoodson@redhat.com>" +extends_documentation_fragment: [] +''' + +EXAMPLES = ''' +- name: query a list of env vars on dc + oc_clusterrole: + name: myclusterrole + state: list + +- name: Set the following variables. + oc_clusterrole: + name: myclusterrole + rules: + apiGroups: + - "" + attributeRestrictions: null + verbs: [] + resources: [] +''' + +# -*- -*- -*- End included fragment: doc/clusterrole -*- -*- -*- + +# -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- + + +class YeditException(Exception): + ''' Exception class for Yedit ''' + pass + + +# pylint: disable=too-many-public-methods +class Yedit(object): + ''' Class to modify yaml files ''' + re_valid_key = r"(((\[-?\d+\])|([0-9a-zA-Z%s/_-]+)).?)+$" + re_key = r"(?:\[(-?\d+)\])|([0-9a-zA-Z%s/_-]+)" + com_sep = set(['.', '#', '|', ':']) + + # pylint: disable=too-many-arguments + def __init__(self, + filename=None, + content=None, + content_type='yaml', + separator='.', + backup=False): + self.content = content + self._separator = separator + self.filename = filename + self.__yaml_dict = content + self.content_type = content_type + self.backup = backup + self.load(content_type=self.content_type) + if self.__yaml_dict is None: + self.__yaml_dict = {} + + @property + def separator(self): + ''' getter method for separator ''' + return self._separator + + @separator.setter + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep + + @property + def yaml_dict(self): + ''' getter method for yaml_dict ''' + return self.__yaml_dict + + @yaml_dict.setter + def yaml_dict(self, value): + ''' setter method for yaml_dict ''' + self.__yaml_dict = value + + @staticmethod + def parse_key(key, sep='.'): + '''parse the key allowing the appropriate separator''' + common_separators = list(Yedit.com_sep - set([sep])) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) + + @staticmethod + def valid_key(key, sep='.'): + '''validate the incoming key''' + common_separators = list(Yedit.com_sep - set([sep])) + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): + return False + + return True + + @staticmethod + def remove_entry(data, key, sep='.'): + ''' remove data at location key ''' + if key == '' and isinstance(data, dict): + data.clear() + return True + elif key == '' and isinstance(data, list): + del data[:] + return True + + if not (key and Yedit.valid_key(key, sep)) and \ + isinstance(data, (list, dict)): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key and isinstance(data, dict): + data = data.get(dict_key) + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + return None + + # process last index for remove + # expected list entry + if key_indexes[-1][0]: + if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501 + del data[int(key_indexes[-1][0])] + return True + + # expected dict entry + elif key_indexes[-1][1]: + if isinstance(data, dict): + del data[key_indexes[-1][1]] + return True + + @staticmethod + def add_entry(data, key, item=None, sep='.'): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a#b + return c + ''' + if key == '': + pass + elif (not (key and Yedit.valid_key(key, sep)) and + isinstance(data, (list, dict))): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key: + if isinstance(data, dict) and dict_key in data and data[dict_key]: # noqa: E501 + data = data[dict_key] + continue + + elif data and not isinstance(data, dict): + raise YeditException("Unexpected item type found while going through key " + + "path: {} (at key: {})".format(key, dict_key)) + + data[dict_key] = {} + data = data[dict_key] + + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + raise YeditException("Unexpected item type found while going through key path: {}".format(key)) + + if key == '': + data = item + + # process last index for add + # expected list entry + elif key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501 + data[int(key_indexes[-1][0])] = item + + # expected dict entry + elif key_indexes[-1][1] and isinstance(data, dict): + data[key_indexes[-1][1]] = item + + # didn't add/update to an existing list, nor add/update key to a dict + # so we must have been provided some syntax like a.b.c[<int>] = "data" for a + # non-existent array + else: + raise YeditException("Error adding to object at path: {}".format(key)) + + return data + + @staticmethod + def get_entry(data, key, sep='.'): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if key == '': + pass + elif (not (key and Yedit.valid_key(key, sep)) and + isinstance(data, (list, dict))): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes: + if dict_key and isinstance(data, dict): + data = data.get(dict_key) + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + return None + + return data + + @staticmethod + def _write(filename, contents): + ''' Actually write the file contents to disk. This helps with mocking. ''' + + tmp_filename = filename + '.yedit' + + with open(tmp_filename, 'w') as yfd: + yfd.write(contents) + + os.rename(tmp_filename, filename) + + def write(self): + ''' write to file ''' + if not self.filename: + raise YeditException('Please specify a filename.') + + if self.backup and self.file_exists(): + shutil.copy(self.filename, self.filename + '.orig') + + # Try to set format attributes if supported + try: + self.yaml_dict.fa.set_block_style() + except AttributeError: + pass + + # Try to use RoundTripDumper if supported. + try: + Yedit._write(self.filename, yaml.dump(self.yaml_dict, Dumper=yaml.RoundTripDumper)) + except AttributeError: + Yedit._write(self.filename, yaml.safe_dump(self.yaml_dict, default_flow_style=False)) + + return (True, self.yaml_dict) + + def read(self): + ''' read from file ''' + # check if it exists + if self.filename is None or not self.file_exists(): + return None + + contents = None + with open(self.filename) as yfd: + contents = yfd.read() + + return contents + + def file_exists(self): + ''' return whether file exists ''' + if os.path.exists(self.filename): + return True + + return False + + def load(self, content_type='yaml'): + ''' return yaml file ''' + contents = self.read() + + if not contents and not self.content: + return None + + if self.content: + if isinstance(self.content, dict): + self.yaml_dict = self.content + return self.yaml_dict + elif isinstance(self.content, str): + contents = self.content + + # check if it is yaml + try: + if content_type == 'yaml' and contents: + # Try to set format attributes if supported + try: + self.yaml_dict.fa.set_block_style() + except AttributeError: + pass + + # Try to use RoundTripLoader if supported. + try: + self.yaml_dict = yaml.safe_load(contents, yaml.RoundTripLoader) + except AttributeError: + self.yaml_dict = yaml.safe_load(contents) + + # Try to set format attributes if supported + try: + self.yaml_dict.fa.set_block_style() + except AttributeError: + pass + + elif content_type == 'json' and contents: + self.yaml_dict = json.loads(contents) + except yaml.YAMLError as err: + # Error loading yaml or json + raise YeditException('Problem with loading yaml file. {}'.format(err)) + + return self.yaml_dict + + def get(self, key): + ''' get a specified key''' + try: + entry = Yedit.get_entry(self.yaml_dict, key, self.separator) + except KeyError: + entry = None + + return entry + + def pop(self, path, key_or_item): + ''' remove a key, value pair from a dict or an item for a list''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + return (False, self.yaml_dict) + + if isinstance(entry, dict): + # AUDIT:maybe-no-member makes sense due to fuzzy types + # pylint: disable=maybe-no-member + if key_or_item in entry: + entry.pop(key_or_item) + return (True, self.yaml_dict) + return (False, self.yaml_dict) + + elif isinstance(entry, list): + # AUDIT:maybe-no-member makes sense due to fuzzy types + # pylint: disable=maybe-no-member + ind = None + try: + ind = entry.index(key_or_item) + except ValueError: + return (False, self.yaml_dict) + + entry.pop(ind) + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + + def delete(self, path): + ''' remove path from a dict''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + return (False, self.yaml_dict) + + result = Yedit.remove_entry(self.yaml_dict, path, self.separator) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def exists(self, path, value): + ''' check if value exists at path''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if isinstance(entry, list): + if value in entry: + return True + return False + + elif isinstance(entry, dict): + if isinstance(value, dict): + rval = False + for key, val in value.items(): + if entry[key] != val: + rval = False + break + else: + rval = True + return rval + + return value in entry + + return entry == value + + def append(self, path, value): + '''append value to a list''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + self.put(path, []) + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + if not isinstance(entry, list): + return (False, self.yaml_dict) + + # AUDIT:maybe-no-member makes sense due to loading data from + # a serialized format. + # pylint: disable=maybe-no-member + entry.append(value) + return (True, self.yaml_dict) + + # pylint: disable=too-many-arguments + def update(self, path, value, index=None, curr_value=None): + ''' put path, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if isinstance(entry, dict): + # AUDIT:maybe-no-member makes sense due to fuzzy types + # pylint: disable=maybe-no-member + if not isinstance(value, dict): + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) + + entry.update(value) + return (True, self.yaml_dict) + + elif isinstance(entry, list): + # AUDIT:maybe-no-member makes sense due to fuzzy types + # pylint: disable=maybe-no-member + ind = None + if curr_value: + try: + ind = entry.index(curr_value) + except ValueError: + return (False, self.yaml_dict) + + elif index is not None: + ind = index + + if ind is not None and entry[ind] != value: + entry[ind] = value + return (True, self.yaml_dict) + + # see if it exists in the list + try: + ind = entry.index(value) + except ValueError: + # doesn't exist, append it + entry.append(value) + return (True, self.yaml_dict) + + # already exists, return + if ind is not None: + return (False, self.yaml_dict) + return (False, self.yaml_dict) + + def put(self, path, value): + ''' put path, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry == value: + return (False, self.yaml_dict) + + # deepcopy didn't work + # Try to use ruamel.yaml and fallback to pyyaml + try: + tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict, + default_flow_style=False), + yaml.RoundTripLoader) + except AttributeError: + tmp_copy = copy.deepcopy(self.yaml_dict) + + # set the format attributes if available + try: + tmp_copy.fa.set_block_style() + except AttributeError: + pass + + result = Yedit.add_entry(tmp_copy, path, value, self.separator) + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + + self.yaml_dict = tmp_copy + + return (True, self.yaml_dict) + + def create(self, path, value): + ''' create a yaml file ''' + if not self.file_exists(): + # deepcopy didn't work + # Try to use ruamel.yaml and fallback to pyyaml + try: + tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict, + default_flow_style=False), + yaml.RoundTripLoader) + except AttributeError: + tmp_copy = copy.deepcopy(self.yaml_dict) + + # set the format attributes if available + try: + tmp_copy.fa.set_block_style() + except AttributeError: + pass + + result = Yedit.add_entry(tmp_copy, path, value, self.separator) + if result is not None: + self.yaml_dict = tmp_copy + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + + @staticmethod + def get_curr_value(invalue, val_type): + '''return the current value''' + if invalue is None: + return None + + curr_value = invalue + if val_type == 'yaml': + curr_value = yaml.load(invalue) + elif val_type == 'json': + curr_value = json.loads(invalue) + + return curr_value + + @staticmethod + def parse_value(inc_value, vtype=''): + '''determine value type passed''' + true_bools = ['y', 'Y', 'yes', 'Yes', 'YES', 'true', 'True', 'TRUE', + 'on', 'On', 'ON', ] + false_bools = ['n', 'N', 'no', 'No', 'NO', 'false', 'False', 'FALSE', + 'off', 'Off', 'OFF'] + + # It came in as a string but you didn't specify value_type as string + # we will convert to bool if it matches any of the above cases + if isinstance(inc_value, str) and 'bool' in vtype: + if inc_value not in true_bools and inc_value not in false_bools: + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) + elif isinstance(inc_value, bool) and 'str' in vtype: + inc_value = str(inc_value) + + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass + # If vtype is not str then go ahead and attempt to yaml load it. + elif isinstance(inc_value, str) and 'str' not in vtype: + try: + inc_value = yaml.safe_load(inc_value) + except Exception: + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) + + return inc_value + + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + + # pylint: disable=too-many-return-statements,too-many-branches + @staticmethod + def run_ansible(params): + '''perform the idempotent crud operations''' + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) + + state = params['state'] + + if params['src']: + rval = yamlfile.load() + + if yamlfile.yaml_dict is None and state != 'present': + return {'failed': True, + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) + yamlfile.yaml_dict = content + + if params['key']: + rval = yamlfile.get(params['key']) or {} + + return {'changed': False, 'result': rval, 'state': state} + + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) + yamlfile.yaml_dict = content + + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) + else: + rval = yamlfile.delete(params['key']) + + if rval[0] and params['src']: + yamlfile.write() + + return {'changed': rval[0], 'result': rval[1], 'state': state} + + elif state == 'present': + # check if content is different than what is in the file + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) + + # We had no edits to make and the contents are the same + if yamlfile.yaml_dict == content and \ + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} + + yamlfile.yaml_dict = content + + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] + + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] + + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) + + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: + yamlfile.write() + + return {'changed': results['changed'], 'result': results['results'], 'state': state} + + # no edits to make + if params['src']: + # pylint: disable=redefined-variable-type + rval = yamlfile.write() + return {'changed': rval[0], + 'result': rval[1], + 'state': state} + + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} + return {'failed': True, 'msg': 'Unkown state passed'} + +# -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: lib/base.py -*- -*- -*- +# pylint: disable=too-many-lines +# noqa: E301,E302,E303,T001 + + +class OpenShiftCLIError(Exception): + '''Exception class for openshiftcli''' + pass + + +ADDITIONAL_PATH_LOOKUPS = ['/usr/local/bin', os.path.expanduser('~/bin')] + + +def locate_oc_binary(): + ''' Find and return oc binary file ''' + # https://github.com/openshift/openshift-ansible/issues/3410 + # oc can be in /usr/local/bin in some cases, but that may not + # be in $PATH due to ansible/sudo + paths = os.environ.get("PATH", os.defpath).split(os.pathsep) + ADDITIONAL_PATH_LOOKUPS + + oc_binary = 'oc' + + # Use shutil.which if it is available, otherwise fallback to a naive path search + try: + which_result = shutil.which(oc_binary, path=os.pathsep.join(paths)) + if which_result is not None: + oc_binary = which_result + except AttributeError: + for path in paths: + if os.path.exists(os.path.join(path, oc_binary)): + oc_binary = os.path.join(path, oc_binary) + break + + return oc_binary + + +# pylint: disable=too-few-public-methods +class OpenShiftCLI(object): + ''' Class to wrap the command line tools ''' + def __init__(self, + namespace, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False, + all_namespaces=False): + ''' Constructor for OpenshiftCLI ''' + self.namespace = namespace + self.verbose = verbose + self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) + self.all_namespaces = all_namespaces + self.oc_binary = locate_oc_binary() + + # Pylint allows only 5 arguments to be passed. + # pylint: disable=too-many-arguments + def _replace_content(self, resource, rname, content, force=False, sep='.'): + ''' replace the current object with the content ''' + res = self._get(resource, rname) + if not res['results']: + return res + + fname = Utils.create_tmpfile(rname + '-') + + yed = Yedit(fname, res['results'][0], separator=sep) + changes = [] + for key, value in content.items(): + changes.append(yed.put(key, value)) + + if any([change[0] for change in changes]): + yed.write() + + atexit.register(Utils.cleanup, [fname]) + + return self._replace(fname, force) + + return {'returncode': 0, 'updated': False} + + def _replace(self, fname, force=False): + '''replace the current object with oc replace''' + cmd = ['replace', '-f', fname] + if force: + cmd.append('--force') + return self.openshift_cmd(cmd) + + def _create_from_content(self, rname, content): + '''create a temporary file and then call oc create on it''' + fname = Utils.create_tmpfile(rname + '-') + yed = Yedit(fname, content=content) + yed.write() + + atexit.register(Utils.cleanup, [fname]) + + return self._create(fname) + + def _create(self, fname): + '''call oc create on a filename''' + return self.openshift_cmd(['create', '-f', fname]) + + def _delete(self, resource, rname, selector=None): + '''call oc delete on a resource''' + cmd = ['delete', resource, rname] + if selector: + cmd.append('--selector=%s' % selector) + + return self.openshift_cmd(cmd) + + def _process(self, template_name, create=False, params=None, template_data=None): # noqa: E501 + '''process a template + + template_name: the name of the template to process + create: whether to send to oc create after processing + params: the parameters for the template + template_data: the incoming template's data; instead of a file + ''' + cmd = ['process'] + if template_data: + cmd.extend(['-f', '-']) + else: + cmd.append(template_name) + if params: + param_str = ["%s=%s" % (key, value) for key, value in params.items()] + cmd.append('-v') + cmd.extend(param_str) + + results = self.openshift_cmd(cmd, output=True, input_data=template_data) + + if results['returncode'] != 0 or not create: + return results + + fname = Utils.create_tmpfile(template_name + '-') + yed = Yedit(fname, results['results']) + yed.write() + + atexit.register(Utils.cleanup, [fname]) + + return self.openshift_cmd(['create', '-f', fname]) + + def _get(self, resource, rname=None, selector=None): + '''return a resource by name ''' + cmd = ['get', resource] + if selector: + cmd.append('--selector=%s' % selector) + elif rname: + cmd.append(rname) + + cmd.extend(['-o', 'json']) + + rval = self.openshift_cmd(cmd, output=True) + + # Ensure results are retuned in an array + if 'items' in rval: + rval['results'] = rval['items'] + elif not isinstance(rval['results'], list): + rval['results'] = [rval['results']] + + return rval + + def _schedulable(self, node=None, selector=None, schedulable=True): + ''' perform oadm manage-node scheduable ''' + cmd = ['manage-node'] + if node: + cmd.extend(node) + else: + cmd.append('--selector=%s' % selector) + + cmd.append('--schedulable=%s' % schedulable) + + return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') # noqa: E501 + + def _list_pods(self, node=None, selector=None, pod_selector=None): + ''' perform oadm list pods + + node: the node in which to list pods + selector: the label selector filter if provided + pod_selector: the pod selector filter if provided + ''' + cmd = ['manage-node'] + if node: + cmd.extend(node) + else: + cmd.append('--selector=%s' % selector) + + if pod_selector: + cmd.append('--pod-selector=%s' % pod_selector) + + cmd.extend(['--list-pods', '-o', 'json']) + + return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') + + # pylint: disable=too-many-arguments + def _evacuate(self, node=None, selector=None, pod_selector=None, dry_run=False, grace_period=None, force=False): + ''' perform oadm manage-node evacuate ''' + cmd = ['manage-node'] + if node: + cmd.extend(node) + else: + cmd.append('--selector=%s' % selector) + + if dry_run: + cmd.append('--dry-run') + + if pod_selector: + cmd.append('--pod-selector=%s' % pod_selector) + + if grace_period: + cmd.append('--grace-period=%s' % int(grace_period)) + + if force: + cmd.append('--force') + + cmd.append('--evacuate') + + return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') + + def _version(self): + ''' return the openshift version''' + return self.openshift_cmd(['version'], output=True, output_type='raw') + + def _import_image(self, url=None, name=None, tag=None): + ''' perform image import ''' + cmd = ['import-image'] + + image = '{0}'.format(name) + if tag: + image += ':{0}'.format(tag) + + cmd.append(image) + + if url: + cmd.append('--from={0}/{1}'.format(url, image)) + + cmd.append('-n{0}'.format(self.namespace)) + + cmd.append('--confirm') + return self.openshift_cmd(cmd) + + def _run(self, cmds, input_data): + ''' Actually executes the command. This makes mocking easier. ''' + curr_env = os.environ.copy() + curr_env.update({'KUBECONFIG': self.kubeconfig}) + proc = subprocess.Popen(cmds, + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + env=curr_env) + + stdout, stderr = proc.communicate(input_data) + + return proc.returncode, stdout.decode(), stderr.decode() + + # pylint: disable=too-many-arguments,too-many-branches + def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json', input_data=None): + '''Base command for oc ''' + cmds = [self.oc_binary] + + if oadm: + cmds.append('adm') + + cmds.extend(cmd) + + if self.all_namespaces: + cmds.extend(['--all-namespaces']) + elif self.namespace is not None and self.namespace.lower() not in ['none', 'emtpy']: # E501 + cmds.extend(['-n', self.namespace]) + + rval = {} + results = '' + err = None + + if self.verbose: + print(' '.join(cmds)) + + try: + returncode, stdout, stderr = self._run(cmds, input_data) + except OSError as ex: + returncode, stdout, stderr = 1, '', 'Failed to execute {}: {}'.format(subprocess.list2cmdline(cmds), ex) + + rval = {"returncode": returncode, + "results": results, + "cmd": ' '.join(cmds)} + + if returncode == 0: + if output: + if output_type == 'json': + try: + rval['results'] = json.loads(stdout) + except ValueError as verr: + if "No JSON object could be decoded" in verr.args: + err = verr.args + elif output_type == 'raw': + rval['results'] = stdout + + if self.verbose: + print("STDOUT: {0}".format(stdout)) + print("STDERR: {0}".format(stderr)) + + if err: + rval.update({"err": err, + "stderr": stderr, + "stdout": stdout, + "cmd": cmds}) + + else: + rval.update({"stderr": stderr, + "stdout": stdout, + "results": {}}) + + return rval + + +class Utils(object): + ''' utilities for openshiftcli modules ''' + + @staticmethod + def _write(filename, contents): + ''' Actually write the file contents to disk. This helps with mocking. ''' + + with open(filename, 'w') as sfd: + sfd.write(contents) + + @staticmethod + def create_tmp_file_from_contents(rname, data, ftype='yaml'): + ''' create a file in tmp with name and contents''' + + tmp = Utils.create_tmpfile(prefix=rname) + + if ftype == 'yaml': + # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage + # pylint: disable=no-member + if hasattr(yaml, 'RoundTripDumper'): + Utils._write(tmp, yaml.dump(data, Dumper=yaml.RoundTripDumper)) + else: + Utils._write(tmp, yaml.safe_dump(data, default_flow_style=False)) + + elif ftype == 'json': + Utils._write(tmp, json.dumps(data)) + else: + Utils._write(tmp, data) + + # Register cleanup when module is done + atexit.register(Utils.cleanup, [tmp]) + return tmp + + @staticmethod + def create_tmpfile_copy(inc_file): + '''create a temporary copy of a file''' + tmpfile = Utils.create_tmpfile('lib_openshift-') + Utils._write(tmpfile, open(inc_file).read()) + + # Cleanup the tmpfile + atexit.register(Utils.cleanup, [tmpfile]) + + return tmpfile + + @staticmethod + def create_tmpfile(prefix='tmp'): + ''' Generates and returns a temporary file name ''' + + with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: + return tmp.name + + @staticmethod + def create_tmp_files_from_contents(content, content_type=None): + '''Turn an array of dict: filename, content into a files array''' + if not isinstance(content, list): + content = [content] + files = [] + for item in content: + path = Utils.create_tmp_file_from_contents(item['path'] + '-', + item['data'], + ftype=content_type) + files.append({'name': os.path.basename(item['path']), + 'path': path}) + return files + + @staticmethod + def cleanup(files): + '''Clean up on exit ''' + for sfile in files: + if os.path.exists(sfile): + if os.path.isdir(sfile): + shutil.rmtree(sfile) + elif os.path.isfile(sfile): + os.remove(sfile) + + @staticmethod + def exists(results, _name): + ''' Check to see if the results include the name ''' + if not results: + return False + + if Utils.find_result(results, _name): + return True + + return False + + @staticmethod + def find_result(results, _name): + ''' Find the specified result by name''' + rval = None + for result in results: + if 'metadata' in result and result['metadata']['name'] == _name: + rval = result + break + + return rval + + @staticmethod + def get_resource_file(sfile, sfile_type='yaml'): + ''' return the service file ''' + contents = None + with open(sfile) as sfd: + contents = sfd.read() + + if sfile_type == 'yaml': + # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage + # pylint: disable=no-member + if hasattr(yaml, 'RoundTripLoader'): + contents = yaml.load(contents, yaml.RoundTripLoader) + else: + contents = yaml.safe_load(contents) + elif sfile_type == 'json': + contents = json.loads(contents) + + return contents + + @staticmethod + def filter_versions(stdout): + ''' filter the oc version output ''' + + version_dict = {} + version_search = ['oc', 'openshift', 'kubernetes'] + + for line in stdout.strip().split('\n'): + for term in version_search: + if not line: + continue + if line.startswith(term): + version_dict[term] = line.split()[-1] + + # horrible hack to get openshift version in Openshift 3.2 + # By default "oc version in 3.2 does not return an "openshift" version + if "openshift" not in version_dict: + version_dict["openshift"] = version_dict["oc"] + + return version_dict + + @staticmethod + def add_custom_versions(versions): + ''' create custom versions strings ''' + + versions_dict = {} + + for tech, version in versions.items(): + # clean up "-" from version + if "-" in version: + version = version.split("-")[0] + + if version.startswith('v'): + versions_dict[tech + '_numeric'] = version[1:].split('+')[0] + # "v3.3.0.33" is what we have, we want "3.3" + versions_dict[tech + '_short'] = version[1:4] + + return versions_dict + + @staticmethod + def openshift_installed(): + ''' check if openshift is installed ''' + import yum + + yum_base = yum.YumBase() + if yum_base.rpmdb.searchNevra(name='atomic-openshift'): + return True + + return False + + # Disabling too-many-branches. This is a yaml dictionary comparison function + # pylint: disable=too-many-branches,too-many-return-statements,too-many-statements + @staticmethod + def check_def_equal(user_def, result_def, skip_keys=None, debug=False): + ''' Given a user defined definition, compare it with the results given back by our query. ''' + + # Currently these values are autogenerated and we do not need to check them + skip = ['metadata', 'status'] + if skip_keys: + skip.extend(skip_keys) + + for key, value in result_def.items(): + if key in skip: + continue + + # Both are lists + if isinstance(value, list): + if key not in user_def: + if debug: + print('User data does not have key [%s]' % key) + print('User data: %s' % user_def) + return False + + if not isinstance(user_def[key], list): + if debug: + print('user_def[key] is not a list key=[%s] user_def[key]=%s' % (key, user_def[key])) + return False + + if len(user_def[key]) != len(value): + if debug: + print("List lengths are not equal.") + print("key=[%s]: user_def[%s] != value[%s]" % (key, len(user_def[key]), len(value))) + print("user_def: %s" % user_def[key]) + print("value: %s" % value) + return False + + for values in zip(user_def[key], value): + if isinstance(values[0], dict) and isinstance(values[1], dict): + if debug: + print('sending list - list') + print(type(values[0])) + print(type(values[1])) + result = Utils.check_def_equal(values[0], values[1], skip_keys=skip_keys, debug=debug) + if not result: + print('list compare returned false') + return False + + elif value != user_def[key]: + if debug: + print('value should be identical') + print(user_def[key]) + print(value) + return False + + # recurse on a dictionary + elif isinstance(value, dict): + if key not in user_def: + if debug: + print("user_def does not have key [%s]" % key) + return False + if not isinstance(user_def[key], dict): + if debug: + print("dict returned false: not instance of dict") + return False + + # before passing ensure keys match + api_values = set(value.keys()) - set(skip) + user_values = set(user_def[key].keys()) - set(skip) + if api_values != user_values: + if debug: + print("keys are not equal in dict") + print(user_values) + print(api_values) + return False + + result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) + if not result: + if debug: + print("dict returned false") + print(result) + return False + + # Verify each key, value pair is the same + else: + if key not in user_def or value != user_def[key]: + if debug: + print("value not equal; user_def does not have key") + print(key) + print(value) + if key in user_def: + print(user_def[key]) + return False + + if debug: + print('returning true') + return True + + +class OpenShiftCLIConfig(object): + '''Generic Config''' + def __init__(self, rname, namespace, kubeconfig, options): + self.kubeconfig = kubeconfig + self.name = rname + self.namespace = namespace + self._options = options + + @property + def config_options(self): + ''' return config options ''' + return self._options + + def to_option_list(self): + '''return all options as a string''' + return self.stringify() + + def stringify(self): + ''' return the options hash as cli params in a string ''' + rval = [] + for key in sorted(self.config_options.keys()): + data = self.config_options[key] + if data['include'] \ + and (data['value'] or isinstance(data['value'], int)): + rval.append('--{}={}'.format(key.replace('_', '-'), data['value'])) + + return rval + + +# -*- -*- -*- End included fragment: lib/base.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: lib/rule.py -*- -*- -*- + + +class Rule(object): + '''class to represent a clusterrole rule + + Example Rule Object's yaml: + - apiGroups: + - "" + attributeRestrictions: null + resources: + - persistentvolumes + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + + ''' + def __init__(self, + api_groups=None, + attr_restrictions=None, + resources=None, + verbs=None): + self.__api_groups = api_groups if api_groups is not None else [""] + self.__verbs = verbs if verbs is not None else [] + self.__resources = resources if resources is not None else [] + self.__attribute_restrictions = attr_restrictions if attr_restrictions is not None else None + + @property + def verbs(self): + '''property for verbs''' + if self.__verbs is None: + return [] + + return self.__verbs + + @verbs.setter + def verbs(self, data): + '''setter for verbs''' + self.__verbs = data + + @property + def api_groups(self): + '''property for api_groups''' + if self.__api_groups is None: + return [] + return self.__api_groups + + @api_groups.setter + def api_groups(self, data): + '''setter for api_groups''' + self.__api_groups = data + + @property + def resources(self): + '''property for resources''' + if self.__resources is None: + return [] + + return self.__resources + + @resources.setter + def resources(self, data): + '''setter for resources''' + self.__resources = data + + @property + def attribute_restrictions(self): + '''property for attribute_restrictions''' + return self.__attribute_restrictions + + @attribute_restrictions.setter + def attribute_restrictions(self, data): + '''setter for attribute_restrictions''' + self.__attribute_restrictions = data + + def add_verb(self, inc_verb): + '''add a verb to the verbs array''' + self.verbs.append(inc_verb) + + def add_api_group(self, inc_apigroup): + '''add an api_group to the api_groups array''' + self.api_groups.append(inc_apigroup) + + def add_resource(self, inc_resource): + '''add an resource to the resources array''' + self.resources.append(inc_resource) + + def remove_verb(self, inc_verb): + '''add a verb to the verbs array''' + try: + self.verbs.remove(inc_verb) + return True + except ValueError: + pass + + return False + + def remove_api_group(self, inc_api_group): + '''add a verb to the verbs array''' + try: + self.api_groups.remove(inc_api_group) + return True + except ValueError: + pass + + return False + + def remove_resource(self, inc_resource): + '''add a verb to the verbs array''' + try: + self.resources.remove(inc_resource) + return True + except ValueError: + pass + + return False + + def __eq__(self, other): + '''return whether rules are equal''' + return (self.attribute_restrictions == other.attribute_restrictions and + self.api_groups == other.api_groups and + self.resources == other.resources and + self.verbs == other.verbs) + + + @staticmethod + def parse_rules(inc_rules): + '''create rules from an array''' + + results = [] + for rule in inc_rules: + results.append(Rule(rule['apiGroups'], + rule['attributeRestrictions'], + rule['resources'], + rule['verbs'])) + + return results + +# -*- -*- -*- End included fragment: lib/rule.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: lib/clusterrole.py -*- -*- -*- + + +# pylint: disable=too-many-public-methods +class ClusterRole(Yedit): + ''' Class to model an openshift ClusterRole''' + rules_path = "rules" + + def __init__(self, name=None, content=None): + ''' Constructor for clusterrole ''' + if content is None: + content = ClusterRole.builder(name).yaml_dict + + super(ClusterRole, self).__init__(content=content) + + self.__rules = Rule.parse_rules(self.get(ClusterRole.rules_path)) or [] + + @property + def rules(self): + return self.__rules + + @rules.setter + def rules(self, data): + self.__rules = data + self.put(ClusterRole.rules_path, self.__rules) + + def rule_exists(self, inc_rule): + '''attempt to find the inc_rule in the rules list''' + for rule in self.rules: + if rule == inc_rule: + return True + + return False + + def compare(self, other, verbose=False): + '''compare function for clusterrole''' + for rule in other.rules: + if rule not in self.rules: + if verbose: + print('Rule in other not found in self. [{}]'.format(rule)) + return False + + for rule in self.rules: + if rule not in other.rules: + if verbose: + print('Rule in self not found in other. [{}]'.format(rule)) + return False + + return True + + @staticmethod + def builder(name='default_clusterrole', rules=None): + '''return a clusterrole with name and/or rules''' + if rules is None: + rules = [{'apiGroups': [""], + 'attributeRestrictions': None, + 'verbs': [], + 'resources': []}] + content = { + 'apiVersion': 'v1', + 'kind': 'ClusterRole', + 'metadata': {'name': '{}'.format(name)}, + 'rules': rules, + } + + return ClusterRole(content=content) + + +# -*- -*- -*- End included fragment: lib/clusterrole.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: class/oc_clusterrole.py -*- -*- -*- + + +# pylint: disable=too-many-instance-attributes +class OCClusterRole(OpenShiftCLI): + ''' Class to manage clusterrole objects''' + kind = 'clusterrole' + + def __init__(self, + name, + rules=None, + kubeconfig=None, + verbose=False): + ''' Constructor for OCClusterRole ''' + super(OCClusterRole, self).__init__(None, kubeconfig=kubeconfig, verbose=verbose) + self.verbose = verbose + self.name = name + self._clusterrole = None + self._inc_clusterrole = ClusterRole.builder(name, rules) + + @property + def clusterrole(self): + ''' property for clusterrole''' + if not self._clusterrole: + self.get() + return self._clusterrole + + @clusterrole.setter + def clusterrole(self, data): + ''' setter function for clusterrole property''' + self._clusterrole = data + + @property + def inc_clusterrole(self): + ''' property for inc_clusterrole''' + return self._inc_clusterrole + + @inc_clusterrole.setter + def inc_clusterrole(self, data): + ''' setter function for inc_clusterrole property''' + self._inc_clusterrole = data + + def exists(self): + ''' return whether a clusterrole exists ''' + if self.clusterrole: + return True + + return False + + def get(self): + '''return a clusterrole ''' + result = self._get(self.kind, self.name) + + if result['returncode'] == 0: + self.clusterrole = ClusterRole(content=result['results'][0]) + result['results'] = self.clusterrole.yaml_dict + + elif 'clusterrole "{}" not found'.format(self.name) in result['stderr']: + result['returncode'] = 0 + + return result + + def delete(self): + '''delete the object''' + return self._delete(self.kind, self.name) + + def create(self): + '''create a clusterrole from the proposed incoming clusterrole''' + return self._create_from_content(self.name, self.inc_clusterrole.yaml_dict) + + def update(self): + '''update a project''' + return self._replace_content(self.kind, self.name, self.inc_clusterrole.yaml_dict) + + def needs_update(self): + ''' verify an update is needed''' + return not self.clusterrole.compare(self.inc_clusterrole, self.verbose) + + # pylint: disable=too-many-return-statements,too-many-branches + @staticmethod + def run_ansible(params, check_mode): + '''run the idempotent ansible code''' + + oc_clusterrole = OCClusterRole(params['name'], + params['rules'], + params['kubeconfig'], + params['debug']) + + state = params['state'] + + api_rval = oc_clusterrole.get() + + ##### + # Get + ##### + if state == 'list': + return {'changed': False, 'results': api_rval, 'state': state} + + ######## + # Delete + ######## + if state == 'absent': + if oc_clusterrole.exists(): + + if check_mode: + return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'} + + api_rval = oc_clusterrole.delete() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + return {'changed': False, 'state': state} + + if state == 'present': + ######## + # Create + ######## + if not oc_clusterrole.exists(): + + if check_mode: + return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'} + + # Create it here + api_rval = oc_clusterrole.create() + + # return the created object + api_rval = oc_clusterrole.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + ######## + # Update + ######## + if oc_clusterrole.needs_update(): + + if check_mode: + return {'changed': True, 'msg': 'CHECK_MODE: Would have performed an update.'} + + api_rval = oc_clusterrole.update() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + # return the created object + api_rval = oc_clusterrole.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + return {'changed': False, 'results': api_rval, 'state': state} + + return {'failed': True, + 'changed': False, + 'msg': 'Unknown state passed. [%s]' % state} + +# -*- -*- -*- End included fragment: class/oc_clusterrole.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: ansible/oc_clusterrole.py -*- -*- -*- + +def main(): + ''' + ansible oc module for clusterrole + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + name=dict(default=None, type='str'), + rules=dict(default=None, type='list'), + ), + supports_check_mode=True, + ) + + results = OCClusterRole.run_ansible(module.params, module.check_mode) + + if 'failed' in results: + module.fail_json(**results) + + module.exit_json(**results) + +if __name__ == '__main__': + main() + +# -*- -*- -*- End included fragment: ansible/oc_clusterrole.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_configmap.py b/roles/lib_openshift/library/oc_configmap.py new file mode 100644 index 000000000..96345ffe0 --- /dev/null +++ b/roles/lib_openshift/library/oc_configmap.py @@ -0,0 +1,1620 @@ +#!/usr/bin/env python +# pylint: disable=missing-docstring +# flake8: noqa: T001 +# ___ ___ _ _ ___ ___ _ _____ ___ ___ +# / __| __| \| | __| _ \ /_\_ _| __| \ +# | (_ | _|| .` | _|| / / _ \| | | _|| |) | +# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____ +# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _| +# | |) | (_) | | .` | (_) || | | _|| |) | | | | +# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_| +# +# Copyright 2016 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# -*- -*- -*- Begin included fragment: lib/import.py -*- -*- -*- +''' + OpenShiftCLI class that wraps the oc commands in a subprocess +''' +# pylint: disable=too-many-lines + +from __future__ import print_function +import atexit +import copy +import json +import os +import re +import shutil +import subprocess +import tempfile +# pylint: disable=import-error +try: + import ruamel.yaml as yaml +except ImportError: + import yaml + +from ansible.module_utils.basic import AnsibleModule + +# -*- -*- -*- End included fragment: lib/import.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: doc/configmap -*- -*- -*- + +DOCUMENTATION = ''' +--- +module: oc_configmap +short_description: Modify, and idempotently manage openshift configmaps +description: + - Modify openshift configmaps programmatically. +options: + state: + description: + - Supported states, present, absent, list + - present - will ensure object is created or updated to the value specified + - list - will return a configmap + - absent - will remove the configmap + required: False + default: present + choices: ["present", 'absent', 'list'] + aliases: [] + kubeconfig: + description: + - The path for the kubeconfig file to use for authentication + required: false + default: /etc/origin/master/admin.kubeconfig + aliases: [] + debug: + description: + - Turn on debug output. + required: false + default: False + aliases: [] + name: + description: + - Name of the object that is being queried. + required: True + default: None + aliases: [] + namespace: + description: + - The namespace where the object lives. + required: false + default: default + aliases: [] + from_file: + description: + - A dict of key, value pairs representing the configmap key and the value represents the file path. + required: false + default: None + aliases: [] + from_literal: + description: + - A dict of key, value pairs representing the configmap key and the value represents the string content + required: false + default: None + aliases: [] +author: +- "kenny woodson <kwoodson@redhat.com>" +extends_documentation_fragment: [] +''' + +EXAMPLES = ''' +- name: create group + oc_configmap: + state: present + name: testmap + from_file: + secret: /path/to/secret + from_literal: + title: systemadmin + register: configout +''' + +# -*- -*- -*- End included fragment: doc/configmap -*- -*- -*- + +# -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- + + +class YeditException(Exception): + ''' Exception class for Yedit ''' + pass + + +# pylint: disable=too-many-public-methods +class Yedit(object): + ''' Class to modify yaml files ''' + re_valid_key = r"(((\[-?\d+\])|([0-9a-zA-Z%s/_-]+)).?)+$" + re_key = r"(?:\[(-?\d+)\])|([0-9a-zA-Z%s/_-]+)" + com_sep = set(['.', '#', '|', ':']) + + # pylint: disable=too-many-arguments + def __init__(self, + filename=None, + content=None, + content_type='yaml', + separator='.', + backup=False): + self.content = content + self._separator = separator + self.filename = filename + self.__yaml_dict = content + self.content_type = content_type + self.backup = backup + self.load(content_type=self.content_type) + if self.__yaml_dict is None: + self.__yaml_dict = {} + + @property + def separator(self): + ''' getter method for separator ''' + return self._separator + + @separator.setter + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep + + @property + def yaml_dict(self): + ''' getter method for yaml_dict ''' + return self.__yaml_dict + + @yaml_dict.setter + def yaml_dict(self, value): + ''' setter method for yaml_dict ''' + self.__yaml_dict = value + + @staticmethod + def parse_key(key, sep='.'): + '''parse the key allowing the appropriate separator''' + common_separators = list(Yedit.com_sep - set([sep])) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) + + @staticmethod + def valid_key(key, sep='.'): + '''validate the incoming key''' + common_separators = list(Yedit.com_sep - set([sep])) + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): + return False + + return True + + @staticmethod + def remove_entry(data, key, sep='.'): + ''' remove data at location key ''' + if key == '' and isinstance(data, dict): + data.clear() + return True + elif key == '' and isinstance(data, list): + del data[:] + return True + + if not (key and Yedit.valid_key(key, sep)) and \ + isinstance(data, (list, dict)): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key and isinstance(data, dict): + data = data.get(dict_key) + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + return None + + # process last index for remove + # expected list entry + if key_indexes[-1][0]: + if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501 + del data[int(key_indexes[-1][0])] + return True + + # expected dict entry + elif key_indexes[-1][1]: + if isinstance(data, dict): + del data[key_indexes[-1][1]] + return True + + @staticmethod + def add_entry(data, key, item=None, sep='.'): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a#b + return c + ''' + if key == '': + pass + elif (not (key and Yedit.valid_key(key, sep)) and + isinstance(data, (list, dict))): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key: + if isinstance(data, dict) and dict_key in data and data[dict_key]: # noqa: E501 + data = data[dict_key] + continue + + elif data and not isinstance(data, dict): + raise YeditException("Unexpected item type found while going through key " + + "path: {} (at key: {})".format(key, dict_key)) + + data[dict_key] = {} + data = data[dict_key] + + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + raise YeditException("Unexpected item type found while going through key path: {}".format(key)) + + if key == '': + data = item + + # process last index for add + # expected list entry + elif key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501 + data[int(key_indexes[-1][0])] = item + + # expected dict entry + elif key_indexes[-1][1] and isinstance(data, dict): + data[key_indexes[-1][1]] = item + + # didn't add/update to an existing list, nor add/update key to a dict + # so we must have been provided some syntax like a.b.c[<int>] = "data" for a + # non-existent array + else: + raise YeditException("Error adding to object at path: {}".format(key)) + + return data + + @staticmethod + def get_entry(data, key, sep='.'): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if key == '': + pass + elif (not (key and Yedit.valid_key(key, sep)) and + isinstance(data, (list, dict))): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes: + if dict_key and isinstance(data, dict): + data = data.get(dict_key) + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + return None + + return data + + @staticmethod + def _write(filename, contents): + ''' Actually write the file contents to disk. This helps with mocking. ''' + + tmp_filename = filename + '.yedit' + + with open(tmp_filename, 'w') as yfd: + yfd.write(contents) + + os.rename(tmp_filename, filename) + + def write(self): + ''' write to file ''' + if not self.filename: + raise YeditException('Please specify a filename.') + + if self.backup and self.file_exists(): + shutil.copy(self.filename, self.filename + '.orig') + + # Try to set format attributes if supported + try: + self.yaml_dict.fa.set_block_style() + except AttributeError: + pass + + # Try to use RoundTripDumper if supported. + try: + Yedit._write(self.filename, yaml.dump(self.yaml_dict, Dumper=yaml.RoundTripDumper)) + except AttributeError: + Yedit._write(self.filename, yaml.safe_dump(self.yaml_dict, default_flow_style=False)) + + return (True, self.yaml_dict) + + def read(self): + ''' read from file ''' + # check if it exists + if self.filename is None or not self.file_exists(): + return None + + contents = None + with open(self.filename) as yfd: + contents = yfd.read() + + return contents + + def file_exists(self): + ''' return whether file exists ''' + if os.path.exists(self.filename): + return True + + return False + + def load(self, content_type='yaml'): + ''' return yaml file ''' + contents = self.read() + + if not contents and not self.content: + return None + + if self.content: + if isinstance(self.content, dict): + self.yaml_dict = self.content + return self.yaml_dict + elif isinstance(self.content, str): + contents = self.content + + # check if it is yaml + try: + if content_type == 'yaml' and contents: + # Try to set format attributes if supported + try: + self.yaml_dict.fa.set_block_style() + except AttributeError: + pass + + # Try to use RoundTripLoader if supported. + try: + self.yaml_dict = yaml.safe_load(contents, yaml.RoundTripLoader) + except AttributeError: + self.yaml_dict = yaml.safe_load(contents) + + # Try to set format attributes if supported + try: + self.yaml_dict.fa.set_block_style() + except AttributeError: + pass + + elif content_type == 'json' and contents: + self.yaml_dict = json.loads(contents) + except yaml.YAMLError as err: + # Error loading yaml or json + raise YeditException('Problem with loading yaml file. {}'.format(err)) + + return self.yaml_dict + + def get(self, key): + ''' get a specified key''' + try: + entry = Yedit.get_entry(self.yaml_dict, key, self.separator) + except KeyError: + entry = None + + return entry + + def pop(self, path, key_or_item): + ''' remove a key, value pair from a dict or an item for a list''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + return (False, self.yaml_dict) + + if isinstance(entry, dict): + # AUDIT:maybe-no-member makes sense due to fuzzy types + # pylint: disable=maybe-no-member + if key_or_item in entry: + entry.pop(key_or_item) + return (True, self.yaml_dict) + return (False, self.yaml_dict) + + elif isinstance(entry, list): + # AUDIT:maybe-no-member makes sense due to fuzzy types + # pylint: disable=maybe-no-member + ind = None + try: + ind = entry.index(key_or_item) + except ValueError: + return (False, self.yaml_dict) + + entry.pop(ind) + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + + def delete(self, path): + ''' remove path from a dict''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + return (False, self.yaml_dict) + + result = Yedit.remove_entry(self.yaml_dict, path, self.separator) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def exists(self, path, value): + ''' check if value exists at path''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if isinstance(entry, list): + if value in entry: + return True + return False + + elif isinstance(entry, dict): + if isinstance(value, dict): + rval = False + for key, val in value.items(): + if entry[key] != val: + rval = False + break + else: + rval = True + return rval + + return value in entry + + return entry == value + + def append(self, path, value): + '''append value to a list''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + self.put(path, []) + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + if not isinstance(entry, list): + return (False, self.yaml_dict) + + # AUDIT:maybe-no-member makes sense due to loading data from + # a serialized format. + # pylint: disable=maybe-no-member + entry.append(value) + return (True, self.yaml_dict) + + # pylint: disable=too-many-arguments + def update(self, path, value, index=None, curr_value=None): + ''' put path, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if isinstance(entry, dict): + # AUDIT:maybe-no-member makes sense due to fuzzy types + # pylint: disable=maybe-no-member + if not isinstance(value, dict): + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) + + entry.update(value) + return (True, self.yaml_dict) + + elif isinstance(entry, list): + # AUDIT:maybe-no-member makes sense due to fuzzy types + # pylint: disable=maybe-no-member + ind = None + if curr_value: + try: + ind = entry.index(curr_value) + except ValueError: + return (False, self.yaml_dict) + + elif index is not None: + ind = index + + if ind is not None and entry[ind] != value: + entry[ind] = value + return (True, self.yaml_dict) + + # see if it exists in the list + try: + ind = entry.index(value) + except ValueError: + # doesn't exist, append it + entry.append(value) + return (True, self.yaml_dict) + + # already exists, return + if ind is not None: + return (False, self.yaml_dict) + return (False, self.yaml_dict) + + def put(self, path, value): + ''' put path, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry == value: + return (False, self.yaml_dict) + + # deepcopy didn't work + # Try to use ruamel.yaml and fallback to pyyaml + try: + tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict, + default_flow_style=False), + yaml.RoundTripLoader) + except AttributeError: + tmp_copy = copy.deepcopy(self.yaml_dict) + + # set the format attributes if available + try: + tmp_copy.fa.set_block_style() + except AttributeError: + pass + + result = Yedit.add_entry(tmp_copy, path, value, self.separator) + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + + self.yaml_dict = tmp_copy + + return (True, self.yaml_dict) + + def create(self, path, value): + ''' create a yaml file ''' + if not self.file_exists(): + # deepcopy didn't work + # Try to use ruamel.yaml and fallback to pyyaml + try: + tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict, + default_flow_style=False), + yaml.RoundTripLoader) + except AttributeError: + tmp_copy = copy.deepcopy(self.yaml_dict) + + # set the format attributes if available + try: + tmp_copy.fa.set_block_style() + except AttributeError: + pass + + result = Yedit.add_entry(tmp_copy, path, value, self.separator) + if result is not None: + self.yaml_dict = tmp_copy + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + + @staticmethod + def get_curr_value(invalue, val_type): + '''return the current value''' + if invalue is None: + return None + + curr_value = invalue + if val_type == 'yaml': + curr_value = yaml.load(invalue) + elif val_type == 'json': + curr_value = json.loads(invalue) + + return curr_value + + @staticmethod + def parse_value(inc_value, vtype=''): + '''determine value type passed''' + true_bools = ['y', 'Y', 'yes', 'Yes', 'YES', 'true', 'True', 'TRUE', + 'on', 'On', 'ON', ] + false_bools = ['n', 'N', 'no', 'No', 'NO', 'false', 'False', 'FALSE', + 'off', 'Off', 'OFF'] + + # It came in as a string but you didn't specify value_type as string + # we will convert to bool if it matches any of the above cases + if isinstance(inc_value, str) and 'bool' in vtype: + if inc_value not in true_bools and inc_value not in false_bools: + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) + elif isinstance(inc_value, bool) and 'str' in vtype: + inc_value = str(inc_value) + + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass + # If vtype is not str then go ahead and attempt to yaml load it. + elif isinstance(inc_value, str) and 'str' not in vtype: + try: + inc_value = yaml.safe_load(inc_value) + except Exception: + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) + + return inc_value + + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + + # pylint: disable=too-many-return-statements,too-many-branches + @staticmethod + def run_ansible(params): + '''perform the idempotent crud operations''' + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) + + state = params['state'] + + if params['src']: + rval = yamlfile.load() + + if yamlfile.yaml_dict is None and state != 'present': + return {'failed': True, + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) + yamlfile.yaml_dict = content + + if params['key']: + rval = yamlfile.get(params['key']) or {} + + return {'changed': False, 'result': rval, 'state': state} + + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) + yamlfile.yaml_dict = content + + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) + else: + rval = yamlfile.delete(params['key']) + + if rval[0] and params['src']: + yamlfile.write() + + return {'changed': rval[0], 'result': rval[1], 'state': state} + + elif state == 'present': + # check if content is different than what is in the file + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) + + # We had no edits to make and the contents are the same + if yamlfile.yaml_dict == content and \ + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} + + yamlfile.yaml_dict = content + + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] + + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] + + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) + + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: + yamlfile.write() + + return {'changed': results['changed'], 'result': results['results'], 'state': state} + + # no edits to make + if params['src']: + # pylint: disable=redefined-variable-type + rval = yamlfile.write() + return {'changed': rval[0], + 'result': rval[1], + 'state': state} + + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} + return {'failed': True, 'msg': 'Unkown state passed'} + +# -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: lib/base.py -*- -*- -*- +# pylint: disable=too-many-lines +# noqa: E301,E302,E303,T001 + + +class OpenShiftCLIError(Exception): + '''Exception class for openshiftcli''' + pass + + +ADDITIONAL_PATH_LOOKUPS = ['/usr/local/bin', os.path.expanduser('~/bin')] + + +def locate_oc_binary(): + ''' Find and return oc binary file ''' + # https://github.com/openshift/openshift-ansible/issues/3410 + # oc can be in /usr/local/bin in some cases, but that may not + # be in $PATH due to ansible/sudo + paths = os.environ.get("PATH", os.defpath).split(os.pathsep) + ADDITIONAL_PATH_LOOKUPS + + oc_binary = 'oc' + + # Use shutil.which if it is available, otherwise fallback to a naive path search + try: + which_result = shutil.which(oc_binary, path=os.pathsep.join(paths)) + if which_result is not None: + oc_binary = which_result + except AttributeError: + for path in paths: + if os.path.exists(os.path.join(path, oc_binary)): + oc_binary = os.path.join(path, oc_binary) + break + + return oc_binary + + +# pylint: disable=too-few-public-methods +class OpenShiftCLI(object): + ''' Class to wrap the command line tools ''' + def __init__(self, + namespace, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False, + all_namespaces=False): + ''' Constructor for OpenshiftCLI ''' + self.namespace = namespace + self.verbose = verbose + self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) + self.all_namespaces = all_namespaces + self.oc_binary = locate_oc_binary() + + # Pylint allows only 5 arguments to be passed. + # pylint: disable=too-many-arguments + def _replace_content(self, resource, rname, content, force=False, sep='.'): + ''' replace the current object with the content ''' + res = self._get(resource, rname) + if not res['results']: + return res + + fname = Utils.create_tmpfile(rname + '-') + + yed = Yedit(fname, res['results'][0], separator=sep) + changes = [] + for key, value in content.items(): + changes.append(yed.put(key, value)) + + if any([change[0] for change in changes]): + yed.write() + + atexit.register(Utils.cleanup, [fname]) + + return self._replace(fname, force) + + return {'returncode': 0, 'updated': False} + + def _replace(self, fname, force=False): + '''replace the current object with oc replace''' + cmd = ['replace', '-f', fname] + if force: + cmd.append('--force') + return self.openshift_cmd(cmd) + + def _create_from_content(self, rname, content): + '''create a temporary file and then call oc create on it''' + fname = Utils.create_tmpfile(rname + '-') + yed = Yedit(fname, content=content) + yed.write() + + atexit.register(Utils.cleanup, [fname]) + + return self._create(fname) + + def _create(self, fname): + '''call oc create on a filename''' + return self.openshift_cmd(['create', '-f', fname]) + + def _delete(self, resource, rname, selector=None): + '''call oc delete on a resource''' + cmd = ['delete', resource, rname] + if selector: + cmd.append('--selector=%s' % selector) + + return self.openshift_cmd(cmd) + + def _process(self, template_name, create=False, params=None, template_data=None): # noqa: E501 + '''process a template + + template_name: the name of the template to process + create: whether to send to oc create after processing + params: the parameters for the template + template_data: the incoming template's data; instead of a file + ''' + cmd = ['process'] + if template_data: + cmd.extend(['-f', '-']) + else: + cmd.append(template_name) + if params: + param_str = ["%s=%s" % (key, value) for key, value in params.items()] + cmd.append('-v') + cmd.extend(param_str) + + results = self.openshift_cmd(cmd, output=True, input_data=template_data) + + if results['returncode'] != 0 or not create: + return results + + fname = Utils.create_tmpfile(template_name + '-') + yed = Yedit(fname, results['results']) + yed.write() + + atexit.register(Utils.cleanup, [fname]) + + return self.openshift_cmd(['create', '-f', fname]) + + def _get(self, resource, rname=None, selector=None): + '''return a resource by name ''' + cmd = ['get', resource] + if selector: + cmd.append('--selector=%s' % selector) + elif rname: + cmd.append(rname) + + cmd.extend(['-o', 'json']) + + rval = self.openshift_cmd(cmd, output=True) + + # Ensure results are retuned in an array + if 'items' in rval: + rval['results'] = rval['items'] + elif not isinstance(rval['results'], list): + rval['results'] = [rval['results']] + + return rval + + def _schedulable(self, node=None, selector=None, schedulable=True): + ''' perform oadm manage-node scheduable ''' + cmd = ['manage-node'] + if node: + cmd.extend(node) + else: + cmd.append('--selector=%s' % selector) + + cmd.append('--schedulable=%s' % schedulable) + + return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') # noqa: E501 + + def _list_pods(self, node=None, selector=None, pod_selector=None): + ''' perform oadm list pods + + node: the node in which to list pods + selector: the label selector filter if provided + pod_selector: the pod selector filter if provided + ''' + cmd = ['manage-node'] + if node: + cmd.extend(node) + else: + cmd.append('--selector=%s' % selector) + + if pod_selector: + cmd.append('--pod-selector=%s' % pod_selector) + + cmd.extend(['--list-pods', '-o', 'json']) + + return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') + + # pylint: disable=too-many-arguments + def _evacuate(self, node=None, selector=None, pod_selector=None, dry_run=False, grace_period=None, force=False): + ''' perform oadm manage-node evacuate ''' + cmd = ['manage-node'] + if node: + cmd.extend(node) + else: + cmd.append('--selector=%s' % selector) + + if dry_run: + cmd.append('--dry-run') + + if pod_selector: + cmd.append('--pod-selector=%s' % pod_selector) + + if grace_period: + cmd.append('--grace-period=%s' % int(grace_period)) + + if force: + cmd.append('--force') + + cmd.append('--evacuate') + + return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') + + def _version(self): + ''' return the openshift version''' + return self.openshift_cmd(['version'], output=True, output_type='raw') + + def _import_image(self, url=None, name=None, tag=None): + ''' perform image import ''' + cmd = ['import-image'] + + image = '{0}'.format(name) + if tag: + image += ':{0}'.format(tag) + + cmd.append(image) + + if url: + cmd.append('--from={0}/{1}'.format(url, image)) + + cmd.append('-n{0}'.format(self.namespace)) + + cmd.append('--confirm') + return self.openshift_cmd(cmd) + + def _run(self, cmds, input_data): + ''' Actually executes the command. This makes mocking easier. ''' + curr_env = os.environ.copy() + curr_env.update({'KUBECONFIG': self.kubeconfig}) + proc = subprocess.Popen(cmds, + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + env=curr_env) + + stdout, stderr = proc.communicate(input_data) + + return proc.returncode, stdout.decode(), stderr.decode() + + # pylint: disable=too-many-arguments,too-many-branches + def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json', input_data=None): + '''Base command for oc ''' + cmds = [self.oc_binary] + + if oadm: + cmds.append('adm') + + cmds.extend(cmd) + + if self.all_namespaces: + cmds.extend(['--all-namespaces']) + elif self.namespace is not None and self.namespace.lower() not in ['none', 'emtpy']: # E501 + cmds.extend(['-n', self.namespace]) + + rval = {} + results = '' + err = None + + if self.verbose: + print(' '.join(cmds)) + + try: + returncode, stdout, stderr = self._run(cmds, input_data) + except OSError as ex: + returncode, stdout, stderr = 1, '', 'Failed to execute {}: {}'.format(subprocess.list2cmdline(cmds), ex) + + rval = {"returncode": returncode, + "results": results, + "cmd": ' '.join(cmds)} + + if returncode == 0: + if output: + if output_type == 'json': + try: + rval['results'] = json.loads(stdout) + except ValueError as verr: + if "No JSON object could be decoded" in verr.args: + err = verr.args + elif output_type == 'raw': + rval['results'] = stdout + + if self.verbose: + print("STDOUT: {0}".format(stdout)) + print("STDERR: {0}".format(stderr)) + + if err: + rval.update({"err": err, + "stderr": stderr, + "stdout": stdout, + "cmd": cmds}) + + else: + rval.update({"stderr": stderr, + "stdout": stdout, + "results": {}}) + + return rval + + +class Utils(object): + ''' utilities for openshiftcli modules ''' + + @staticmethod + def _write(filename, contents): + ''' Actually write the file contents to disk. This helps with mocking. ''' + + with open(filename, 'w') as sfd: + sfd.write(contents) + + @staticmethod + def create_tmp_file_from_contents(rname, data, ftype='yaml'): + ''' create a file in tmp with name and contents''' + + tmp = Utils.create_tmpfile(prefix=rname) + + if ftype == 'yaml': + # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage + # pylint: disable=no-member + if hasattr(yaml, 'RoundTripDumper'): + Utils._write(tmp, yaml.dump(data, Dumper=yaml.RoundTripDumper)) + else: + Utils._write(tmp, yaml.safe_dump(data, default_flow_style=False)) + + elif ftype == 'json': + Utils._write(tmp, json.dumps(data)) + else: + Utils._write(tmp, data) + + # Register cleanup when module is done + atexit.register(Utils.cleanup, [tmp]) + return tmp + + @staticmethod + def create_tmpfile_copy(inc_file): + '''create a temporary copy of a file''' + tmpfile = Utils.create_tmpfile('lib_openshift-') + Utils._write(tmpfile, open(inc_file).read()) + + # Cleanup the tmpfile + atexit.register(Utils.cleanup, [tmpfile]) + + return tmpfile + + @staticmethod + def create_tmpfile(prefix='tmp'): + ''' Generates and returns a temporary file name ''' + + with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: + return tmp.name + + @staticmethod + def create_tmp_files_from_contents(content, content_type=None): + '''Turn an array of dict: filename, content into a files array''' + if not isinstance(content, list): + content = [content] + files = [] + for item in content: + path = Utils.create_tmp_file_from_contents(item['path'] + '-', + item['data'], + ftype=content_type) + files.append({'name': os.path.basename(item['path']), + 'path': path}) + return files + + @staticmethod + def cleanup(files): + '''Clean up on exit ''' + for sfile in files: + if os.path.exists(sfile): + if os.path.isdir(sfile): + shutil.rmtree(sfile) + elif os.path.isfile(sfile): + os.remove(sfile) + + @staticmethod + def exists(results, _name): + ''' Check to see if the results include the name ''' + if not results: + return False + + if Utils.find_result(results, _name): + return True + + return False + + @staticmethod + def find_result(results, _name): + ''' Find the specified result by name''' + rval = None + for result in results: + if 'metadata' in result and result['metadata']['name'] == _name: + rval = result + break + + return rval + + @staticmethod + def get_resource_file(sfile, sfile_type='yaml'): + ''' return the service file ''' + contents = None + with open(sfile) as sfd: + contents = sfd.read() + + if sfile_type == 'yaml': + # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage + # pylint: disable=no-member + if hasattr(yaml, 'RoundTripLoader'): + contents = yaml.load(contents, yaml.RoundTripLoader) + else: + contents = yaml.safe_load(contents) + elif sfile_type == 'json': + contents = json.loads(contents) + + return contents + + @staticmethod + def filter_versions(stdout): + ''' filter the oc version output ''' + + version_dict = {} + version_search = ['oc', 'openshift', 'kubernetes'] + + for line in stdout.strip().split('\n'): + for term in version_search: + if not line: + continue + if line.startswith(term): + version_dict[term] = line.split()[-1] + + # horrible hack to get openshift version in Openshift 3.2 + # By default "oc version in 3.2 does not return an "openshift" version + if "openshift" not in version_dict: + version_dict["openshift"] = version_dict["oc"] + + return version_dict + + @staticmethod + def add_custom_versions(versions): + ''' create custom versions strings ''' + + versions_dict = {} + + for tech, version in versions.items(): + # clean up "-" from version + if "-" in version: + version = version.split("-")[0] + + if version.startswith('v'): + versions_dict[tech + '_numeric'] = version[1:].split('+')[0] + # "v3.3.0.33" is what we have, we want "3.3" + versions_dict[tech + '_short'] = version[1:4] + + return versions_dict + + @staticmethod + def openshift_installed(): + ''' check if openshift is installed ''' + import yum + + yum_base = yum.YumBase() + if yum_base.rpmdb.searchNevra(name='atomic-openshift'): + return True + + return False + + # Disabling too-many-branches. This is a yaml dictionary comparison function + # pylint: disable=too-many-branches,too-many-return-statements,too-many-statements + @staticmethod + def check_def_equal(user_def, result_def, skip_keys=None, debug=False): + ''' Given a user defined definition, compare it with the results given back by our query. ''' + + # Currently these values are autogenerated and we do not need to check them + skip = ['metadata', 'status'] + if skip_keys: + skip.extend(skip_keys) + + for key, value in result_def.items(): + if key in skip: + continue + + # Both are lists + if isinstance(value, list): + if key not in user_def: + if debug: + print('User data does not have key [%s]' % key) + print('User data: %s' % user_def) + return False + + if not isinstance(user_def[key], list): + if debug: + print('user_def[key] is not a list key=[%s] user_def[key]=%s' % (key, user_def[key])) + return False + + if len(user_def[key]) != len(value): + if debug: + print("List lengths are not equal.") + print("key=[%s]: user_def[%s] != value[%s]" % (key, len(user_def[key]), len(value))) + print("user_def: %s" % user_def[key]) + print("value: %s" % value) + return False + + for values in zip(user_def[key], value): + if isinstance(values[0], dict) and isinstance(values[1], dict): + if debug: + print('sending list - list') + print(type(values[0])) + print(type(values[1])) + result = Utils.check_def_equal(values[0], values[1], skip_keys=skip_keys, debug=debug) + if not result: + print('list compare returned false') + return False + + elif value != user_def[key]: + if debug: + print('value should be identical') + print(user_def[key]) + print(value) + return False + + # recurse on a dictionary + elif isinstance(value, dict): + if key not in user_def: + if debug: + print("user_def does not have key [%s]" % key) + return False + if not isinstance(user_def[key], dict): + if debug: + print("dict returned false: not instance of dict") + return False + + # before passing ensure keys match + api_values = set(value.keys()) - set(skip) + user_values = set(user_def[key].keys()) - set(skip) + if api_values != user_values: + if debug: + print("keys are not equal in dict") + print(user_values) + print(api_values) + return False + + result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) + if not result: + if debug: + print("dict returned false") + print(result) + return False + + # Verify each key, value pair is the same + else: + if key not in user_def or value != user_def[key]: + if debug: + print("value not equal; user_def does not have key") + print(key) + print(value) + if key in user_def: + print(user_def[key]) + return False + + if debug: + print('returning true') + return True + + +class OpenShiftCLIConfig(object): + '''Generic Config''' + def __init__(self, rname, namespace, kubeconfig, options): + self.kubeconfig = kubeconfig + self.name = rname + self.namespace = namespace + self._options = options + + @property + def config_options(self): + ''' return config options ''' + return self._options + + def to_option_list(self): + '''return all options as a string''' + return self.stringify() + + def stringify(self): + ''' return the options hash as cli params in a string ''' + rval = [] + for key in sorted(self.config_options.keys()): + data = self.config_options[key] + if data['include'] \ + and (data['value'] or isinstance(data['value'], int)): + rval.append('--{}={}'.format(key.replace('_', '-'), data['value'])) + + return rval + + +# -*- -*- -*- End included fragment: lib/base.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: class/oc_configmap.py -*- -*- -*- + + +# pylint: disable=too-many-arguments +class OCConfigMap(OpenShiftCLI): + ''' Openshift ConfigMap Class + + ConfigMaps are a way to store data inside of objects + ''' + def __init__(self, + name, + from_file, + from_literal, + state, + namespace, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False): + ''' Constructor for OpenshiftOC ''' + super(OCConfigMap, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose) + self.name = name + self.state = state + self._configmap = None + self._inc_configmap = None + self.from_file = from_file if from_file is not None else {} + self.from_literal = from_literal if from_literal is not None else {} + + @property + def configmap(self): + if self._configmap is None: + self._configmap = self.get() + + return self._configmap + + @configmap.setter + def configmap(self, inc_map): + self._configmap = inc_map + + @property + def inc_configmap(self): + if self._inc_configmap is None: + results = self.create(dryrun=True, output=True) + self._inc_configmap = results['results'] + + return self._inc_configmap + + @inc_configmap.setter + def inc_configmap(self, inc_map): + self._inc_configmap = inc_map + + def from_file_to_params(self): + '''return from_files in a string ready for cli''' + return ["--from-file={}={}".format(key, value) for key, value in self.from_file.items()] + + def from_literal_to_params(self): + '''return from_literal in a string ready for cli''' + return ["--from-literal={}={}".format(key, value) for key, value in self.from_literal.items()] + + def get(self): + '''return a configmap by name ''' + results = self._get('configmap', self.name) + if results['returncode'] == 0 and results['results'][0]: + self.configmap = results['results'][0] + + if results['returncode'] != 0 and '"{}" not found'.format(self.name) in results['stderr']: + results['returncode'] = 0 + + return results + + def delete(self): + '''delete a configmap by name''' + return self._delete('configmap', self.name) + + def create(self, dryrun=False, output=False): + '''Create a configmap + + :dryrun: Product what you would have done. default: False + :output: Whether to parse output. default: False + ''' + + cmd = ['create', 'configmap', self.name] + if self.from_literal is not None: + cmd.extend(self.from_literal_to_params()) + + if self.from_file is not None: + cmd.extend(self.from_file_to_params()) + + if dryrun: + cmd.extend(['--dry-run', '-ojson']) + + results = self.openshift_cmd(cmd, output=output) + + return results + + def update(self): + '''run update configmap ''' + return self._replace_content('configmap', self.name, self.inc_configmap) + + def needs_update(self): + '''compare the current configmap with the proposed and return if they are equal''' + return not Utils.check_def_equal(self.inc_configmap, self.configmap, debug=self.verbose) + + @staticmethod + # pylint: disable=too-many-return-statements,too-many-branches + # TODO: This function should be refactored into its individual parts. + def run_ansible(params, check_mode): + '''run the ansible idempotent code''' + + oc_cm = OCConfigMap(params['name'], + params['from_file'], + params['from_literal'], + params['state'], + params['namespace'], + kubeconfig=params['kubeconfig'], + verbose=params['debug']) + + state = params['state'] + + api_rval = oc_cm.get() + + if 'failed' in api_rval: + return {'failed': True, 'msg': api_rval} + + ##### + # Get + ##### + if state == 'list': + return {'changed': False, 'results': api_rval, 'state': state} + + ######## + # Delete + ######## + if state == 'absent': + if not Utils.exists(api_rval['results'], params['name']): + return {'changed': False, 'state': 'absent'} + + if check_mode: + return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'} + + api_rval = oc_cm.delete() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + ######## + # Create + ######## + if state == 'present': + if not Utils.exists(api_rval['results'], params['name']): + + if check_mode: + return {'changed': True, 'msg': 'Would have performed a create.'} + + api_rval = oc_cm.create() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + api_rval = oc_cm.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + ######## + # Update + ######## + if oc_cm.needs_update(): + + api_rval = oc_cm.update() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + api_rval = oc_cm.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + return {'changed': False, 'results': api_rval, 'state': state} + + return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)} + +# -*- -*- -*- End included fragment: class/oc_configmap.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: ansible/oc_configmap.py -*- -*- -*- + + +def main(): + ''' + ansible oc module for managing OpenShift configmap objects + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + namespace=dict(default='default', type='str'), + name=dict(default=None, required=True, type='str'), + from_file=dict(default=None, type='dict'), + from_literal=dict(default=None, type='dict'), + ), + supports_check_mode=True, + ) + + + rval = OCConfigMap.run_ansible(module.params, module.check_mode) + if 'failed' in rval: + module.fail_json(**rval) + + module.exit_json(**rval) + +if __name__ == '__main__': + main() + +# -*- -*- -*- End included fragment: ansible/oc_configmap.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_edit.py b/roles/lib_openshift/library/oc_edit.py index 42f50ebe7..99027c07f 100644 --- a/roles/lib_openshift/library/oc_edit.py +++ b/roles/lib_openshift/library/oc_edit.py @@ -169,8 +169,6 @@ oc_edit: # -*- -*- -*- End included fragment: doc/edit -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -204,13 +202,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -226,13 +224,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -254,7 +252,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -343,7 +341,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -443,7 +441,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -562,8 +560,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -624,7 +622,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -650,7 +658,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -682,114 +690,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) + + state = params['state'] - if module.params['src']: + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) + + elif params['edits'] is not None: + edits = params['edits'] - if rval[0] and module.params['src']: + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_env.py b/roles/lib_openshift/library/oc_env.py index 3088ea947..34f86a478 100644 --- a/roles/lib_openshift/library/oc_env.py +++ b/roles/lib_openshift/library/oc_env.py @@ -136,8 +136,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/env -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -171,13 +169,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -193,13 +191,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -221,7 +219,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -310,7 +308,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -410,7 +408,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -529,8 +527,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -591,7 +589,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -617,7 +625,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -649,114 +657,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) - if module.params['src']: + state = params['state'] + + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_group.py b/roles/lib_openshift/library/oc_group.py index 44611df82..00d67108d 100644 --- a/roles/lib_openshift/library/oc_group.py +++ b/roles/lib_openshift/library/oc_group.py @@ -109,8 +109,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/group -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -144,13 +142,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -166,13 +164,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -194,7 +192,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -283,7 +281,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -383,7 +381,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -502,8 +500,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -564,7 +562,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -590,7 +598,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -622,114 +630,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) - if module.params['src']: + state = params['state'] + + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_image.py b/roles/lib_openshift/library/oc_image.py new file mode 100644 index 000000000..ee918a2d1 --- /dev/null +++ b/roles/lib_openshift/library/oc_image.py @@ -0,0 +1,1529 @@ +#!/usr/bin/env python +# pylint: disable=missing-docstring +# flake8: noqa: T001 +# ___ ___ _ _ ___ ___ _ _____ ___ ___ +# / __| __| \| | __| _ \ /_\_ _| __| \ +# | (_ | _|| .` | _|| / / _ \| | | _|| |) | +# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____ +# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _| +# | |) | (_) | | .` | (_) || | | _|| |) | | | | +# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_| +# +# Copyright 2016 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# -*- -*- -*- Begin included fragment: lib/import.py -*- -*- -*- +''' + OpenShiftCLI class that wraps the oc commands in a subprocess +''' +# pylint: disable=too-many-lines + +from __future__ import print_function +import atexit +import copy +import json +import os +import re +import shutil +import subprocess +import tempfile +# pylint: disable=import-error +try: + import ruamel.yaml as yaml +except ImportError: + import yaml + +from ansible.module_utils.basic import AnsibleModule + +# -*- -*- -*- End included fragment: lib/import.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: doc/image -*- -*- -*- + +DOCUMENTATION = ''' +--- +module: oc_image +short_description: Create, modify, and idempotently manage openshift labels. +description: + - Modify openshift labels programmatically. +options: + state: + description: + - State controls the action that will be taken with resource + - 'present' will create. Does _not_ support update. + - 'list' will read the labels + default: present + choices: ["present", "list"] + aliases: [] + kubeconfig: + description: + - The path for the kubeconfig file to use for authentication + required: false + default: /etc/origin/master/admin.kubeconfig + aliases: [] + namespace: + description: + - The namespace where this object lives + required: false + default: default + aliases: [] + debug: + description: + - Turn on debug output. + required: false + default: False + aliases: [] + registry_url: + description: + - The url for the registry so that openshift can pull the image + required: false + default: None + aliases: [] + image_name: + description: + - The name of the image being imported + required: false + default: False + aliases: [] + image_tag: + description: + - The tag of the image being imported + required: false + default: None + aliases: [] +author: +- "Ivan Horvath<ihorvath@redhat.com>" +extends_documentation_fragment: [] +''' + +EXAMPLES = ''' +- name: Get an imagestream + oc_image: + name: php55 + state: list + register: imageout + +- name: create an imagestream + oc_image: + state: present + image_name: php55 + image_tag: int + registry_url: registry.example.com + namespace: default + register: imageout +''' + +# -*- -*- -*- End included fragment: doc/image -*- -*- -*- + +# -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- + + +class YeditException(Exception): + ''' Exception class for Yedit ''' + pass + + +# pylint: disable=too-many-public-methods +class Yedit(object): + ''' Class to modify yaml files ''' + re_valid_key = r"(((\[-?\d+\])|([0-9a-zA-Z%s/_-]+)).?)+$" + re_key = r"(?:\[(-?\d+)\])|([0-9a-zA-Z%s/_-]+)" + com_sep = set(['.', '#', '|', ':']) + + # pylint: disable=too-many-arguments + def __init__(self, + filename=None, + content=None, + content_type='yaml', + separator='.', + backup=False): + self.content = content + self._separator = separator + self.filename = filename + self.__yaml_dict = content + self.content_type = content_type + self.backup = backup + self.load(content_type=self.content_type) + if self.__yaml_dict is None: + self.__yaml_dict = {} + + @property + def separator(self): + ''' getter method for separator ''' + return self._separator + + @separator.setter + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep + + @property + def yaml_dict(self): + ''' getter method for yaml_dict ''' + return self.__yaml_dict + + @yaml_dict.setter + def yaml_dict(self, value): + ''' setter method for yaml_dict ''' + self.__yaml_dict = value + + @staticmethod + def parse_key(key, sep='.'): + '''parse the key allowing the appropriate separator''' + common_separators = list(Yedit.com_sep - set([sep])) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) + + @staticmethod + def valid_key(key, sep='.'): + '''validate the incoming key''' + common_separators = list(Yedit.com_sep - set([sep])) + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): + return False + + return True + + @staticmethod + def remove_entry(data, key, sep='.'): + ''' remove data at location key ''' + if key == '' and isinstance(data, dict): + data.clear() + return True + elif key == '' and isinstance(data, list): + del data[:] + return True + + if not (key and Yedit.valid_key(key, sep)) and \ + isinstance(data, (list, dict)): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key and isinstance(data, dict): + data = data.get(dict_key) + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + return None + + # process last index for remove + # expected list entry + if key_indexes[-1][0]: + if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501 + del data[int(key_indexes[-1][0])] + return True + + # expected dict entry + elif key_indexes[-1][1]: + if isinstance(data, dict): + del data[key_indexes[-1][1]] + return True + + @staticmethod + def add_entry(data, key, item=None, sep='.'): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a#b + return c + ''' + if key == '': + pass + elif (not (key and Yedit.valid_key(key, sep)) and + isinstance(data, (list, dict))): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key: + if isinstance(data, dict) and dict_key in data and data[dict_key]: # noqa: E501 + data = data[dict_key] + continue + + elif data and not isinstance(data, dict): + raise YeditException("Unexpected item type found while going through key " + + "path: {} (at key: {})".format(key, dict_key)) + + data[dict_key] = {} + data = data[dict_key] + + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + raise YeditException("Unexpected item type found while going through key path: {}".format(key)) + + if key == '': + data = item + + # process last index for add + # expected list entry + elif key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501 + data[int(key_indexes[-1][0])] = item + + # expected dict entry + elif key_indexes[-1][1] and isinstance(data, dict): + data[key_indexes[-1][1]] = item + + # didn't add/update to an existing list, nor add/update key to a dict + # so we must have been provided some syntax like a.b.c[<int>] = "data" for a + # non-existent array + else: + raise YeditException("Error adding to object at path: {}".format(key)) + + return data + + @staticmethod + def get_entry(data, key, sep='.'): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if key == '': + pass + elif (not (key and Yedit.valid_key(key, sep)) and + isinstance(data, (list, dict))): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes: + if dict_key and isinstance(data, dict): + data = data.get(dict_key) + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + return None + + return data + + @staticmethod + def _write(filename, contents): + ''' Actually write the file contents to disk. This helps with mocking. ''' + + tmp_filename = filename + '.yedit' + + with open(tmp_filename, 'w') as yfd: + yfd.write(contents) + + os.rename(tmp_filename, filename) + + def write(self): + ''' write to file ''' + if not self.filename: + raise YeditException('Please specify a filename.') + + if self.backup and self.file_exists(): + shutil.copy(self.filename, self.filename + '.orig') + + # Try to set format attributes if supported + try: + self.yaml_dict.fa.set_block_style() + except AttributeError: + pass + + # Try to use RoundTripDumper if supported. + try: + Yedit._write(self.filename, yaml.dump(self.yaml_dict, Dumper=yaml.RoundTripDumper)) + except AttributeError: + Yedit._write(self.filename, yaml.safe_dump(self.yaml_dict, default_flow_style=False)) + + return (True, self.yaml_dict) + + def read(self): + ''' read from file ''' + # check if it exists + if self.filename is None or not self.file_exists(): + return None + + contents = None + with open(self.filename) as yfd: + contents = yfd.read() + + return contents + + def file_exists(self): + ''' return whether file exists ''' + if os.path.exists(self.filename): + return True + + return False + + def load(self, content_type='yaml'): + ''' return yaml file ''' + contents = self.read() + + if not contents and not self.content: + return None + + if self.content: + if isinstance(self.content, dict): + self.yaml_dict = self.content + return self.yaml_dict + elif isinstance(self.content, str): + contents = self.content + + # check if it is yaml + try: + if content_type == 'yaml' and contents: + # Try to set format attributes if supported + try: + self.yaml_dict.fa.set_block_style() + except AttributeError: + pass + + # Try to use RoundTripLoader if supported. + try: + self.yaml_dict = yaml.safe_load(contents, yaml.RoundTripLoader) + except AttributeError: + self.yaml_dict = yaml.safe_load(contents) + + # Try to set format attributes if supported + try: + self.yaml_dict.fa.set_block_style() + except AttributeError: + pass + + elif content_type == 'json' and contents: + self.yaml_dict = json.loads(contents) + except yaml.YAMLError as err: + # Error loading yaml or json + raise YeditException('Problem with loading yaml file. {}'.format(err)) + + return self.yaml_dict + + def get(self, key): + ''' get a specified key''' + try: + entry = Yedit.get_entry(self.yaml_dict, key, self.separator) + except KeyError: + entry = None + + return entry + + def pop(self, path, key_or_item): + ''' remove a key, value pair from a dict or an item for a list''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + return (False, self.yaml_dict) + + if isinstance(entry, dict): + # AUDIT:maybe-no-member makes sense due to fuzzy types + # pylint: disable=maybe-no-member + if key_or_item in entry: + entry.pop(key_or_item) + return (True, self.yaml_dict) + return (False, self.yaml_dict) + + elif isinstance(entry, list): + # AUDIT:maybe-no-member makes sense due to fuzzy types + # pylint: disable=maybe-no-member + ind = None + try: + ind = entry.index(key_or_item) + except ValueError: + return (False, self.yaml_dict) + + entry.pop(ind) + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + + def delete(self, path): + ''' remove path from a dict''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + return (False, self.yaml_dict) + + result = Yedit.remove_entry(self.yaml_dict, path, self.separator) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def exists(self, path, value): + ''' check if value exists at path''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if isinstance(entry, list): + if value in entry: + return True + return False + + elif isinstance(entry, dict): + if isinstance(value, dict): + rval = False + for key, val in value.items(): + if entry[key] != val: + rval = False + break + else: + rval = True + return rval + + return value in entry + + return entry == value + + def append(self, path, value): + '''append value to a list''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + self.put(path, []) + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + if not isinstance(entry, list): + return (False, self.yaml_dict) + + # AUDIT:maybe-no-member makes sense due to loading data from + # a serialized format. + # pylint: disable=maybe-no-member + entry.append(value) + return (True, self.yaml_dict) + + # pylint: disable=too-many-arguments + def update(self, path, value, index=None, curr_value=None): + ''' put path, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if isinstance(entry, dict): + # AUDIT:maybe-no-member makes sense due to fuzzy types + # pylint: disable=maybe-no-member + if not isinstance(value, dict): + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) + + entry.update(value) + return (True, self.yaml_dict) + + elif isinstance(entry, list): + # AUDIT:maybe-no-member makes sense due to fuzzy types + # pylint: disable=maybe-no-member + ind = None + if curr_value: + try: + ind = entry.index(curr_value) + except ValueError: + return (False, self.yaml_dict) + + elif index is not None: + ind = index + + if ind is not None and entry[ind] != value: + entry[ind] = value + return (True, self.yaml_dict) + + # see if it exists in the list + try: + ind = entry.index(value) + except ValueError: + # doesn't exist, append it + entry.append(value) + return (True, self.yaml_dict) + + # already exists, return + if ind is not None: + return (False, self.yaml_dict) + return (False, self.yaml_dict) + + def put(self, path, value): + ''' put path, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry == value: + return (False, self.yaml_dict) + + # deepcopy didn't work + # Try to use ruamel.yaml and fallback to pyyaml + try: + tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict, + default_flow_style=False), + yaml.RoundTripLoader) + except AttributeError: + tmp_copy = copy.deepcopy(self.yaml_dict) + + # set the format attributes if available + try: + tmp_copy.fa.set_block_style() + except AttributeError: + pass + + result = Yedit.add_entry(tmp_copy, path, value, self.separator) + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + + self.yaml_dict = tmp_copy + + return (True, self.yaml_dict) + + def create(self, path, value): + ''' create a yaml file ''' + if not self.file_exists(): + # deepcopy didn't work + # Try to use ruamel.yaml and fallback to pyyaml + try: + tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict, + default_flow_style=False), + yaml.RoundTripLoader) + except AttributeError: + tmp_copy = copy.deepcopy(self.yaml_dict) + + # set the format attributes if available + try: + tmp_copy.fa.set_block_style() + except AttributeError: + pass + + result = Yedit.add_entry(tmp_copy, path, value, self.separator) + if result is not None: + self.yaml_dict = tmp_copy + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + + @staticmethod + def get_curr_value(invalue, val_type): + '''return the current value''' + if invalue is None: + return None + + curr_value = invalue + if val_type == 'yaml': + curr_value = yaml.load(invalue) + elif val_type == 'json': + curr_value = json.loads(invalue) + + return curr_value + + @staticmethod + def parse_value(inc_value, vtype=''): + '''determine value type passed''' + true_bools = ['y', 'Y', 'yes', 'Yes', 'YES', 'true', 'True', 'TRUE', + 'on', 'On', 'ON', ] + false_bools = ['n', 'N', 'no', 'No', 'NO', 'false', 'False', 'FALSE', + 'off', 'Off', 'OFF'] + + # It came in as a string but you didn't specify value_type as string + # we will convert to bool if it matches any of the above cases + if isinstance(inc_value, str) and 'bool' in vtype: + if inc_value not in true_bools and inc_value not in false_bools: + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) + elif isinstance(inc_value, bool) and 'str' in vtype: + inc_value = str(inc_value) + + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass + # If vtype is not str then go ahead and attempt to yaml load it. + elif isinstance(inc_value, str) and 'str' not in vtype: + try: + inc_value = yaml.safe_load(inc_value) + except Exception: + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) + + return inc_value + + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + + # pylint: disable=too-many-return-statements,too-many-branches + @staticmethod + def run_ansible(params): + '''perform the idempotent crud operations''' + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) + + state = params['state'] + + if params['src']: + rval = yamlfile.load() + + if yamlfile.yaml_dict is None and state != 'present': + return {'failed': True, + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) + yamlfile.yaml_dict = content + + if params['key']: + rval = yamlfile.get(params['key']) or {} + + return {'changed': False, 'result': rval, 'state': state} + + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) + yamlfile.yaml_dict = content + + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) + else: + rval = yamlfile.delete(params['key']) + + if rval[0] and params['src']: + yamlfile.write() + + return {'changed': rval[0], 'result': rval[1], 'state': state} + + elif state == 'present': + # check if content is different than what is in the file + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) + + # We had no edits to make and the contents are the same + if yamlfile.yaml_dict == content and \ + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} + + yamlfile.yaml_dict = content + + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] + + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] + + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) + + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: + yamlfile.write() + + return {'changed': results['changed'], 'result': results['results'], 'state': state} + + # no edits to make + if params['src']: + # pylint: disable=redefined-variable-type + rval = yamlfile.write() + return {'changed': rval[0], + 'result': rval[1], + 'state': state} + + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} + return {'failed': True, 'msg': 'Unkown state passed'} + +# -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: lib/base.py -*- -*- -*- +# pylint: disable=too-many-lines +# noqa: E301,E302,E303,T001 + + +class OpenShiftCLIError(Exception): + '''Exception class for openshiftcli''' + pass + + +ADDITIONAL_PATH_LOOKUPS = ['/usr/local/bin', os.path.expanduser('~/bin')] + + +def locate_oc_binary(): + ''' Find and return oc binary file ''' + # https://github.com/openshift/openshift-ansible/issues/3410 + # oc can be in /usr/local/bin in some cases, but that may not + # be in $PATH due to ansible/sudo + paths = os.environ.get("PATH", os.defpath).split(os.pathsep) + ADDITIONAL_PATH_LOOKUPS + + oc_binary = 'oc' + + # Use shutil.which if it is available, otherwise fallback to a naive path search + try: + which_result = shutil.which(oc_binary, path=os.pathsep.join(paths)) + if which_result is not None: + oc_binary = which_result + except AttributeError: + for path in paths: + if os.path.exists(os.path.join(path, oc_binary)): + oc_binary = os.path.join(path, oc_binary) + break + + return oc_binary + + +# pylint: disable=too-few-public-methods +class OpenShiftCLI(object): + ''' Class to wrap the command line tools ''' + def __init__(self, + namespace, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False, + all_namespaces=False): + ''' Constructor for OpenshiftCLI ''' + self.namespace = namespace + self.verbose = verbose + self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) + self.all_namespaces = all_namespaces + self.oc_binary = locate_oc_binary() + + # Pylint allows only 5 arguments to be passed. + # pylint: disable=too-many-arguments + def _replace_content(self, resource, rname, content, force=False, sep='.'): + ''' replace the current object with the content ''' + res = self._get(resource, rname) + if not res['results']: + return res + + fname = Utils.create_tmpfile(rname + '-') + + yed = Yedit(fname, res['results'][0], separator=sep) + changes = [] + for key, value in content.items(): + changes.append(yed.put(key, value)) + + if any([change[0] for change in changes]): + yed.write() + + atexit.register(Utils.cleanup, [fname]) + + return self._replace(fname, force) + + return {'returncode': 0, 'updated': False} + + def _replace(self, fname, force=False): + '''replace the current object with oc replace''' + cmd = ['replace', '-f', fname] + if force: + cmd.append('--force') + return self.openshift_cmd(cmd) + + def _create_from_content(self, rname, content): + '''create a temporary file and then call oc create on it''' + fname = Utils.create_tmpfile(rname + '-') + yed = Yedit(fname, content=content) + yed.write() + + atexit.register(Utils.cleanup, [fname]) + + return self._create(fname) + + def _create(self, fname): + '''call oc create on a filename''' + return self.openshift_cmd(['create', '-f', fname]) + + def _delete(self, resource, rname, selector=None): + '''call oc delete on a resource''' + cmd = ['delete', resource, rname] + if selector: + cmd.append('--selector=%s' % selector) + + return self.openshift_cmd(cmd) + + def _process(self, template_name, create=False, params=None, template_data=None): # noqa: E501 + '''process a template + + template_name: the name of the template to process + create: whether to send to oc create after processing + params: the parameters for the template + template_data: the incoming template's data; instead of a file + ''' + cmd = ['process'] + if template_data: + cmd.extend(['-f', '-']) + else: + cmd.append(template_name) + if params: + param_str = ["%s=%s" % (key, value) for key, value in params.items()] + cmd.append('-v') + cmd.extend(param_str) + + results = self.openshift_cmd(cmd, output=True, input_data=template_data) + + if results['returncode'] != 0 or not create: + return results + + fname = Utils.create_tmpfile(template_name + '-') + yed = Yedit(fname, results['results']) + yed.write() + + atexit.register(Utils.cleanup, [fname]) + + return self.openshift_cmd(['create', '-f', fname]) + + def _get(self, resource, rname=None, selector=None): + '''return a resource by name ''' + cmd = ['get', resource] + if selector: + cmd.append('--selector=%s' % selector) + elif rname: + cmd.append(rname) + + cmd.extend(['-o', 'json']) + + rval = self.openshift_cmd(cmd, output=True) + + # Ensure results are retuned in an array + if 'items' in rval: + rval['results'] = rval['items'] + elif not isinstance(rval['results'], list): + rval['results'] = [rval['results']] + + return rval + + def _schedulable(self, node=None, selector=None, schedulable=True): + ''' perform oadm manage-node scheduable ''' + cmd = ['manage-node'] + if node: + cmd.extend(node) + else: + cmd.append('--selector=%s' % selector) + + cmd.append('--schedulable=%s' % schedulable) + + return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') # noqa: E501 + + def _list_pods(self, node=None, selector=None, pod_selector=None): + ''' perform oadm list pods + + node: the node in which to list pods + selector: the label selector filter if provided + pod_selector: the pod selector filter if provided + ''' + cmd = ['manage-node'] + if node: + cmd.extend(node) + else: + cmd.append('--selector=%s' % selector) + + if pod_selector: + cmd.append('--pod-selector=%s' % pod_selector) + + cmd.extend(['--list-pods', '-o', 'json']) + + return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') + + # pylint: disable=too-many-arguments + def _evacuate(self, node=None, selector=None, pod_selector=None, dry_run=False, grace_period=None, force=False): + ''' perform oadm manage-node evacuate ''' + cmd = ['manage-node'] + if node: + cmd.extend(node) + else: + cmd.append('--selector=%s' % selector) + + if dry_run: + cmd.append('--dry-run') + + if pod_selector: + cmd.append('--pod-selector=%s' % pod_selector) + + if grace_period: + cmd.append('--grace-period=%s' % int(grace_period)) + + if force: + cmd.append('--force') + + cmd.append('--evacuate') + + return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') + + def _version(self): + ''' return the openshift version''' + return self.openshift_cmd(['version'], output=True, output_type='raw') + + def _import_image(self, url=None, name=None, tag=None): + ''' perform image import ''' + cmd = ['import-image'] + + image = '{0}'.format(name) + if tag: + image += ':{0}'.format(tag) + + cmd.append(image) + + if url: + cmd.append('--from={0}/{1}'.format(url, image)) + + cmd.append('-n{0}'.format(self.namespace)) + + cmd.append('--confirm') + return self.openshift_cmd(cmd) + + def _run(self, cmds, input_data): + ''' Actually executes the command. This makes mocking easier. ''' + curr_env = os.environ.copy() + curr_env.update({'KUBECONFIG': self.kubeconfig}) + proc = subprocess.Popen(cmds, + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + env=curr_env) + + stdout, stderr = proc.communicate(input_data) + + return proc.returncode, stdout.decode(), stderr.decode() + + # pylint: disable=too-many-arguments,too-many-branches + def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json', input_data=None): + '''Base command for oc ''' + cmds = [self.oc_binary] + + if oadm: + cmds.append('adm') + + cmds.extend(cmd) + + if self.all_namespaces: + cmds.extend(['--all-namespaces']) + elif self.namespace is not None and self.namespace.lower() not in ['none', 'emtpy']: # E501 + cmds.extend(['-n', self.namespace]) + + rval = {} + results = '' + err = None + + if self.verbose: + print(' '.join(cmds)) + + try: + returncode, stdout, stderr = self._run(cmds, input_data) + except OSError as ex: + returncode, stdout, stderr = 1, '', 'Failed to execute {}: {}'.format(subprocess.list2cmdline(cmds), ex) + + rval = {"returncode": returncode, + "results": results, + "cmd": ' '.join(cmds)} + + if returncode == 0: + if output: + if output_type == 'json': + try: + rval['results'] = json.loads(stdout) + except ValueError as verr: + if "No JSON object could be decoded" in verr.args: + err = verr.args + elif output_type == 'raw': + rval['results'] = stdout + + if self.verbose: + print("STDOUT: {0}".format(stdout)) + print("STDERR: {0}".format(stderr)) + + if err: + rval.update({"err": err, + "stderr": stderr, + "stdout": stdout, + "cmd": cmds}) + + else: + rval.update({"stderr": stderr, + "stdout": stdout, + "results": {}}) + + return rval + + +class Utils(object): + ''' utilities for openshiftcli modules ''' + + @staticmethod + def _write(filename, contents): + ''' Actually write the file contents to disk. This helps with mocking. ''' + + with open(filename, 'w') as sfd: + sfd.write(contents) + + @staticmethod + def create_tmp_file_from_contents(rname, data, ftype='yaml'): + ''' create a file in tmp with name and contents''' + + tmp = Utils.create_tmpfile(prefix=rname) + + if ftype == 'yaml': + # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage + # pylint: disable=no-member + if hasattr(yaml, 'RoundTripDumper'): + Utils._write(tmp, yaml.dump(data, Dumper=yaml.RoundTripDumper)) + else: + Utils._write(tmp, yaml.safe_dump(data, default_flow_style=False)) + + elif ftype == 'json': + Utils._write(tmp, json.dumps(data)) + else: + Utils._write(tmp, data) + + # Register cleanup when module is done + atexit.register(Utils.cleanup, [tmp]) + return tmp + + @staticmethod + def create_tmpfile_copy(inc_file): + '''create a temporary copy of a file''' + tmpfile = Utils.create_tmpfile('lib_openshift-') + Utils._write(tmpfile, open(inc_file).read()) + + # Cleanup the tmpfile + atexit.register(Utils.cleanup, [tmpfile]) + + return tmpfile + + @staticmethod + def create_tmpfile(prefix='tmp'): + ''' Generates and returns a temporary file name ''' + + with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: + return tmp.name + + @staticmethod + def create_tmp_files_from_contents(content, content_type=None): + '''Turn an array of dict: filename, content into a files array''' + if not isinstance(content, list): + content = [content] + files = [] + for item in content: + path = Utils.create_tmp_file_from_contents(item['path'] + '-', + item['data'], + ftype=content_type) + files.append({'name': os.path.basename(item['path']), + 'path': path}) + return files + + @staticmethod + def cleanup(files): + '''Clean up on exit ''' + for sfile in files: + if os.path.exists(sfile): + if os.path.isdir(sfile): + shutil.rmtree(sfile) + elif os.path.isfile(sfile): + os.remove(sfile) + + @staticmethod + def exists(results, _name): + ''' Check to see if the results include the name ''' + if not results: + return False + + if Utils.find_result(results, _name): + return True + + return False + + @staticmethod + def find_result(results, _name): + ''' Find the specified result by name''' + rval = None + for result in results: + if 'metadata' in result and result['metadata']['name'] == _name: + rval = result + break + + return rval + + @staticmethod + def get_resource_file(sfile, sfile_type='yaml'): + ''' return the service file ''' + contents = None + with open(sfile) as sfd: + contents = sfd.read() + + if sfile_type == 'yaml': + # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage + # pylint: disable=no-member + if hasattr(yaml, 'RoundTripLoader'): + contents = yaml.load(contents, yaml.RoundTripLoader) + else: + contents = yaml.safe_load(contents) + elif sfile_type == 'json': + contents = json.loads(contents) + + return contents + + @staticmethod + def filter_versions(stdout): + ''' filter the oc version output ''' + + version_dict = {} + version_search = ['oc', 'openshift', 'kubernetes'] + + for line in stdout.strip().split('\n'): + for term in version_search: + if not line: + continue + if line.startswith(term): + version_dict[term] = line.split()[-1] + + # horrible hack to get openshift version in Openshift 3.2 + # By default "oc version in 3.2 does not return an "openshift" version + if "openshift" not in version_dict: + version_dict["openshift"] = version_dict["oc"] + + return version_dict + + @staticmethod + def add_custom_versions(versions): + ''' create custom versions strings ''' + + versions_dict = {} + + for tech, version in versions.items(): + # clean up "-" from version + if "-" in version: + version = version.split("-")[0] + + if version.startswith('v'): + versions_dict[tech + '_numeric'] = version[1:].split('+')[0] + # "v3.3.0.33" is what we have, we want "3.3" + versions_dict[tech + '_short'] = version[1:4] + + return versions_dict + + @staticmethod + def openshift_installed(): + ''' check if openshift is installed ''' + import yum + + yum_base = yum.YumBase() + if yum_base.rpmdb.searchNevra(name='atomic-openshift'): + return True + + return False + + # Disabling too-many-branches. This is a yaml dictionary comparison function + # pylint: disable=too-many-branches,too-many-return-statements,too-many-statements + @staticmethod + def check_def_equal(user_def, result_def, skip_keys=None, debug=False): + ''' Given a user defined definition, compare it with the results given back by our query. ''' + + # Currently these values are autogenerated and we do not need to check them + skip = ['metadata', 'status'] + if skip_keys: + skip.extend(skip_keys) + + for key, value in result_def.items(): + if key in skip: + continue + + # Both are lists + if isinstance(value, list): + if key not in user_def: + if debug: + print('User data does not have key [%s]' % key) + print('User data: %s' % user_def) + return False + + if not isinstance(user_def[key], list): + if debug: + print('user_def[key] is not a list key=[%s] user_def[key]=%s' % (key, user_def[key])) + return False + + if len(user_def[key]) != len(value): + if debug: + print("List lengths are not equal.") + print("key=[%s]: user_def[%s] != value[%s]" % (key, len(user_def[key]), len(value))) + print("user_def: %s" % user_def[key]) + print("value: %s" % value) + return False + + for values in zip(user_def[key], value): + if isinstance(values[0], dict) and isinstance(values[1], dict): + if debug: + print('sending list - list') + print(type(values[0])) + print(type(values[1])) + result = Utils.check_def_equal(values[0], values[1], skip_keys=skip_keys, debug=debug) + if not result: + print('list compare returned false') + return False + + elif value != user_def[key]: + if debug: + print('value should be identical') + print(user_def[key]) + print(value) + return False + + # recurse on a dictionary + elif isinstance(value, dict): + if key not in user_def: + if debug: + print("user_def does not have key [%s]" % key) + return False + if not isinstance(user_def[key], dict): + if debug: + print("dict returned false: not instance of dict") + return False + + # before passing ensure keys match + api_values = set(value.keys()) - set(skip) + user_values = set(user_def[key].keys()) - set(skip) + if api_values != user_values: + if debug: + print("keys are not equal in dict") + print(user_values) + print(api_values) + return False + + result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) + if not result: + if debug: + print("dict returned false") + print(result) + return False + + # Verify each key, value pair is the same + else: + if key not in user_def or value != user_def[key]: + if debug: + print("value not equal; user_def does not have key") + print(key) + print(value) + if key in user_def: + print(user_def[key]) + return False + + if debug: + print('returning true') + return True + + +class OpenShiftCLIConfig(object): + '''Generic Config''' + def __init__(self, rname, namespace, kubeconfig, options): + self.kubeconfig = kubeconfig + self.name = rname + self.namespace = namespace + self._options = options + + @property + def config_options(self): + ''' return config options ''' + return self._options + + def to_option_list(self): + '''return all options as a string''' + return self.stringify() + + def stringify(self): + ''' return the options hash as cli params in a string ''' + rval = [] + for key in sorted(self.config_options.keys()): + data = self.config_options[key] + if data['include'] \ + and (data['value'] or isinstance(data['value'], int)): + rval.append('--{}={}'.format(key.replace('_', '-'), data['value'])) + + return rval + + +# -*- -*- -*- End included fragment: lib/base.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: class/oc_image.py -*- -*- -*- + + +# pylint: disable=too-many-arguments +class OCImage(OpenShiftCLI): + ''' Class to import and create an imagestream object''' + def __init__(self, + namespace, + registry_url, + image_name, + image_tag, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False): + ''' Constructor for OCImage''' + super(OCImage, self).__init__(namespace, kubeconfig) + self.registry_url = registry_url + self.image_name = image_name + self.image_tag = image_tag + self.verbose = verbose + + def get(self): + '''return a image by name ''' + results = self._get('imagestream', self.image_name) + results['exists'] = False + if results['returncode'] == 0 and results['results'][0]: + results['exists'] = True + + if results['returncode'] != 0 and '"{}" not found'.format(self.image_name) in results['stderr']: + results['returncode'] = 0 + + return results + + def create(self, url=None, name=None, tag=None): + '''Create an image ''' + return self._import_image(url, name, tag) + + + # pylint: disable=too-many-return-statements + @staticmethod + def run_ansible(params, check_mode): + ''' run the ansible idempotent code ''' + + ocimage = OCImage(params['namespace'], + params['registry_url'], + params['image_name'], + params['image_tag'], + kubeconfig=params['kubeconfig'], + verbose=params['debug']) + + state = params['state'] + + api_rval = ocimage.get() + + ##### + # Get + ##### + if state == 'list': + if api_rval['returncode'] != 0: + return {"failed": True, "msg": api_rval} + return {"changed": False, "results": api_rval, "state": "list"} + + ######## + # Create + ######## + if state == 'present': + + if not Utils.exists(api_rval['results'], params['image_name']): + + if check_mode: + return {"changed": False, "msg": 'CHECK_MODE: Would have performed a create'} + + api_rval = ocimage.create(params['registry_url'], + params['image_name'], + params['image_tag']) + + if api_rval['returncode'] != 0: + return {"failed": True, "msg": api_rval} + + # return the newly created object + api_rval = ocimage.get() + + if api_rval['returncode'] != 0: + return {"failed": True, "msg": api_rval} + + return {"changed": True, "results": api_rval, "state": "present"} + + # image exists, no change + return {"changed": False, "results": api_rval, "state": "present"} + + return {"failed": True, "changed": False, "msg": "Unknown state passed. {0}".format(state)} + +# -*- -*- -*- End included fragment: class/oc_image.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: ansible/oc_image.py -*- -*- -*- + + +def main(): + ''' + ansible oc module for image import + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present', 'list']), + debug=dict(default=False, type='bool'), + namespace=dict(default='default', type='str'), + registry_url=dict(default=None, type='str'), + image_name=dict(default=None, required=True, type='str'), + image_tag=dict(default=None, type='str'), + force=dict(default=False, type='bool'), + ), + + supports_check_mode=True, + ) + + rval = OCImage.run_ansible(module.params, module.check_mode) + + if 'failed' in rval: + module.fail_json(**rval) + + module.exit_json(**rval) + +if __name__ == '__main__': + main() + +# -*- -*- -*- End included fragment: ansible/oc_image.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_label.py b/roles/lib_openshift/library/oc_label.py index cfcb15241..62b6049c4 100644 --- a/roles/lib_openshift/library/oc_label.py +++ b/roles/lib_openshift/library/oc_label.py @@ -145,8 +145,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/label -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -180,13 +178,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -202,13 +200,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -230,7 +228,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -319,7 +317,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -419,7 +417,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -538,8 +536,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -600,7 +598,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -626,7 +634,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -658,114 +666,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) - if module.params['src']: + state = params['state'] + + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_obj.py b/roles/lib_openshift/library/oc_obj.py index f5cba696d..075c286e0 100644 --- a/roles/lib_openshift/library/oc_obj.py +++ b/roles/lib_openshift/library/oc_obj.py @@ -148,8 +148,6 @@ register: router_output # -*- -*- -*- End included fragment: doc/obj -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -183,13 +181,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -205,13 +203,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -233,7 +231,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -322,7 +320,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -422,7 +420,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -541,8 +539,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -603,7 +601,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -629,7 +637,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -661,114 +669,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) - if module.params['src']: + state = params['state'] + + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_objectvalidator.py b/roles/lib_openshift/library/oc_objectvalidator.py index 4e1e769cf..d65e1d4c9 100644 --- a/roles/lib_openshift/library/oc_objectvalidator.py +++ b/roles/lib_openshift/library/oc_objectvalidator.py @@ -80,8 +80,6 @@ oc_objectvalidator: # -*- -*- -*- End included fragment: doc/objectvalidator -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -115,13 +113,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -137,13 +135,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -165,7 +163,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -254,7 +252,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -354,7 +352,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -473,8 +471,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -535,7 +533,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -561,7 +569,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -593,114 +601,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) + + state = params['state'] - if module.params['src']: + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_process.py b/roles/lib_openshift/library/oc_process.py index cabb2ff29..d487746eb 100644 --- a/roles/lib_openshift/library/oc_process.py +++ b/roles/lib_openshift/library/oc_process.py @@ -137,8 +137,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/process -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -172,13 +170,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -194,13 +192,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -222,7 +220,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -311,7 +309,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -411,7 +409,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -530,8 +528,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -592,7 +590,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -618,7 +626,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -650,114 +658,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) - if module.params['src']: + state = params['state'] + + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_project.py b/roles/lib_openshift/library/oc_project.py index 7700a83a3..3fddce055 100644 --- a/roles/lib_openshift/library/oc_project.py +++ b/roles/lib_openshift/library/oc_project.py @@ -134,8 +134,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/project -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -169,13 +167,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -191,13 +189,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -219,7 +217,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -308,7 +306,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -408,7 +406,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -527,8 +525,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -589,7 +587,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -615,7 +623,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -647,114 +655,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) - if module.params['src']: + state = params['state'] + + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_pvc.py b/roles/lib_openshift/library/oc_pvc.py index df0b0d86a..d63f6e063 100644 --- a/roles/lib_openshift/library/oc_pvc.py +++ b/roles/lib_openshift/library/oc_pvc.py @@ -129,8 +129,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/pvc -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -164,13 +162,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -186,13 +184,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -214,7 +212,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -303,7 +301,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -403,7 +401,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -522,8 +520,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -584,7 +582,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -610,7 +618,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -642,114 +650,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) - if module.params['src']: + state = params['state'] + + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py index fe59cca33..daddec69f 100644 --- a/roles/lib_openshift/library/oc_route.py +++ b/roles/lib_openshift/library/oc_route.py @@ -179,8 +179,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/route -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -214,13 +212,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -236,13 +234,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -264,7 +262,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -353,7 +351,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -453,7 +451,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -572,8 +570,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -634,7 +632,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -660,7 +668,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -692,114 +700,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) - if module.params['src']: + state = params['state'] + + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_scale.py b/roles/lib_openshift/library/oc_scale.py index 98f1d94a7..92e9362be 100644 --- a/roles/lib_openshift/library/oc_scale.py +++ b/roles/lib_openshift/library/oc_scale.py @@ -123,8 +123,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/scale -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -158,13 +156,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -180,13 +178,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -208,7 +206,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -297,7 +295,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -397,7 +395,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -516,8 +514,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -578,7 +576,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -604,7 +612,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -636,114 +644,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) - if module.params['src']: + state = params['state'] + + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_secret.py b/roles/lib_openshift/library/oc_secret.py index deba4ab8a..1ffdce4df 100644 --- a/roles/lib_openshift/library/oc_secret.py +++ b/roles/lib_openshift/library/oc_secret.py @@ -169,8 +169,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/secret -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -204,13 +202,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -226,13 +224,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -254,7 +252,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -343,7 +341,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -443,7 +441,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -562,8 +560,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -624,7 +622,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -650,7 +658,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -682,114 +690,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) - if module.params['src']: + state = params['state'] + + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_service.py b/roles/lib_openshift/library/oc_service.py index c2e91e39e..77056d5de 100644 --- a/roles/lib_openshift/library/oc_service.py +++ b/roles/lib_openshift/library/oc_service.py @@ -175,8 +175,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/service -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -210,13 +208,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -232,13 +230,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -260,7 +258,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -349,7 +347,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -449,7 +447,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -568,8 +566,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -630,7 +628,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -656,7 +664,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -688,114 +696,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) - if module.params['src']: + state = params['state'] + + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_serviceaccount.py b/roles/lib_openshift/library/oc_serviceaccount.py index a1d8fff14..807bfc992 100644 --- a/roles/lib_openshift/library/oc_serviceaccount.py +++ b/roles/lib_openshift/library/oc_serviceaccount.py @@ -121,8 +121,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/serviceaccount -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -156,13 +154,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -178,13 +176,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -206,7 +204,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -295,7 +293,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -395,7 +393,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -514,8 +512,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -576,7 +574,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -602,7 +610,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -634,114 +642,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) - if module.params['src']: + state = params['state'] + + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_serviceaccount_secret.py b/roles/lib_openshift/library/oc_serviceaccount_secret.py index 470043cc6..c8f4ebef7 100644 --- a/roles/lib_openshift/library/oc_serviceaccount_secret.py +++ b/roles/lib_openshift/library/oc_serviceaccount_secret.py @@ -121,8 +121,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/serviceaccount_secret -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -156,13 +154,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -178,13 +176,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -206,7 +204,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -295,7 +293,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -395,7 +393,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -514,8 +512,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -576,7 +574,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -602,7 +610,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -634,114 +642,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) - if module.params['src']: + state = params['state'] + + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_user.py b/roles/lib_openshift/library/oc_user.py new file mode 100644 index 000000000..aa9f07980 --- /dev/null +++ b/roles/lib_openshift/library/oc_user.py @@ -0,0 +1,1757 @@ +#!/usr/bin/env python +# pylint: disable=missing-docstring +# flake8: noqa: T001 +# ___ ___ _ _ ___ ___ _ _____ ___ ___ +# / __| __| \| | __| _ \ /_\_ _| __| \ +# | (_ | _|| .` | _|| / / _ \| | | _|| |) | +# \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____ +# | \ / _ \ | \| |/ _ \_ _| | __| \_ _|_ _| +# | |) | (_) | | .` | (_) || | | _|| |) | | | | +# |___/ \___/ |_|\_|\___/ |_| |___|___/___| |_| +# +# Copyright 2016 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# -*- -*- -*- Begin included fragment: lib/import.py -*- -*- -*- +''' + OpenShiftCLI class that wraps the oc commands in a subprocess +''' +# pylint: disable=too-many-lines + +from __future__ import print_function +import atexit +import copy +import json +import os +import re +import shutil +import subprocess +import tempfile +# pylint: disable=import-error +try: + import ruamel.yaml as yaml +except ImportError: + import yaml + +from ansible.module_utils.basic import AnsibleModule + +# -*- -*- -*- End included fragment: lib/import.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: doc/user -*- -*- -*- + +DOCUMENTATION = ''' +--- +module: oc_user +short_description: Create, modify, and idempotently manage openshift users. +description: + - Modify openshift users programmatically. +options: + state: + description: + - State controls the action that will be taken with resource + - 'present' will create or update a user to the desired state + - 'absent' will ensure user is removed + - 'list' will read and return a list of users + default: present + choices: ["present", "absent", "list"] + aliases: [] + kubeconfig: + description: + - The path for the kubeconfig file to use for authentication + required: false + default: /etc/origin/master/admin.kubeconfig + aliases: [] + debug: + description: + - Turn on debug output. + required: false + default: False + aliases: [] + username: + description: + - Short username to query/modify. + required: false + default: None + aliases: [] + full_name: + description: + - String with the full name/description of the user. + required: false + default: None + aliases: [] + groups: + description: + - List of groups the user should be a member of. This does not add/update the legacy 'groups' field in the OpenShift user object, but makes user entries into the appropriate OpenShift group object for the given user. + required: false + default: [] + aliases: [] +author: +- "Joel Diaz <jdiaz@redhat.com>" +extends_documentation_fragment: [] +''' + +EXAMPLES = ''' +- name: Ensure user exists + oc_user: + state: present + username: johndoe + full_name "John Doe" + groups: + - dedicated-admins + register: user_johndoe + +user_johndoe variable will have contents like: +ok: [ded-int-aws-master-61034] => { + "user_johndoe": { + "changed": true, + "results": { + "cmd": "oc -n default get users johndoe -o json", + "results": [ + { + "apiVersion": "v1", + "fullName": "John DOe", + "groups": null, + "identities": null, + "kind": "User", + "metadata": { + "creationTimestamp": "2017-02-28T15:09:21Z", + "name": "johndoe", + "resourceVersion": "848781", + "selfLink": "/oapi/v1/users/johndoe", + "uid": "e23d3300-fdc7-11e6-9e3e-12822d6b7656" + } + } + ], + "returncode": 0 + }, + "state": "present" + } +} +'groups' is empty because this field is the OpenShift user object's 'group' field. + +- name: Ensure user does not exist + oc_user: + state: absent + username: johndoe + +- name: List user's info + oc_user: + state: list + username: johndoe + register: user_johndoe + +user_johndoe will have contents similar to: +ok: [ded-int-aws-master-61034] => { + "user_johndoe": { + "changed": false, + "results": [ + { + "apiVersion": "v1", + "fullName": "John Doe", + "groups": null, + "identities": null, + "kind": "User", + "metadata": { + "creationTimestamp": "2017-02-28T15:04:44Z", + "name": "johndoe", + "resourceVersion": "848280", + "selfLink": "/oapi/v1/users/johndoe", + "uid": "3d479ad2-fdc7-11e6-9e3e-12822d6b7656" + } + } + ], + "state": "list" + } +} +''' + +# -*- -*- -*- End included fragment: doc/user -*- -*- -*- + +# -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- + + +class YeditException(Exception): + ''' Exception class for Yedit ''' + pass + + +# pylint: disable=too-many-public-methods +class Yedit(object): + ''' Class to modify yaml files ''' + re_valid_key = r"(((\[-?\d+\])|([0-9a-zA-Z%s/_-]+)).?)+$" + re_key = r"(?:\[(-?\d+)\])|([0-9a-zA-Z%s/_-]+)" + com_sep = set(['.', '#', '|', ':']) + + # pylint: disable=too-many-arguments + def __init__(self, + filename=None, + content=None, + content_type='yaml', + separator='.', + backup=False): + self.content = content + self._separator = separator + self.filename = filename + self.__yaml_dict = content + self.content_type = content_type + self.backup = backup + self.load(content_type=self.content_type) + if self.__yaml_dict is None: + self.__yaml_dict = {} + + @property + def separator(self): + ''' getter method for separator ''' + return self._separator + + @separator.setter + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep + + @property + def yaml_dict(self): + ''' getter method for yaml_dict ''' + return self.__yaml_dict + + @yaml_dict.setter + def yaml_dict(self, value): + ''' setter method for yaml_dict ''' + self.__yaml_dict = value + + @staticmethod + def parse_key(key, sep='.'): + '''parse the key allowing the appropriate separator''' + common_separators = list(Yedit.com_sep - set([sep])) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) + + @staticmethod + def valid_key(key, sep='.'): + '''validate the incoming key''' + common_separators = list(Yedit.com_sep - set([sep])) + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): + return False + + return True + + @staticmethod + def remove_entry(data, key, sep='.'): + ''' remove data at location key ''' + if key == '' and isinstance(data, dict): + data.clear() + return True + elif key == '' and isinstance(data, list): + del data[:] + return True + + if not (key and Yedit.valid_key(key, sep)) and \ + isinstance(data, (list, dict)): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key and isinstance(data, dict): + data = data.get(dict_key) + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + return None + + # process last index for remove + # expected list entry + if key_indexes[-1][0]: + if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501 + del data[int(key_indexes[-1][0])] + return True + + # expected dict entry + elif key_indexes[-1][1]: + if isinstance(data, dict): + del data[key_indexes[-1][1]] + return True + + @staticmethod + def add_entry(data, key, item=None, sep='.'): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a#b + return c + ''' + if key == '': + pass + elif (not (key and Yedit.valid_key(key, sep)) and + isinstance(data, (list, dict))): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes[:-1]: + if dict_key: + if isinstance(data, dict) and dict_key in data and data[dict_key]: # noqa: E501 + data = data[dict_key] + continue + + elif data and not isinstance(data, dict): + raise YeditException("Unexpected item type found while going through key " + + "path: {} (at key: {})".format(key, dict_key)) + + data[dict_key] = {} + data = data[dict_key] + + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + raise YeditException("Unexpected item type found while going through key path: {}".format(key)) + + if key == '': + data = item + + # process last index for add + # expected list entry + elif key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1: # noqa: E501 + data[int(key_indexes[-1][0])] = item + + # expected dict entry + elif key_indexes[-1][1] and isinstance(data, dict): + data[key_indexes[-1][1]] = item + + # didn't add/update to an existing list, nor add/update key to a dict + # so we must have been provided some syntax like a.b.c[<int>] = "data" for a + # non-existent array + else: + raise YeditException("Error adding to object at path: {}".format(key)) + + return data + + @staticmethod + def get_entry(data, key, sep='.'): + ''' Get an item from a dictionary with key notation a.b.c + d = {'a': {'b': 'c'}}} + key = a.b + return c + ''' + if key == '': + pass + elif (not (key and Yedit.valid_key(key, sep)) and + isinstance(data, (list, dict))): + return None + + key_indexes = Yedit.parse_key(key, sep) + for arr_ind, dict_key in key_indexes: + if dict_key and isinstance(data, dict): + data = data.get(dict_key) + elif (arr_ind and isinstance(data, list) and + int(arr_ind) <= len(data) - 1): + data = data[int(arr_ind)] + else: + return None + + return data + + @staticmethod + def _write(filename, contents): + ''' Actually write the file contents to disk. This helps with mocking. ''' + + tmp_filename = filename + '.yedit' + + with open(tmp_filename, 'w') as yfd: + yfd.write(contents) + + os.rename(tmp_filename, filename) + + def write(self): + ''' write to file ''' + if not self.filename: + raise YeditException('Please specify a filename.') + + if self.backup and self.file_exists(): + shutil.copy(self.filename, self.filename + '.orig') + + # Try to set format attributes if supported + try: + self.yaml_dict.fa.set_block_style() + except AttributeError: + pass + + # Try to use RoundTripDumper if supported. + try: + Yedit._write(self.filename, yaml.dump(self.yaml_dict, Dumper=yaml.RoundTripDumper)) + except AttributeError: + Yedit._write(self.filename, yaml.safe_dump(self.yaml_dict, default_flow_style=False)) + + return (True, self.yaml_dict) + + def read(self): + ''' read from file ''' + # check if it exists + if self.filename is None or not self.file_exists(): + return None + + contents = None + with open(self.filename) as yfd: + contents = yfd.read() + + return contents + + def file_exists(self): + ''' return whether file exists ''' + if os.path.exists(self.filename): + return True + + return False + + def load(self, content_type='yaml'): + ''' return yaml file ''' + contents = self.read() + + if not contents and not self.content: + return None + + if self.content: + if isinstance(self.content, dict): + self.yaml_dict = self.content + return self.yaml_dict + elif isinstance(self.content, str): + contents = self.content + + # check if it is yaml + try: + if content_type == 'yaml' and contents: + # Try to set format attributes if supported + try: + self.yaml_dict.fa.set_block_style() + except AttributeError: + pass + + # Try to use RoundTripLoader if supported. + try: + self.yaml_dict = yaml.safe_load(contents, yaml.RoundTripLoader) + except AttributeError: + self.yaml_dict = yaml.safe_load(contents) + + # Try to set format attributes if supported + try: + self.yaml_dict.fa.set_block_style() + except AttributeError: + pass + + elif content_type == 'json' and contents: + self.yaml_dict = json.loads(contents) + except yaml.YAMLError as err: + # Error loading yaml or json + raise YeditException('Problem with loading yaml file. {}'.format(err)) + + return self.yaml_dict + + def get(self, key): + ''' get a specified key''' + try: + entry = Yedit.get_entry(self.yaml_dict, key, self.separator) + except KeyError: + entry = None + + return entry + + def pop(self, path, key_or_item): + ''' remove a key, value pair from a dict or an item for a list''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + return (False, self.yaml_dict) + + if isinstance(entry, dict): + # AUDIT:maybe-no-member makes sense due to fuzzy types + # pylint: disable=maybe-no-member + if key_or_item in entry: + entry.pop(key_or_item) + return (True, self.yaml_dict) + return (False, self.yaml_dict) + + elif isinstance(entry, list): + # AUDIT:maybe-no-member makes sense due to fuzzy types + # pylint: disable=maybe-no-member + ind = None + try: + ind = entry.index(key_or_item) + except ValueError: + return (False, self.yaml_dict) + + entry.pop(ind) + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + + def delete(self, path): + ''' remove path from a dict''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + return (False, self.yaml_dict) + + result = Yedit.remove_entry(self.yaml_dict, path, self.separator) + if not result: + return (False, self.yaml_dict) + + return (True, self.yaml_dict) + + def exists(self, path, value): + ''' check if value exists at path''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if isinstance(entry, list): + if value in entry: + return True + return False + + elif isinstance(entry, dict): + if isinstance(value, dict): + rval = False + for key, val in value.items(): + if entry[key] != val: + rval = False + break + else: + rval = True + return rval + + return value in entry + + return entry == value + + def append(self, path, value): + '''append value to a list''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry is None: + self.put(path, []) + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + if not isinstance(entry, list): + return (False, self.yaml_dict) + + # AUDIT:maybe-no-member makes sense due to loading data from + # a serialized format. + # pylint: disable=maybe-no-member + entry.append(value) + return (True, self.yaml_dict) + + # pylint: disable=too-many-arguments + def update(self, path, value, index=None, curr_value=None): + ''' put path, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if isinstance(entry, dict): + # AUDIT:maybe-no-member makes sense due to fuzzy types + # pylint: disable=maybe-no-member + if not isinstance(value, dict): + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) + + entry.update(value) + return (True, self.yaml_dict) + + elif isinstance(entry, list): + # AUDIT:maybe-no-member makes sense due to fuzzy types + # pylint: disable=maybe-no-member + ind = None + if curr_value: + try: + ind = entry.index(curr_value) + except ValueError: + return (False, self.yaml_dict) + + elif index is not None: + ind = index + + if ind is not None and entry[ind] != value: + entry[ind] = value + return (True, self.yaml_dict) + + # see if it exists in the list + try: + ind = entry.index(value) + except ValueError: + # doesn't exist, append it + entry.append(value) + return (True, self.yaml_dict) + + # already exists, return + if ind is not None: + return (False, self.yaml_dict) + return (False, self.yaml_dict) + + def put(self, path, value): + ''' put path, value into a dict ''' + try: + entry = Yedit.get_entry(self.yaml_dict, path, self.separator) + except KeyError: + entry = None + + if entry == value: + return (False, self.yaml_dict) + + # deepcopy didn't work + # Try to use ruamel.yaml and fallback to pyyaml + try: + tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict, + default_flow_style=False), + yaml.RoundTripLoader) + except AttributeError: + tmp_copy = copy.deepcopy(self.yaml_dict) + + # set the format attributes if available + try: + tmp_copy.fa.set_block_style() + except AttributeError: + pass + + result = Yedit.add_entry(tmp_copy, path, value, self.separator) + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + + self.yaml_dict = tmp_copy + + return (True, self.yaml_dict) + + def create(self, path, value): + ''' create a yaml file ''' + if not self.file_exists(): + # deepcopy didn't work + # Try to use ruamel.yaml and fallback to pyyaml + try: + tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict, + default_flow_style=False), + yaml.RoundTripLoader) + except AttributeError: + tmp_copy = copy.deepcopy(self.yaml_dict) + + # set the format attributes if available + try: + tmp_copy.fa.set_block_style() + except AttributeError: + pass + + result = Yedit.add_entry(tmp_copy, path, value, self.separator) + if result is not None: + self.yaml_dict = tmp_copy + return (True, self.yaml_dict) + + return (False, self.yaml_dict) + + @staticmethod + def get_curr_value(invalue, val_type): + '''return the current value''' + if invalue is None: + return None + + curr_value = invalue + if val_type == 'yaml': + curr_value = yaml.load(invalue) + elif val_type == 'json': + curr_value = json.loads(invalue) + + return curr_value + + @staticmethod + def parse_value(inc_value, vtype=''): + '''determine value type passed''' + true_bools = ['y', 'Y', 'yes', 'Yes', 'YES', 'true', 'True', 'TRUE', + 'on', 'On', 'ON', ] + false_bools = ['n', 'N', 'no', 'No', 'NO', 'false', 'False', 'FALSE', + 'off', 'Off', 'OFF'] + + # It came in as a string but you didn't specify value_type as string + # we will convert to bool if it matches any of the above cases + if isinstance(inc_value, str) and 'bool' in vtype: + if inc_value not in true_bools and inc_value not in false_bools: + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) + elif isinstance(inc_value, bool) and 'str' in vtype: + inc_value = str(inc_value) + + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass + # If vtype is not str then go ahead and attempt to yaml load it. + elif isinstance(inc_value, str) and 'str' not in vtype: + try: + inc_value = yaml.safe_load(inc_value) + except Exception: + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) + + return inc_value + + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + + # pylint: disable=too-many-return-statements,too-many-branches + @staticmethod + def run_ansible(params): + '''perform the idempotent crud operations''' + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) + + state = params['state'] + + if params['src']: + rval = yamlfile.load() + + if yamlfile.yaml_dict is None and state != 'present': + return {'failed': True, + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) + yamlfile.yaml_dict = content + + if params['key']: + rval = yamlfile.get(params['key']) or {} + + return {'changed': False, 'result': rval, 'state': state} + + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) + yamlfile.yaml_dict = content + + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) + else: + rval = yamlfile.delete(params['key']) + + if rval[0] and params['src']: + yamlfile.write() + + return {'changed': rval[0], 'result': rval[1], 'state': state} + + elif state == 'present': + # check if content is different than what is in the file + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) + + # We had no edits to make and the contents are the same + if yamlfile.yaml_dict == content and \ + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} + + yamlfile.yaml_dict = content + + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] + + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] + + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) + + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: + yamlfile.write() + + return {'changed': results['changed'], 'result': results['results'], 'state': state} + + # no edits to make + if params['src']: + # pylint: disable=redefined-variable-type + rval = yamlfile.write() + return {'changed': rval[0], + 'result': rval[1], + 'state': state} + + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} + return {'failed': True, 'msg': 'Unkown state passed'} + +# -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: lib/base.py -*- -*- -*- +# pylint: disable=too-many-lines +# noqa: E301,E302,E303,T001 + + +class OpenShiftCLIError(Exception): + '''Exception class for openshiftcli''' + pass + + +ADDITIONAL_PATH_LOOKUPS = ['/usr/local/bin', os.path.expanduser('~/bin')] + + +def locate_oc_binary(): + ''' Find and return oc binary file ''' + # https://github.com/openshift/openshift-ansible/issues/3410 + # oc can be in /usr/local/bin in some cases, but that may not + # be in $PATH due to ansible/sudo + paths = os.environ.get("PATH", os.defpath).split(os.pathsep) + ADDITIONAL_PATH_LOOKUPS + + oc_binary = 'oc' + + # Use shutil.which if it is available, otherwise fallback to a naive path search + try: + which_result = shutil.which(oc_binary, path=os.pathsep.join(paths)) + if which_result is not None: + oc_binary = which_result + except AttributeError: + for path in paths: + if os.path.exists(os.path.join(path, oc_binary)): + oc_binary = os.path.join(path, oc_binary) + break + + return oc_binary + + +# pylint: disable=too-few-public-methods +class OpenShiftCLI(object): + ''' Class to wrap the command line tools ''' + def __init__(self, + namespace, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False, + all_namespaces=False): + ''' Constructor for OpenshiftCLI ''' + self.namespace = namespace + self.verbose = verbose + self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) + self.all_namespaces = all_namespaces + self.oc_binary = locate_oc_binary() + + # Pylint allows only 5 arguments to be passed. + # pylint: disable=too-many-arguments + def _replace_content(self, resource, rname, content, force=False, sep='.'): + ''' replace the current object with the content ''' + res = self._get(resource, rname) + if not res['results']: + return res + + fname = Utils.create_tmpfile(rname + '-') + + yed = Yedit(fname, res['results'][0], separator=sep) + changes = [] + for key, value in content.items(): + changes.append(yed.put(key, value)) + + if any([change[0] for change in changes]): + yed.write() + + atexit.register(Utils.cleanup, [fname]) + + return self._replace(fname, force) + + return {'returncode': 0, 'updated': False} + + def _replace(self, fname, force=False): + '''replace the current object with oc replace''' + cmd = ['replace', '-f', fname] + if force: + cmd.append('--force') + return self.openshift_cmd(cmd) + + def _create_from_content(self, rname, content): + '''create a temporary file and then call oc create on it''' + fname = Utils.create_tmpfile(rname + '-') + yed = Yedit(fname, content=content) + yed.write() + + atexit.register(Utils.cleanup, [fname]) + + return self._create(fname) + + def _create(self, fname): + '''call oc create on a filename''' + return self.openshift_cmd(['create', '-f', fname]) + + def _delete(self, resource, rname, selector=None): + '''call oc delete on a resource''' + cmd = ['delete', resource, rname] + if selector: + cmd.append('--selector=%s' % selector) + + return self.openshift_cmd(cmd) + + def _process(self, template_name, create=False, params=None, template_data=None): # noqa: E501 + '''process a template + + template_name: the name of the template to process + create: whether to send to oc create after processing + params: the parameters for the template + template_data: the incoming template's data; instead of a file + ''' + cmd = ['process'] + if template_data: + cmd.extend(['-f', '-']) + else: + cmd.append(template_name) + if params: + param_str = ["%s=%s" % (key, value) for key, value in params.items()] + cmd.append('-v') + cmd.extend(param_str) + + results = self.openshift_cmd(cmd, output=True, input_data=template_data) + + if results['returncode'] != 0 or not create: + return results + + fname = Utils.create_tmpfile(template_name + '-') + yed = Yedit(fname, results['results']) + yed.write() + + atexit.register(Utils.cleanup, [fname]) + + return self.openshift_cmd(['create', '-f', fname]) + + def _get(self, resource, rname=None, selector=None): + '''return a resource by name ''' + cmd = ['get', resource] + if selector: + cmd.append('--selector=%s' % selector) + elif rname: + cmd.append(rname) + + cmd.extend(['-o', 'json']) + + rval = self.openshift_cmd(cmd, output=True) + + # Ensure results are retuned in an array + if 'items' in rval: + rval['results'] = rval['items'] + elif not isinstance(rval['results'], list): + rval['results'] = [rval['results']] + + return rval + + def _schedulable(self, node=None, selector=None, schedulable=True): + ''' perform oadm manage-node scheduable ''' + cmd = ['manage-node'] + if node: + cmd.extend(node) + else: + cmd.append('--selector=%s' % selector) + + cmd.append('--schedulable=%s' % schedulable) + + return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') # noqa: E501 + + def _list_pods(self, node=None, selector=None, pod_selector=None): + ''' perform oadm list pods + + node: the node in which to list pods + selector: the label selector filter if provided + pod_selector: the pod selector filter if provided + ''' + cmd = ['manage-node'] + if node: + cmd.extend(node) + else: + cmd.append('--selector=%s' % selector) + + if pod_selector: + cmd.append('--pod-selector=%s' % pod_selector) + + cmd.extend(['--list-pods', '-o', 'json']) + + return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') + + # pylint: disable=too-many-arguments + def _evacuate(self, node=None, selector=None, pod_selector=None, dry_run=False, grace_period=None, force=False): + ''' perform oadm manage-node evacuate ''' + cmd = ['manage-node'] + if node: + cmd.extend(node) + else: + cmd.append('--selector=%s' % selector) + + if dry_run: + cmd.append('--dry-run') + + if pod_selector: + cmd.append('--pod-selector=%s' % pod_selector) + + if grace_period: + cmd.append('--grace-period=%s' % int(grace_period)) + + if force: + cmd.append('--force') + + cmd.append('--evacuate') + + return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') + + def _version(self): + ''' return the openshift version''' + return self.openshift_cmd(['version'], output=True, output_type='raw') + + def _import_image(self, url=None, name=None, tag=None): + ''' perform image import ''' + cmd = ['import-image'] + + image = '{0}'.format(name) + if tag: + image += ':{0}'.format(tag) + + cmd.append(image) + + if url: + cmd.append('--from={0}/{1}'.format(url, image)) + + cmd.append('-n{0}'.format(self.namespace)) + + cmd.append('--confirm') + return self.openshift_cmd(cmd) + + def _run(self, cmds, input_data): + ''' Actually executes the command. This makes mocking easier. ''' + curr_env = os.environ.copy() + curr_env.update({'KUBECONFIG': self.kubeconfig}) + proc = subprocess.Popen(cmds, + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + env=curr_env) + + stdout, stderr = proc.communicate(input_data) + + return proc.returncode, stdout.decode(), stderr.decode() + + # pylint: disable=too-many-arguments,too-many-branches + def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json', input_data=None): + '''Base command for oc ''' + cmds = [self.oc_binary] + + if oadm: + cmds.append('adm') + + cmds.extend(cmd) + + if self.all_namespaces: + cmds.extend(['--all-namespaces']) + elif self.namespace is not None and self.namespace.lower() not in ['none', 'emtpy']: # E501 + cmds.extend(['-n', self.namespace]) + + rval = {} + results = '' + err = None + + if self.verbose: + print(' '.join(cmds)) + + try: + returncode, stdout, stderr = self._run(cmds, input_data) + except OSError as ex: + returncode, stdout, stderr = 1, '', 'Failed to execute {}: {}'.format(subprocess.list2cmdline(cmds), ex) + + rval = {"returncode": returncode, + "results": results, + "cmd": ' '.join(cmds)} + + if returncode == 0: + if output: + if output_type == 'json': + try: + rval['results'] = json.loads(stdout) + except ValueError as verr: + if "No JSON object could be decoded" in verr.args: + err = verr.args + elif output_type == 'raw': + rval['results'] = stdout + + if self.verbose: + print("STDOUT: {0}".format(stdout)) + print("STDERR: {0}".format(stderr)) + + if err: + rval.update({"err": err, + "stderr": stderr, + "stdout": stdout, + "cmd": cmds}) + + else: + rval.update({"stderr": stderr, + "stdout": stdout, + "results": {}}) + + return rval + + +class Utils(object): + ''' utilities for openshiftcli modules ''' + + @staticmethod + def _write(filename, contents): + ''' Actually write the file contents to disk. This helps with mocking. ''' + + with open(filename, 'w') as sfd: + sfd.write(contents) + + @staticmethod + def create_tmp_file_from_contents(rname, data, ftype='yaml'): + ''' create a file in tmp with name and contents''' + + tmp = Utils.create_tmpfile(prefix=rname) + + if ftype == 'yaml': + # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage + # pylint: disable=no-member + if hasattr(yaml, 'RoundTripDumper'): + Utils._write(tmp, yaml.dump(data, Dumper=yaml.RoundTripDumper)) + else: + Utils._write(tmp, yaml.safe_dump(data, default_flow_style=False)) + + elif ftype == 'json': + Utils._write(tmp, json.dumps(data)) + else: + Utils._write(tmp, data) + + # Register cleanup when module is done + atexit.register(Utils.cleanup, [tmp]) + return tmp + + @staticmethod + def create_tmpfile_copy(inc_file): + '''create a temporary copy of a file''' + tmpfile = Utils.create_tmpfile('lib_openshift-') + Utils._write(tmpfile, open(inc_file).read()) + + # Cleanup the tmpfile + atexit.register(Utils.cleanup, [tmpfile]) + + return tmpfile + + @staticmethod + def create_tmpfile(prefix='tmp'): + ''' Generates and returns a temporary file name ''' + + with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: + return tmp.name + + @staticmethod + def create_tmp_files_from_contents(content, content_type=None): + '''Turn an array of dict: filename, content into a files array''' + if not isinstance(content, list): + content = [content] + files = [] + for item in content: + path = Utils.create_tmp_file_from_contents(item['path'] + '-', + item['data'], + ftype=content_type) + files.append({'name': os.path.basename(item['path']), + 'path': path}) + return files + + @staticmethod + def cleanup(files): + '''Clean up on exit ''' + for sfile in files: + if os.path.exists(sfile): + if os.path.isdir(sfile): + shutil.rmtree(sfile) + elif os.path.isfile(sfile): + os.remove(sfile) + + @staticmethod + def exists(results, _name): + ''' Check to see if the results include the name ''' + if not results: + return False + + if Utils.find_result(results, _name): + return True + + return False + + @staticmethod + def find_result(results, _name): + ''' Find the specified result by name''' + rval = None + for result in results: + if 'metadata' in result and result['metadata']['name'] == _name: + rval = result + break + + return rval + + @staticmethod + def get_resource_file(sfile, sfile_type='yaml'): + ''' return the service file ''' + contents = None + with open(sfile) as sfd: + contents = sfd.read() + + if sfile_type == 'yaml': + # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage + # pylint: disable=no-member + if hasattr(yaml, 'RoundTripLoader'): + contents = yaml.load(contents, yaml.RoundTripLoader) + else: + contents = yaml.safe_load(contents) + elif sfile_type == 'json': + contents = json.loads(contents) + + return contents + + @staticmethod + def filter_versions(stdout): + ''' filter the oc version output ''' + + version_dict = {} + version_search = ['oc', 'openshift', 'kubernetes'] + + for line in stdout.strip().split('\n'): + for term in version_search: + if not line: + continue + if line.startswith(term): + version_dict[term] = line.split()[-1] + + # horrible hack to get openshift version in Openshift 3.2 + # By default "oc version in 3.2 does not return an "openshift" version + if "openshift" not in version_dict: + version_dict["openshift"] = version_dict["oc"] + + return version_dict + + @staticmethod + def add_custom_versions(versions): + ''' create custom versions strings ''' + + versions_dict = {} + + for tech, version in versions.items(): + # clean up "-" from version + if "-" in version: + version = version.split("-")[0] + + if version.startswith('v'): + versions_dict[tech + '_numeric'] = version[1:].split('+')[0] + # "v3.3.0.33" is what we have, we want "3.3" + versions_dict[tech + '_short'] = version[1:4] + + return versions_dict + + @staticmethod + def openshift_installed(): + ''' check if openshift is installed ''' + import yum + + yum_base = yum.YumBase() + if yum_base.rpmdb.searchNevra(name='atomic-openshift'): + return True + + return False + + # Disabling too-many-branches. This is a yaml dictionary comparison function + # pylint: disable=too-many-branches,too-many-return-statements,too-many-statements + @staticmethod + def check_def_equal(user_def, result_def, skip_keys=None, debug=False): + ''' Given a user defined definition, compare it with the results given back by our query. ''' + + # Currently these values are autogenerated and we do not need to check them + skip = ['metadata', 'status'] + if skip_keys: + skip.extend(skip_keys) + + for key, value in result_def.items(): + if key in skip: + continue + + # Both are lists + if isinstance(value, list): + if key not in user_def: + if debug: + print('User data does not have key [%s]' % key) + print('User data: %s' % user_def) + return False + + if not isinstance(user_def[key], list): + if debug: + print('user_def[key] is not a list key=[%s] user_def[key]=%s' % (key, user_def[key])) + return False + + if len(user_def[key]) != len(value): + if debug: + print("List lengths are not equal.") + print("key=[%s]: user_def[%s] != value[%s]" % (key, len(user_def[key]), len(value))) + print("user_def: %s" % user_def[key]) + print("value: %s" % value) + return False + + for values in zip(user_def[key], value): + if isinstance(values[0], dict) and isinstance(values[1], dict): + if debug: + print('sending list - list') + print(type(values[0])) + print(type(values[1])) + result = Utils.check_def_equal(values[0], values[1], skip_keys=skip_keys, debug=debug) + if not result: + print('list compare returned false') + return False + + elif value != user_def[key]: + if debug: + print('value should be identical') + print(user_def[key]) + print(value) + return False + + # recurse on a dictionary + elif isinstance(value, dict): + if key not in user_def: + if debug: + print("user_def does not have key [%s]" % key) + return False + if not isinstance(user_def[key], dict): + if debug: + print("dict returned false: not instance of dict") + return False + + # before passing ensure keys match + api_values = set(value.keys()) - set(skip) + user_values = set(user_def[key].keys()) - set(skip) + if api_values != user_values: + if debug: + print("keys are not equal in dict") + print(user_values) + print(api_values) + return False + + result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) + if not result: + if debug: + print("dict returned false") + print(result) + return False + + # Verify each key, value pair is the same + else: + if key not in user_def or value != user_def[key]: + if debug: + print("value not equal; user_def does not have key") + print(key) + print(value) + if key in user_def: + print(user_def[key]) + return False + + if debug: + print('returning true') + return True + + +class OpenShiftCLIConfig(object): + '''Generic Config''' + def __init__(self, rname, namespace, kubeconfig, options): + self.kubeconfig = kubeconfig + self.name = rname + self.namespace = namespace + self._options = options + + @property + def config_options(self): + ''' return config options ''' + return self._options + + def to_option_list(self): + '''return all options as a string''' + return self.stringify() + + def stringify(self): + ''' return the options hash as cli params in a string ''' + rval = [] + for key in sorted(self.config_options.keys()): + data = self.config_options[key] + if data['include'] \ + and (data['value'] or isinstance(data['value'], int)): + rval.append('--{}={}'.format(key.replace('_', '-'), data['value'])) + + return rval + + +# -*- -*- -*- End included fragment: lib/base.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: lib/user.py -*- -*- -*- + + +class UserConfig(object): + ''' Handle user options ''' + def __init__(self, + kubeconfig, + username, + full_name): + ''' constructor for handling user options ''' + self.kubeconfig = kubeconfig + self.username = username + self.full_name = full_name + + self.data = {} + self.create_dict() + + def create_dict(self): + ''' return a user as a dict ''' + self.data['apiVersion'] = 'v1' + self.data['fullName'] = self.full_name + self.data['groups'] = None + self.data['identities'] = None + self.data['kind'] = 'User' + self.data['metadata'] = {} + self.data['metadata']['name'] = self.username + + +# pylint: disable=too-many-instance-attributes +class User(Yedit): + ''' Class to wrap the oc command line tools ''' + kind = 'user' + + def __init__(self, content): + '''User constructor''' + super(User, self).__init__(content=content) + +# -*- -*- -*- End included fragment: lib/user.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: class/oc_user.py -*- -*- -*- + +# pylint: disable=too-many-instance-attributes +class OCUser(OpenShiftCLI): + ''' Class to wrap the oc command line tools ''' + kind = 'users' + + def __init__(self, + config, + groups=None, + verbose=False): + ''' Constructor for OCUser ''' + # namespace has no meaning for user operations, hardcode to 'default' + super(OCUser, self).__init__('default', config.kubeconfig) + self.config = config + self.groups = groups + self._user = None + + @property + def user(self): + ''' property function user''' + if not self._user: + self.get() + return self._user + + @user.setter + def user(self, data): + ''' setter function for user ''' + self._user = data + + def exists(self): + ''' return whether a user exists ''' + if self.user: + return True + + return False + + def get(self): + ''' return user information ''' + result = self._get(self.kind, self.config.username) + if result['returncode'] == 0: + self.user = User(content=result['results'][0]) + elif 'users \"%s\" not found' % self.config.username in result['stderr']: + result['returncode'] = 0 + result['results'] = [{}] + + return result + + def delete(self): + ''' delete the object ''' + return self._delete(self.kind, self.config.username) + + def create_group_entries(self): + ''' make entries for user to the provided group list ''' + if self.groups != None: + for group in self.groups: + cmd = ['groups', 'add-users', group, self.config.username] + rval = self.openshift_cmd(cmd, oadm=True) + if rval['returncode'] != 0: + return rval + + return rval + + return {'returncode': 0} + + def create(self): + ''' create the object ''' + rval = self.create_group_entries() + if rval['returncode'] != 0: + return rval + + return self._create_from_content(self.config.username, self.config.data) + + def group_update(self): + ''' update group membership ''' + rval = {'returncode': 0} + cmd = ['get', 'groups', '-o', 'json'] + all_groups = self.openshift_cmd(cmd, output=True) + + # pylint misindentifying all_groups['results']['items'] type + # pylint: disable=invalid-sequence-index + for group in all_groups['results']['items']: + # If we're supposed to be in this group + if group['metadata']['name'] in self.groups \ + and (group['users'] is None or self.config.username not in group['users']): + cmd = ['groups', 'add-users', group['metadata']['name'], + self.config.username] + rval = self.openshift_cmd(cmd, oadm=True) + if rval['returncode'] != 0: + return rval + # else if we're in the group, but aren't supposed to be + elif group['users'] != None and self.config.username in group['users'] \ + and group['metadata']['name'] not in self.groups: + cmd = ['groups', 'remove-users', group['metadata']['name'], + self.config.username] + rval = self.openshift_cmd(cmd, oadm=True) + if rval['returncode'] != 0: + return rval + + return rval + + def update(self): + ''' update the object ''' + rval = self.group_update() + if rval['returncode'] != 0: + return rval + + # need to update the user's info + return self._replace_content(self.kind, self.config.username, self.config.data, force=True) + + def needs_group_update(self): + ''' check if there are group membership changes ''' + cmd = ['get', 'groups', '-o', 'json'] + all_groups = self.openshift_cmd(cmd, output=True) + + # pylint misindentifying all_groups['results']['items'] type + # pylint: disable=invalid-sequence-index + for group in all_groups['results']['items']: + # If we're supposed to be in this group + if group['metadata']['name'] in self.groups \ + and (group['users'] is None or self.config.username not in group['users']): + return True + # else if we're in the group, but aren't supposed to be + elif group['users'] != None and self.config.username in group['users'] \ + and group['metadata']['name'] not in self.groups: + return True + + return False + + def needs_update(self): + ''' verify an update is needed ''' + skip = [] + if self.needs_group_update(): + return True + + return not Utils.check_def_equal(self.config.data, self.user.yaml_dict, skip_keys=skip, debug=True) + + # pylint: disable=too-many-return-statements + @staticmethod + def run_ansible(params, check_mode=False): + ''' run the idempotent ansible code + + params comes from the ansible portion of this module + check_mode: does the module support check mode. (module.check_mode) + ''' + + uconfig = UserConfig(params['kubeconfig'], + params['username'], + params['full_name'], + ) + + oc_user = OCUser(uconfig, params['groups'], + verbose=params['debug']) + state = params['state'] + + api_rval = oc_user.get() + + ##### + # Get + ##### + if state == 'list': + return {'changed': False, 'results': api_rval['results'], 'state': "list"} + + ######## + # Delete + ######## + if state == 'absent': + if oc_user.exists(): + + if check_mode: + return {'changed': False, 'msg': 'Would have performed a delete.'} + + api_rval = oc_user.delete() + + return {'changed': True, 'results': api_rval, 'state': "absent"} + return {'changed': False, 'state': "absent"} + + if state == 'present': + ######## + # Create + ######## + if not oc_user.exists(): + + if check_mode: + return {'changed': False, 'msg': 'Would have performed a create.'} + + # Create it here + api_rval = oc_user.create() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + # return the created object + api_rval = oc_user.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': "present"} + + ######## + # Update + ######## + if oc_user.needs_update(): + api_rval = oc_user.update() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + orig_cmd = api_rval['cmd'] + # return the created object + api_rval = oc_user.get() + # overwrite the get/list cmd + api_rval['cmd'] = orig_cmd + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': "present"} + + return {'changed': False, 'results': api_rval, 'state': "present"} + + return {'failed': True, + 'changed': False, + 'results': 'Unknown state passed. %s' % state, + 'state': "unknown"} + +# -*- -*- -*- End included fragment: class/oc_user.py -*- -*- -*- + +# -*- -*- -*- Begin included fragment: ansible/oc_user.py -*- -*- -*- + +def main(): + ''' + ansible oc module for user + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + username=dict(default=None, type='str'), + full_name=dict(default=None, type='str'), + # setting groups for user data will not populate the + # 'groups' field in the user data. + # it will call out to the group data and make the user + # entry there + groups=dict(default=[], type='list'), + ), + supports_check_mode=True, + ) + + results = OCUser.run_ansible(module.params, module.check_mode) + + if 'failed' in results: + module.fail_json(**results) + + module.exit_json(**results) + +if __name__ == '__main__': + main() + +# -*- -*- -*- End included fragment: ansible/oc_user.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_version.py b/roles/lib_openshift/library/oc_version.py index 378c2b2e5..eb293322d 100644 --- a/roles/lib_openshift/library/oc_version.py +++ b/roles/lib_openshift/library/oc_version.py @@ -93,8 +93,6 @@ oc_version: # -*- -*- -*- End included fragment: doc/version -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -128,13 +126,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -150,13 +148,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -178,7 +176,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -267,7 +265,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -367,7 +365,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -486,8 +484,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -548,7 +546,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -574,7 +582,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -606,114 +614,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) + + state = params['state'] - if module.params['src']: + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_volume.py b/roles/lib_openshift/library/oc_volume.py index e9e29468a..23b292763 100644 --- a/roles/lib_openshift/library/oc_volume.py +++ b/roles/lib_openshift/library/oc_volume.py @@ -158,8 +158,6 @@ EXAMPLES = ''' # -*- -*- -*- End included fragment: doc/volume -*- -*- -*- # -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -193,13 +191,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -215,13 +213,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -243,7 +241,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -332,7 +330,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -432,7 +430,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -551,8 +549,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -613,7 +611,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -639,7 +647,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -671,114 +679,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) - if module.params['src']: + state = params['state'] + + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- @@ -1941,7 +1984,7 @@ class OCVolume(OpenShiftCLI): if not oc_volume.exists(): if check_mode: - exit_json(changed=False, msg='Would have performed a create.') + return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'} # Create it here api_rval = oc_volume.put() diff --git a/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py index c80c2eb44..10f1c9b4b 100644 --- a/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py +++ b/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py @@ -20,6 +20,7 @@ def main(): signer_key=dict(default='/etc/origin/master/ca.key', type='str'), signer_serial=dict(default='/etc/origin/master/ca.serial.txt', type='str'), hostnames=dict(default=[], type='list'), + expire_days=dict(default=None, type='int'), ), supports_check_mode=True, ) diff --git a/roles/lib_openshift/src/ansible/oc_clusterrole.py b/roles/lib_openshift/src/ansible/oc_clusterrole.py new file mode 100644 index 000000000..7e4319d2c --- /dev/null +++ b/roles/lib_openshift/src/ansible/oc_clusterrole.py @@ -0,0 +1,29 @@ +# pylint: skip-file +# flake8: noqa + +def main(): + ''' + ansible oc module for clusterrole + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + name=dict(default=None, type='str'), + rules=dict(default=None, type='list'), + ), + supports_check_mode=True, + ) + + results = OCClusterRole.run_ansible(module.params, module.check_mode) + + if 'failed' in results: + module.fail_json(**results) + + module.exit_json(**results) + +if __name__ == '__main__': + main() diff --git a/roles/lib_openshift/src/ansible/oc_configmap.py b/roles/lib_openshift/src/ansible/oc_configmap.py new file mode 100644 index 000000000..974f72499 --- /dev/null +++ b/roles/lib_openshift/src/ansible/oc_configmap.py @@ -0,0 +1,32 @@ +# pylint: skip-file +# flake8: noqa + + +def main(): + ''' + ansible oc module for managing OpenShift configmap objects + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + namespace=dict(default='default', type='str'), + name=dict(default=None, required=True, type='str'), + from_file=dict(default=None, type='dict'), + from_literal=dict(default=None, type='dict'), + ), + supports_check_mode=True, + ) + + + rval = OCConfigMap.run_ansible(module.params, module.check_mode) + if 'failed' in rval: + module.fail_json(**rval) + + module.exit_json(**rval) + +if __name__ == '__main__': + main() diff --git a/roles/lib_openshift/src/ansible/oc_image.py b/roles/lib_openshift/src/ansible/oc_image.py new file mode 100644 index 000000000..447d62f20 --- /dev/null +++ b/roles/lib_openshift/src/ansible/oc_image.py @@ -0,0 +1,34 @@ +# pylint: skip-file +# flake8: noqa + + +def main(): + ''' + ansible oc module for image import + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present', 'list']), + debug=dict(default=False, type='bool'), + namespace=dict(default='default', type='str'), + registry_url=dict(default=None, type='str'), + image_name=dict(default=None, required=True, type='str'), + image_tag=dict(default=None, type='str'), + force=dict(default=False, type='bool'), + ), + + supports_check_mode=True, + ) + + rval = OCImage.run_ansible(module.params, module.check_mode) + + if 'failed' in rval: + module.fail_json(**rval) + + module.exit_json(**rval) + +if __name__ == '__main__': + main() diff --git a/roles/lib_openshift/src/ansible/oc_user.py b/roles/lib_openshift/src/ansible/oc_user.py new file mode 100644 index 000000000..6b1440796 --- /dev/null +++ b/roles/lib_openshift/src/ansible/oc_user.py @@ -0,0 +1,34 @@ +# pylint: skip-file +# flake8: noqa + +def main(): + ''' + ansible oc module for user + ''' + + module = AnsibleModule( + argument_spec=dict( + kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), + state=dict(default='present', type='str', + choices=['present', 'absent', 'list']), + debug=dict(default=False, type='bool'), + username=dict(default=None, type='str'), + full_name=dict(default=None, type='str'), + # setting groups for user data will not populate the + # 'groups' field in the user data. + # it will call out to the group data and make the user + # entry there + groups=dict(default=[], type='list'), + ), + supports_check_mode=True, + ) + + results = OCUser.run_ansible(module.params, module.check_mode) + + if 'failed' in results: + module.fail_json(**results) + + module.exit_json(**results) + +if __name__ == '__main__': + main() diff --git a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py index 18c69f2fa..fa0c4e3af 100644 --- a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py +++ b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py @@ -102,6 +102,7 @@ class CAServerCert(OpenShiftCLI): 'signer_cert': {'value': params['signer_cert'], 'include': True}, 'signer_key': {'value': params['signer_key'], 'include': True}, 'signer_serial': {'value': params['signer_serial'], 'include': True}, + 'expire_days': {'value': params['expire_days'], 'include': True}, 'backup': {'value': params['backup'], 'include': False}, }) diff --git a/roles/lib_openshift/src/class/oc_clusterrole.py b/roles/lib_openshift/src/class/oc_clusterrole.py new file mode 100644 index 000000000..1d3d977db --- /dev/null +++ b/roles/lib_openshift/src/class/oc_clusterrole.py @@ -0,0 +1,163 @@ +# pylint: skip-file +# flake8: noqa + + +# pylint: disable=too-many-instance-attributes +class OCClusterRole(OpenShiftCLI): + ''' Class to manage clusterrole objects''' + kind = 'clusterrole' + + def __init__(self, + name, + rules=None, + kubeconfig=None, + verbose=False): + ''' Constructor for OCClusterRole ''' + super(OCClusterRole, self).__init__(None, kubeconfig=kubeconfig, verbose=verbose) + self.verbose = verbose + self.name = name + self._clusterrole = None + self._inc_clusterrole = ClusterRole.builder(name, rules) + + @property + def clusterrole(self): + ''' property for clusterrole''' + if not self._clusterrole: + self.get() + return self._clusterrole + + @clusterrole.setter + def clusterrole(self, data): + ''' setter function for clusterrole property''' + self._clusterrole = data + + @property + def inc_clusterrole(self): + ''' property for inc_clusterrole''' + return self._inc_clusterrole + + @inc_clusterrole.setter + def inc_clusterrole(self, data): + ''' setter function for inc_clusterrole property''' + self._inc_clusterrole = data + + def exists(self): + ''' return whether a clusterrole exists ''' + if self.clusterrole: + return True + + return False + + def get(self): + '''return a clusterrole ''' + result = self._get(self.kind, self.name) + + if result['returncode'] == 0: + self.clusterrole = ClusterRole(content=result['results'][0]) + result['results'] = self.clusterrole.yaml_dict + + elif 'clusterrole "{}" not found'.format(self.name) in result['stderr']: + result['returncode'] = 0 + + return result + + def delete(self): + '''delete the object''' + return self._delete(self.kind, self.name) + + def create(self): + '''create a clusterrole from the proposed incoming clusterrole''' + return self._create_from_content(self.name, self.inc_clusterrole.yaml_dict) + + def update(self): + '''update a project''' + return self._replace_content(self.kind, self.name, self.inc_clusterrole.yaml_dict) + + def needs_update(self): + ''' verify an update is needed''' + return not self.clusterrole.compare(self.inc_clusterrole, self.verbose) + + # pylint: disable=too-many-return-statements,too-many-branches + @staticmethod + def run_ansible(params, check_mode): + '''run the idempotent ansible code''' + + oc_clusterrole = OCClusterRole(params['name'], + params['rules'], + params['kubeconfig'], + params['debug']) + + state = params['state'] + + api_rval = oc_clusterrole.get() + + ##### + # Get + ##### + if state == 'list': + return {'changed': False, 'results': api_rval, 'state': state} + + ######## + # Delete + ######## + if state == 'absent': + if oc_clusterrole.exists(): + + if check_mode: + return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'} + + api_rval = oc_clusterrole.delete() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + return {'changed': False, 'state': state} + + if state == 'present': + ######## + # Create + ######## + if not oc_clusterrole.exists(): + + if check_mode: + return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'} + + # Create it here + api_rval = oc_clusterrole.create() + + # return the created object + api_rval = oc_clusterrole.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + ######## + # Update + ######## + if oc_clusterrole.needs_update(): + + if check_mode: + return {'changed': True, 'msg': 'CHECK_MODE: Would have performed an update.'} + + api_rval = oc_clusterrole.update() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + # return the created object + api_rval = oc_clusterrole.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + return {'changed': False, 'results': api_rval, 'state': state} + + return {'failed': True, + 'changed': False, + 'msg': 'Unknown state passed. [%s]' % state} diff --git a/roles/lib_openshift/src/class/oc_configmap.py b/roles/lib_openshift/src/class/oc_configmap.py new file mode 100644 index 000000000..87de3e1df --- /dev/null +++ b/roles/lib_openshift/src/class/oc_configmap.py @@ -0,0 +1,187 @@ +# pylint: skip-file +# flake8: noqa + + +# pylint: disable=too-many-arguments +class OCConfigMap(OpenShiftCLI): + ''' Openshift ConfigMap Class + + ConfigMaps are a way to store data inside of objects + ''' + def __init__(self, + name, + from_file, + from_literal, + state, + namespace, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False): + ''' Constructor for OpenshiftOC ''' + super(OCConfigMap, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose) + self.name = name + self.state = state + self._configmap = None + self._inc_configmap = None + self.from_file = from_file if from_file is not None else {} + self.from_literal = from_literal if from_literal is not None else {} + + @property + def configmap(self): + if self._configmap is None: + self._configmap = self.get() + + return self._configmap + + @configmap.setter + def configmap(self, inc_map): + self._configmap = inc_map + + @property + def inc_configmap(self): + if self._inc_configmap is None: + results = self.create(dryrun=True, output=True) + self._inc_configmap = results['results'] + + return self._inc_configmap + + @inc_configmap.setter + def inc_configmap(self, inc_map): + self._inc_configmap = inc_map + + def from_file_to_params(self): + '''return from_files in a string ready for cli''' + return ["--from-file={}={}".format(key, value) for key, value in self.from_file.items()] + + def from_literal_to_params(self): + '''return from_literal in a string ready for cli''' + return ["--from-literal={}={}".format(key, value) for key, value in self.from_literal.items()] + + def get(self): + '''return a configmap by name ''' + results = self._get('configmap', self.name) + if results['returncode'] == 0 and results['results'][0]: + self.configmap = results['results'][0] + + if results['returncode'] != 0 and '"{}" not found'.format(self.name) in results['stderr']: + results['returncode'] = 0 + + return results + + def delete(self): + '''delete a configmap by name''' + return self._delete('configmap', self.name) + + def create(self, dryrun=False, output=False): + '''Create a configmap + + :dryrun: Product what you would have done. default: False + :output: Whether to parse output. default: False + ''' + + cmd = ['create', 'configmap', self.name] + if self.from_literal is not None: + cmd.extend(self.from_literal_to_params()) + + if self.from_file is not None: + cmd.extend(self.from_file_to_params()) + + if dryrun: + cmd.extend(['--dry-run', '-ojson']) + + results = self.openshift_cmd(cmd, output=output) + + return results + + def update(self): + '''run update configmap ''' + return self._replace_content('configmap', self.name, self.inc_configmap) + + def needs_update(self): + '''compare the current configmap with the proposed and return if they are equal''' + return not Utils.check_def_equal(self.inc_configmap, self.configmap, debug=self.verbose) + + @staticmethod + # pylint: disable=too-many-return-statements,too-many-branches + # TODO: This function should be refactored into its individual parts. + def run_ansible(params, check_mode): + '''run the ansible idempotent code''' + + oc_cm = OCConfigMap(params['name'], + params['from_file'], + params['from_literal'], + params['state'], + params['namespace'], + kubeconfig=params['kubeconfig'], + verbose=params['debug']) + + state = params['state'] + + api_rval = oc_cm.get() + + if 'failed' in api_rval: + return {'failed': True, 'msg': api_rval} + + ##### + # Get + ##### + if state == 'list': + return {'changed': False, 'results': api_rval, 'state': state} + + ######## + # Delete + ######## + if state == 'absent': + if not Utils.exists(api_rval['results'], params['name']): + return {'changed': False, 'state': 'absent'} + + if check_mode: + return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'} + + api_rval = oc_cm.delete() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + ######## + # Create + ######## + if state == 'present': + if not Utils.exists(api_rval['results'], params['name']): + + if check_mode: + return {'changed': True, 'msg': 'Would have performed a create.'} + + api_rval = oc_cm.create() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + api_rval = oc_cm.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + ######## + # Update + ######## + if oc_cm.needs_update(): + + api_rval = oc_cm.update() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + api_rval = oc_cm.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': state} + + return {'changed': False, 'results': api_rval, 'state': state} + + return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)} diff --git a/roles/lib_openshift/src/class/oc_image.py b/roles/lib_openshift/src/class/oc_image.py new file mode 100644 index 000000000..d25349127 --- /dev/null +++ b/roles/lib_openshift/src/class/oc_image.py @@ -0,0 +1,91 @@ +# pylint: skip-file +# flake8: noqa + + +# pylint: disable=too-many-arguments +class OCImage(OpenShiftCLI): + ''' Class to import and create an imagestream object''' + def __init__(self, + namespace, + registry_url, + image_name, + image_tag, + kubeconfig='/etc/origin/master/admin.kubeconfig', + verbose=False): + ''' Constructor for OCImage''' + super(OCImage, self).__init__(namespace, kubeconfig) + self.registry_url = registry_url + self.image_name = image_name + self.image_tag = image_tag + self.verbose = verbose + + def get(self): + '''return a image by name ''' + results = self._get('imagestream', self.image_name) + results['exists'] = False + if results['returncode'] == 0 and results['results'][0]: + results['exists'] = True + + if results['returncode'] != 0 and '"{}" not found'.format(self.image_name) in results['stderr']: + results['returncode'] = 0 + + return results + + def create(self, url=None, name=None, tag=None): + '''Create an image ''' + return self._import_image(url, name, tag) + + + # pylint: disable=too-many-return-statements + @staticmethod + def run_ansible(params, check_mode): + ''' run the ansible idempotent code ''' + + ocimage = OCImage(params['namespace'], + params['registry_url'], + params['image_name'], + params['image_tag'], + kubeconfig=params['kubeconfig'], + verbose=params['debug']) + + state = params['state'] + + api_rval = ocimage.get() + + ##### + # Get + ##### + if state == 'list': + if api_rval['returncode'] != 0: + return {"failed": True, "msg": api_rval} + return {"changed": False, "results": api_rval, "state": "list"} + + ######## + # Create + ######## + if state == 'present': + + if not Utils.exists(api_rval['results'], params['image_name']): + + if check_mode: + return {"changed": False, "msg": 'CHECK_MODE: Would have performed a create'} + + api_rval = ocimage.create(params['registry_url'], + params['image_name'], + params['image_tag']) + + if api_rval['returncode'] != 0: + return {"failed": True, "msg": api_rval} + + # return the newly created object + api_rval = ocimage.get() + + if api_rval['returncode'] != 0: + return {"failed": True, "msg": api_rval} + + return {"changed": True, "results": api_rval, "state": "present"} + + # image exists, no change + return {"changed": False, "results": api_rval, "state": "present"} + + return {"failed": True, "changed": False, "msg": "Unknown state passed. {0}".format(state)} diff --git a/roles/lib_openshift/src/class/oc_user.py b/roles/lib_openshift/src/class/oc_user.py new file mode 100644 index 000000000..d9e4eac13 --- /dev/null +++ b/roles/lib_openshift/src/class/oc_user.py @@ -0,0 +1,227 @@ +# pylint: skip-file +# flake8: noqa + +# pylint: disable=too-many-instance-attributes +class OCUser(OpenShiftCLI): + ''' Class to wrap the oc command line tools ''' + kind = 'users' + + def __init__(self, + config, + groups=None, + verbose=False): + ''' Constructor for OCUser ''' + # namespace has no meaning for user operations, hardcode to 'default' + super(OCUser, self).__init__('default', config.kubeconfig) + self.config = config + self.groups = groups + self._user = None + + @property + def user(self): + ''' property function user''' + if not self._user: + self.get() + return self._user + + @user.setter + def user(self, data): + ''' setter function for user ''' + self._user = data + + def exists(self): + ''' return whether a user exists ''' + if self.user: + return True + + return False + + def get(self): + ''' return user information ''' + result = self._get(self.kind, self.config.username) + if result['returncode'] == 0: + self.user = User(content=result['results'][0]) + elif 'users \"%s\" not found' % self.config.username in result['stderr']: + result['returncode'] = 0 + result['results'] = [{}] + + return result + + def delete(self): + ''' delete the object ''' + return self._delete(self.kind, self.config.username) + + def create_group_entries(self): + ''' make entries for user to the provided group list ''' + if self.groups != None: + for group in self.groups: + cmd = ['groups', 'add-users', group, self.config.username] + rval = self.openshift_cmd(cmd, oadm=True) + if rval['returncode'] != 0: + return rval + + return rval + + return {'returncode': 0} + + def create(self): + ''' create the object ''' + rval = self.create_group_entries() + if rval['returncode'] != 0: + return rval + + return self._create_from_content(self.config.username, self.config.data) + + def group_update(self): + ''' update group membership ''' + rval = {'returncode': 0} + cmd = ['get', 'groups', '-o', 'json'] + all_groups = self.openshift_cmd(cmd, output=True) + + # pylint misindentifying all_groups['results']['items'] type + # pylint: disable=invalid-sequence-index + for group in all_groups['results']['items']: + # If we're supposed to be in this group + if group['metadata']['name'] in self.groups \ + and (group['users'] is None or self.config.username not in group['users']): + cmd = ['groups', 'add-users', group['metadata']['name'], + self.config.username] + rval = self.openshift_cmd(cmd, oadm=True) + if rval['returncode'] != 0: + return rval + # else if we're in the group, but aren't supposed to be + elif group['users'] != None and self.config.username in group['users'] \ + and group['metadata']['name'] not in self.groups: + cmd = ['groups', 'remove-users', group['metadata']['name'], + self.config.username] + rval = self.openshift_cmd(cmd, oadm=True) + if rval['returncode'] != 0: + return rval + + return rval + + def update(self): + ''' update the object ''' + rval = self.group_update() + if rval['returncode'] != 0: + return rval + + # need to update the user's info + return self._replace_content(self.kind, self.config.username, self.config.data, force=True) + + def needs_group_update(self): + ''' check if there are group membership changes ''' + cmd = ['get', 'groups', '-o', 'json'] + all_groups = self.openshift_cmd(cmd, output=True) + + # pylint misindentifying all_groups['results']['items'] type + # pylint: disable=invalid-sequence-index + for group in all_groups['results']['items']: + # If we're supposed to be in this group + if group['metadata']['name'] in self.groups \ + and (group['users'] is None or self.config.username not in group['users']): + return True + # else if we're in the group, but aren't supposed to be + elif group['users'] != None and self.config.username in group['users'] \ + and group['metadata']['name'] not in self.groups: + return True + + return False + + def needs_update(self): + ''' verify an update is needed ''' + skip = [] + if self.needs_group_update(): + return True + + return not Utils.check_def_equal(self.config.data, self.user.yaml_dict, skip_keys=skip, debug=True) + + # pylint: disable=too-many-return-statements + @staticmethod + def run_ansible(params, check_mode=False): + ''' run the idempotent ansible code + + params comes from the ansible portion of this module + check_mode: does the module support check mode. (module.check_mode) + ''' + + uconfig = UserConfig(params['kubeconfig'], + params['username'], + params['full_name'], + ) + + oc_user = OCUser(uconfig, params['groups'], + verbose=params['debug']) + state = params['state'] + + api_rval = oc_user.get() + + ##### + # Get + ##### + if state == 'list': + return {'changed': False, 'results': api_rval['results'], 'state': "list"} + + ######## + # Delete + ######## + if state == 'absent': + if oc_user.exists(): + + if check_mode: + return {'changed': False, 'msg': 'Would have performed a delete.'} + + api_rval = oc_user.delete() + + return {'changed': True, 'results': api_rval, 'state': "absent"} + return {'changed': False, 'state': "absent"} + + if state == 'present': + ######## + # Create + ######## + if not oc_user.exists(): + + if check_mode: + return {'changed': False, 'msg': 'Would have performed a create.'} + + # Create it here + api_rval = oc_user.create() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + # return the created object + api_rval = oc_user.get() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': "present"} + + ######## + # Update + ######## + if oc_user.needs_update(): + api_rval = oc_user.update() + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + orig_cmd = api_rval['cmd'] + # return the created object + api_rval = oc_user.get() + # overwrite the get/list cmd + api_rval['cmd'] = orig_cmd + + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + + return {'changed': True, 'results': api_rval, 'state': "present"} + + return {'changed': False, 'results': api_rval, 'state': "present"} + + return {'failed': True, + 'changed': False, + 'results': 'Unknown state passed. %s' % state, + 'state': "unknown"} diff --git a/roles/lib_openshift/src/class/oc_volume.py b/roles/lib_openshift/src/class/oc_volume.py index 5211a1afd..45b58a516 100644 --- a/roles/lib_openshift/src/class/oc_volume.py +++ b/roles/lib_openshift/src/class/oc_volume.py @@ -157,7 +157,7 @@ class OCVolume(OpenShiftCLI): if not oc_volume.exists(): if check_mode: - exit_json(changed=False, msg='Would have performed a create.') + return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'} # Create it here api_rval = oc_volume.put() diff --git a/roles/lib_openshift/src/doc/ca_server_cert b/roles/lib_openshift/src/doc/ca_server_cert index ff9229281..7f2be4ada 100644 --- a/roles/lib_openshift/src/doc/ca_server_cert +++ b/roles/lib_openshift/src/doc/ca_server_cert @@ -79,6 +79,12 @@ options: required: false default: True aliases: [] + expire_days: + description + - Validity of the certificate in days + required: false + default: None + aliases: [] author: - "Kenny Woodson <kwoodson@redhat.com>" extends_documentation_fragment: [] diff --git a/roles/lib_openshift/src/doc/clusterrole b/roles/lib_openshift/src/doc/clusterrole new file mode 100644 index 000000000..3d14a2dfb --- /dev/null +++ b/roles/lib_openshift/src/doc/clusterrole @@ -0,0 +1,66 @@ +# flake8: noqa +# pylint: skip-file + +DOCUMENTATION = ''' +--- +module: oc_clusterrole +short_description: Modify, and idempotently manage openshift clusterroles +description: + - Manage openshift clusterroles +options: + state: + description: + - Supported states, present, absent, list + - present - will ensure object is created or updated to the value specified + - list - will return a clusterrole + - absent - will remove a clusterrole + required: False + default: present + choices: ["present", 'absent', 'list'] + aliases: [] + kubeconfig: + description: + - The path for the kubeconfig file to use for authentication + required: false + default: /etc/origin/master/admin.kubeconfig + aliases: [] + debug: + description: + - Turn on debug output. + required: false + default: False + aliases: [] + name: + description: + - Name of the object that is being queried. + required: false + default: None + aliases: [] + rules: + description: + - A list of dictionaries that have the rule parameters. + - e.g. rules=[{'apiGroups': [""], 'attributeRestrictions': None, 'verbs': ['get'], 'resources': []}] + required: false + default: None + aliases: [] +author: +- "Kenny Woodson <kwoodson@redhat.com>" +extends_documentation_fragment: [] +''' + +EXAMPLES = ''' +- name: query a list of env vars on dc + oc_clusterrole: + name: myclusterrole + state: list + +- name: Set the following variables. + oc_clusterrole: + name: myclusterrole + rules: + apiGroups: + - "" + attributeRestrictions: null + verbs: [] + resources: [] +''' diff --git a/roles/lib_openshift/src/doc/configmap b/roles/lib_openshift/src/doc/configmap new file mode 100644 index 000000000..5ca8292c4 --- /dev/null +++ b/roles/lib_openshift/src/doc/configmap @@ -0,0 +1,72 @@ +# flake8: noqa +# pylint: skip-file + +DOCUMENTATION = ''' +--- +module: oc_configmap +short_description: Modify, and idempotently manage openshift configmaps +description: + - Modify openshift configmaps programmatically. +options: + state: + description: + - Supported states, present, absent, list + - present - will ensure object is created or updated to the value specified + - list - will return a configmap + - absent - will remove the configmap + required: False + default: present + choices: ["present", 'absent', 'list'] + aliases: [] + kubeconfig: + description: + - The path for the kubeconfig file to use for authentication + required: false + default: /etc/origin/master/admin.kubeconfig + aliases: [] + debug: + description: + - Turn on debug output. + required: false + default: False + aliases: [] + name: + description: + - Name of the object that is being queried. + required: True + default: None + aliases: [] + namespace: + description: + - The namespace where the object lives. + required: false + default: default + aliases: [] + from_file: + description: + - A dict of key, value pairs representing the configmap key and the value represents the file path. + required: false + default: None + aliases: [] + from_literal: + description: + - A dict of key, value pairs representing the configmap key and the value represents the string content + required: false + default: None + aliases: [] +author: +- "kenny woodson <kwoodson@redhat.com>" +extends_documentation_fragment: [] +''' + +EXAMPLES = ''' +- name: create group + oc_configmap: + state: present + name: testmap + from_file: + secret: /path/to/secret + from_literal: + title: systemadmin + register: configout +''' diff --git a/roles/lib_openshift/src/doc/image b/roles/lib_openshift/src/doc/image new file mode 100644 index 000000000..18cf4e168 --- /dev/null +++ b/roles/lib_openshift/src/doc/image @@ -0,0 +1,75 @@ +# flake8: noqa +# pylint: skip-file + +DOCUMENTATION = ''' +--- +module: oc_image +short_description: Create, modify, and idempotently manage openshift labels. +description: + - Modify openshift labels programmatically. +options: + state: + description: + - State controls the action that will be taken with resource + - 'present' will create. Does _not_ support update. + - 'list' will read the labels + default: present + choices: ["present", "list"] + aliases: [] + kubeconfig: + description: + - The path for the kubeconfig file to use for authentication + required: false + default: /etc/origin/master/admin.kubeconfig + aliases: [] + namespace: + description: + - The namespace where this object lives + required: false + default: default + aliases: [] + debug: + description: + - Turn on debug output. + required: false + default: False + aliases: [] + registry_url: + description: + - The url for the registry so that openshift can pull the image + required: false + default: None + aliases: [] + image_name: + description: + - The name of the image being imported + required: false + default: False + aliases: [] + image_tag: + description: + - The tag of the image being imported + required: false + default: None + aliases: [] +author: +- "Ivan Horvath<ihorvath@redhat.com>" +extends_documentation_fragment: [] +''' + +EXAMPLES = ''' +- name: Get an imagestream + oc_image: + name: php55 + state: list + register: imageout + +- name: create an imagestream + oc_image: + state: present + image_name: php55 + image_tag: int + registry_url: registry.example.com + namespace: default + register: imageout +''' diff --git a/roles/lib_openshift/src/doc/user b/roles/lib_openshift/src/doc/user new file mode 100644 index 000000000..65ee01eb7 --- /dev/null +++ b/roles/lib_openshift/src/doc/user @@ -0,0 +1,128 @@ +# flake8: noqa +# pylint: skip-file + +DOCUMENTATION = ''' +--- +module: oc_user +short_description: Create, modify, and idempotently manage openshift users. +description: + - Modify openshift users programmatically. +options: + state: + description: + - State controls the action that will be taken with resource + - 'present' will create or update a user to the desired state + - 'absent' will ensure user is removed + - 'list' will read and return a list of users + default: present + choices: ["present", "absent", "list"] + aliases: [] + kubeconfig: + description: + - The path for the kubeconfig file to use for authentication + required: false + default: /etc/origin/master/admin.kubeconfig + aliases: [] + debug: + description: + - Turn on debug output. + required: false + default: False + aliases: [] + username: + description: + - Short username to query/modify. + required: false + default: None + aliases: [] + full_name: + description: + - String with the full name/description of the user. + required: false + default: None + aliases: [] + groups: + description: + - List of groups the user should be a member of. This does not add/update the legacy 'groups' field in the OpenShift user object, but makes user entries into the appropriate OpenShift group object for the given user. + required: false + default: [] + aliases: [] +author: +- "Joel Diaz <jdiaz@redhat.com>" +extends_documentation_fragment: [] +''' + +EXAMPLES = ''' +- name: Ensure user exists + oc_user: + state: present + username: johndoe + full_name "John Doe" + groups: + - dedicated-admins + register: user_johndoe + +user_johndoe variable will have contents like: +ok: [ded-int-aws-master-61034] => { + "user_johndoe": { + "changed": true, + "results": { + "cmd": "oc -n default get users johndoe -o json", + "results": [ + { + "apiVersion": "v1", + "fullName": "John DOe", + "groups": null, + "identities": null, + "kind": "User", + "metadata": { + "creationTimestamp": "2017-02-28T15:09:21Z", + "name": "johndoe", + "resourceVersion": "848781", + "selfLink": "/oapi/v1/users/johndoe", + "uid": "e23d3300-fdc7-11e6-9e3e-12822d6b7656" + } + } + ], + "returncode": 0 + }, + "state": "present" + } +} +'groups' is empty because this field is the OpenShift user object's 'group' field. + +- name: Ensure user does not exist + oc_user: + state: absent + username: johndoe + +- name: List user's info + oc_user: + state: list + username: johndoe + register: user_johndoe + +user_johndoe will have contents similar to: +ok: [ded-int-aws-master-61034] => { + "user_johndoe": { + "changed": false, + "results": [ + { + "apiVersion": "v1", + "fullName": "John Doe", + "groups": null, + "identities": null, + "kind": "User", + "metadata": { + "creationTimestamp": "2017-02-28T15:04:44Z", + "name": "johndoe", + "resourceVersion": "848280", + "selfLink": "/oapi/v1/users/johndoe", + "uid": "3d479ad2-fdc7-11e6-9e3e-12822d6b7656" + } + } + ], + "state": "list" + } +} +''' diff --git a/roles/lib_openshift/src/lib/clusterrole.py b/roles/lib_openshift/src/lib/clusterrole.py new file mode 100644 index 000000000..93ffababf --- /dev/null +++ b/roles/lib_openshift/src/lib/clusterrole.py @@ -0,0 +1,68 @@ +# pylint: skip-file +# flake8: noqa + + +# pylint: disable=too-many-public-methods +class ClusterRole(Yedit): + ''' Class to model an openshift ClusterRole''' + rules_path = "rules" + + def __init__(self, name=None, content=None): + ''' Constructor for clusterrole ''' + if content is None: + content = ClusterRole.builder(name).yaml_dict + + super(ClusterRole, self).__init__(content=content) + + self.__rules = Rule.parse_rules(self.get(ClusterRole.rules_path)) or [] + + @property + def rules(self): + return self.__rules + + @rules.setter + def rules(self, data): + self.__rules = data + self.put(ClusterRole.rules_path, self.__rules) + + def rule_exists(self, inc_rule): + '''attempt to find the inc_rule in the rules list''' + for rule in self.rules: + if rule == inc_rule: + return True + + return False + + def compare(self, other, verbose=False): + '''compare function for clusterrole''' + for rule in other.rules: + if rule not in self.rules: + if verbose: + print('Rule in other not found in self. [{}]'.format(rule)) + return False + + for rule in self.rules: + if rule not in other.rules: + if verbose: + print('Rule in self not found in other. [{}]'.format(rule)) + return False + + return True + + @staticmethod + def builder(name='default_clusterrole', rules=None): + '''return a clusterrole with name and/or rules''' + if rules is None: + rules = [{'apiGroups': [""], + 'attributeRestrictions': None, + 'verbs': [], + 'resources': []}] + content = { + 'apiVersion': 'v1', + 'kind': 'ClusterRole', + 'metadata': {'name': '{}'.format(name)}, + 'rules': rules, + } + + return ClusterRole(content=content) + diff --git a/roles/lib_openshift/src/lib/rule.py b/roles/lib_openshift/src/lib/rule.py new file mode 100644 index 000000000..4590dcf90 --- /dev/null +++ b/roles/lib_openshift/src/lib/rule.py @@ -0,0 +1,144 @@ +# pylint: skip-file +# flake8: noqa + + +class Rule(object): + '''class to represent a clusterrole rule + + Example Rule Object's yaml: + - apiGroups: + - "" + attributeRestrictions: null + resources: + - persistentvolumes + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + + ''' + def __init__(self, + api_groups=None, + attr_restrictions=None, + resources=None, + verbs=None): + self.__api_groups = api_groups if api_groups is not None else [""] + self.__verbs = verbs if verbs is not None else [] + self.__resources = resources if resources is not None else [] + self.__attribute_restrictions = attr_restrictions if attr_restrictions is not None else None + + @property + def verbs(self): + '''property for verbs''' + if self.__verbs is None: + return [] + + return self.__verbs + + @verbs.setter + def verbs(self, data): + '''setter for verbs''' + self.__verbs = data + + @property + def api_groups(self): + '''property for api_groups''' + if self.__api_groups is None: + return [] + return self.__api_groups + + @api_groups.setter + def api_groups(self, data): + '''setter for api_groups''' + self.__api_groups = data + + @property + def resources(self): + '''property for resources''' + if self.__resources is None: + return [] + + return self.__resources + + @resources.setter + def resources(self, data): + '''setter for resources''' + self.__resources = data + + @property + def attribute_restrictions(self): + '''property for attribute_restrictions''' + return self.__attribute_restrictions + + @attribute_restrictions.setter + def attribute_restrictions(self, data): + '''setter for attribute_restrictions''' + self.__attribute_restrictions = data + + def add_verb(self, inc_verb): + '''add a verb to the verbs array''' + self.verbs.append(inc_verb) + + def add_api_group(self, inc_apigroup): + '''add an api_group to the api_groups array''' + self.api_groups.append(inc_apigroup) + + def add_resource(self, inc_resource): + '''add an resource to the resources array''' + self.resources.append(inc_resource) + + def remove_verb(self, inc_verb): + '''add a verb to the verbs array''' + try: + self.verbs.remove(inc_verb) + return True + except ValueError: + pass + + return False + + def remove_api_group(self, inc_api_group): + '''add a verb to the verbs array''' + try: + self.api_groups.remove(inc_api_group) + return True + except ValueError: + pass + + return False + + def remove_resource(self, inc_resource): + '''add a verb to the verbs array''' + try: + self.resources.remove(inc_resource) + return True + except ValueError: + pass + + return False + + def __eq__(self, other): + '''return whether rules are equal''' + return (self.attribute_restrictions == other.attribute_restrictions and + self.api_groups == other.api_groups and + self.resources == other.resources and + self.verbs == other.verbs) + + + @staticmethod + def parse_rules(inc_rules): + '''create rules from an array''' + + results = [] + for rule in inc_rules: + results.append(Rule(rule['apiGroups'], + rule['attributeRestrictions'], + rule['resources'], + rule['verbs'])) + + return results diff --git a/roles/lib_openshift/src/lib/user.py b/roles/lib_openshift/src/lib/user.py new file mode 100644 index 000000000..a14d5fc91 --- /dev/null +++ b/roles/lib_openshift/src/lib/user.py @@ -0,0 +1,37 @@ +# pylint: skip-file +# flake8: noqa + + +class UserConfig(object): + ''' Handle user options ''' + def __init__(self, + kubeconfig, + username, + full_name): + ''' constructor for handling user options ''' + self.kubeconfig = kubeconfig + self.username = username + self.full_name = full_name + + self.data = {} + self.create_dict() + + def create_dict(self): + ''' return a user as a dict ''' + self.data['apiVersion'] = 'v1' + self.data['fullName'] = self.full_name + self.data['groups'] = None + self.data['identities'] = None + self.data['kind'] = 'User' + self.data['metadata'] = {} + self.data['metadata']['name'] = self.username + + +# pylint: disable=too-many-instance-attributes +class User(Yedit): + ''' Class to wrap the oc command line tools ''' + kind = 'user' + + def __init__(self, content): + '''User constructor''' + super(User, self).__init__(content=content) diff --git a/roles/lib_openshift/src/sources.yml b/roles/lib_openshift/src/sources.yml index 0dba6016b..9fa2a6c0e 100644 --- a/roles/lib_openshift/src/sources.yml +++ b/roles/lib_openshift/src/sources.yml @@ -79,6 +79,28 @@ oc_atomic_container.py: - doc/atomic_container - ansible/oc_atomic_container.py +oc_configmap.py: +- doc/generated +- doc/license +- lib/import.py +- doc/configmap +- ../../lib_utils/src/class/yedit.py +- lib/base.py +- class/oc_configmap.py +- ansible/oc_configmap.py + +oc_clusterrole.py: +- doc/generated +- doc/license +- lib/import.py +- doc/clusterrole +- ../../lib_utils/src/class/yedit.py +- lib/base.py +- lib/rule.py +- lib/clusterrole.py +- class/oc_clusterrole.py +- ansible/oc_clusterrole.py + oc_edit.py: - doc/generated - doc/license @@ -100,6 +122,7 @@ oc_env.py: - class/oc_env.py - ansible/oc_env.py + oc_group.py: - doc/generated - doc/license @@ -111,6 +134,16 @@ oc_group.py: - class/oc_group.py - ansible/oc_group.py +oc_image.py: +- doc/generated +- doc/license +- lib/import.py +- doc/image +- ../../lib_utils/src/class/yedit.py +- lib/base.py +- class/oc_image.py +- ansible/oc_image.py + oc_label.py: - doc/generated - doc/license @@ -230,6 +263,17 @@ oc_service.py: - class/oc_service.py - ansible/oc_service.py +oc_user.py: +- doc/generated +- doc/license +- lib/import.py +- doc/user +- ../../lib_utils/src/class/yedit.py +- lib/base.py +- lib/user.py +- class/oc_user.py +- ansible/oc_user.py + oc_version.py: - doc/generated - doc/license diff --git a/roles/lib_openshift/src/test/integration/oc_clusterrole.yml b/roles/lib_openshift/src/test/integration/oc_clusterrole.yml new file mode 100755 index 000000000..91b143f55 --- /dev/null +++ b/roles/lib_openshift/src/test/integration/oc_clusterrole.yml @@ -0,0 +1,106 @@ +#!/usr/bin/ansible-playbook --module-path=../../../library/ +## ./oc_configmap.yml -M ../../../library -e "cli_master_test=$OPENSHIFT_MASTER +--- +- hosts: "{{ cli_master_test }}" + gather_facts: no + user: root + + post_tasks: + - name: create a test project + oc_project: + name: test + description: for tests only + + ###### create test ########### + - name: create a clusterrole + oc_clusterrole: + state: present + name: operations + rules: + - apiGroups: + - "" + resources: + - persistentvolumes + attributeRestrictions: null + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + + - name: fetch the created clusterrole + oc_clusterrole: + name: operations + state: list + register: croleout + + - debug: var=croleout + + - name: assert clusterrole exists + assert: + that: + - croleout.results.results.metadata.name == 'operations' + - croleout.results.results.rules[0].resources[0] == 'persistentvolumes' + ###### end create test ########### + + ###### update test ########### + - name: update a clusterrole + oc_clusterrole: + state: present + name: operations + rules: + - apiGroups: + - "" + resources: + - persistentvolumes + - serviceaccounts + - services + attributeRestrictions: null + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + + - name: fetch the created clusterrole + oc_clusterrole: + name: operations + state: list + register: croleout + + - debug: var=croleout + + - name: assert clusterrole is updated + assert: + that: + - croleout.results.results.metadata.name == 'operations' + - "'persistentvolumes' in croleout.results.results.rules[0].resources" + - "'serviceaccounts' in croleout.results.results.rules[0].resources" + - "'services' in croleout.results.results.rules[0].resources" + ###### end create test ########### + + ###### delete test ########### + - name: delete a clusterrole + oc_clusterrole: + state: absent + name: operations + + - name: fetch the clusterrole + oc_clusterrole: + name: operations + state: list + register: croleout + + - debug: var=croleout + + - name: assert operations does not exist + assert: + that: "'\"operations\" not found' in croleout.results.stderr" diff --git a/roles/lib_openshift/src/test/integration/oc_configmap.yml b/roles/lib_openshift/src/test/integration/oc_configmap.yml new file mode 100755 index 000000000..c0d200e73 --- /dev/null +++ b/roles/lib_openshift/src/test/integration/oc_configmap.yml @@ -0,0 +1,95 @@ +#!/usr/bin/ansible-playbook --module-path=../../../library/ +## ./oc_configmap.yml -M ../../../library -e "cli_master_test=$OPENSHIFT_MASTER +--- +- hosts: "{{ cli_master_test }}" + gather_facts: no + user: root + vars: + filename: /tmp/test_configmap_from_file + + post_tasks: + - name: Setup a file with known contents + copy: + content: This is a file + dest: "{{ filename }}" + + - name: create a test project + oc_project: + name: test + description: for tests only + + ###### create test ########### + - name: create a configmap + oc_configmap: + state: present + name: configmaptest + namespace: test + from_file: + config: "{{ filename }}" + from_literal: + foo: bar + + - name: fetch the created configmap + oc_configmap: + name: configmaptest + state: list + namespace: test + register: cmout + + - debug: var=cmout + + - name: assert configmaptest exists + assert: + that: + - cmout.results.results[0].metadata.name == 'configmaptest' + - cmout.results.results[0].data.foo == 'bar' + ###### end create test ########### + + ###### update test ########### + - name: create a configmap + oc_configmap: + state: present + name: configmaptest + namespace: test + from_file: + config: "{{ filename }}" + from_literal: + foo: notbar + deployment_type: online + + - name: fetch the updated configmap + oc_configmap: + name: configmaptest + state: list + namespace: test + register: cmout + + - debug: var=cmout + + - name: assert configmaptest exists + assert: + that: + - cmout.results.results[0].metadata.name == 'configmaptest' + - cmout.results.results[0].data.deployment_type == 'online' + - cmout.results.results[0].data.foo == 'notbar' + ###### end update test ########### + + ###### delete test ########### + - name: delete a configmap + oc_configmap: + state: absent + name: configmaptest + namespace: test + + - name: fetch the updated configmap + oc_configmap: + name: configmaptest + state: list + namespace: test + register: cmout + + - debug: var=cmout + + - name: assert configmaptest exists + assert: + that: "'\"configmaptest\" not found' in cmout.results.stderr" diff --git a/roles/lib_openshift/src/test/integration/oc_user.yml b/roles/lib_openshift/src/test/integration/oc_user.yml new file mode 100755 index 000000000..ad1f9d188 --- /dev/null +++ b/roles/lib_openshift/src/test/integration/oc_user.yml @@ -0,0 +1,240 @@ +#!/usr/bin/ansible-playbook --module-path=../../../library/ +# +# ./oc_user.yml -e "cli_master_test=$OPENSHIFT_MASTER +# +--- +- hosts: "{{ cli_master_test }}" + gather_facts: no + user: root + + vars: + test_user: testuser@email.com + test_user_fullname: "Test User" + pre_tasks: + - name: ensure needed vars are defined + fail: + msg: "{{ item }} no defined" + when: "{{ item}} is not defined" + with_items: + - cli_master_test # ansible inventory instance to run playbook against + + tasks: + - name: delete test user (so future tests work) + oc_user: + state: absent + username: "{{ test_user }}" + + - name: get user list + oc_user: + state: list + username: "{{ test_user }}" + register: user_out + - name: "assert test user does not exist" + assert: + that: user_out['results'][0] == {} + msg: "{{ user_out }}" + + - name: get all list + oc_user: + state: list + register: user_out + #- debug: var=user_out + + - name: add test user + oc_user: + state: present + username: "{{ test_user }}" + full_name: "{{ test_user_fullname }}" + register: user_out + - name: assert result set to changed + assert: + that: user_out['changed'] == True + msg: "{{ user_out }}" + + - name: check test user actually added + oc_user: + state: list + username: "{{ test_user }}" + register: user_out + - name: assert user actually added + assert: + that: user_out['results'][0]['metadata']['name'] == "{{ test_user }}" and + user_out['results'][0]['fullName'] == "{{ test_user_fullname }}" + msg: "{{ user_out }}" + + - name: re-add test user + oc_user: + state: present + username: "{{ test_user }}" + full_name: "{{ test_user_fullname }}" + register: user_out + - name: assert re-add result set to not changed + assert: + that: user_out['changed'] == False + msg: "{{ user_out }}" + + - name: modify existing user + oc_user: + state: present + username: "{{ test_user }}" + full_name: 'Something Different' + register: user_out + - name: assert modify existing user result set to changed + assert: + that: user_out['changed'] == True + msg: "{{ user_out }}" + + - name: check modify test user + oc_user: + state: list + username: "{{ test_user }}" + register: user_out + - name: assert modification successful + assert: + that: user_out['results'][0]['metadata']['name'] == "{{ test_user }}" and + user_out['results'][0]['fullName'] == 'Something Different' + msg: "{{ user_out }}" + + - name: delete test user + oc_user: + state: absent + username: "{{ test_user }}" + register: user_out + - name: assert delete marked changed + assert: + that: user_out['changed'] == True + msg: "{{ user_out }}" + + - name: check delete user + oc_user: + state: list + username: "{{ test_user }}" + register: user_out + - name: assert deletion successful + assert: + that: user_out['results'][0] == {} + msg: "{{ user_out }}" + + - name: re-delete test user + oc_user: + state: absent + username: "{{ test_user }}" + register: user_out + - name: check re-delete marked not changed + assert: + that: user_out['changed'] == False + msg: "{{ user_out }}" + + - name: delete test group + oc_obj: + kind: group + state: absent + name: integration-test-group + + - name: create test group + command: oadm groups new integration-test-group + + - name: check group creation + oc_obj: + kind: group + state: list + name: integration-test-group + register: user_out + - name: assert test group created + assert: + that: user_out['results']['results'][0]['metadata']['name'] == "integration-test-group" + msg: "{{ user_out }}" + + - name: create user with group membership + oc_user: + state: present + username: "{{ test_user }}" + groups: + - "integration-test-group" + register: user_out + - debug: var=user_out + - name: get group user members + oc_obj: + kind: group + state: list + name: integration-test-group + register: user_out + - name: assert user group membership + assert: + that: "'{{ test_user }}' in user_out['results']['results'][0]['users'][0]" + msg: "{{ user_out }}" + + - name: delete second test group + oc_obj: + kind: group + state: absent + name: integration-test-group2 + + - name: create empty second group + command: oadm groups new integration-test-group2 + + - name: update user with second group membership + oc_user: + state: present + username: "{{ test_user }}" + groups: + - "integration-test-group" + - "integration-test-group2" + register: user_out + - name: assert adding more group changed + assert: + that: user_out['changed'] == True + + - name: get group memberships + oc_obj: + kind: group + state: list + name: "{{ item }}" + with_items: + - integration-test-group + - integration-test-group2 + register: user_out + - name: assert user member of above groups + assert: + that: "'{{ test_user }}' in user_out['results'][0]['results']['results'][0]['users'] and \ + '{{ test_user }}' in user_out['results'][1]['results']['results'][0]['users']" + msg: "{{ user_out }}" + + - name: update user with only one group + oc_user: + state: present + username: "{{ test_user }}" + groups: + - "integration-test-group2" + register: user_out + - assert: + that: user_out['changed'] == True + + - name: get group memberships + oc_obj: + kind: group + state: list + name: "{{ item }}" + with_items: + - "integration-test-group" + - "integration-test-group2" + register: user_out + - debug: var=user_out + - name: assert proper user membership + assert: + that: "'{{ test_user }}' not in user_out['results'][0]['results']['results'][0]['users'] and \ + '{{ test_user }}' in user_out['results'][1]['results']['results'][0]['users']" + + - name: clean up test groups + oc_obj: + kind: group + state: absent + name: "{{ item }}" + with_items: + - "integration-test-group" + - "integration-test-group2" + + - name: clean up test user + oc_user: + state: absent + username: "{{ test_user }}" diff --git a/roles/lib_openshift/src/test/unit/test_oc_clusterrole.py b/roles/lib_openshift/src/test/unit/test_oc_clusterrole.py new file mode 100755 index 000000000..189f16bda --- /dev/null +++ b/roles/lib_openshift/src/test/unit/test_oc_clusterrole.py @@ -0,0 +1,115 @@ +''' + Unit tests for oc clusterrole +''' + +import copy +import os +import sys +import unittest +import mock + +# Removing invalid variable names for tests so that I can +# keep them brief +# pylint: disable=invalid-name,no-name-in-module +# Disable import-error b/c our libraries aren't loaded in jenkins +# pylint: disable=import-error,wrong-import-position +# place class in our python path +module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501 +sys.path.insert(0, module_path) +from oc_clusterrole import OCClusterRole # noqa: E402 + + +class OCClusterRoleTest(unittest.TestCase): + ''' + Test class for OCClusterRole + ''' + + # run_ansible input parameters + params = { + 'state': 'present', + 'name': 'operations', + 'rules': [ + {'apiGroups': [''], + 'attributeRestrictions': None, + 'verbs': ['create', 'delete', 'deletecollection', + 'get', 'list', 'patch', 'update', 'watch'], + 'resources': ['persistentvolumes']} + ], + 'kubeconfig': '/etc/origin/master/admin.kubeconfig', + 'debug': False, + } + + @mock.patch('oc_clusterrole.locate_oc_binary') + @mock.patch('oc_clusterrole.Utils.create_tmpfile_copy') + @mock.patch('oc_clusterrole.Utils._write') + @mock.patch('oc_clusterrole.OCClusterRole._run') + def test_adding_a_clusterrole(self, mock_cmd, mock_write, mock_tmpfile_copy, mock_loc_binary): + ''' Testing adding a project ''' + + params = copy.deepcopy(OCClusterRoleTest.params) + + clusterrole = '''{ + "apiVersion": "v1", + "kind": "ClusterRole", + "metadata": { + "creationTimestamp": "2017-03-27T14:19:09Z", + "name": "operations", + "resourceVersion": "23", + "selfLink": "/oapi/v1/clusterrolesoperations", + "uid": "57d358fe-12f8-11e7-874a-0ec502977670" + }, + "rules": [ + { + "apiGroups": [ + "" + ], + "attributeRestrictions": null, + "resources": [ + "persistentvolumes" + ], + "verbs": [ + "create", + "delete", + "deletecollection", + "get", + "list", + "patch", + "update", + "watch" + ] + } + ] + }''' + + # Return values of our mocked function call. These get returned once per call. + mock_cmd.side_effect = [ + (1, '', 'Error from server: clusterrole "operations" not found'), + (1, '', 'Error from server: namespaces "operations" not found'), + (0, '', ''), # created + (0, clusterrole, ''), # fetch it + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + mock_loc_binary.side_effect = [ + 'oc', + ] + + # Act + results = OCClusterRole.run_ansible(params, False) + + # Assert + self.assertTrue(results['changed']) + self.assertEqual(results['results']['returncode'], 0) + self.assertEqual(results['results']['results']['metadata']['name'], 'operations') + self.assertEqual(results['state'], 'present') + + # Making sure our mock was called as we expected + mock_cmd.assert_has_calls([ + mock.call(['oc', 'get', 'clusterrole', 'operations', '-o', 'json'], None), + mock.call(['oc', 'get', 'clusterrole', 'operations', '-o', 'json'], None), + mock.call(['oc', 'create', '-f', mock.ANY], None), + mock.call(['oc', 'get', 'clusterrole', 'operations', '-o', 'json'], None), + ]) diff --git a/roles/lib_openshift/src/test/unit/test_oc_configmap.py b/roles/lib_openshift/src/test/unit/test_oc_configmap.py new file mode 100755 index 000000000..318fd6167 --- /dev/null +++ b/roles/lib_openshift/src/test/unit/test_oc_configmap.py @@ -0,0 +1,239 @@ +''' + Unit tests for oc configmap +''' + +import copy +import os +import six +import sys +import unittest +import mock + +# Removing invalid variable names for tests so that I can +# keep them brief +# pylint: disable=invalid-name,no-name-in-module +# Disable import-error b/c our libraries aren't loaded in jenkins +# pylint: disable=import-error,wrong-import-position +# place class in our python path +module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501 +sys.path.insert(0, module_path) +from oc_configmap import OCConfigMap, locate_oc_binary # noqa: E402 + + +class OCConfigMapTest(unittest.TestCase): + ''' + Test class for OCConfigMap + ''' + params = {'kubeconfig': '/etc/origin/master/admin.kubeconfig', + 'state': 'present', + 'debug': False, + 'name': 'configmap', + 'from_file': {}, + 'from_literal': {}, + 'namespace': 'test'} + + @mock.patch('oc_configmap.Utils._write') + @mock.patch('oc_configmap.Utils.create_tmpfile_copy') + @mock.patch('oc_configmap.OCConfigMap._run') + def test_create_configmap(self, mock_run, mock_tmpfile_copy, mock_write): + ''' Testing a configmap create ''' + # TODO + return + params = copy.deepcopy(OCConfigMapTest.params) + params['from_file'] = {'test': '/root/file'} + params['from_literal'] = {'foo': 'bar'} + + configmap = '''{ + "apiVersion": "v1", + "data": { + "foo": "bar", + "test": "this is a file\\n" + }, + "kind": "ConfigMap", + "metadata": { + "creationTimestamp": "2017-03-20T20:24:35Z", + "name": "configmap", + "namespace": "test" + } + }''' + + mock_run.side_effect = [ + (1, '', 'Error from server (NotFound): configmaps "configmap" not found'), + (0, '', ''), + (0, configmap, ''), + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + results = OCConfigMap.run_ansible(params, False) + + self.assertTrue(results['changed']) + self.assertEqual(results['results']['results'][0]['metadata']['name'], 'configmap') + + @mock.patch('oc_configmap.Utils._write') + @mock.patch('oc_configmap.Utils.create_tmpfile_copy') + @mock.patch('oc_configmap.OCConfigMap._run') + def test_update_configmap(self, mock_run, mock_tmpfile_copy, mock_write): + ''' Testing a configmap create ''' + params = copy.deepcopy(OCConfigMapTest.params) + params['from_file'] = {'test': '/root/file'} + params['from_literal'] = {'foo': 'bar', 'deployment_type': 'online'} + + configmap = '''{ + "apiVersion": "v1", + "data": { + "foo": "bar", + "test": "this is a file\\n" + }, + "kind": "ConfigMap", + "metadata": { + "creationTimestamp": "2017-03-20T20:24:35Z", + "name": "configmap", + "namespace": "test" + + } + }''' + + mod_configmap = '''{ + "apiVersion": "v1", + "data": { + "foo": "bar", + "deployment_type": "online", + "test": "this is a file\\n" + }, + "kind": "ConfigMap", + "metadata": { + "creationTimestamp": "2017-03-20T20:24:35Z", + "name": "configmap", + "namespace": "test" + + } + }''' + + mock_run.side_effect = [ + (0, configmap, ''), + (0, mod_configmap, ''), + (0, configmap, ''), + (0, '', ''), + (0, mod_configmap, ''), + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + results = OCConfigMap.run_ansible(params, False) + + self.assertTrue(results['changed']) + self.assertEqual(results['results']['results'][0]['metadata']['name'], 'configmap') + self.assertEqual(results['results']['results'][0]['data']['deployment_type'], 'online') + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_fallback(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup fallback ''' + + mock_env_get.side_effect = lambda _v, _d: '' + + mock_path_exists.side_effect = lambda _: False + + self.assertEqual(locate_oc_binary(), 'oc') + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_in_path(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup in path ''' + + oc_bin = '/usr/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_path_exists.side_effect = lambda f: f == oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_in_usr_local(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup in /usr/local/bin ''' + + oc_bin = '/usr/local/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_path_exists.side_effect = lambda f: f == oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_in_home(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup in ~/bin ''' + + oc_bin = os.path.expanduser('~/bin/oc') + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_path_exists.side_effect = lambda f: f == oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_fallback_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup fallback ''' + + mock_env_get.side_effect = lambda _v, _d: '' + + mock_shutil_which.side_effect = lambda _f, path=None: None + + self.assertEqual(locate_oc_binary(), 'oc') + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_in_path_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup in path ''' + + oc_bin = '/usr/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_shutil_which.side_effect = lambda _f, path=None: oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_in_usr_local_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup in /usr/local/bin ''' + + oc_bin = '/usr/local/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_shutil_which.side_effect = lambda _f, path=None: oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_in_home_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup in ~/bin ''' + + oc_bin = os.path.expanduser('~/bin/oc') + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_shutil_which.side_effect = lambda _f, path=None: oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) diff --git a/roles/lib_openshift/src/test/unit/test_oc_image.py b/roles/lib_openshift/src/test/unit/test_oc_image.py new file mode 100755 index 000000000..943c8ca17 --- /dev/null +++ b/roles/lib_openshift/src/test/unit/test_oc_image.py @@ -0,0 +1,280 @@ +''' + Unit tests for oc image +''' +import os +import sys +import unittest +import mock +import six + +# Removing invalid variable names for tests so that I can +# keep them brief +# pylint: disable=invalid-name,no-name-in-module +# Disable import-error b/c our libraries aren't loaded in jenkins +# pylint: disable=import-error +# place class in our python path +module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501 +sys.path.insert(0, module_path) +from oc_image import OCImage, locate_oc_binary # noqa: E402 + + +class OCImageTest(unittest.TestCase): + ''' + Test class for OCImage + ''' + + @mock.patch('oc_image.Utils.create_tmpfile_copy') + @mock.patch('oc_image.OCImage._run') + def test_state_list(self, mock_cmd, mock_tmpfile_copy): + ''' Testing a label list ''' + params = {'registry_url': 'registry.ops.openshift.com', + 'image_name': 'oso-rhel7-zagg-web', + 'image_tag': 'int', + 'namespace': 'default', + 'state': 'list', + 'kubeconfig': '/etc/origin/master/admin.kubeconfig', + 'debug': False} + + istream = '''{ + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "oso-rhel7-zagg-web", + "namespace": "default", + "selfLink": "/oapi/v1/namespaces/default/imagestreams/oso-rhel7-zagg-web", + "uid": "6ca2b199-dcdb-11e6-8ffd-0a5f8e3e32be", + "resourceVersion": "8135944", + "generation": 1, + "creationTimestamp": "2017-01-17T17:36:05Z", + "annotations": { + "openshift.io/image.dockerRepositoryCheck": "2017-01-17T17:36:05Z" + } + }, + "spec": { + "tags": [ + { + "name": "int", + "annotations": null, + "from": { + "kind": "DockerImage", + "name": "registry.ops.openshift.com/ops/oso-rhel7-zagg-web:int" + }, + "generation": 1, + "importPolicy": {} + } + ] + }, + "status": { + "dockerImageRepository": "172.30.183.164:5000/default/oso-rhel7-zagg-web", + "tags": [ + { + "tag": "int", + "items": [ + { + "created": "2017-01-17T17:36:05Z", + "dockerImageReference": "registry.ops.openshift.com/ops/oso-rhel7-zagg-web@sha256:645bab780cf18a9b764d64b02ca65c39d13cb16f19badd0a49a1668629759392", + "image": "sha256:645bab780cf18a9b764d64b02ca65c39d13cb16f19badd0a49a1668629759392", + "generation": 1 + } + ] + } + ] + } + } + ''' + + mock_cmd.side_effect = [ + (0, istream, ''), + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + results = OCImage.run_ansible(params, False) + + self.assertFalse(results['changed']) + self.assertEquals(results['results']['results'][0]['metadata']['name'], 'oso-rhel7-zagg-web') + + @mock.patch('oc_image.Utils.create_tmpfile_copy') + @mock.patch('oc_image.OCImage._run') + def test_state_present(self, mock_cmd, mock_tmpfile_copy): + ''' Testing a image present ''' + params = {'registry_url': 'registry.ops.openshift.com', + 'image_name': 'oso-rhel7-zagg-web', + 'image_tag': 'int', + 'namespace': 'default', + 'state': 'present', + 'kubeconfig': '/etc/origin/master/admin.kubeconfig', + 'debug': False} + + istream = '''{ + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "oso-rhel7-zagg-web", + "namespace": "default", + "selfLink": "/oapi/v1/namespaces/default/imagestreams/oso-rhel7-zagg-web", + "uid": "6ca2b199-dcdb-11e6-8ffd-0a5f8e3e32be", + "resourceVersion": "8135944", + "generation": 1, + "creationTimestamp": "2017-01-17T17:36:05Z", + "annotations": { + "openshift.io/image.dockerRepositoryCheck": "2017-01-17T17:36:05Z" + } + }, + "spec": { + "tags": [ + { + "name": "int", + "annotations": null, + "from": { + "kind": "DockerImage", + "name": "registry.ops.openshift.com/ops/oso-rhel7-zagg-web:int" + }, + "generation": 1, + "importPolicy": {} + } + ] + }, + "status": { + "dockerImageRepository": "172.30.183.164:5000/default/oso-rhel7-zagg-web", + "tags": [ + { + "tag": "int", + "items": [ + { + "created": "2017-01-17T17:36:05Z", + "dockerImageReference": "registry.ops.openshift.com/ops/oso-rhel7-zagg-web@sha256:645bab780cf18a9b764d64b02ca65c39d13cb16f19badd0a49a1668629759392", + "image": "sha256:645bab780cf18a9b764d64b02ca65c39d13cb16f19badd0a49a1668629759392", + "generation": 1 + } + ] + } + ] + } + } + ''' + + mock_cmd.side_effect = [ + (1, '', 'Error from server: imagestreams "oso-rhel7-zagg-web" not found'), + (0, '', ''), + (0, istream, ''), + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + results = OCImage.run_ansible(params, False) + + self.assertTrue(results['changed']) + self.assertTrue(results['results']['results'][0]['metadata']['name'] == 'oso-rhel7-zagg-web') + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_fallback(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup fallback ''' + + mock_env_get.side_effect = lambda _v, _d: '' + + mock_path_exists.side_effect = lambda _: False + + self.assertEqual(locate_oc_binary(), 'oc') + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_in_path(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup in path ''' + + oc_bin = '/usr/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_path_exists.side_effect = lambda f: f == oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_in_usr_local(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup in /usr/local/bin ''' + + oc_bin = '/usr/local/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_path_exists.side_effect = lambda f: f == oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY3, 'py2 test only') + @mock.patch('os.path.exists') + @mock.patch('os.environ.get') + def test_binary_lookup_in_home(self, mock_env_get, mock_path_exists): + ''' Testing binary lookup in ~/bin ''' + + oc_bin = os.path.expanduser('~/bin/oc') + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_path_exists.side_effect = lambda f: f == oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_fallback_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup fallback ''' + + mock_env_get.side_effect = lambda _v, _d: '' + + mock_shutil_which.side_effect = lambda _f, path=None: None + + self.assertEqual(locate_oc_binary(), 'oc') + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_in_path_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup in path ''' + + oc_bin = '/usr/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_shutil_which.side_effect = lambda _f, path=None: oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_in_usr_local_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup in /usr/local/bin ''' + + oc_bin = '/usr/local/bin/oc' + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_shutil_which.side_effect = lambda _f, path=None: oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) + + @unittest.skipIf(six.PY2, 'py3 test only') + @mock.patch('shutil.which') + @mock.patch('os.environ.get') + def test_binary_lookup_in_home_py3(self, mock_env_get, mock_shutil_which): + ''' Testing binary lookup in ~/bin ''' + + oc_bin = os.path.expanduser('~/bin/oc') + + mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin' + + mock_shutil_which.side_effect = lambda _f, path=None: oc_bin + + self.assertEqual(locate_oc_binary(), oc_bin) diff --git a/roles/lib_openshift/src/test/unit/test_oc_user.py b/roles/lib_openshift/src/test/unit/test_oc_user.py new file mode 100755 index 000000000..f7a17cc2c --- /dev/null +++ b/roles/lib_openshift/src/test/unit/test_oc_user.py @@ -0,0 +1,127 @@ +#!/usr/bin/env python2 +''' + Unit tests for oc user +''' +# To run +# ./oc_user.py +# +# .. +# ---------------------------------------------------------------------- +# Ran 2 tests in 0.003s +# +# OK + +import os +import sys +import unittest +import mock + +# Removing invalid variable names for tests so that I can +# keep them brief +# pylint: disable=invalid-name,no-name-in-module +# Disable import-error b/c our libraries aren't loaded in jenkins +# pylint: disable=import-error +# place class in our python path +module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library') # noqa: E501 +sys.path.insert(0, module_path) +from oc_user import OCUser # noqa: E402 + + +class OCUserTest(unittest.TestCase): + ''' + Test class for OCUser + ''' + + def setUp(self): + ''' setup method will create a file and set to known configuration ''' + pass + + @mock.patch('oc_user.Utils.create_tmpfile_copy') + @mock.patch('oc_user.OCUser._run') + def test_state_list(self, mock_cmd, mock_tmpfile_copy): + ''' Testing a user list ''' + params = {'username': 'testuser@email.com', + 'state': 'list', + 'kubeconfig': '/etc/origin/master/admin.kubeconfig', + 'full_name': None, + 'groups': [], + 'debug': False} + + user = '''{ + "kind": "User", + "apiVersion": "v1", + "metadata": { + "name": "testuser@email.com", + "selfLink": "/oapi/v1/users/testuser@email.com", + "uid": "02fee6c9-f20d-11e6-b83b-12e1a7285e80", + "resourceVersion": "38566887", + "creationTimestamp": "2017-02-13T16:53:58Z" + }, + "fullName": "Test User", + "identities": null, + "groups": null + }''' + + mock_cmd.side_effect = [ + (0, user, ''), + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + results = OCUser.run_ansible(params, False) + + self.assertFalse(results['changed']) + self.assertTrue(results['results'][0]['metadata']['name'] == "testuser@email.com") + + @mock.patch('oc_user.Utils.create_tmpfile_copy') + @mock.patch('oc_user.OCUser._run') + def test_state_present(self, mock_cmd, mock_tmpfile_copy): + ''' Testing a user list ''' + params = {'username': 'testuser@email.com', + 'state': 'present', + 'kubeconfig': '/etc/origin/master/admin.kubeconfig', + 'full_name': 'Test User', + 'groups': [], + 'debug': False} + + created_user = '''{ + "kind": "User", + "apiVersion": "v1", + "metadata": { + "name": "testuser@email.com", + "selfLink": "/oapi/v1/users/testuser@email.com", + "uid": "8d508039-f224-11e6-b83b-12e1a7285e80", + "resourceVersion": "38646241", + "creationTimestamp": "2017-02-13T19:42:28Z" + }, + "fullName": "Test User", + "identities": null, + "groups": null + }''' + + mock_cmd.side_effect = [ + (1, '', 'Error from server: users "testuser@email.com" not found'), # get + (1, '', 'Error from server: users "testuser@email.com" not found'), # get + (0, 'user "testuser@email.com" created', ''), # create + (0, created_user, ''), # get + ] + + mock_tmpfile_copy.side_effect = [ + '/tmp/mocked_kubeconfig', + ] + + results = OCUser.run_ansible(params, False) + + self.assertTrue(results['changed']) + self.assertTrue(results['results']['results'][0]['metadata']['name'] == + "testuser@email.com") + + def tearDown(self): + '''TearDown method''' + pass + + +if __name__ == "__main__": + unittest.main() diff --git a/roles/lib_utils/library/yedit.py b/roles/lib_utils/library/yedit.py index a2ae6b4f6..9adaeeb52 100644 --- a/roles/lib_utils/library/yedit.py +++ b/roles/lib_utils/library/yedit.py @@ -180,13 +180,27 @@ EXAMPLES = ''' # a: # b: # c: d +# +# multiple edits at the same time +- name: perform multiple edits + yedit: + src: somefile.yml + edits: + - key: a#b#c + value: d + - key: a#b#c#d + value: e + state: present +# Results: +# a: +# b: +# c: +# d: e ''' # -*- -*- -*- End included fragment: doc/yedit -*- -*- -*- # -*- -*- -*- Begin included fragment: class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 class YeditException(Exception): @@ -220,13 +234,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -242,13 +256,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -270,7 +284,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -359,7 +373,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -459,7 +473,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -578,8 +592,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -640,7 +654,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -666,7 +690,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -698,114 +722,149 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) - if module.params['src']: + state = params['state'] + + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) - if rval[0] and module.params['src']: + elif params['edits'] is not None: + edits = params['edits'] + + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} # -*- -*- -*- End included fragment: class/yedit.py -*- -*- -*- @@ -837,12 +896,34 @@ def main(): type='str'), backup=dict(default=True, type='bool'), separator=dict(default='.', type='str'), + edits=dict(default=None, type='list'), ), mutually_exclusive=[["curr_value", "index"], ['update', "append"]], required_one_of=[["content", "src"]], ) - rval = Yedit.run_ansible(module) + # Verify we recieved either a valid key or edits with valid keys when receiving a src file. + # A valid key being not None or not ''. + if module.params['src'] is not None: + key_error = False + edit_error = False + + if module.params['key'] in [None, '']: + key_error = True + + if module.params['edits'] in [None, []]: + edit_error = True + + else: + for edit in module.params['edits']: + if edit.get('key') in [None, '']: + edit_error = True + break + + if key_error and edit_error: + module.fail_json(failed=True, msg='Empty value for parameter key not allowed.') + + rval = Yedit.run_ansible(module.params) if 'failed' in rval and rval['failed']: module.fail_json(**rval) diff --git a/roles/lib_utils/src/ansible/yedit.py b/roles/lib_utils/src/ansible/yedit.py index 8a1a7c2dc..c4b818cf1 100644 --- a/roles/lib_utils/src/ansible/yedit.py +++ b/roles/lib_utils/src/ansible/yedit.py @@ -26,12 +26,34 @@ def main(): type='str'), backup=dict(default=True, type='bool'), separator=dict(default='.', type='str'), + edits=dict(default=None, type='list'), ), mutually_exclusive=[["curr_value", "index"], ['update', "append"]], required_one_of=[["content", "src"]], ) - rval = Yedit.run_ansible(module) + # Verify we recieved either a valid key or edits with valid keys when receiving a src file. + # A valid key being not None or not ''. + if module.params['src'] is not None: + key_error = False + edit_error = False + + if module.params['key'] in [None, '']: + key_error = True + + if module.params['edits'] in [None, []]: + edit_error = True + + else: + for edit in module.params['edits']: + if edit.get('key') in [None, '']: + edit_error = True + break + + if key_error and edit_error: + module.fail_json(failed=True, msg='Empty value for parameter key not allowed.') + + rval = Yedit.run_ansible(module.params) if 'failed' in rval and rval['failed']: module.fail_json(**rval) diff --git a/roles/lib_utils/src/class/yedit.py b/roles/lib_utils/src/class/yedit.py index 533665db2..e0a27012f 100644 --- a/roles/lib_utils/src/class/yedit.py +++ b/roles/lib_utils/src/class/yedit.py @@ -1,6 +1,5 @@ # flake8: noqa -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 +# pylint: skip-file class YeditException(Exception): @@ -34,13 +33,13 @@ class Yedit(object): @property def separator(self): - ''' getter method for yaml_dict ''' + ''' getter method for separator ''' return self._separator @separator.setter - def separator(self): - ''' getter method for yaml_dict ''' - return self._separator + def separator(self, inc_sep): + ''' setter method for separator ''' + self._separator = inc_sep @property def yaml_dict(self): @@ -56,13 +55,13 @@ class Yedit(object): def parse_key(key, sep='.'): '''parse the key allowing the appropriate separator''' common_separators = list(Yedit.com_sep - set([sep])) - return re.findall(Yedit.re_key % ''.join(common_separators), key) + return re.findall(Yedit.re_key.format(''.join(common_separators)), key) @staticmethod def valid_key(key, sep='.'): '''validate the incoming key''' common_separators = list(Yedit.com_sep - set([sep])) - if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): + if not re.match(Yedit.re_valid_key.format(''.join(common_separators)), key): return False return True @@ -84,7 +83,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes[:-1]: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -173,7 +172,7 @@ class Yedit(object): key_indexes = Yedit.parse_key(key, sep) for arr_ind, dict_key in key_indexes: if dict_key and isinstance(data, dict): - data = data.get(dict_key, None) + data = data.get(dict_key) elif (arr_ind and isinstance(data, list) and int(arr_ind) <= len(data) - 1): data = data[int(arr_ind)] @@ -273,7 +272,7 @@ class Yedit(object): self.yaml_dict = json.loads(contents) except yaml.YAMLError as err: # Error loading yaml or json - raise YeditException('Problem with loading yaml file. %s' % err) + raise YeditException('Problem with loading yaml file. {}'.format(err)) return self.yaml_dict @@ -392,8 +391,8 @@ class Yedit(object): # AUDIT:maybe-no-member makes sense due to fuzzy types # pylint: disable=maybe-no-member if not isinstance(value, dict): - raise YeditException('Cannot replace key, value entry in ' + - 'dict with non-dict type. value=[%s] [%s]' % (value, type(value))) # noqa: E501 + raise YeditException('Cannot replace key, value entry in dict with non-dict type. ' + + 'value=[{}] type=[{}]'.format(value, type(value))) entry.update(value) return (True, self.yaml_dict) @@ -454,7 +453,17 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if not result: + if result is None: + return (False, self.yaml_dict) + + # When path equals "" it is a special case. + # "" refers to the root of the document + # Only update the root path (entire document) when its a list or dict + if path == '': + if isinstance(result, list) or isinstance(result, dict): + self.yaml_dict = result + return (True, self.yaml_dict) + return (False, self.yaml_dict) self.yaml_dict = tmp_copy @@ -480,7 +489,7 @@ class Yedit(object): pass result = Yedit.add_entry(tmp_copy, path, value, self.separator) - if result: + if result is not None: self.yaml_dict = tmp_copy return (True, self.yaml_dict) @@ -512,112 +521,147 @@ class Yedit(object): # we will convert to bool if it matches any of the above cases if isinstance(inc_value, str) and 'bool' in vtype: if inc_value not in true_bools and inc_value not in false_bools: - raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' - % (inc_value, vtype)) + raise YeditException('Not a boolean type. str=[{}] vtype=[{}]'.format(inc_value, vtype)) elif isinstance(inc_value, bool) and 'str' in vtype: inc_value = str(inc_value) + # There is a special case where '' will turn into None after yaml loading it so skip + if isinstance(inc_value, str) and inc_value == '': + pass # If vtype is not str then go ahead and attempt to yaml load it. - if isinstance(inc_value, str) and 'str' not in vtype: + elif isinstance(inc_value, str) and 'str' not in vtype: try: - inc_value = yaml.load(inc_value) + inc_value = yaml.safe_load(inc_value) except Exception: - raise YeditException('Could not determine type of incoming ' + - 'value. value=[%s] vtype=[%s]' - % (type(inc_value), vtype)) + raise YeditException('Could not determine type of incoming value. ' + + 'value=[{}] vtype=[{}]'.format(type(inc_value), vtype)) return inc_value + @staticmethod + def process_edits(edits, yamlfile): + '''run through a list of edits and process them one-by-one''' + results = [] + for edit in edits: + value = Yedit.parse_value(edit['value'], edit.get('value_type', '')) + if edit.get('action') == 'update': + # pylint: disable=line-too-long + curr_value = Yedit.get_curr_value( + Yedit.parse_value(edit.get('curr_value')), + edit.get('curr_value_format')) + + rval = yamlfile.update(edit['key'], + value, + edit.get('index'), + curr_value) + + elif edit.get('action') == 'append': + rval = yamlfile.append(edit['key'], value) + + else: + rval = yamlfile.put(edit['key'], value) + + if rval[0]: + results.append({'key': edit['key'], 'edit': rval[1]}) + + return {'changed': len(results) > 0, 'results': results} + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(module): + def run_ansible(params): '''perform the idempotent crud operations''' - yamlfile = Yedit(filename=module.params['src'], - backup=module.params['backup'], - separator=module.params['separator']) + yamlfile = Yedit(filename=params['src'], + backup=params['backup'], + separator=params['separator']) + + state = params['state'] - if module.params['src']: + if params['src']: rval = yamlfile.load() - if yamlfile.yaml_dict is None and \ - module.params['state'] != 'present': + if yamlfile.yaml_dict is None and state != 'present': return {'failed': True, - 'msg': 'Error opening file [%s]. Verify that the ' + - 'file exists, that it is has correct' + - ' permissions, and is valid yaml.'} - - if module.params['state'] == 'list': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + 'msg': 'Error opening file [{}]. Verify that the '.format(params['src']) + + 'file exists, that it is has correct permissions, and is valid yaml.'} + + if state == 'list': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['key']: - rval = yamlfile.get(module.params['key']) or {} + if params['key']: + rval = yamlfile.get(params['key']) or {} - return {'changed': False, 'result': rval, 'state': "list"} + return {'changed': False, 'result': rval, 'state': state} - elif module.params['state'] == 'absent': - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + elif state == 'absent': + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) yamlfile.yaml_dict = content - if module.params['update']: - rval = yamlfile.pop(module.params['key'], - module.params['value']) + if params['update']: + rval = yamlfile.pop(params['key'], params['value']) else: - rval = yamlfile.delete(module.params['key']) + rval = yamlfile.delete(params['key']) - if rval[0] and module.params['src']: + if rval[0] and params['src']: yamlfile.write() - return {'changed': rval[0], 'result': rval[1], 'state': "absent"} + return {'changed': rval[0], 'result': rval[1], 'state': state} - elif module.params['state'] == 'present': + elif state == 'present': # check if content is different than what is in the file - if module.params['content']: - content = Yedit.parse_value(module.params['content'], - module.params['content_type']) + if params['content']: + content = Yedit.parse_value(params['content'], params['content_type']) # We had no edits to make and the contents are the same if yamlfile.yaml_dict == content and \ - module.params['value'] is None: - return {'changed': False, - 'result': yamlfile.yaml_dict, - 'state': "present"} + params['value'] is None: + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} yamlfile.yaml_dict = content - # we were passed a value; parse it - if module.params['value']: - value = Yedit.parse_value(module.params['value'], - module.params['value_type']) - key = module.params['key'] - if module.params['update']: - # pylint: disable=line-too-long - curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']), # noqa: E501 - module.params['curr_value_format']) # noqa: E501 + # If we were passed a key, value then + # we enapsulate it in a list and process it + # Key, Value passed to the module : Converted to Edits list # + edits = [] + _edit = {} + if params['value'] is not None: + _edit['value'] = params['value'] + _edit['value_type'] = params['value_type'] + _edit['key'] = params['key'] - rval = yamlfile.update(key, value, module.params['index'], curr_value) # noqa: E501 + if params['update']: + _edit['action'] = 'update' + _edit['curr_value'] = params['curr_value'] + _edit['curr_value_format'] = params['curr_value_format'] + _edit['index'] = params['index'] - elif module.params['append']: - rval = yamlfile.append(key, value) - else: - rval = yamlfile.put(key, value) + elif params['append']: + _edit['action'] = 'append' + + edits.append(_edit) + + elif params['edits'] is not None: + edits = params['edits'] - if rval[0] and module.params['src']: + if edits: + results = Yedit.process_edits(edits, yamlfile) + + # if there were changes and a src provided to us we need to write + if results['changed'] and params['src']: yamlfile.write() - return {'changed': rval[0], - 'result': rval[1], 'state': "present"} + return {'changed': results['changed'], 'result': results['results'], 'state': state} # no edits to make - if module.params['src']: + if params['src']: # pylint: disable=redefined-variable-type rval = yamlfile.write() return {'changed': rval[0], 'result': rval[1], - 'state': "present"} + 'state': state} + # We were passed content but no src, key or value, or edits. Return contents in memory + return {'changed': False, 'result': yamlfile.yaml_dict, 'state': state} return {'failed': True, 'msg': 'Unkown state passed'} diff --git a/roles/lib_utils/src/doc/yedit b/roles/lib_utils/src/doc/yedit index 16b44943e..82af1f675 100644 --- a/roles/lib_utils/src/doc/yedit +++ b/roles/lib_utils/src/doc/yedit @@ -135,4 +135,20 @@ EXAMPLES = ''' # a: # b: # c: d +# +# multiple edits at the same time +- name: perform multiple edits + yedit: + src: somefile.yml + edits: + - key: a#b#c + value: d + - key: a#b#c#d + value: e + state: present +# Results: +# a: +# b: +# c: +# d: e ''' diff --git a/roles/lib_utils/src/test/integration/kube-manager-test.yaml.orig b/roles/lib_utils/src/test/integration/kube-manager-test.yaml.orig deleted file mode 100644 index 5541c3dae..000000000 --- a/roles/lib_utils/src/test/integration/kube-manager-test.yaml.orig +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: kube-controller-manager - namespace: kube-system -spec: - hostNetwork: true - containers: - - name: kube-controller-manager - image: openshift/kube:v1.0.0 - command: - - /hyperkube - - controller-manager - - --master=http://127.0.0.1:8080 - - --leader-elect=true - - --service-account-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem - - --root-ca-file=/etc/k8s/ssl/my.pem - - --my-new-parameter=openshift - livenessProbe: - httpGet: - host: 127.0.0.1 - path: /healthz - port: 10252 - initialDelaySeconds: 15 - timeoutSeconds: 1 - volumeMounts: - - mountPath: /etc/kubernetes/ssl - name: ssl-certs-kubernetes - readOnly: true - - mountPath: /etc/ssl/certs - name: ssl-certs-host - readOnly: 'true' - volumes: - - hostPath: - path: /etc/kubernetes/ssl - name: ssl-certs-kubernetes - - hostPath: - path: /usr/share/ca-certificates - name: ssl-certs-host -yedittest: yedittest -metadata-namespace: openshift-is-awesome -nonexistingkey: -- --my-new-parameter=openshift -a: - b: - c: d -e: - f: - g: - h: - i: - j: k diff --git a/roles/lib_utils/src/test/integration/yedit.yml b/roles/lib_utils/src/test/integration/yedit.yml index e3dfd490b..65209bade 100755 --- a/roles/lib_utils/src/test/integration/yedit.yml +++ b/roles/lib_utils/src/test/integration/yedit.yml @@ -219,4 +219,33 @@ assert: that: results.result == [1, 2, 3] msg: "Test: '[1, 2, 3]' != [{{ results.result }}]" -###### end test create list value ##### + ###### end test create list value ##### + + ###### test create multiple list value ##### + - name: test multiple edits + yedit: + src: "{{ test_file }}" + edits: + - key: z.x.y + value: + - 1 + - 2 + - 3 + - key: z.x.y + value: 4 + action: append + + - name: retrieve the key + yedit: + src: "{{ test_file }}" + state: list + key: z#x#y + separator: '#' + register: results + - debug: var=results + + - name: Assert that the key was created + assert: + that: results.result == [1, 2, 3, 4] + msg: "Test: '[1, 2, 3, 4]' != [{{ results.result }}]" + ###### end test create multiple list value ##### diff --git a/roles/lib_utils/src/test/unit/test_yedit.py b/roles/lib_utils/src/test/unit/test_yedit.py index 23a3f7353..f9f42843a 100755 --- a/roles/lib_utils/src/test/unit/test_yedit.py +++ b/roles/lib_utils/src/test/unit/test_yedit.py @@ -5,6 +5,7 @@ import os import sys import unittest +import mock # Removing invalid variable names for tests so that I can # keep them brief @@ -277,6 +278,91 @@ class YeditTest(unittest.TestCase): with self.assertRaises(YeditException): yed.put('new.stuff.here[0]', 'item') + def test_empty_key_with_int_value(self): + '''test editing top level with not list or dict''' + yed = Yedit(content={'a': {'b': 12}}) + result = yed.put('', 'b') + self.assertFalse(result[0]) + + def test_setting_separator(self): + '''test editing top level with not list or dict''' + yed = Yedit(content={'a': {'b': 12}}) + yed.separator = ':' + self.assertEqual(yed.separator, ':') + + def test_remove_all(self): + '''test removing all data''' + data = Yedit.remove_entry({'a': {'b': 12}}, '') + self.assertTrue(data) + + def test_remove_list_entry(self): + '''test removing list entry''' + data = {'a': {'b': [{'c': 3}]}} + results = Yedit.remove_entry(data, 'a.b[0]') + self.assertTrue(results) + self.assertTrue(data, {'a': {'b': []}}) + + def test_parse_value_string_true(self): + '''test parse_value''' + results = Yedit.parse_value('true', 'str') + self.assertEqual(results, 'true') + + def test_parse_value_bool_true(self): + '''test parse_value''' + results = Yedit.parse_value('true', 'bool') + self.assertTrue(results) + + def test_parse_value_bool_exception(self): + '''test parse_value''' + with self.assertRaises(YeditException): + Yedit.parse_value('TTT', 'bool') + + @mock.patch('yedit.Yedit.write') + def test_run_ansible_basic(self, mock_write): + '''test parse_value''' + params = { + 'src': None, + 'backup': False, + 'separator': '.', + 'state': 'present', + 'edits': [], + 'value': None, + 'key': None, + 'content': {'a': {'b': {'c': 1}}}, + 'content_type': '', + } + + results = Yedit.run_ansible(params) + + mock_write.side_effect = [ + (True, params['content']), + ] + + self.assertFalse(results['changed']) + + @mock.patch('yedit.Yedit.write') + def test_run_ansible_and_write(self, mock_write): + '''test parse_value''' + params = { + 'src': '/tmp/test', + 'backup': False, + 'separator': '.', + 'state': 'present', + 'edits': [], + 'value': None, + 'key': None, + 'content': {'a': {'b': {'c': 1}}}, + 'content_type': '', + } + + results = Yedit.run_ansible(params) + + mock_write.side_effect = [ + (True, params['content']), + ] + + self.assertTrue(results['changed']) + def tearDown(self): '''TearDown method''' os.unlink(YeditTest.filename) diff --git a/roles/openshift_ca/README.md b/roles/openshift_ca/README.md index 96c9cd5f2..dfbe81c6c 100644 --- a/roles/openshift_ca/README.md +++ b/roles/openshift_ca/README.md @@ -19,6 +19,8 @@ From this role: | openshift_ca_key | `{{ openshift_ca_config_dir }}/ca.key` | CA key path including CA key filename. | | openshift_ca_serial | `{{ openshift_ca_config_dir }}/ca.serial.txt` | CA serial path including CA serial filename. | | openshift_version | `{{ openshift_pkg_version }}` | OpenShift package version. | +| openshift_master_cert_expire_days | `730` (2 years) | Validity of the certificates in days. Works only with OpenShift version 1.5 (3.5) and later. | +| openshift_ca_cert_expire_days | `1825` (5 years) | Validity of the CA certificates in days. Works only with OpenShift version 1.5 (3.5) and later. | Dependencies ------------ diff --git a/roles/openshift_ca/defaults/main.yml b/roles/openshift_ca/defaults/main.yml new file mode 100644 index 000000000..ecfcc88b3 --- /dev/null +++ b/roles/openshift_ca/defaults/main.yml @@ -0,0 +1,3 @@ +--- +openshift_ca_cert_expire_days: 1825 +openshift_master_cert_expire_days: 730 diff --git a/roles/openshift_ca/tasks/main.yml b/roles/openshift_ca/tasks/main.yml index 70c2a9121..3b17d9ed6 100644 --- a/roles/openshift_ca/tasks/main.yml +++ b/roles/openshift_ca/tasks/main.yml @@ -88,7 +88,7 @@ # This should NOT replace the CA due to --overwrite=false when a CA already exists. - name: Create the master certificates if they do not already exist command: > - {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm create-master-certs + {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm ca create-master-certs {% for named_ca_certificate in openshift.master.named_certificates | default([]) | oo_collect('cafile') %} --certificate-authority {{ named_ca_certificate }} {% endfor %} @@ -99,6 +99,10 @@ --master={{ openshift.master.api_url }} --public-master={{ openshift.master.public_api_url }} --cert-dir={{ openshift_ca_config_dir }} + {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} + --expire-days={{ openshift_master_cert_expire_days }} + --signer-expire-days={{ openshift_ca_cert_expire_days }} + {% endif %} --overwrite=false when: master_ca_missing | bool or openshift_certificates_redeploy | default(false) | bool delegate_to: "{{ openshift_ca_host }}" diff --git a/roles/openshift_common/tasks/main.yml b/roles/openshift_common/tasks/main.yml index e55c288a8..d9ccf87bc 100644 --- a/roles/openshift_common/tasks/main.yml +++ b/roles/openshift_common/tasks/main.yml @@ -24,6 +24,14 @@ when: openshift_use_nuage | default(false) | bool and openshift_use_contiv | default(false) | bool - fail: + msg: Calico can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use Calico + when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_calico | default(false) | bool + +- fail: + msg: Calico cannot currently be used with Flannel in Openshift. Set either openshift_use_calico or openshift_use_flannel, but not both + when: openshift_use_calico | default(false) | bool and openshift_use_flannel | default(false) | bool + +- fail: msg: openshift_hostname must be 64 characters or less when: openshift_hostname is defined and openshift_hostname | length > 64 @@ -35,6 +43,7 @@ use_openshift_sdn: "{{ openshift_use_openshift_sdn | default(None) }}" sdn_network_plugin_name: "{{ os_sdn_network_plugin_name | default(None) }}" use_flannel: "{{ openshift_use_flannel | default(None) }}" + use_calico: "{{openshift_use_calico | default(None) }}" use_nuage: "{{ openshift_use_nuage | default(None) }}" use_contiv: "{{ openshift_use_contiv | default(None) }}" use_manageiq: "{{ openshift_use_manageiq | default(None) }}" diff --git a/roles/openshift_examples/examples-sync.sh b/roles/openshift_examples/examples-sync.sh index e3cc3a9b4..0a2d3005f 100755 --- a/roles/openshift_examples/examples-sync.sh +++ b/roles/openshift_examples/examples-sync.sh @@ -31,6 +31,8 @@ mv application-templates-GA/fis-image-streams.json ${EXAMPLES_BASE}/xpaas-stream mv application-templates-GA/quickstarts/* ${EXAMPLES_BASE}/xpaas-templates/ find application-templates-${XPAAS_VERSION}/ -name '*.json' ! -wholename '*secret*' ! -wholename '*demo*' -exec mv {} ${EXAMPLES_BASE}/xpaas-templates/ \; wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/dotnet_imagestreams.json -O ${EXAMPLES_BASE}/image-streams/dotnet_imagestreams.json +wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-example.json -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-example.json +wget https://raw.githubusercontent.com/redhat-developer/s2i-dotnetcore/master/templates/dotnet-pgsql-persistent.json -O ${EXAMPLES_BASE}/quickstart-templates/dotnet-pgsql-persistent.json wget https://raw.githubusercontent.com/openshift/origin-metrics/master/metrics.yaml -O ../openshift_hosted_templates/files/${ORIGIN_VERSION}/origin/metrics-deployer.yaml wget https://raw.githubusercontent.com/openshift/origin-metrics/enterprise/metrics.yaml -O ../openshift_hosted_templates/files/${ORIGIN_VERSION}/enterprise/metrics-deployer.yaml wget https://raw.githubusercontent.com/openshift/origin-aggregated-logging/master/deployer/deployer.yaml -O ../openshift_hosted_templates/files/${ORIGIN_VERSION}/origin/logging-deployer.yaml diff --git a/roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams.json b/roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams.json index 0d5ac21d8..857ffa980 100644 --- a/roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams.json +++ b/roles/openshift_examples/files/examples/v1.5/image-streams/dotnet_imagestreams.json @@ -27,8 +27,9 @@ "iconClass": "icon-dotnet", "tags": "builder,.net,dotnet,dotnetcore", "supports":"dotnet", - "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", - "sampleContextDir": "1.1/test/asp-net-hello-world" + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-1.1" }, "from": { "kind": "ImageStreamTag", @@ -43,8 +44,9 @@ "iconClass": "icon-dotnet", "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore11", "supports":"dotnet:1.1,dotnet", - "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", - "sampleContextDir": "1.1/test/asp-net-hello-world", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-1.1", "version": "1.1" }, "from": { @@ -60,8 +62,9 @@ "iconClass": "icon-dotnet", "tags": "builder,.net,dotnet,dotnetcore,rh-dotnetcore10", "supports":"dotnet:1.0,dotnet", - "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore.git", - "sampleContextDir": "1.0/test/asp-net-hello-world", + "sampleRepo": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git", + "sampleContextDir": "app", + "sampleRef": "dotnetcore-1.0", "version": "1.0" }, "from": { diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-example.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-example.json new file mode 100644 index 000000000..a09d71a00 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-example.json @@ -0,0 +1,333 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-example", + "annotations": { + "openshift.io/display-name": ".NET Core", + "description": "An example .NET Core application.", + "tags": "quickstart,dotnet,.net", + "iconClass": "icon-dotnet", + "template.openshift.io/provider-display-name": "Red Hat, Inc.", + "template.openshift.io/documentation-url": "https://github.com/redhat-developer/s2i-dotnetcore", + "template.openshift.io/support-url": "https://access.redhat.com" + } + }, + "objects": [ + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "${DOTNET_IMAGE_STREAM_TAG}" + }, + "env": [ + { + "name": "DOTNET_STARTUP_PROJECT", + "value": "${DOTNET_STARTUP_PROJECT}" + }, + { + "name": "DOTNET_ASSEMBLY_NAME", + "value": "${DOTNET_ASSEMBLY_NAME}" + }, + { + "name": "DOTNET_NPM_TOOLS", + "value": "${DOTNET_NPM_TOOLS}" + }, + { + "name": "DOTNET_TEST_PROJECTS", + "value": "${DOTNET_TEST_PROJECTS}" + }, + { + "name": "DOTNET_CONFIGURATION", + "value": "${DOTNET_CONFIGURATION}" + }, + { + "name": "DOTNET_PUBLISH", + "value": "true" + }, + { + "name": "DOTNET_RESTORE_SOURCES", + "value": "${DOTNET_RESTORE_SOURCES}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + }, + { + "type": "Generic", + "generic": { + "secret": "${GENERIC_WEBHOOK_SECRET}" + } + } + ] + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server" + } + }, + "spec": { + "strategy": { + "type": "Rolling" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "dotnet-app" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "dotnet-app", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "livenessProbe": { + "httpGet": { + "path": "/", + "port": 8080, + "scheme": "HTTP" + }, + "initialDelaySeconds": 40, + "timeoutSeconds": 15 + }, + "readinessProbe": { + "httpGet": { + "path": "/", + "port": 8080, + "scheme": "HTTP" + }, + "initialDelaySeconds": 10, + "timeoutSeconds": 30 + }, + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "env": [] + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "dotnet-example" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "description": "Maximum amount of memory the container can use.", + "required": true, + "value": "512Mi" + }, + { + "name": "DOTNET_IMAGE_STREAM_TAG", + "displayName": ".NET builder", + "required": true, + "description": "The image stream tag which is used to build the code.", + "value": "dotnet:1.0" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "description": "The OpenShift Namespace where the ImageStream resides.", + "required": true, + "value": "openshift" + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "description": "The URL of the repository with your application source code.", + "required": true, + "value": "https://github.com/redhat-developer/s2i-dotnetcore-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.", + "value": "dotnetcore-1.0" + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to use a subdirectory of the source code repository" + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the .NET Core service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "GENERIC_WEBHOOK_SECRET", + "displayName": "Generic Webhook Secret", + "description": "A secret string used to configure the Generic webhook.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "DOTNET_STARTUP_PROJECT", + "displayName": "Startup Project", + "description": "Set this to the folder containing your startup project.", + "value": "app" + }, + { + "name": "DOTNET_ASSEMBLY_NAME", + "displayName": "Startup Assembly", + "description": "Set this when the assembly name is overridden in the project file." + }, + { + "name": "DOTNET_NPM_TOOLS", + "displayName": "Npm Tools", + "description": "Set this to a space separated list of npm tools needed to publish.", + "value": "bower gulp" + }, + { + "name": "DOTNET_TEST_PROJECTS", + "displayName": "Test projects", + "description": "Set this to a space separated list of test projects to run before publishing." + }, + { + "name": "DOTNET_CONFIGURATION", + "displayName": "Configuration", + "description": "Set this to configuration (Release/Debug).", + "value": "Release" + }, + { + "name": "DOTNET_RESTORE_SOURCES", + "displayName": "NuGet package sources", + "description": "Set this to override the NuGet.config sources." + } + ] +} diff --git a/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-pgsql-persistent.json b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-pgsql-persistent.json new file mode 100644 index 000000000..fa31f7f61 --- /dev/null +++ b/roles/openshift_examples/files/examples/v1.5/quickstart-templates/dotnet-pgsql-persistent.json @@ -0,0 +1,544 @@ +{ + "kind": "Template", + "apiVersion": "v1", + "metadata": { + "name": "dotnet-pgsql-persistent", + "annotations": { + "openshift.io/display-name": ".NET Core + PostgreSQL (Persistent)", + "description": "An example .NET Core application with a PostgreSQL database. For more information about using this template, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore.", + "tags": "quickstart,dotnet", + "iconClass": "icon-dotnet", + "template.openshift.io/provider-display-name": "Red Hat, Inc.", + "template.openshift.io/documentation-url": "https://github.com/redhat-developer/s2i-dotnetcore", + "template.openshift.io/support-url": "https://access.redhat.com" + } + }, + "message": "The following service(s) have been created in your project: ${NAME}, ${DATABASE_SERVICE_NAME}.\n\nFor more information about using this template, including OpenShift considerations, see https://github.com/redhat-developer/s2i-dotnetcore.", + "labels": { + "template": "dotnet-pgsql-persistent" + }, + "objects": [ + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Exposes and load balances the application pods", + "service.alpha.openshift.io/dependencies": "[{\"name\": \"${DATABASE_SERVICE_NAME}\", \"kind\": \"Service\"}]" + } + }, + "spec": { + "ports": [ + { + "name": "web", + "port": 8080, + "targetPort": 8080 + } + ], + "selector": { + "name": "${NAME}" + } + } + }, + { + "kind": "Route", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}" + }, + "spec": { + "host": "${APPLICATION_DOMAIN}", + "to": { + "kind": "Service", + "name": "${NAME}" + } + } + }, + { + "kind": "ImageStream", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Keeps track of changes in the application image" + } + } + }, + { + "kind": "BuildConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to build the application" + } + }, + "spec": { + "source": { + "type": "Git", + "git": { + "uri": "${SOURCE_REPOSITORY_URL}", + "ref": "${SOURCE_REPOSITORY_REF}" + }, + "contextDir": "${CONTEXT_DIR}" + }, + "strategy": { + "type": "Source", + "sourceStrategy": { + "from": { + "kind": "ImageStreamTag", + "namespace": "${NAMESPACE}", + "name": "${DOTNET_IMAGE_STREAM_TAG}" + }, + "env": [ + { + "name": "DOTNET_STARTUP_PROJECT", + "value": "${DOTNET_STARTUP_PROJECT}" + }, + { + "name": "DOTNET_ASSEMBLY_NAME", + "value": "${DOTNET_ASSEMBLY_NAME}" + }, + { + "name": "DOTNET_NPM_TOOLS", + "value": "${DOTNET_NPM_TOOLS}" + }, + { + "name": "DOTNET_TEST_PROJECTS", + "value": "${DOTNET_TEST_PROJECTS}" + }, + { + "name": "DOTNET_CONFIGURATION", + "value": "${DOTNET_CONFIGURATION}" + }, + { + "name": "DOTNET_PUBLISH", + "value": "true" + }, + { + "name": "DOTNET_RESTORE_SOURCES", + "value": "${DOTNET_RESTORE_SOURCES}" + } + ] + } + }, + "output": { + "to": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + }, + "triggers": [ + { + "type": "ImageChange" + }, + { + "type": "ConfigChange" + }, + { + "type": "GitHub", + "github": { + "secret": "${GITHUB_WEBHOOK_SECRET}" + } + } + ], + "postCommit": {} + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${NAME}", + "annotations": { + "description": "Defines how to deploy the application server" + } + }, + "spec": { + "strategy": { + "type": "Rolling", + "rollingParams": { + "updatePeriodSeconds": 1, + "intervalSeconds": 1, + "timeoutSeconds": 600, + "maxUnavailable": "25%", + "maxSurge": "25%" + }, + "resources": {} + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "dotnet-pgsql-persistent" + ], + "from": { + "kind": "ImageStreamTag", + "name": "${NAME}:latest" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${NAME}" + }, + "template": { + "metadata": { + "name": "${NAME}", + "labels": { + "name": "${NAME}" + } + }, + "spec": { + "containers": [ + { + "name": "dotnet-pgsql-persistent", + "image": " ", + "ports": [ + { + "containerPort": 8080 + } + ], + "env": [ + { + "name": "ConnectionString", + "value": "Host=${DATABASE_SERVICE_NAME};Database=${DATABASE_NAME};Username=${DATABASE_USER};Password=${DATABASE_PASSWORD}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_LIMIT}" + } + }, + "livenessProbe": { + "httpGet": { + "path": "/", + "port": 8080, + "scheme": "HTTP" + }, + "initialDelaySeconds": 40, + "timeoutSeconds": 10 + }, + "readinessProbe": { + "httpGet": { + "path": "/", + "port": 8080, + "scheme": "HTTP" + }, + "initialDelaySeconds": 10, + "timeoutSeconds": 30 + } + } + ] + } + } + } + }, + { + "kind": "PersistentVolumeClaim", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "spec": { + "accessModes": [ + "ReadWriteOnce" + ], + "resources": { + "requests": { + "storage": "${VOLUME_CAPACITY}" + } + } + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Exposes the database server" + } + }, + "spec": { + "ports": [ + { + "name": "postgresql", + "port": 5432, + "targetPort": 5432 + } + ], + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + } + } + }, + { + "kind": "DeploymentConfig", + "apiVersion": "v1", + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "annotations": { + "description": "Defines how to deploy the database" + } + }, + "spec": { + "strategy": { + "type": "Recreate" + }, + "triggers": [ + { + "type": "ImageChange", + "imageChangeParams": { + "automatic": true, + "containerNames": [ + "postgresql" + ], + "from": { + "kind": "ImageStreamTag", + "namespace": "openshift", + "name": "postgresql:9.5" + } + } + }, + { + "type": "ConfigChange" + } + ], + "replicas": 1, + "selector": { + "name": "${DATABASE_SERVICE_NAME}" + }, + "template": { + "metadata": { + "name": "${DATABASE_SERVICE_NAME}", + "labels": { + "name": "${DATABASE_SERVICE_NAME}" + } + }, + "spec": { + "volumes": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "persistentVolumeClaim": { + "claimName": "${DATABASE_SERVICE_NAME}" + } + } + ], + "containers": [ + { + "name": "postgresql", + "image": " ", + "ports": [ + { + "containerPort": 5432 + } + ], + "readinessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 5, + "exec": { + "command": [ + "/bin/sh", + "-i", + "-c", + "psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d ${POSTGRESQL_DATABASE} -c 'SELECT 1'" + ] + } + }, + "livenessProbe": { + "timeoutSeconds": 1, + "initialDelaySeconds": 30, + "tcpSocket": { + "port": 5432 + } + }, + "volumeMounts": [ + { + "name": "${DATABASE_SERVICE_NAME}-data", + "mountPath": "/var/lib/pgsql/data" + } + ], + "env": [ + { + "name": "POSTGRESQL_USER", + "value": "${DATABASE_USER}" + }, + { + "name": "POSTGRESQL_PASSWORD", + "value": "${DATABASE_PASSWORD}" + }, + { + "name": "POSTGRESQL_DATABASE", + "value": "${DATABASE_NAME}" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "value": "${POSTGRESQL_MAX_CONNECTIONS}" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "value": "${POSTGRESQL_SHARED_BUFFERS}" + } + ], + "resources": { + "limits": { + "memory": "${MEMORY_POSTGRESQL_LIMIT}" + } + } + } + ] + } + } + } + } + ], + "parameters": [ + { + "name": "NAME", + "displayName": "Name", + "description": "The name assigned to all of the frontend objects defined in this template.", + "required": true, + "value": "musicstore" + }, + { + "name": "MEMORY_LIMIT", + "displayName": "Memory Limit", + "required": true, + "description": "Maximum amount of memory the .NET Core container can use.", + "value": "512Mi" + }, + { + "name": "MEMORY_POSTGRESQL_LIMIT", + "displayName": "Memory Limit (PostgreSQL)", + "required": true, + "description": "Maximum amount of memory the PostgreSQL container can use.", + "value": "512Mi" + }, + { + "name": "VOLUME_CAPACITY", + "displayName": "Volume Capacity", + "description": "Volume space available for data, e.g. 512Mi, 2Gi", + "value": "1Gi", + "required": true + }, + { + "name": "DOTNET_IMAGE_STREAM_TAG", + "displayName": ".NET builder", + "required": true, + "description": "The image stream tag which is used to build the code.", + "value": "dotnet:1.1" + }, + { + "name": "NAMESPACE", + "displayName": "Namespace", + "required": true, + "description": "The OpenShift Namespace where the .NET builder ImageStream resides.", + "value": "openshift" + }, + { + "name": "SOURCE_REPOSITORY_URL", + "displayName": "Git Repository URL", + "required": true, + "description": "The URL of the repository with your application source code.", + "value": "https://github.com/redhat-developer/s2i-aspnet-musicstore-ex.git" + }, + { + "name": "SOURCE_REPOSITORY_REF", + "displayName": "Git Reference", + "description": "Set this to a branch name, tag or other ref of your repository if you are not using the default branch.", + "value": "rel/1.1-example" + }, + { + "name": "CONTEXT_DIR", + "displayName": "Context Directory", + "description": "Set this to the relative path to your project if it is not in the root of your repository." + }, + { + "name": "DOTNET_STARTUP_PROJECT", + "displayName": "Startup Project", + "description": "Set this to the folder containing your startup project.", + "value": "samples/MusicStore" + }, + { + "name": "DOTNET_ASSEMBLY_NAME", + "displayName": "Startup Assembly", + "description": "Set this when the assembly name is overridden in the project file." + }, + { + "name": "DOTNET_NPM_TOOLS", + "displayName": "Npm Tools", + "description": "Set this to a space separated list of npm tools needed to publish." + }, + { + "name": "DOTNET_TEST_PROJECTS", + "displayName": "Test projects", + "description": "Set this to a space separated list of test projects to run before publishing." + }, + { + "name": "DOTNET_CONFIGURATION", + "displayName": "Configuration", + "description": "Set this to configuration (Release/Debug).", + "value": "Release" + }, + { + "name": "DOTNET_RESTORE_SOURCES", + "displayName": "NuGet package sources", + "description": "Set this to override the NuGet.config sources." + }, + { + "name": "APPLICATION_DOMAIN", + "displayName": "Application Hostname", + "description": "The exposed hostname that will route to the .NET Core service, if left blank a value will be defaulted.", + "value": "" + }, + { + "name": "GITHUB_WEBHOOK_SECRET", + "displayName": "GitHub Webhook Secret", + "description": "A secret string used to configure the GitHub webhook.", + "generate": "expression", + "from": "[a-zA-Z0-9]{40}" + }, + { + "name": "DATABASE_SERVICE_NAME", + "required": true, + "displayName": "Database Service Name", + "value": "postgresql" + }, + { + "name": "DATABASE_USER", + "displayName": "Database Username", + "generate": "expression", + "from": "user[A-Z0-9]{3}" + }, + { + "name": "DATABASE_PASSWORD", + "displayName": "Database Password", + "generate": "expression", + "from": "[a-zA-Z0-9]{8}" + }, + { + "name": "DATABASE_NAME", + "required": true, + "displayName": "Database Name", + "value": "musicstore" + }, + { + "name": "POSTGRESQL_MAX_CONNECTIONS", + "displayName": "Maximum Database Connections", + "value": "100" + }, + { + "name": "POSTGRESQL_SHARED_BUFFERS", + "displayName": "Shared Buffer Amount", + "value": "12MB" + } + ] +} diff --git a/roles/openshift_excluder/tasks/disable.yml b/roles/openshift_excluder/tasks/disable.yml index e23496b3b..325d2a4e8 100644 --- a/roles/openshift_excluder/tasks/disable.yml +++ b/roles/openshift_excluder/tasks/disable.yml @@ -1,6 +1,5 @@ --- # input variables -# - with_status_check # - excluder_package_state # - docker_excluder_package_state - include: init.yml @@ -35,6 +34,6 @@ unexclude_docker_excluder: false # disable openshift excluder is never overrided to be enabled # disable it if the docker excluder is enabled - unexclude_openshift_excluder: true + unexclude_openshift_excluder: "{{ openshift_excluder_on | bool }}" when: - not openshift.common.is_atomic | bool diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index eeab8a99c..e1f4c4e6d 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -467,6 +467,24 @@ def set_flannel_facts_if_unset(facts): return facts +def set_calico_facts_if_unset(facts): + """ Set calico facts if not already present in facts dict + dict: the facts dict updated with the calico facts if + missing + Args: + facts (dict): existing facts + Returns: + dict: the facts dict updated with the calico + facts if they were not already present + + """ + if 'common' in facts: + if 'use_calico' not in facts['common']: + use_calico = False + facts['common']['use_calico'] = use_calico + return facts + + def set_nuage_facts_if_unset(facts): """ Set nuage facts if not already present in facts dict dict: the facts dict updated with the nuage facts if @@ -1953,6 +1971,7 @@ class OpenShiftFacts(object): facts = set_url_facts_if_unset(facts) facts = set_project_cfg_facts_if_unset(facts) facts = set_flannel_facts_if_unset(facts) + facts = set_calico_facts_if_unset(facts) facts = set_nuage_facts_if_unset(facts) facts = set_contiv_facts_if_unset(facts) facts = set_node_schedulability(facts) diff --git a/roles/openshift_facts/meta/main.yml b/roles/openshift_facts/meta/main.yml index 0be3afd24..7eead2d6e 100644 --- a/roles/openshift_facts/meta/main.yml +++ b/roles/openshift_facts/meta/main.yml @@ -12,4 +12,5 @@ galaxy_info: categories: - cloud - system -dependencies: [] +dependencies: +- role: openshift_sanitize_inventory diff --git a/roles/openshift_facts/tasks/main.yml b/roles/openshift_facts/tasks/main.yml index 0bc413b71..f657d86cf 100644 --- a/roles/openshift_facts/tasks/main.yml +++ b/roles/openshift_facts/tasks/main.yml @@ -70,8 +70,7 @@ role: common local_facts: debug_level: "{{ openshift_debug_level | default(2) }}" - # TODO: Deprecate deployment_type in favor of openshift_deployment_type - deployment_type: "{{ openshift_deployment_type | default(deployment_type) }}" + deployment_type: "{{ openshift_deployment_type }}" deployment_subtype: "{{ openshift_deployment_subtype | default(None) }}" cluster_id: "{{ openshift_cluster_id | default('default') }}" hostname: "{{ openshift_hostname | default(None) }}" diff --git a/roles/openshift_health_checker/action_plugins/openshift_health_check.py b/roles/openshift_health_checker/action_plugins/openshift_health_check.py index 8b23533c8..cf0fe19f1 100644 --- a/roles/openshift_health_checker/action_plugins/openshift_health_check.py +++ b/roles/openshift_health_checker/action_plugins/openshift_health_check.py @@ -17,7 +17,7 @@ from ansible.plugins.action import ActionBase # this callback plugin. sys.path.insert(1, os.path.dirname(os.path.dirname(__file__))) -from openshift_checks import OpenShiftCheck, OpenShiftCheckException # noqa: E402 +from openshift_checks import OpenShiftCheck, OpenShiftCheckException, load_checks # noqa: E402 class ActionModule(ActionBase): @@ -78,6 +78,8 @@ class ActionModule(ActionBase): return result def load_known_checks(self): + load_checks() + known_checks = {} known_check_classes = set(cls for cls in OpenShiftCheck.subclasses()) @@ -91,7 +93,7 @@ class ActionModule(ActionBase): check_name, cls.__module__, cls.__name__, other_cls.__module__, other_cls.__name__)) - known_checks[check_name] = cls(module_executor=self._execute_module) + known_checks[check_name] = cls(execute_module=self._execute_module) return known_checks diff --git a/roles/openshift_health_checker/openshift_checks/__init__.py b/roles/openshift_health_checker/openshift_checks/__init__.py index 93547a2e0..be63d864a 100644 --- a/roles/openshift_health_checker/openshift_checks/__init__.py +++ b/roles/openshift_health_checker/openshift_checks/__init__.py @@ -21,8 +21,13 @@ class OpenShiftCheckException(Exception): class OpenShiftCheck(object): """A base class for defining checks for an OpenShift cluster environment.""" - def __init__(self, module_executor): - self.module_executor = module_executor + def __init__(self, execute_module=None, module_executor=None): + if execute_module is module_executor is None: + raise TypeError( + "__init__() takes either execute_module (recommended) " + "or module_executor (deprecated), none given") + self.execute_module = execute_module or module_executor + self.module_executor = self.execute_module @abstractproperty def name(self): @@ -58,6 +63,21 @@ class OpenShiftCheck(object): yield subclass +LOADER_EXCLUDES = ( + "__init__.py", + "mixins.py", +) + + +def load_checks(): + """Dynamically import all check modules for the side effect of registering checks.""" + return [ + import_module(__package__ + "." + name[:-3]) + for name in os.listdir(os.path.dirname(__file__)) + if name.endswith(".py") and name not in LOADER_EXCLUDES + ] + + def get_var(task_vars, *keys, **kwargs): """Helper function to get deeply nested values from task_vars. @@ -73,15 +93,3 @@ def get_var(task_vars, *keys, **kwargs): return kwargs["default"] raise OpenShiftCheckException("'{}' is undefined".format(".".join(map(str, keys)))) return value - - -# Dynamically import all submodules for the side effect of loading checks. - -EXCLUDES = ( - "__init__.py", - "mixins.py", -) - -for name in os.listdir(os.path.dirname(__file__)): - if name.endswith(".py") and name not in EXCLUDES: - import_module(__package__ + "." + name[:-3]) diff --git a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py index 7a7498cb7..cce289b95 100644 --- a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py +++ b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py @@ -15,6 +15,9 @@ class DockerImageAvailability(OpenShiftCheck): skopeo_image = "openshift/openshift-ansible" + # FIXME(juanvallejo): we should consider other possible values of + # `deployment_type` (the key here). See + # https://github.com/openshift/openshift-ansible/blob/8e26f8c/roles/openshift_repos/vars/main.yml#L7 docker_image_base = { "origin": { "repo": "openshift", @@ -62,9 +65,15 @@ class DockerImageAvailability(OpenShiftCheck): def required_images(self, task_vars): deployment_type = get_var(task_vars, "deployment_type") + # FIXME(juanvallejo): we should handle gracefully with a proper error + # message when given an unexpected value for `deployment_type`. image_base_name = self.docker_image_base[deployment_type] openshift_release = get_var(task_vars, "openshift_release") + # FIXME(juanvallejo): this variable is not required when the + # installation is non-containerized. The example inventories have it + # commented out. We should handle gracefully and with a proper error + # message when this variable is required and not set. openshift_image_tag = get_var(task_vars, "openshift_image_tag") is_containerized = get_var(task_vars, "openshift", "common", "is_containerized") @@ -104,6 +113,8 @@ class DockerImageAvailability(OpenShiftCheck): if result.get("failed", False): return [] + # FIXME(juanvallejo): wrong default type, result["info"] is expected to + # contain a dictionary (see how we call `docker_info.get` below). docker_info = result.get("info", "") return [registry.get("Name", "") for registry in docker_info.get("Registries", {})] diff --git a/roles/openshift_health_checker/openshift_checks/package_availability.py b/roles/openshift_health_checker/openshift_checks/package_availability.py index 771123d61..9891972a6 100644 --- a/roles/openshift_health_checker/openshift_checks/package_availability.py +++ b/roles/openshift_health_checker/openshift_checks/package_availability.py @@ -21,7 +21,7 @@ class PackageAvailability(NotContainerizedMixin, OpenShiftCheck): packages.update(self.node_packages(rpm_prefix)) args = {"packages": sorted(set(packages))} - return self.module_executor("check_yum_update", args, tmp, task_vars) + return self.execute_module("check_yum_update", args, tmp, task_vars) @staticmethod def master_packages(rpm_prefix): diff --git a/roles/openshift_health_checker/openshift_checks/package_update.py b/roles/openshift_health_checker/openshift_checks/package_update.py index c5a226954..fd0c0a755 100644 --- a/roles/openshift_health_checker/openshift_checks/package_update.py +++ b/roles/openshift_health_checker/openshift_checks/package_update.py @@ -11,4 +11,4 @@ class PackageUpdate(NotContainerizedMixin, OpenShiftCheck): def run(self, tmp, task_vars): args = {"packages": []} - return self.module_executor("check_yum_update", args, tmp, task_vars) + return self.execute_module("check_yum_update", args, tmp, task_vars) diff --git a/roles/openshift_health_checker/openshift_checks/package_version.py b/roles/openshift_health_checker/openshift_checks/package_version.py index 2e9d07deb..42193a1c6 100644 --- a/roles/openshift_health_checker/openshift_checks/package_version.py +++ b/roles/openshift_health_checker/openshift_checks/package_version.py @@ -17,4 +17,4 @@ class PackageVersion(NotContainerizedMixin, OpenShiftCheck): "prefix": rpm_prefix, "version": openshift_release, } - return self.module_executor("aos_version", args, tmp, task_vars) + return self.execute_module("aos_version", args, tmp, task_vars) diff --git a/roles/openshift_health_checker/test/docker_image_availability_test.py b/roles/openshift_health_checker/test/docker_image_availability_test.py new file mode 100644 index 000000000..2a9c32f77 --- /dev/null +++ b/roles/openshift_health_checker/test/docker_image_availability_test.py @@ -0,0 +1,28 @@ +import pytest + +from openshift_checks.docker_image_availability import DockerImageAvailability + + +@pytest.mark.xfail(strict=True) # TODO: remove this once this test is fully implemented. +@pytest.mark.parametrize('task_vars,expected_result', [ + ( + dict( + openshift=dict(common=dict( + service_type='origin', + is_containerized=False, + )), + openshift_release='v3.5', + deployment_type='origin', + openshift_image_tag='', # FIXME: should not be required + ), + {'changed': False}, + ), + # TODO: add more parameters here to test the multiple possible inputs that affect behavior. +]) +def test_docker_image_availability(task_vars, expected_result): + def execute_module(module_name=None, module_args=None, tmp=None, task_vars=None): + return {'info': {}} # TODO: this will vary depending on input parameters. + + check = DockerImageAvailability(execute_module=execute_module) + result = check.run(tmp=None, task_vars=task_vars) + assert result == expected_result diff --git a/roles/openshift_health_checker/test/mixins_test.py b/roles/openshift_health_checker/test/mixins_test.py new file mode 100644 index 000000000..2d83e207d --- /dev/null +++ b/roles/openshift_health_checker/test/mixins_test.py @@ -0,0 +1,23 @@ +import pytest + +from openshift_checks import OpenShiftCheck, OpenShiftCheckException +from openshift_checks.mixins import NotContainerizedMixin + + +class NotContainerizedCheck(NotContainerizedMixin, OpenShiftCheck): + name = "not_containerized" + run = NotImplemented + + +@pytest.mark.parametrize('task_vars,expected', [ + (dict(openshift=dict(common=dict(is_containerized=False))), True), + (dict(openshift=dict(common=dict(is_containerized=True))), False), +]) +def test_is_active(task_vars, expected): + assert NotContainerizedCheck.is_active(task_vars) == expected + + +def test_is_active_missing_task_vars(): + with pytest.raises(OpenShiftCheckException) as excinfo: + NotContainerizedCheck.is_active(task_vars={}) + assert 'is_containerized' in str(excinfo.value) diff --git a/roles/openshift_health_checker/test/openshift_check_test.py b/roles/openshift_health_checker/test/openshift_check_test.py index c4c8cd1c2..e3153979c 100644 --- a/roles/openshift_health_checker/test/openshift_check_test.py +++ b/roles/openshift_health_checker/test/openshift_check_test.py @@ -1,6 +1,7 @@ import pytest -from openshift_checks import get_var, OpenShiftCheckException +from openshift_checks import OpenShiftCheck, OpenShiftCheckException +from openshift_checks import load_checks, get_var # Fixtures @@ -22,6 +23,64 @@ def missing_keys(request): # Tests +def test_OpenShiftCheck_init(): + class TestCheck(OpenShiftCheck): + name = "test_check" + run = NotImplemented + + # initialization requires at least one argument (apart from self) + with pytest.raises(TypeError) as excinfo: + TestCheck() + assert 'execute_module' in str(excinfo.value) + assert 'module_executor' in str(excinfo.value) + + execute_module = object() + + # initialize with positional argument + check = TestCheck(execute_module) + # new recommended name + assert check.execute_module == execute_module + # deprecated attribute name + assert check.module_executor == execute_module + + # initialize with keyword argument, recommended name + check = TestCheck(execute_module=execute_module) + # new recommended name + assert check.execute_module == execute_module + # deprecated attribute name + assert check.module_executor == execute_module + + # initialize with keyword argument, deprecated name + check = TestCheck(module_executor=execute_module) + # new recommended name + assert check.execute_module == execute_module + # deprecated attribute name + assert check.module_executor == execute_module + + +def test_subclasses(): + """OpenShiftCheck.subclasses should find all subclasses recursively.""" + class TestCheck1(OpenShiftCheck): + pass + + class TestCheck2(OpenShiftCheck): + pass + + class TestCheck1A(TestCheck1): + pass + + local_subclasses = set([TestCheck1, TestCheck1A, TestCheck2]) + known_subclasses = set(OpenShiftCheck.subclasses()) + + assert local_subclasses - known_subclasses == set(), "local_subclasses should be a subset of known_subclasses" + + +def test_load_checks(): + """Loading checks should load and return Python modules.""" + modules = load_checks() + assert modules + + @pytest.mark.parametrize("keys,expected", [ (("foo",), 42), (("bar", "baz"), "openshift"), diff --git a/roles/openshift_health_checker/test/package_availability_test.py b/roles/openshift_health_checker/test/package_availability_test.py new file mode 100644 index 000000000..25385339a --- /dev/null +++ b/roles/openshift_health_checker/test/package_availability_test.py @@ -0,0 +1,49 @@ +import pytest + +from openshift_checks.package_availability import PackageAvailability + + +@pytest.mark.parametrize('task_vars,must_have_packages,must_not_have_packages', [ + ( + dict(openshift=dict(common=dict(service_type='openshift'))), + set(), + set(['openshift-master', 'openshift-node']), + ), + ( + dict( + openshift=dict(common=dict(service_type='origin')), + group_names=['masters'], + ), + set(['origin-master']), + set(['origin-node']), + ), + ( + dict( + openshift=dict(common=dict(service_type='atomic-openshift')), + group_names=['nodes'], + ), + set(['atomic-openshift-node']), + set(['atomic-openshift-master']), + ), + ( + dict( + openshift=dict(common=dict(service_type='atomic-openshift')), + group_names=['masters', 'nodes'], + ), + set(['atomic-openshift-master', 'atomic-openshift-node']), + set(), + ), +]) +def test_package_availability(task_vars, must_have_packages, must_not_have_packages): + return_value = object() + + def execute_module(module_name=None, module_args=None, tmp=None, task_vars=None): + assert module_name == 'check_yum_update' + assert 'packages' in module_args + assert set(module_args['packages']).issuperset(must_have_packages) + assert not set(module_args['packages']).intersection(must_not_have_packages) + return return_value + + check = PackageAvailability(execute_module=execute_module) + result = check.run(tmp=None, task_vars=task_vars) + assert result is return_value diff --git a/roles/openshift_health_checker/test/package_update_test.py b/roles/openshift_health_checker/test/package_update_test.py new file mode 100644 index 000000000..5e000cff5 --- /dev/null +++ b/roles/openshift_health_checker/test/package_update_test.py @@ -0,0 +1,16 @@ +from openshift_checks.package_update import PackageUpdate + + +def test_package_update(): + return_value = object() + + def execute_module(module_name=None, module_args=None, tmp=None, task_vars=None): + assert module_name == 'check_yum_update' + assert 'packages' in module_args + # empty list of packages means "generic check if 'yum update' will work" + assert module_args['packages'] == [] + return return_value + + check = PackageUpdate(execute_module=execute_module) + result = check.run(tmp=None, task_vars=None) + assert result is return_value diff --git a/roles/openshift_health_checker/test/package_version_test.py b/roles/openshift_health_checker/test/package_version_test.py new file mode 100644 index 000000000..cc1d263bc --- /dev/null +++ b/roles/openshift_health_checker/test/package_version_test.py @@ -0,0 +1,21 @@ +from openshift_checks.package_version import PackageVersion + + +def test_package_version(): + task_vars = dict( + openshift=dict(common=dict(service_type='origin')), + openshift_release='v3.5', + ) + return_value = object() + + def execute_module(module_name=None, module_args=None, tmp=None, task_vars=None): + assert module_name == 'aos_version' + assert 'prefix' in module_args + assert 'version' in module_args + assert module_args['prefix'] == task_vars['openshift']['common']['service_type'] + assert module_args['version'] == task_vars['openshift_release'] + return return_value + + check = PackageVersion(execute_module=execute_module) + result = check.run(tmp=None, task_vars=task_vars) + assert result is return_value diff --git a/roles/openshift_hosted/README.md b/roles/openshift_hosted/README.md index 328f800bf..6d576df71 100644 --- a/roles/openshift_hosted/README.md +++ b/roles/openshift_hosted/README.md @@ -26,6 +26,7 @@ From this role: | openshift_hosted_registry_registryurl | 'openshift3/ose-${component}:${version}' | The image to base the OpenShift registry on. | | openshift_hosted_registry_replicas | Number of nodes matching selector | The number of replicas to configure. | | openshift_hosted_registry_selector | region=infra | Node selector used when creating registry. The OpenShift registry will only be deployed to nodes matching this selector. | +| openshift_hosted_registry_cert_expire_days | `730` (2 years) | Validity of the certificates in days. Works only with OpenShift version 1.5 (3.5) and later. | Dependencies ------------ diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml index 0a6299c9b..d73f339f7 100644 --- a/roles/openshift_hosted/defaults/main.yml +++ b/roles/openshift_hosted/defaults/main.yml @@ -14,11 +14,11 @@ openshift_hosted_router_edits: openshift_hosted_routers: - name: router - replicas: "{{ replicas }}" + replicas: "{{ replicas | default(1) }}" namespace: default serviceaccount: router - selector: "{{ openshift_hosted_router_selector }}" - images: "{{ openshift_hosted_router_image }}" + selector: "{{ openshift_hosted_router_selector | default(None) }}" + images: "{{ openshift_hosted_router_image | default(None) }}" edits: "{{ openshift_hosted_router_edits }}" stats_port: 1936 ports: @@ -28,3 +28,4 @@ openshift_hosted_routers: openshift_hosted_router_certificates: {} +openshift_hosted_registry_cert_expire_days: 730 diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index f9ea2ebeb..8a159bf73 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -57,6 +57,7 @@ - "{{ docker_registry_route_hostname }}" cert: "{{ openshift_master_config_dir }}/registry.crt" key: "{{ openshift_master_config_dir }}/registry.key" + expire_days: "{{ openshift_hosted_registry_cert_expire_days if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool else omit }}" register: server_cert_out - name: Create the secret for the registry certificates diff --git a/roles/openshift_logging/README.md b/roles/openshift_logging/README.md index 570c41ecc..42f4fc72e 100644 --- a/roles/openshift_logging/README.md +++ b/roles/openshift_logging/README.md @@ -65,6 +65,7 @@ When both `openshift_logging_install_logging` and `openshift_logging_upgrade_log - `openshift_logging_es_cluster_size`: The number of ES cluster members. Defaults to '1'. - `openshift_logging_es_cpu_limit`: The amount of CPU limit for the ES cluster. Unused if not set - `openshift_logging_es_memory_limit`: The amount of RAM that should be assigned to ES. Defaults to '8Gi'. +- `openshift_logging_es_log_appenders`: The list of rootLogger appenders for ES logs which can be: 'file', 'console'. Defaults to 'file'. - `openshift_logging_es_pv_selector`: A key/value map added to a PVC in order to select specific PVs. Defaults to 'None'. - `openshift_logging_es_pvc_dynamic`: Whether or not to add the dynamic PVC annotation for any generated PVCs. Defaults to 'False'. - `openshift_logging_es_pvc_size`: The requested size for the ES PVCs, when not provided the role will not generate any PVCs. Defaults to '""'. diff --git a/roles/openshift_logging/defaults/main.yml b/roles/openshift_logging/defaults/main.yml index 1ea0fbe12..96ed44011 100644 --- a/roles/openshift_logging/defaults/main.yml +++ b/roles/openshift_logging/defaults/main.yml @@ -1,6 +1,4 @@ --- -openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('docker.io/openshift/origin-') }}" -openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default('latest') }}" openshift_logging_use_ops: "{{ openshift_hosted_logging_enable_ops_cluster | default('false') | bool }}" openshift_logging_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}" openshift_logging_master_public_url: "{{ openshift_hosted_logging_master_public_url | default('https://' + openshift.common.public_hostname + ':' ~ (openshift_master_api_port | default('8443', true))) }}" @@ -82,6 +80,8 @@ openshift_logging_es_client_cert: /etc/fluent/keys/cert openshift_logging_es_client_key: /etc/fluent/keys/key openshift_logging_es_cluster_size: "{{ openshift_hosted_logging_elasticsearch_cluster_size | default(1) }}" openshift_logging_es_cpu_limit: null +# the logging appenders for the root loggers to write ES logs. Valid values: 'file', 'console' +openshift_logging_es_log_appenders: ['file'] openshift_logging_es_memory_limit: "{{ openshift_hosted_logging_elasticsearch_instance_ram | default('8Gi') }}" openshift_logging_es_pv_selector: null openshift_logging_es_pvc_dynamic: "{{ openshift_hosted_logging_elasticsearch_pvc_dynamic | default(False) }}" diff --git a/roles/openshift_logging/tasks/generate_configmaps.yaml b/roles/openshift_logging/tasks/generate_configmaps.yaml index c1721895c..253543f54 100644 --- a/roles/openshift_logging/tasks/generate_configmaps.yaml +++ b/roles/openshift_logging/tasks/generate_configmaps.yaml @@ -1,26 +1,36 @@ --- - block: - - copy: - src: elasticsearch-logging.yml + - fail: + msg: "The openshift_logging_es_log_appenders '{{openshift_logging_es_log_appenders}}' has an unrecognized option and only supports the following as a list: {{es_log_appenders | join(', ')}}" + when: + - es_logging_contents is undefined + - "{{ openshift_logging_es_log_appenders | list | difference(es_log_appenders) | length != 0 }}" + changed_when: no + + - template: + src: elasticsearch-logging.yml.j2 dest: "{{mktemp.stdout}}/elasticsearch-logging.yml" + vars: + root_logger: "{{openshift_logging_es_log_appenders | join(', ')}}" when: es_logging_contents is undefined changed_when: no + check_mode: no - local_action: > - copy content="{{ config_source | combine(override_config,recursive=True) | to_nice_yaml }}" + template src=elasticsearch.yml.j2 dest="{{local_tmp.stdout}}/elasticsearch-gen-template.yml" vars: - config_source: "{{lookup('file','templates/elasticsearch.yml.j2') | from_yaml }}" - override_config: "{{openshift_logging_es_config | from_yaml}}" - when: es_logging_contents is undefined + - allow_cluster_reader: "{{openshift_logging_es_ops_allow_cluster_reader | lower | default('false')}}" + when: es_config_contents is undefined changed_when: no - - template: - src: "{{local_tmp.stdout}}/elasticsearch-gen-template.yml" + - copy: + content: "{{ config_source | combine(override_config,recursive=True) | to_nice_yaml }}" dest: "{{mktemp.stdout}}/elasticsearch.yml" vars: - - allow_cluster_reader: "{{openshift_logging_es_ops_allow_cluster_reader | lower | default('false')}}" - when: es_config_contents is undefined + config_source: "{{lookup('file','{{local_tmp.stdout}}/elasticsearch-gen-template.yml') | from_yaml }}" + override_config: "{{openshift_logging_es_config | from_yaml}}" + when: es_logging_contents is undefined changed_when: no - copy: diff --git a/roles/openshift_logging/tasks/main.yaml b/roles/openshift_logging/tasks/main.yaml index eb60175c7..c7f4a2f93 100644 --- a/roles/openshift_logging/tasks/main.yaml +++ b/roles/openshift_logging/tasks/main.yaml @@ -3,6 +3,17 @@ msg: Only one Fluentd nodeselector key pair should be provided when: "{{ openshift_logging_fluentd_nodeselector.keys() | count }} > 1" +- name: Set default image variables based on deployment_type + include_vars: "{{ item }}" + with_first_found: + - "{{ openshift_deployment_type | default(deployment_type) }}.yml" + - "default_images.yml" + +- name: Set logging image facts + set_fact: + openshift_logging_image_prefix: "{{ openshift_logging_image_prefix | default(__openshift_logging_image_prefix) }}" + openshift_logging_image_version: "{{ openshift_logging_image_version | default(__openshift_logging_image_version) }}" + - name: Create temp directory for doing work in command: mktemp -d /tmp/openshift-logging-ansible-XXXXXX register: mktemp diff --git a/roles/openshift_logging/files/elasticsearch-logging.yml b/roles/openshift_logging/templates/elasticsearch-logging.yml.j2 index 377abe21f..499e77fb7 100644 --- a/roles/openshift_logging/files/elasticsearch-logging.yml +++ b/roles/openshift_logging/templates/elasticsearch-logging.yml.j2 @@ -1,14 +1,25 @@ # you can override this using by setting a system property, for example -Des.logger.level=DEBUG es.logger.level: INFO -rootLogger: ${es.logger.level}, console, file +rootLogger: ${es.logger.level}, {{root_logger}} logger: # log action execution errors for easier debugging action: WARN + + # deprecation logging, turn to DEBUG to see them + deprecation: WARN, deprecation_log_file + # reduce the logging for aws, too much is logged under the default INFO com.amazonaws: WARN + io.fabric8.elasticsearch: ${PLUGIN_LOGLEVEL} io.fabric8.kubernetes: ${PLUGIN_LOGLEVEL} + # aws will try to do some sketchy JMX stuff, but its not needed. + com.amazonaws.jmx.SdkMBeanRegistrySupport: ERROR + com.amazonaws.metrics.AwsSdkMetrics: ERROR + + org.apache.http: INFO + # gateway #gateway: DEBUG #index.gateway: DEBUG @@ -28,13 +39,14 @@ logger: additivity: index.search.slowlog: false index.indexing.slowlog: false + deprecation: false appender: console: type: console layout: type: consolePattern - conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" + conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %.10000m%n" file: type: dailyRollingFile @@ -44,16 +56,13 @@ appender: type: pattern conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" - # Use the following log4j-extras RollingFileAppender to enable gzip compression of log files. - # For more information see https://logging.apache.org/log4j/extras/apidocs/org/apache/log4j/rolling/RollingFileAppender.html - #file: - #type: extrasRollingFile - #file: ${path.logs}/${cluster.name}.log - #rollingPolicy: timeBased - #rollingPolicy.FileNamePattern: ${path.logs}/${cluster.name}.log.%d{yyyy-MM-dd}.gz - #layout: - #type: pattern - #conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" + deprecation_log_file: + type: dailyRollingFile + file: ${path.logs}/${cluster.name}_deprecation.log + datePattern: "'.'yyyy-MM-dd" + layout: + type: pattern + conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" index_search_slow_log_file: type: dailyRollingFile diff --git a/roles/openshift_logging/templates/elasticsearch.yml.j2 b/roles/openshift_logging/templates/elasticsearch.yml.j2 index 07e8c0c98..93c4d854c 100644 --- a/roles/openshift_logging/templates/elasticsearch.yml.j2 +++ b/roles/openshift_logging/templates/elasticsearch.yml.j2 @@ -49,7 +49,7 @@ openshift.searchguard: keystore.path: /etc/elasticsearch/secret/admin.jks truststore.path: /etc/elasticsearch/secret/searchguard.truststore -openshift.operations.allow_cluster_reader: "{{allow_cluster_reader | default (false)}}" +openshift.operations.allow_cluster_reader: {{allow_cluster_reader | default (false)}} path: data: /elasticsearch/persistent/${CLUSTER_NAME}/data diff --git a/roles/openshift_logging/vars/default_images.yml b/roles/openshift_logging/vars/default_images.yml new file mode 100644 index 000000000..1a77808f6 --- /dev/null +++ b/roles/openshift_logging/vars/default_images.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('docker.io/openshift/origin-') }}" +__openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default('latest') }}" diff --git a/roles/openshift_logging/vars/main.yaml b/roles/openshift_logging/vars/main.yaml index c3064cee9..e06625e3f 100644 --- a/roles/openshift_logging/vars/main.yaml +++ b/roles/openshift_logging/vars/main.yaml @@ -8,3 +8,5 @@ es_recover_expected_nodes: "{{openshift_logging_es_cluster_size|int}}" es_ops_node_quorum: "{{openshift_logging_es_ops_cluster_size|int/2 + 1}}" es_ops_recover_after_nodes: "{{openshift_logging_es_ops_cluster_size|int - 1}}" es_ops_recover_expected_nodes: "{{openshift_logging_es_ops_cluster_size|int}}" + +es_log_appenders: ['file', 'console'] diff --git a/roles/openshift_logging/vars/openshift-enterprise.yml b/roles/openshift_logging/vars/openshift-enterprise.yml new file mode 100644 index 000000000..9679d209a --- /dev/null +++ b/roles/openshift_logging/vars/openshift-enterprise.yml @@ -0,0 +1,3 @@ +--- +__openshift_logging_image_prefix: "{{ openshift_hosted_logging_deployer_prefix | default('registry.access.redhat.com/openshift3/') }}" +__openshift_logging_image_version: "{{ openshift_hosted_logging_deployer_version | default(openshift_release | default ('3.5.0') ) }}" diff --git a/roles/openshift_master/meta/main.yml b/roles/openshift_master/meta/main.yml index 18e1b3a54..907f25bc5 100644 --- a/roles/openshift_master/meta/main.yml +++ b/roles/openshift_master/meta/main.yml @@ -12,6 +12,7 @@ galaxy_info: categories: - cloud dependencies: +- role: lib_openshift - role: openshift_master_facts - role: openshift_hosted_facts - role: openshift_master_certificates diff --git a/roles/openshift_master/tasks/system_container.yml b/roles/openshift_master/tasks/system_container.yml index 1b3e0dba1..8f77d40ce 100644 --- a/roles/openshift_master/tasks/system_container.yml +++ b/roles/openshift_master/tasks/system_container.yml @@ -1,8 +1,4 @@ --- -- name: Load lib_openshift modules - include_role: - name: lib_openshift - - name: Pre-pull master system container image command: > atomic pull --storage=ostree {{ openshift.common.system_images_registry }}/{{ openshift.master.master_system_image }}:{{ openshift_image_tag }} diff --git a/roles/openshift_master_certificates/README.md b/roles/openshift_master_certificates/README.md index a80d47040..4758bbdfb 100644 --- a/roles/openshift_master_certificates/README.md +++ b/roles/openshift_master_certificates/README.md @@ -21,6 +21,7 @@ From this role: |---------------------------------------|---------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------| | openshift_generated_configs_dir | `{{ openshift.common.config_base }}/generated-configs` | Directory in which per-master generated config directories will be created on the `openshift_ca_host`. | | openshift_master_cert_subdir | `master-{{ openshift.common.hostname }}` | Directory within `openshift_generated_configs_dir` where per-master configurations will be placed on the `openshift_ca_host`. | +| openshift_master_cert_expire_days | `730` (2 years) | Validity of the certificates in days. Works only with OpenShift version 1.5 (3.5) and later. | | openshift_master_config_dir | `{{ openshift.common.config_base }}/master` | Master configuration directory in which certificates will be deployed on masters. | | openshift_master_generated_config_dir | `{{ openshift_generated_configs_dir }}/{{ openshift_master_cert_subdir }` | Full path to the per-master generated config directory. | diff --git a/roles/openshift_master_certificates/defaults/main.yml b/roles/openshift_master_certificates/defaults/main.yml new file mode 100644 index 000000000..dba62c4ec --- /dev/null +++ b/roles/openshift_master_certificates/defaults/main.yml @@ -0,0 +1,2 @@ +--- +openshift_master_cert_expire_days: 730 diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml index 61541acb8..d4c9a96ca 100644 --- a/roles/openshift_master_certificates/tasks/main.yml +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -57,6 +57,9 @@ --hostnames={{ hostvars[item].openshift.common.all_hostnames | join(',') }} --cert={{ openshift_generated_configs_dir }}/master-{{ hostvars[item].openshift.common.hostname }}/master.server.crt --key={{ openshift_generated_configs_dir }}/master-{{ hostvars[item].openshift.common.hostname }}/master.server.key + {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} + --expire-days={{ openshift_master_cert_expire_days }} + {% endif %} --signer-cert={{ openshift_ca_cert }} --signer-key={{ openshift_ca_key }} --signer-serial={{ openshift_ca_serial }} @@ -84,6 +87,9 @@ --signer-serial={{ openshift_ca_serial }} --user=system:openshift-master --basename=openshift-master + {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} + --expire-days={{ openshift_master_cert_expire_days }} + {% endif %} args: creates: "{{ openshift_generated_configs_dir }}/master-{{ hostvars[item].openshift.common.hostname }}/openshift-master.kubeconfig" with_items: "{{ hostvars diff --git a/roles/openshift_metrics/defaults/main.yaml b/roles/openshift_metrics/defaults/main.yaml index 5921b7bb7..1d3db8a1a 100644 --- a/roles/openshift_metrics/defaults/main.yaml +++ b/roles/openshift_metrics/defaults/main.yaml @@ -1,8 +1,6 @@ --- openshift_metrics_start_cluster: True openshift_metrics_install_metrics: True -openshift_metrics_image_prefix: docker.io/openshift/origin- -openshift_metrics_image_version: latest openshift_metrics_startup_timeout: 500 openshift_metrics_hawkular_replicas: 1 diff --git a/roles/openshift_metrics/files/import_jks_certs.sh b/roles/openshift_metrics/files/import_jks_certs.sh index b2537f448..f977b6dd6 100755 --- a/roles/openshift_metrics/files/import_jks_certs.sh +++ b/roles/openshift_metrics/files/import_jks_certs.sh @@ -20,8 +20,8 @@ set -ex function import_certs() { dir=$CERT_DIR - hawkular_metrics_keystore_password=$(echo $METRICS_KEYSTORE_PASSWD | base64 -d) - hawkular_metrics_truststore_password=$(echo $METRICS_TRUSTSTORE_PASSWD | base64 -d) + hawkular_metrics_keystore_password=$(echo $METRICS_KEYSTORE_PASSWD | base64 --decode) + hawkular_metrics_truststore_password=$(echo $METRICS_TRUSTSTORE_PASSWD | base64 --decode) hawkular_alias=`keytool -noprompt -list -keystore $dir/hawkular-metrics.truststore -storepass ${hawkular_metrics_truststore_password} | sed -n '7~2s/,.*$//p'` if [ ! -f $dir/hawkular-metrics.keystore ]; then diff --git a/roles/openshift_metrics/tasks/main.yaml b/roles/openshift_metrics/tasks/main.yaml index 1eebff3bf..c8d222c60 100644 --- a/roles/openshift_metrics/tasks/main.yaml +++ b/roles/openshift_metrics/tasks/main.yaml @@ -1,4 +1,16 @@ --- + +- name: Set default image variables based on deployment_type + include_vars: "{{ item }}" + with_first_found: + - "{{ openshift_deployment_type | default(deployment_type) }}.yml" + - "default_images.yml" + +- name: Set metrics image facts + set_fact: + openshift_metrics_image_prefix: "{{ openshift_metrics_image_prefix | default(__openshift_metrics_image_prefix) }}" + openshift_metrics_image_version: "{{ openshift_metrics_image_version | default(__openshift_metrics_image_version) }}" + - name: Create temp directory for doing work in on target command: mktemp -td openshift-metrics-ansible-XXXXXX register: mktemp diff --git a/roles/openshift_metrics/templates/pvc.j2 b/roles/openshift_metrics/templates/pvc.j2 index 885dd368d..c2e56ba21 100644 --- a/roles/openshift_metrics/templates/pvc.j2 +++ b/roles/openshift_metrics/templates/pvc.j2 @@ -4,7 +4,7 @@ metadata: name: "{{obj_name}}" {% if labels is not defined %} labels: - logging-infra: support + metrics-infra: support {% elif labels %} labels: {% for key, value in labels.iteritems() %} diff --git a/roles/openshift_metrics/vars/default_images.yml b/roles/openshift_metrics/vars/default_images.yml new file mode 100644 index 000000000..678c4104c --- /dev/null +++ b/roles/openshift_metrics/vars/default_images.yml @@ -0,0 +1,3 @@ +--- +__openshift_metrics_image_prefix: "{{ openshift_hosted_metrics_deployer_prefix | default('docker.io/openshift/origin-') }}" +__openshift_metrics_image_version: "{{ openshift_hosted_metrics_deployer_version | default('latest') }}" diff --git a/roles/openshift_metrics/vars/openshift-enterprise.yml b/roles/openshift_metrics/vars/openshift-enterprise.yml new file mode 100644 index 000000000..f28c3ce48 --- /dev/null +++ b/roles/openshift_metrics/vars/openshift-enterprise.yml @@ -0,0 +1,3 @@ +--- +__openshift_metrics_image_prefix: "{{ openshift_hosted_metrics_deployer_prefix | default('registry.access.redhat.com/openshift3/') }}" +__openshift_metrics_image_version: "{{ openshift_hosted_metrics_deployer_version | default(openshift_release | default ('3.5.0') ) }}" diff --git a/roles/openshift_node/meta/main.yml b/roles/openshift_node/meta/main.yml index 10036abed..c97ff1b4b 100644 --- a/roles/openshift_node/meta/main.yml +++ b/roles/openshift_node/meta/main.yml @@ -12,6 +12,7 @@ galaxy_info: categories: - cloud dependencies: +- role: lib_openshift - role: openshift_common - role: openshift_clock - role: openshift_docker diff --git a/roles/openshift_node/tasks/node_system_container.yml b/roles/openshift_node/tasks/node_system_container.yml index abe139418..d99f657bc 100644 --- a/roles/openshift_node/tasks/node_system_container.yml +++ b/roles/openshift_node/tasks/node_system_container.yml @@ -1,8 +1,4 @@ --- -- name: Load lib_openshift modules - include_role: - name: lib_openshift - - name: Pre-pull node system container image command: > atomic pull --storage=ostree {{ openshift.common.system_images_registry }}/{{ openshift.node.node_system_image }}:{{ openshift_image_tag }} diff --git a/roles/openshift_node/tasks/openvswitch_system_container.yml b/roles/openshift_node/tasks/openvswitch_system_container.yml index b76ce8797..8cfa5a026 100644 --- a/roles/openshift_node/tasks/openvswitch_system_container.yml +++ b/roles/openshift_node/tasks/openvswitch_system_container.yml @@ -1,8 +1,4 @@ --- -- name: Load lib_openshift modules - include_role: - name: lib_openshift - - name: Pre-pull OpenVSwitch system container image command: > atomic pull --storage=ostree {{ openshift.common.system_images_registry }}/{{ openshift.node.ovs_system_image }}:{{ openshift_image_tag }} diff --git a/roles/openshift_node_certificates/README.md b/roles/openshift_node_certificates/README.md index f4215950f..fef2f0783 100644 --- a/roles/openshift_node_certificates/README.md +++ b/roles/openshift_node_certificates/README.md @@ -23,6 +23,7 @@ From this role: |-------------------------------------|-------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------| | openshift_generated_configs_dir | `{{ openshift.common.config_base }}/generated-configs` | Directory in which per-node generated config directories will be created on the `openshift_ca_host`. | | openshift_node_cert_subdir | `node-{{ openshift.common.hostname }}` | Directory within `openshift_generated_configs_dir` where per-node certificates will be placed on the `openshift_ca_host`. | +| openshift_node_cert_expire_days | `730` (2 years) | Validity of the certificates in days. Works only with OpenShift version 1.5 (3.5) and later. | | openshift_node_config_dir | `{{ openshift.common.config_base }}/node` | Node configuration directory in which certificates will be deployed on nodes. | | openshift_node_generated_config_dir | `{{ openshift_generated_configs_dir }}/{{ openshift_node_cert_subdir }` | Full path to the per-node generated config directory. | diff --git a/roles/openshift_node_certificates/defaults/main.yml b/roles/openshift_node_certificates/defaults/main.yml new file mode 100644 index 000000000..70a38b844 --- /dev/null +++ b/roles/openshift_node_certificates/defaults/main.yml @@ -0,0 +1,2 @@ +--- +openshift_node_cert_expire_days: 730 diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 4cb89aba2..9120915b2 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -66,6 +66,9 @@ --signer-key={{ openshift_ca_key }} --signer-serial={{ openshift_ca_serial }} --user=system:node:{{ hostvars[item].openshift.common.hostname }} + {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} + --expire-days={{ openshift_node_cert_expire_days }} + {% endif %} args: creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}" with_items: "{{ hostvars @@ -79,6 +82,9 @@ {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm ca create-server-cert --cert={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.crt --key={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.key + {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} + --expire-days={{ openshift_node_cert_expire_days }} + {% endif %} --overwrite=true --hostnames={{ hostvars[item].openshift.common.hostname }},{{ hostvars[item].openshift.common.public_hostname }},{{ hostvars[item].openshift.common.ip }},{{ hostvars[item].openshift.common.public_ip }} --signer-cert={{ openshift_ca_cert }} diff --git a/roles/openshift_node_upgrade/tasks/main.yml b/roles/openshift_node_upgrade/tasks/main.yml index f052ed505..6ae8dbc12 100644 --- a/roles/openshift_node_upgrade/tasks/main.yml +++ b/roles/openshift_node_upgrade/tasks/main.yml @@ -51,24 +51,28 @@ failed_when: false when: openshift.common.is_containerized | bool +- name: Stop rpm based services + service: + name: "{{ item }}" + state: stopped + with_items: + - "{{ openshift.common.service_type }}-node" + - openvswitch + failed_when: false + when: not openshift.common.is_containerized | bool + - name: Upgrade openvswitch package: name: openvswitch state: latest - register: ovs_pkg when: not openshift.common.is_containerized | bool - name: Restart openvswitch systemd: - name: "{{ item }}" - state: restarted - with_items: - - ovs-vswitchd - - ovsdb-server - - openvswitch + name: openvswitch + state: started when: - not openshift.common.is_containerized | bool - - ovs_pkg | changed # Mandatory Docker restart, ensure all containerized services are running: - include: docker/restart.yml diff --git a/roles/openshift_repos/meta/main.yml b/roles/openshift_repos/meta/main.yml index cc18c453c..1b043863b 100644 --- a/roles/openshift_repos/meta/main.yml +++ b/roles/openshift_repos/meta/main.yml @@ -11,4 +11,5 @@ galaxy_info: - 7 categories: - cloud -dependencies: [] +dependencies: +- role: openshift_sanitize_inventory diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index ffb760bfe..84a0905cc 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -4,10 +4,6 @@ path: /run/ostree-booted register: ostree_booted -- assert: - that: openshift_deployment_type in known_openshift_deployment_types - msg: "openshift_deployment_type must be one of {{ known_openshift_deployment_types }}" - - block: - name: Ensure libselinux-python is installed package: name=libselinux-python state=present diff --git a/roles/openshift_sanitize_inventory/README.md b/roles/openshift_sanitize_inventory/README.md new file mode 100644 index 000000000..23f6b84fc --- /dev/null +++ b/roles/openshift_sanitize_inventory/README.md @@ -0,0 +1,37 @@ +OpenShift Inventory +=================== + +Provides a role to validate and normalize the variables the user has +provided. This role should run before pretty much everything else so that +this kind of logic only has to be in one place. However, complicated +business logic should usually be left to other roles. + +Requirements +------------ + +None + +Role Variables +-------------- + +None + +Dependencies +------------ + +None + +Example Playbook +---------------- + +TODO + +License +------- + +Apache License, Version 2.0 + +Author Information +------------------ + +OpenShift dev (dev@lists.openshift.redhat.com) diff --git a/roles/openshift_sanitize_inventory/meta/main.yml b/roles/openshift_sanitize_inventory/meta/main.yml new file mode 100644 index 000000000..f5b37186e --- /dev/null +++ b/roles/openshift_sanitize_inventory/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + author: OpenShift dev + description: + company: Red Hat, Inc. + license: Apache License, Version 2.0 + min_ansible_version: 1.8 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: [] diff --git a/roles/openshift_sanitize_inventory/tasks/main.yml b/roles/openshift_sanitize_inventory/tasks/main.yml new file mode 100644 index 000000000..fc562c42c --- /dev/null +++ b/roles/openshift_sanitize_inventory/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: Standardize on latest variable names + no_log: True # keep task description legible + set_fact: + # goal is to deprecate deployment_type in favor of openshift_deployment_type. + # both will be accepted for now, but code should refer to the new name. + # TODO: once this is well-documented, add deprecation notice if using old name. + deployment_type: "{{ openshift_deployment_type | default(deployment_type) | default | string }}" + openshift_deployment_type: "{{ openshift_deployment_type | default(deployment_type) | default | string }}" + +- name: Normalize openshift_release + no_log: True # keep task description legible + set_fact: + # Normalize release if provided, e.g. "v3.5" => "3.5" + # Currently this is not required to be defined for all installs, and the + # `openshift_version` role can generally figure out the specific version + # that gets installed (e.g. 3.5.0.1). So consider this the user's expressed + # intent (if any), not the authoritative version that will be installed. + openshift_release: "{{ openshift_release | string | regex_replace('^v', '') }}" + when: openshift_release is defined + +- name: Ensure a valid deployment type has been given. + # this variable is required; complain early and clearly if it is invalid. + when: openshift_deployment_type not in known_openshift_deployment_types + fail: + msg: |- + Please set openshift_deployment_type to one of: + {{ known_openshift_deployment_types | join(', ') }} diff --git a/roles/openshift_repos/vars/main.yml b/roles/openshift_sanitize_inventory/vars/main.yml index da48e42c1..da48e42c1 100644 --- a/roles/openshift_repos/vars/main.yml +++ b/roles/openshift_sanitize_inventory/vars/main.yml diff --git a/roles/openshift_version/tasks/main.yml b/roles/openshift_version/tasks/main.yml index 0f2a660a7..35953b744 100644 --- a/roles/openshift_version/tasks/main.yml +++ b/roles/openshift_version/tasks/main.yml @@ -13,14 +13,6 @@ # Normalize some values that we need in a certain format that might be confusing: - set_fact: - openshift_release: "{{ openshift_release[1:] }}" - when: openshift_release is defined and openshift_release[0] == 'v' - -- set_fact: - openshift_release: "{{ openshift_release | string }}" - when: openshift_release is defined - -- set_fact: openshift_image_tag: "{{ 'v' + openshift_image_tag }}" when: openshift_image_tag is defined and openshift_image_tag[0] != 'v' and openshift_image_tag != 'latest' diff --git a/roles/openshift_version/tasks/set_version_rpm.yml b/roles/openshift_version/tasks/set_version_rpm.yml index 7fa74e24f..0c2ef4bb7 100644 --- a/roles/openshift_version/tasks/set_version_rpm.yml +++ b/roles/openshift_version/tasks/set_version_rpm.yml @@ -5,14 +5,42 @@ openshift_version: "{{ openshift_pkg_version[1:].split('-')[0] }}" when: openshift_pkg_version is defined and openshift_version is not defined +# if {{ openshift.common.service_type}}-excluder is enabled, +# the repoquery for {{ openshift.common.service_type}} will not work. +# Thus, create a temporary yum,conf file where exclude= is set to an empty list +- name: Create temporary yum.conf file + command: mktemp -d /tmp/yum.conf.XXXXXX + register: yum_conf_temp_file_result + +- set_fact: + yum_conf_temp_file: "{{yum_conf_temp_file_result.stdout}}/yum.conf" + +- name: Copy yum.conf into the temporary file + copy: + src: /etc/yum.conf + dest: "{{ yum_conf_temp_file }}" + remote_src: True + +- name: Clear the exclude= list in the temporary yum.conf + lineinfile: + # since ansible 2.3 s/dest/path + dest: "{{ yum_conf_temp_file }}" + regexp: '^exclude=' + line: 'exclude=' + - name: Gather common package version command: > - {{ repoquery_cmd }} --qf '%{version}' "{{ openshift.common.service_type}}" + {{ repoquery_cmd }} --config "{{ yum_conf_temp_file }}" --qf '%{version}' "{{ openshift.common.service_type}}" register: common_version failed_when: false changed_when: false when: openshift_version is not defined +- name: Delete the temporary yum.conf + file: + path: "{{ yum_conf_temp_file_result.stdout }}" + state: absent + - set_fact: openshift_version: "{{ common_version.stdout | default('0.0', True) }}" when: openshift_version is not defined diff --git a/roles/os_firewall/tasks/firewall/firewalld.yml b/roles/os_firewall/tasks/firewall/firewalld.yml index a9a69f73c..2b40eee1b 100644 --- a/roles/os_firewall/tasks/firewall/firewalld.yml +++ b/roles/os_firewall/tasks/firewall/firewalld.yml @@ -34,6 +34,16 @@ pause: seconds=10 when: result | changed +# Fix suspected race between firewalld and polkit BZ1436964 +- name: Wait for polkit action to have been created + command: pkaction --action-id=org.fedoraproject.FirewallD1.config.info + ignore_errors: true + register: pkaction + changed_when: false + until: pkaction.rc == 0 + retries: 6 + delay: 10 + - name: Add firewalld allow rules firewalld: port: "{{ item.port }}" diff --git a/test/openshift_version_tests.py b/test/openshift_version_tests.py new file mode 100644 index 000000000..52e9a9888 --- /dev/null +++ b/test/openshift_version_tests.py @@ -0,0 +1,72 @@ +""" Tests for the openshift_version Ansible filter module. """ +# pylint: disable=missing-docstring,invalid-name + +import os +import sys +import unittest + +sys.path = [os.path.abspath(os.path.dirname(__file__) + "/../filter_plugins/")] + sys.path + +# pylint: disable=import-error +import openshift_version # noqa: E402 + + +class OpenShiftVersionTests(unittest.TestCase): + + openshift_version_filters = openshift_version.FilterModule() + + # Static tests for legacy filters. + legacy_gte_tests = [{'name': 'oo_version_gte_3_1_or_1_1', + 'positive_enterprise_version': '3.2.0', + 'negative_enterprise_version': '3.0.0', + 'positive_origin_version': '1.2.0', + 'negative_origin_version': '1.0.0'}, + {'name': 'oo_version_gte_3_1_1_or_1_1_1', + 'positive_enterprise_version': '3.2.0', + 'negative_enterprise_version': '3.1.0', + 'positive_origin_version': '1.2.0', + 'negative_origin_version': '1.1.0'}, + {'name': 'oo_version_gte_3_2_or_1_2', + 'positive_enterprise_version': '3.3.0', + 'negative_enterprise_version': '3.1.0', + 'positive_origin_version': '1.3.0', + 'negative_origin_version': '1.1.0'}, + {'name': 'oo_version_gte_3_3_or_1_3', + 'positive_enterprise_version': '3.4.0', + 'negative_enterprise_version': '3.2.0', + 'positive_origin_version': '1.4.0', + 'negative_origin_version': '1.2.0'}, + {'name': 'oo_version_gte_3_4_or_1_4', + 'positive_enterprise_version': '3.5.0', + 'negative_enterprise_version': '3.3.0', + 'positive_origin_version': '1.5.0', + 'negative_origin_version': '1.3.0'}, + {'name': 'oo_version_gte_3_5_or_1_5', + 'positive_enterprise_version': '3.6.0', + 'negative_enterprise_version': '3.4.0', + 'positive_origin_version': '1.6.0', + 'negative_origin_version': '1.4.0'}] + + def test_legacy_gte_filters(self): + for test in self.legacy_gte_tests: + for deployment_type in ['enterprise', 'origin']: + # Test negative case per deployment_type + self.assertFalse( + self.openshift_version_filters._filters[test['name']]( + test["negative_{}_version".format(deployment_type)], deployment_type)) + # Test positive case per deployment_type + self.assertTrue( + self.openshift_version_filters._filters[test['name']]( + test["positive_{}_version".format(deployment_type)], deployment_type)) + + def test_gte_filters(self): + for major, minor_start, minor_end in self.openshift_version_filters.versions: + for minor in range(minor_start, minor_end): + # Test positive case + self.assertTrue( + self.openshift_version_filters._filters["oo_version_gte_{}_{}".format(major, minor)]( + "{}.{}".format(major, minor + 1))) + # Test negative case + self.assertFalse( + self.openshift_version_filters._filters["oo_version_gte_{}_{}".format(major, minor)]( + "{}.{}".format(major, minor))) |