diff options
Diffstat (limited to 'filter_plugins')
| -rw-r--r-- | filter_plugins/oo_filters.py | 152 | ||||
| -rw-r--r-- | filter_plugins/openshift_master.py | 18 |
2 files changed, 66 insertions, 104 deletions
diff --git a/filter_plugins/oo_filters.py b/filter_plugins/oo_filters.py index b81c3bf7f..a4dceb679 100644 --- a/filter_plugins/oo_filters.py +++ b/filter_plugins/oo_filters.py @@ -17,6 +17,7 @@ import re import json import yaml from ansible.utils.unicode import to_unicode +from urlparse import urlparse # Disabling too-many-public-methods, since filter methods are necessarily # public @@ -37,6 +38,8 @@ class FilterModule(object): def get_attr(data, attribute=None): """ This looks up dictionary attributes of the form a.b.c and returns the value. + + If the key isn't present, None is returned. Ex: data = {'a': {'b': {'c': 5}}} attribute = "a.b.c" returns 5 @@ -46,10 +49,15 @@ class FilterModule(object): ptr = data for attr in attribute.split('.'): - ptr = ptr[attr] + if attr in ptr: + ptr = ptr[attr] + else: + ptr = None + break return ptr + @staticmethod def oo_flatten(data): """ This filter plugin will flatten a list of lists @@ -138,6 +146,8 @@ class FilterModule(object): else: retval = [FilterModule.get_attr(d, attribute) for d in data] + retval = [val for val in retval if val != None] + return retval @staticmethod @@ -340,85 +350,6 @@ class FilterModule(object): return [x for x in data if filter_attr in x and x[filter_attr]] @staticmethod - def oo_oc_nodes_matching_selector(nodes, selector): - """ Filters a list of nodes by selector. - - Examples: - nodes = [{"kind": "Node", "metadata": {"name": "node1.example.com", - "labels": {"kubernetes.io/hostname": "node1.example.com", - "color": "green"}}}, - {"kind": "Node", "metadata": {"name": "node2.example.com", - "labels": {"kubernetes.io/hostname": "node2.example.com", - "color": "red"}}}] - selector = 'color=green' - returns = ['node1.example.com'] - - nodes = [{"kind": "Node", "metadata": {"name": "node1.example.com", - "labels": {"kubernetes.io/hostname": "node1.example.com", - "color": "green"}}}, - {"kind": "Node", "metadata": {"name": "node2.example.com", - "labels": {"kubernetes.io/hostname": "node2.example.com", - "color": "red"}}}] - selector = 'color=green,color=red' - returns = ['node1.example.com','node2.example.com'] - - Args: - nodes (list[dict]): list of node definitions - selector (str): "label=value" node selector to filter `nodes` by - Returns: - list[str]: nodes filtered by selector - """ - if not isinstance(nodes, list): - raise errors.AnsibleFilterError("failed expects nodes to be a list, got {0}".format(type(nodes))) - if not isinstance(selector, basestring): - raise errors.AnsibleFilterError("failed expects selector to be a string") - if not re.match('.*=.*', selector): - raise errors.AnsibleFilterError("failed selector does not match \"label=value\" format") - node_lists = [] - for node_selector in ''.join(selector.split()).split(','): - label = node_selector.split('=')[0] - value = node_selector.split('=')[1] - node_lists.append(FilterModule.oo_oc_nodes_with_label(nodes, label, value)) - nodes = set(node_lists[0]) - for node_list in node_lists[1:]: - nodes.intersection_update(node_list) - return list(nodes) - - @staticmethod - def oo_oc_nodes_with_label(nodes, label, value): - """ Filters a list of nodes by label, value. - - Examples: - nodes = [{"kind": "Node", "metadata": {"name": "node1.example.com", - "labels": {"kubernetes.io/hostname": "node1.example.com", - "color": "green"}}}, - {"kind": "Node", "metadata": {"name": "node2.example.com", - "labels": {"kubernetes.io/hostname": "node2.example.com", - "color": "red"}}}] - label = 'color' - value = 'green' - returns = ['node1.example.com'] - Args: - nodes (list[dict]): list of node definitions - label (str): label to filter `nodes` by - value (str): value of `label` to filter `nodes` by - Returns: - list[str]: nodes filtered by selector - """ - if not isinstance(nodes, list): - raise errors.AnsibleFilterError("failed expects nodes to be a list") - if not isinstance(label, basestring): - raise errors.AnsibleFilterError("failed expects label to be a string") - if not isinstance(value, basestring): - raise errors.AnsibleFilterError("failed expects value to be a string") - matching_nodes = [] - for node in nodes: - if label in node['metadata']['labels']: - if node['metadata']['labels'][label] == value: - matching_nodes.append(node['metadata']['name']) - return matching_nodes - - @staticmethod def oo_nodes_with_label(nodes, label, value=None): """ Filters a list of nodes by label and value (if provided) @@ -553,16 +484,20 @@ class FilterModule(object): """ Parses names from list of certificate hashes. Ex: certificates = [{ "certfile": "/root/custom1.crt", - "keyfile": "/root/custom1.key" }, + "keyfile": "/root/custom1.key", + "cafile": "/root/custom-ca1.crt" }, { "certfile": "custom2.crt", - "keyfile": "custom2.key" }] + "keyfile": "custom2.key", + "cafile": "custom-ca2.crt" }] returns [{ "certfile": "/etc/origin/master/named_certificates/custom1.crt", "keyfile": "/etc/origin/master/named_certificates/custom1.key", + "cafile": "/etc/origin/master/named_certificates/custom-ca1.crt", "names": [ "public-master-host.com", "other-master-host.com" ] }, { "certfile": "/etc/origin/master/named_certificates/custom2.crt", "keyfile": "/etc/origin/master/named_certificates/custom2.key", + "cafile": "/etc/origin/master/named_certificates/custom-ca-2.crt", "names": [ "some-hostname.com" ] }] """ if not isinstance(named_certs_dir, basestring): @@ -593,17 +528,20 @@ class FilterModule(object): raise errors.AnsibleFilterError(("|failed to parse certificate '%s', " % certificate['certfile'] + "please specify certificate names in host inventory")) - certificate['names'] = [name for name in certificate['names'] if name not in internal_hostnames] - certificate['names'] = list(set(certificate['names'])) - if not certificate['names']: - raise errors.AnsibleFilterError(("|failed to parse certificate '%s' or " % certificate['certfile'] + - "detected a collision with internal hostname, please specify " + - "certificate names in host inventory")) + if 'cafile' not in certificate: + certificate['names'] = [name for name in certificate['names'] if name not in internal_hostnames] + certificate['names'] = list(set(certificate['names'])) + if not certificate['names']: + raise errors.AnsibleFilterError(("|failed to parse certificate '%s' or " % certificate['certfile'] + + "detected a collision with internal hostname, please specify " + + "certificate names in host inventory")) for certificate in certificates: # Update paths for configuration certificate['certfile'] = os.path.join(named_certs_dir, os.path.basename(certificate['certfile'])) certificate['keyfile'] = os.path.join(named_certs_dir, os.path.basename(certificate['keyfile'])) + if 'cafile' in certificate: + certificate['cafile'] = os.path.join(named_certs_dir, os.path.basename(certificate['cafile'])) return certificates @staticmethod @@ -707,7 +645,8 @@ class FilterModule(object): if regex.match(key): facts[key] = hostvars[key] - migrations = {'openshift_router_selector': 'openshift_hosted_router_selector'} + migrations = {'openshift_router_selector': 'openshift_hosted_router_selector', + 'openshift_registry_selector': 'openshift_hosted_registry_selector'} for old_fact, new_fact in migrations.iteritems(): if old_fact in facts and new_fact not in facts: facts[new_fact] = facts[old_fact] @@ -738,7 +677,7 @@ class FilterModule(object): if kind == 'nfs': host = params['host'] if host == None: - if len(groups['oo_nfs_to_config']) > 0: + if 'oo_nfs_to_config' in groups and len(groups['oo_nfs_to_config']) > 0: host = groups['oo_nfs_to_config'][0] else: raise errors.AnsibleFilterError("|failed no storage host detected") @@ -771,7 +710,7 @@ class FilterModule(object): fsType=filesystem, volumeID=volume_id))) persistent_volumes.append(persistent_volume) - else: + elif not (kind == 'object' or kind == 'dynamic'): msg = "|failed invalid storage kind '{0}' for component '{1}'".format( kind, component) @@ -795,7 +734,8 @@ class FilterModule(object): if 'storage' in hostvars['openshift']['hosted'][component]: kind = hostvars['openshift']['hosted'][component]['storage']['kind'] create_pv = hostvars['openshift']['hosted'][component]['storage']['create_pv'] - if kind != None and create_pv: + create_pvc = hostvars['openshift']['hosted'][component]['storage']['create_pvc'] + if kind != None and create_pv and create_pvc: volume = hostvars['openshift']['hosted'][component]['storage']['volume']['name'] size = hostvars['openshift']['hosted'][component]['storage']['volume']['size'] access_modes = hostvars['openshift']['hosted'][component]['storage']['access_modes'] @@ -881,17 +821,32 @@ class FilterModule(object): """ if not isinstance(version, basestring): raise errors.AnsibleFilterError("|failed expects a string or unicode") - # TODO: Do we need to make this actually convert v1.2.0-rc1 into 1.2.0-0.rc1 - # We'd need to be really strict about how we build the RPM Version+Release if version.startswith("v"): - version = version.replace("v", "") + version = version[1:] + # Strip release from requested version, we no longer support this. version = version.split('-')[0] - if include_dash: - version = "-" + version + if include_dash and version and not version.startswith("-"): + version = "-" + version return version + @staticmethod + def oo_hostname_from_url(url): + """ Returns the hostname contained in a URL + + Ex: https://ose3-master.example.com/v1/api -> ose3-master.example.com + """ + if not isinstance(url, basestring): + raise errors.AnsibleFilterError("|failed expects a string or unicode") + parse_result = urlparse(url) + if parse_result.netloc != '': + return parse_result.netloc + else: + # netloc wasn't parsed, assume url was missing scheme and path + return parse_result.path + + def filters(self): """ returns a mapping of filters to methods """ return { @@ -922,7 +877,6 @@ class FilterModule(object): "oo_get_hosts_from_hostvars": self.oo_get_hosts_from_hostvars, "oo_image_tag_to_rpm_version": self.oo_image_tag_to_rpm_version, "oo_merge_dicts": self.oo_merge_dicts, - "oo_oc_nodes_matching_selector": self.oo_oc_nodes_matching_selector, - "oo_oc_nodes_with_label": self.oo_oc_nodes_with_label, + "oo_hostname_from_url": self.oo_hostname_from_url, "oo_merge_hostvars": self.oo_merge_hostvars, } diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py index b3f284a8e..ee6a62ba5 100644 --- a/filter_plugins/openshift_master.py +++ b/filter_plugins/openshift_master.py @@ -237,7 +237,11 @@ class RequestHeaderIdentityProvider(IdentityProviderBase): self._required += [['headers']] self._optional += [['challengeURL', 'challenge_url'], ['loginURL', 'login_url'], - ['clientCA', 'client_ca']] + ['clientCA', 'client_ca'], + ['clientCommonNames', 'client_common_names'], + ['emailHeaders', 'email_headers'], + ['nameHeaders', 'name_headers'], + ['preferredUsernameHeaders', 'preferred_username_headers']] def validate(self): ''' validate this idp instance ''' @@ -521,7 +525,7 @@ class FilterModule(object): return valid @staticmethod - def certificates_to_synchronize(hostvars): + def certificates_to_synchronize(hostvars, include_keys=True): ''' Return certificates to synchronize based on facts. ''' if not issubclass(type(hostvars), dict): raise errors.AnsibleFilterError("|failed expects hostvars is a dict") @@ -535,9 +539,10 @@ class FilterModule(object): 'openshift-registry.kubeconfig', 'openshift-router.crt', 'openshift-router.key', - 'openshift-router.kubeconfig', - 'serviceaccounts.private.key', - 'serviceaccounts.public.key'] + 'openshift-router.kubeconfig'] + if bool(include_keys): + certs += ['serviceaccounts.private.key', + 'serviceaccounts.public.key'] if bool(hostvars['openshift']['common']['version_gte_3_1_or_1_1']): certs += ['master.proxy-client.crt', 'master.proxy-client.key'] @@ -545,6 +550,9 @@ class FilterModule(object): certs += ['openshift-master.crt', 'openshift-master.key', 'openshift-master.kubeconfig'] + if bool(hostvars['openshift']['common']['version_gte_3_3_or_1_3']): + certs += ['service-signer.crt', + 'service-signer.key'] return certs @staticmethod |