5 files changed, 262 insertions, 0 deletions

diff --git a/roles/lib_openshift/src/ansible/oc_adm_policy_group.py b/roles/lib_openshift/src/ansible/oc_adm_policy_group.py
new file mode 100644
index 000000000..cf6691b03
--- /dev/null
+++ b/roles/lib_openshift/src/ansible/oc_adm_policy_group.py
@@ -0,0 +1,34 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+def main():
+    '''
+    ansible oc adm module for group policy
+    '''
+
+    module = AnsibleModule(
+        argument_spec=dict(
+            state=dict(default='present', type='str',
+                       choices=['present', 'absent']),
+            debug=dict(default=False, type='bool'),
+            resource_name=dict(required=True, type='str'),
+            namespace=dict(default='default', type='str'),
+            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+
+            group=dict(required=True, type='str'),
+            resource_kind=dict(required=True, choices=['role', 'cluster-role', 'scc'], type='str'),
+        ),
+        supports_check_mode=True,
+    )
+
+    results = PolicyGroup.run_ansible(module.params, module.check_mode)
+
+    if 'failed' in results:
+        module.fail_json(**results)
+
+    module.exit_json(**results)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/roles/lib_openshift/src/ansible/oc_adm_policy_user.py b/roles/lib_openshift/src/ansible/oc_adm_policy_user.py
new file mode 100644
index 000000000..a22496866
--- /dev/null
+++ b/roles/lib_openshift/src/ansible/oc_adm_policy_user.py
@@ -0,0 +1,34 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+def main():
+    '''
+    ansible oc adm module for user policy
+    '''
+
+    module = AnsibleModule(
+        argument_spec=dict(
+            state=dict(default='present', type='str',
+                       choices=['present', 'absent']),
+            debug=dict(default=False, type='bool'),
+            resource_name=dict(required=True, type='str'),
+            namespace=dict(default='default', type='str'),
+            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+
+            user=dict(required=True, type='str'),
+            resource_kind=dict(required=True, choices=['role', 'cluster-role', 'scc'], type='str'),
+        ),
+        supports_check_mode=True,
+    )
+
+    results = PolicyUser.run_ansible(module.params, module.check_mode)
+
+    if 'failed' in results:
+        module.fail_json(**results)
+
+    module.exit_json(**results)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/roles/lib_openshift/src/ansible/oc_atomic_container.py b/roles/lib_openshift/src/ansible/oc_atomic_container.py
new file mode 100644
index 000000000..20d75cb63
--- /dev/null
+++ b/roles/lib_openshift/src/ansible/oc_atomic_container.py
@@ -0,0 +1,137 @@
+# pylint: skip-file
+# flake8: noqa
+
+# pylint: disable=wrong-import-position,too-many-branches,invalid-name
+import json
+from ansible.module_utils.basic import AnsibleModule
+
+
+def _install(module, container, image, values_list):
+    ''' install a container using atomic CLI.  values_list is the list of --set arguments.
+    container is the name given to the container.  image is the image to use for the installation. '''
+    args = ['atomic', 'install', "--system", '--name=%s' % container] + values_list + [image]
+    rc, out, err = module.run_command(args, check_rc=False)
+    if rc != 0:
+        return rc, out, err, False
+    else:
+        changed = "Extracting" in out
+        return rc, out, err, changed
+
+def _uninstall(module, name):
+    ''' uninstall an atomic container by its name. '''
+    args = ['atomic', 'uninstall', name]
+    rc, out, err = module.run_command(args, check_rc=False)
+    return rc, out, err, False
+
+
+def do_install(module, container, image, values_list):
+    ''' install a container and exit the module. '''
+    rc, out, err, changed = _install(module, container, image, values_list)
+    if rc != 0:
+        module.fail_json(rc=rc, msg=err)
+    else:
+        module.exit_json(msg=out, changed=changed)
+
+
+def do_uninstall(module, name):
+    ''' uninstall a container and exit the module. '''
+    rc, out, err, changed = _uninstall(module, name)
+    if rc != 0:
+        module.fail_json(rc=rc, msg=err)
+    module.exit_json(msg=out, changed=changed)
+
+
+def do_update(module, container, old_image, image, values_list):
+    ''' update a container and exit the module.  If the container uses a different
+    image than the current installed one, then first uninstall the old one '''
+
+    # the image we want is different than the installed one
+    if old_image != image:
+        rc, out, err, _ = _uninstall(module, container)
+        if rc != 0:
+            module.fail_json(rc=rc, msg=err)
+        return do_install(module, container, image, values_list)
+
+    # if the image didn't change, use "atomic containers update"
+    args = ['atomic', 'containers', 'update'] + values_list + [container]
+    rc, out, err = module.run_command(args, check_rc=False)
+    if rc != 0:
+        module.fail_json(rc=rc, msg=err)
+    else:
+        changed = "Extracting" in out
+        module.exit_json(msg=out, changed=changed)
+
+
+def do_rollback(module, name):
+    ''' move to the previous deployment of the container, if present, and exit the module. '''
+    args = ['atomic', 'containers', 'rollback', name]
+    rc, out, err = module.run_command(args, check_rc=False)
+    if rc != 0:
+        module.fail_json(rc=rc, msg=err)
+    else:
+        changed = "Rolling back" in out
+        module.exit_json(msg=out, changed=changed)
+
+
+def core(module):
+    ''' entrypoint for the module. '''
+    name = module.params['name']
+    image = module.params['image']
+    values = module.params['values']
+    state = module.params['state']
+
+    module.run_command_environ_update = dict(LANG='C', LC_ALL='C', LC_MESSAGES='C')
+    out = {}
+    err = {}
+    rc = 0
+
+    values_list = ["--set=%s" % x for x in values] if values else []
+
+    args = ['atomic', 'containers', 'list', '--json', '--all', '-f', 'container=%s' % name]
+    rc, out, err = module.run_command(args, check_rc=False)
+    if rc != 0:
+        module.fail_json(rc=rc, msg=err)
+        return
+
+    containers = json.loads(out)
+    present = len(containers) > 0
+    old_image = containers[0]["image_name"] if present else None
+
+    if state == 'present' and present:
+        module.exit_json(msg=out, changed=False)
+    elif (state in ['latest', 'present']) and not present:
+        do_install(module, name, image, values_list)
+    elif state == 'latest':
+        do_update(module, name, old_image, image, values_list)
+    elif state == 'absent':
+        if not present:
+            module.exit_json(msg="", changed=False)
+        else:
+            do_uninstall(module, name)
+    elif state == 'rollback':
+        do_rollback(module, name)
+
+
+def main():
+    module = AnsibleModule(
+        argument_spec=dict(
+            name=dict(default=None, required=True),
+            image=dict(default=None, required=True),
+            state=dict(default='latest', choices=['present', 'absent', 'latest', 'rollback']),
+            values=dict(type='list', default=[]),
+            ),
+        )
+
+    # Verify that the platform supports atomic command
+    rc, _, err = module.run_command('atomic -v', check_rc=False)
+    if rc != 0:
+        module.fail_json(msg="Error in running atomic command", err=err)
+
+    try:
+        core(module)
+    except Exception as e:  # pylint: disable=broad-except
+        module.fail_json(msg=str(e))
+
+
+if __name__ == '__main__':
+    main()
diff --git a/roles/lib_openshift/src/ansible/oc_objectvalidator.py b/roles/lib_openshift/src/ansible/oc_objectvalidator.py
new file mode 100644
index 000000000..658bb5ded
--- /dev/null
+++ b/roles/lib_openshift/src/ansible/oc_objectvalidator.py
@@ -0,0 +1,24 @@
+# pylint: skip-file
+# flake8: noqa
+
+def main():
+    '''
+    ansible oc module for validating OpenShift objects
+    '''
+
+    module = AnsibleModule(
+        argument_spec=dict(
+            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+        ),
+        supports_check_mode=False,
+    )
+
+
+    rval = OCObjectValidator.run_ansible(module.params)
+    if 'failed' in rval:
+        module.fail_json(**rval)
+
+    module.exit_json(**rval)
+
+if __name__ == '__main__':
+    main()
diff --git a/roles/lib_openshift/src/ansible/oc_project.py b/roles/lib_openshift/src/ansible/oc_project.py
new file mode 100644
index 000000000..b035cd712
--- /dev/null
+++ b/roles/lib_openshift/src/ansible/oc_project.py
@@ -0,0 +1,33 @@
+# pylint: skip-file
+# flake8: noqa
+
+def main():
+    '''
+    ansible oc module for project
+    '''
+
+    module = AnsibleModule(
+        argument_spec=dict(
+            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+            state=dict(default='present', type='str',
+                       choices=['present', 'absent', 'list']),
+            debug=dict(default=False, type='bool'),
+            name=dict(default=None, require=True, type='str'),
+            display_name=dict(default=None, type='str'),
+            node_selector=dict(default=None, type='list'),
+            description=dict(default=None, type='str'),
+            admin=dict(default=None, type='str'),
+            admin_role=dict(default='admin', type='str'),
+        ),
+        supports_check_mode=True,
+    )
+
+    rval = OCProject.run_ansible(module.params, module.check_mode)
+    if 'failed' in rval:
+        return module.fail_json(**rval)
+
+    return module.exit_json(**rval)
+
+
+if __name__ == '__main__':
+    main()