diff options
Diffstat (limited to 'roles/lib_openshift/src/class')
| -rw-r--r-- | roles/lib_openshift/src/class/oc_obj.py | 2 | ||||
| -rw-r--r-- | roles/lib_openshift/src/class/oc_process.py | 188 | ||||
| -rw-r--r-- | roles/lib_openshift/src/class/oc_route.py | 43 | ||||
| -rw-r--r-- | roles/lib_openshift/src/class/oc_secret.py | 8 |
4 files changed, 234 insertions, 7 deletions
diff --git a/roles/lib_openshift/src/class/oc_obj.py b/roles/lib_openshift/src/class/oc_obj.py index 9d0b8e45b..2ec20e72c 100644 --- a/roles/lib_openshift/src/class/oc_obj.py +++ b/roles/lib_openshift/src/class/oc_obj.py @@ -49,7 +49,7 @@ class OCObject(OpenShiftCLI): return self._create(files[0]) content['data'] = yaml.dump(content['data']) - content_file = Utils.create_files_from_contents(content)[0] + content_file = Utils.create_tmp_files_from_contents(content)[0] return self._create(content_file['path']) diff --git a/roles/lib_openshift/src/class/oc_process.py b/roles/lib_openshift/src/class/oc_process.py new file mode 100644 index 000000000..80d81448d --- /dev/null +++ b/roles/lib_openshift/src/class/oc_process.py @@ -0,0 +1,188 @@ +# pylint: skip-file +# flake8: noqa + + +# pylint: disable=too-many-instance-attributes +class OCProcess(OpenShiftCLI): + ''' Class to wrap the oc command line tools ''' + + # pylint allows 5. we need 6 + # pylint: disable=too-many-arguments + def __init__(self, + namespace, + tname=None, + params=None, + create=False, + kubeconfig='/etc/origin/master/admin.kubeconfig', + tdata=None, + verbose=False): + ''' Constructor for OpenshiftOC ''' + super(OCProcess, self).__init__(namespace, kubeconfig) + self.namespace = namespace + self.name = tname + self.data = tdata + self.params = params + self.create = create + self.kubeconfig = kubeconfig + self.verbose = verbose + self._template = None + + @property + def template(self): + '''template property''' + if self._template is None: + results = self._process(self.name, False, self.params, self.data) + if results['returncode'] != 0: + raise OpenShiftCLIError('Error processing template [%s].' % self.name) + self._template = results['results']['items'] + + return self._template + + def get(self): + '''get the template''' + results = self._get('template', self.name) + if results['returncode'] != 0: + # Does the template exist?? + if 'not found' in results['stderr']: + results['returncode'] = 0 + results['exists'] = False + results['results'] = [] + + return results + + def delete(self, obj): + '''delete a resource''' + return self._delete(obj['kind'], obj['metadata']['name']) + + def create_obj(self, obj): + '''create a resource''' + return self._create_from_content(obj['metadata']['name'], obj) + + def process(self, create=None): + '''process a template''' + do_create = False + if create != None: + do_create = create + else: + do_create = self.create + + return self._process(self.name, do_create, self.params, self.data) + + def exists(self): + '''return whether the template exists''' + # Always return true if we're being passed template data + if self.data: + return True + t_results = self._get('template', self.name) + + if t_results['returncode'] != 0: + # Does the template exist?? + if 'not found' in t_results['stderr']: + return False + else: + raise OpenShiftCLIError('Something went wrong. %s' % t_results) + + return True + + def needs_update(self): + '''attempt to process the template and return it for comparison with oc objects''' + obj_results = [] + for obj in self.template: + + # build a list of types to skip + skip = [] + + if obj['kind'] == 'ServiceAccount': + skip.extend(['secrets', 'imagePullSecrets']) + if obj['kind'] == 'BuildConfig': + skip.extend(['lastTriggeredImageID']) + if obj['kind'] == 'ImageStream': + skip.extend(['generation']) + if obj['kind'] == 'DeploymentConfig': + skip.extend(['lastTriggeredImage']) + + # fetch the current object + curr_obj_results = self._get(obj['kind'], obj['metadata']['name']) + if curr_obj_results['returncode'] != 0: + # Does the template exist?? + if 'not found' in curr_obj_results['stderr']: + obj_results.append((obj, True)) + continue + + # check the generated object against the existing object + if not Utils.check_def_equal(obj, curr_obj_results['results'][0], skip_keys=skip): + obj_results.append((obj, True)) + continue + + obj_results.append((obj, False)) + + return obj_results + + # pylint: disable=too-many-return-statements + @staticmethod + def run_ansible(params, check_mode): + '''run the ansible idempotent code''' + + ocprocess = OCProcess(params['namespace'], + params['template_name'], + params['params'], + params['create'], + kubeconfig=params['kubeconfig'], + tdata=params['content'], + verbose=params['debug']) + + state = params['state'] + + api_rval = ocprocess.get() + + if state == 'list': + if api_rval['returncode'] != 0: + return {"failed": True, "msg" : api_rval} + + return {"changed" : False, "results": api_rval, "state": "list"} + + elif state == 'present': + if check_mode and params['create']: + return {"changed": True, 'msg': "CHECK_MODE: Would have processed template."} + + if not ocprocess.exists() or not params['reconcile']: + #FIXME: this code will never get run in a way that succeeds when + # module.params['reconcile'] is true. Because oc_process doesn't + # create the actual template, the check of ocprocess.exists() + # is meaningless. Either it's already here and this code + # won't be run, or this code will fail because there is no + # template available for oc process to use. Have we conflated + # the template's existence with the existence of the objects + # it describes? + + # Create it here + api_rval = ocprocess.process() + if api_rval['returncode'] != 0: + return {"failed": True, "msg": api_rval} + + if params['create']: + return {"changed": True, "results": api_rval, "state": "present"} + + return {"changed": False, "results": api_rval, "state": "present"} + + # verify results + update = False + rval = [] + all_results = ocprocess.needs_update() + for obj, status in all_results: + if status: + ocprocess.delete(obj) + results = ocprocess.create_obj(obj) + results['kind'] = obj['kind'] + rval.append(results) + update = True + + if not update: + return {"changed": update, "results": api_rval, "state": "present"} + + for cmd in rval: + if cmd['returncode'] != 0: + return {"failed": True, "changed": update, "results": rval, "state": "present"} + + return {"changed": update, "results": rval, "state": "present"} + diff --git a/roles/lib_openshift/src/class/oc_route.py b/roles/lib_openshift/src/class/oc_route.py index 42af2c01c..42388ad0b 100644 --- a/roles/lib_openshift/src/class/oc_route.py +++ b/roles/lib_openshift/src/class/oc_route.py @@ -64,9 +64,23 @@ class OCRoute(OpenShiftCLI): skip = [] return not Utils.check_def_equal(self.config.data, self.route.yaml_dict, skip_keys=skip, debug=True) + @staticmethod + def get_cert_data(path, content): + '''get the data for a particular value''' + if not path and not content: + return None + + rval = None + if path and os.path.exists(path) and os.access(path, os.R_OK): + rval = open(path).read() + elif content: + rval = content + + return rval + # pylint: disable=too-many-return-statements,too-many-branches @staticmethod - def run_ansible(params, files, check_mode=False): + def run_ansible(params, check_mode=False): ''' run the idempotent asnible code params comes from the ansible portion for this module @@ -78,6 +92,30 @@ class OCRoute(OpenShiftCLI): } check_mode: does the module support check mode. (module.check_mode) ''' + files = {'destcacert': {'path': params['dest_cacert_path'], + 'content': params['dest_cacert_content'], + 'value': None, }, + 'cacert': {'path': params['cacert_path'], + 'content': params['cacert_content'], + 'value': None, }, + 'cert': {'path': params['cert_path'], + 'content': params['cert_content'], + 'value': None, }, + 'key': {'path': params['key_path'], + 'content': params['key_content'], + 'value': None, }, } + + if params['tls_termination'] and params['tls_termination'].lower() != 'passthrough': # E501 + + for key, option in files.items(): + if key == 'destcacert' and params['tls_termination'] != 'reencrypt': + continue + + option['value'] = OCRoute.get_cert_data(option['path'], option['content']) # E501 + + if not option['value']: + return {'failed': True, + 'msg': 'Verify that you pass a value for %s' % key} rconfig = RouteConfig(params['name'], params['namespace'], @@ -90,7 +128,8 @@ class OCRoute(OpenShiftCLI): params['tls_termination'], params['service_name'], params['wildcard_policy'], - params['weight']) + params['weight'], + params['port']) oc_route = OCRoute(rconfig, verbose=params['debug']) diff --git a/roles/lib_openshift/src/class/oc_secret.py b/roles/lib_openshift/src/class/oc_secret.py index 40b2aa4d1..e99999c37 100644 --- a/roles/lib_openshift/src/class/oc_secret.py +++ b/roles/lib_openshift/src/class/oc_secret.py @@ -48,7 +48,7 @@ class OCSecret(OpenShiftCLI): def create(self, files=None, contents=None): '''Create a secret ''' if not files: - files = Utils.create_files_from_contents(contents) + files = Utils.create_tmp_files_from_contents(contents) secrets = ["%s=%s" % (sfile['name'], sfile['path']) for sfile in files] cmd = ['secrets', 'new', self.name] @@ -81,7 +81,7 @@ class OCSecret(OpenShiftCLI): This is accomplished by passing -ojson. This will most likely change in the future ''' if not files: - files = Utils.create_files_from_contents(contents) + files = Utils.create_tmp_files_from_contents(contents) secrets = ["%s=%s" % (sfile['name'], sfile['path']) for sfile in files] cmd = ['-ojson', 'secrets', 'new', self.name] @@ -132,7 +132,7 @@ class OCSecret(OpenShiftCLI): if params['files']: files = params['files'] elif params['contents']: - files = Utils.create_files_from_contents(params['contents']) + files = Utils.create_tmp_files_from_contents(params['contents']) else: return {'failed': True, 'msg': 'Either specify files or contents.'} @@ -146,7 +146,7 @@ class OCSecret(OpenShiftCLI): return {'changed': True, 'msg': 'Would have performed a create.'} - api_rval = ocsecret.create(params['files'], params['contents']) + api_rval = ocsecret.create(files, params['contents']) # Remove files if files and params['delete_after']: |