diff options
Diffstat (limited to 'roles/lib_openshift/src')
17 files changed, 107 insertions, 44 deletions
diff --git a/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py index 10f1c9b4b..fc394cb43 100644 --- a/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py +++ b/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py @@ -1,6 +1,10 @@ # pylint: skip-file # flake8: noqa + +# pylint: disable=wrong-import-position +from ansible.module_utils.six import string_types + def main(): ''' ansible oc adm module for ca create-server-cert diff --git a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py index cf99a6584..37a64e4ef 100644 --- a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py +++ b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py @@ -96,6 +96,10 @@ class CAServerCert(OpenShiftCLI): def run_ansible(params, check_mode): '''run the idempotent ansible code''' + # Filter non-strings from hostnames list s.t. the omit filter + # may be used to conditionally add a hostname. + params['hostnames'] = [host for host in params['hostnames'] if isinstance(host, string_types)] + config = CAServerCertConfig(params['kubeconfig'], params['debug'], {'cert': {'value': params['cert'], 'include': True}, diff --git a/roles/lib_openshift/src/class/oc_adm_policy_user.py b/roles/lib_openshift/src/class/oc_adm_policy_user.py index 88fcc1ddc..37a685ebb 100644 --- a/roles/lib_openshift/src/class/oc_adm_policy_user.py +++ b/roles/lib_openshift/src/class/oc_adm_policy_user.py @@ -46,7 +46,7 @@ class PolicyUser(OpenShiftCLI): @property def policybindings(self): if self._policy_bindings is None: - results = self._get('clusterpolicybindings', None) + results = self._get('policybindings', None) if results['returncode'] != 0: raise OpenShiftCLIError('Could not retrieve policybindings') self._policy_bindings = results['results'][0]['items'][0] diff --git a/roles/lib_openshift/src/class/oc_adm_registry.py b/roles/lib_openshift/src/class/oc_adm_registry.py index 720b44cdc..3c130fe28 100644 --- a/roles/lib_openshift/src/class/oc_adm_registry.py +++ b/roles/lib_openshift/src/class/oc_adm_registry.py @@ -331,25 +331,34 @@ class Registry(OpenShiftCLI): def run_ansible(params, check_mode): '''run idempotent ansible code''' + registry_options = {'images': {'value': params['images'], 'include': True}, + 'latest_images': {'value': params['latest_images'], 'include': True}, + 'labels': {'value': params['labels'], 'include': True}, + 'ports': {'value': ','.join(params['ports']), 'include': True}, + 'replicas': {'value': params['replicas'], 'include': True}, + 'selector': {'value': params['selector'], 'include': True}, + 'service_account': {'value': params['service_account'], 'include': True}, + 'mount_host': {'value': params['mount_host'], 'include': True}, + 'env_vars': {'value': params['env_vars'], 'include': False}, + 'volume_mounts': {'value': params['volume_mounts'], 'include': False}, + 'edits': {'value': params['edits'], 'include': False}, + 'tls_key': {'value': params['tls_key'], 'include': True}, + 'tls_certificate': {'value': params['tls_certificate'], 'include': True}, + } + + # Do not always pass the daemonset and enforce-quota parameters because they are not understood + # by old versions of oc. + # Default value is false. So, it's safe to not pass an explicit false value to oc versions which + # understand these parameters. + if params['daemonset']: + registry_options['daemonset'] = {'value': params['daemonset'], 'include': True} + if params['enforce_quota']: + registry_options['enforce_quota'] = {'value': params['enforce_quota'], 'include': True} + rconfig = RegistryConfig(params['name'], params['namespace'], params['kubeconfig'], - {'images': {'value': params['images'], 'include': True}, - 'latest_images': {'value': params['latest_images'], 'include': True}, - 'labels': {'value': params['labels'], 'include': True}, - 'ports': {'value': ','.join(params['ports']), 'include': True}, - 'replicas': {'value': params['replicas'], 'include': True}, - 'selector': {'value': params['selector'], 'include': True}, - 'service_account': {'value': params['service_account'], 'include': True}, - 'mount_host': {'value': params['mount_host'], 'include': True}, - 'env_vars': {'value': params['env_vars'], 'include': False}, - 'volume_mounts': {'value': params['volume_mounts'], 'include': False}, - 'edits': {'value': params['edits'], 'include': False}, - 'enforce_quota': {'value': params['enforce_quota'], 'include': True}, - 'daemonset': {'value': params['daemonset'], 'include': True}, - 'tls_key': {'value': params['tls_key'], 'include': True}, - 'tls_certificate': {'value': params['tls_certificate'], 'include': True}, - }) + registry_options) ocregistry = Registry(rconfig, params['debug']) diff --git a/roles/lib_openshift/src/class/oc_clusterrole.py b/roles/lib_openshift/src/class/oc_clusterrole.py index 1d3d977db..ae6795446 100644 --- a/roles/lib_openshift/src/class/oc_clusterrole.py +++ b/roles/lib_openshift/src/class/oc_clusterrole.py @@ -22,7 +22,7 @@ class OCClusterRole(OpenShiftCLI): @property def clusterrole(self): ''' property for clusterrole''' - if not self._clusterrole: + if self._clusterrole is None: self.get() return self._clusterrole @@ -58,6 +58,7 @@ class OCClusterRole(OpenShiftCLI): elif 'clusterrole "{}" not found'.format(self.name) in result['stderr']: result['returncode'] = 0 + self.clusterrole = None return result @@ -127,6 +128,9 @@ class OCClusterRole(OpenShiftCLI): # Create it here api_rval = oc_clusterrole.create() + if api_rval['returncode'] != 0: + return {'failed': True, 'msg': api_rval} + # return the created object api_rval = oc_clusterrole.get() diff --git a/roles/lib_openshift/src/class/oc_obj.py b/roles/lib_openshift/src/class/oc_obj.py index 667b98eac..6f0da3d5c 100644 --- a/roles/lib_openshift/src/class/oc_obj.py +++ b/roles/lib_openshift/src/class/oc_obj.py @@ -115,12 +115,9 @@ class OCObject(OpenShiftCLI): # Delete ######## if state == 'absent': - # if we were passed a name, verify its not in our results - if params['name'] is not None and not Utils.exists(api_rval['results'], params['name']): - return {'changed': False, 'state': state} - - # verify results are empty for the selector - if params['selector'] is not None and len(api_rval['results']) == 0: + # verify its not in our results + if (params['name'] is not None or params['selector'] is not None) and \ + (len(api_rval['results']) == 0 or len(api_rval['results'][0].get('items', [])) == 0): return {'changed': False, 'state': state} if check_mode: diff --git a/roles/lib_openshift/src/class/oc_objectvalidator.py b/roles/lib_openshift/src/class/oc_objectvalidator.py index 43f6cac67..c9fd3b532 100644 --- a/roles/lib_openshift/src/class/oc_objectvalidator.py +++ b/roles/lib_openshift/src/class/oc_objectvalidator.py @@ -35,8 +35,10 @@ class OCObjectValidator(OpenShiftCLI): # check if it uses a reserved name name = namespace['metadata']['name'] if not any((name == 'kube', + name == 'kubernetes', name == 'openshift', name.startswith('kube-'), + name.startswith('kubernetes-'), name.startswith('openshift-'),)): return False diff --git a/roles/lib_openshift/src/doc/obj b/roles/lib_openshift/src/doc/obj index e44843eb3..4ff912b2d 100644 --- a/roles/lib_openshift/src/doc/obj +++ b/roles/lib_openshift/src/doc/obj @@ -47,7 +47,7 @@ options: aliases: [] kind: description: - - The kind attribute of the object. e.g. dc, bc, svc, route + - The kind attribute of the object. e.g. dc, bc, svc, route. May be a comma-separated list, e.g. "dc,po,svc". required: True default: None aliases: [] diff --git a/roles/lib_openshift/src/doc/volume b/roles/lib_openshift/src/doc/volume index 1d04afeef..43ff78c9f 100644 --- a/roles/lib_openshift/src/doc/volume +++ b/roles/lib_openshift/src/doc/volume @@ -29,6 +29,18 @@ options: required: false default: False aliases: [] + name: + description: + - Name of the object that is being queried. + required: false + default: None + aliases: [] + vol_name: + description: + - Name of the volume that is being queried. + required: false + default: None + aliases: [] namespace: description: - The name of the namespace where the object lives diff --git a/roles/lib_openshift/src/lib/base.py b/roles/lib_openshift/src/lib/base.py index 1868b1420..2bf795e25 100644 --- a/roles/lib_openshift/src/lib/base.py +++ b/roles/lib_openshift/src/lib/base.py @@ -76,6 +76,13 @@ class OpenShiftCLI(object): def _replace(self, fname, force=False): '''replace the current object with oc replace''' + # We are removing the 'resourceVersion' to handle + # a race condition when modifying oc objects + yed = Yedit(fname) + results = yed.delete('metadata.resourceVersion') + if results[0]: + yed.write() + cmd = ['replace', '-f', fname] if force: cmd.append('--force') @@ -249,7 +256,7 @@ class OpenShiftCLI(object): stdout, stderr = proc.communicate(input_data) - return proc.returncode, stdout.decode(), stderr.decode() + return proc.returncode, stdout.decode('utf-8'), stderr.decode('utf-8') # pylint: disable=too-many-arguments,too-many-branches def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json', input_data=None): diff --git a/roles/lib_openshift/src/lib/rule.py b/roles/lib_openshift/src/lib/rule.py index 4590dcf90..fe5ed9723 100644 --- a/roles/lib_openshift/src/lib/rule.py +++ b/roles/lib_openshift/src/lib/rule.py @@ -136,9 +136,9 @@ class Rule(object): results = [] for rule in inc_rules: - results.append(Rule(rule['apiGroups'], - rule['attributeRestrictions'], - rule['resources'], - rule['verbs'])) + results.append(Rule(rule.get('apiGroups', ['']), + rule.get('attributeRestrictions', None), + rule.get('resources', []), + rule.get('verbs', []))) return results diff --git a/roles/lib_openshift/src/test/integration/filter_plugins/filters.py b/roles/lib_openshift/src/test/integration/filter_plugins/filters.py index 6990a11a8..f350bd25d 100644 --- a/roles/lib_openshift/src/test/integration/filter_plugins/filters.py +++ b/roles/lib_openshift/src/test/integration/filter_plugins/filters.py @@ -1,6 +1,5 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# vim: expandtab:tabstop=4:shiftwidth=4 ''' Custom filters for use in testing ''' diff --git a/roles/lib_openshift/src/test/integration/oc_label.yml b/roles/lib_openshift/src/test/integration/oc_label.yml index b4e721407..22cf687c5 100755 --- a/roles/lib_openshift/src/test/integration/oc_label.yml +++ b/roles/lib_openshift/src/test/integration/oc_label.yml @@ -15,7 +15,7 @@ - name: ensure needed vars are defined fail: msg: "{{ item }} not defined" - when: "{{ item }} is not defined" + when: item is not defined with_items: - cli_master_test # ansible inventory instance to run playbook against diff --git a/roles/lib_openshift/src/test/integration/oc_user.yml b/roles/lib_openshift/src/test/integration/oc_user.yml index ad1f9d188..9b4290052 100755 --- a/roles/lib_openshift/src/test/integration/oc_user.yml +++ b/roles/lib_openshift/src/test/integration/oc_user.yml @@ -14,7 +14,7 @@ - name: ensure needed vars are defined fail: msg: "{{ item }} no defined" - when: "{{ item}} is not defined" + when: item is not defined with_items: - cli_master_test # ansible inventory instance to run playbook against diff --git a/roles/lib_openshift/src/test/unit/test_oc_adm_registry.py b/roles/lib_openshift/src/test/unit/test_oc_adm_registry.py index bab36fddc..97cf86170 100755 --- a/roles/lib_openshift/src/test/unit/test_oc_adm_registry.py +++ b/roles/lib_openshift/src/test/unit/test_oc_adm_registry.py @@ -205,10 +205,11 @@ class RegistryTest(unittest.TestCase): } ]}''' + @mock.patch('oc_adm_registry.locate_oc_binary') @mock.patch('oc_adm_registry.Utils._write') @mock.patch('oc_adm_registry.Utils.create_tmpfile_copy') @mock.patch('oc_adm_registry.Registry._run') - def test_state_present(self, mock_cmd, mock_tmpfile_copy, mock_write): + def test_state_present(self, mock_cmd, mock_tmpfile_copy, mock_write, mock_oc_binary): ''' Testing state present ''' params = {'state': 'present', 'debug': False, @@ -240,10 +241,9 @@ class RegistryTest(unittest.TestCase): (0, '', ''), ] - mock_tmpfile_copy.side_effect = [ - '/tmp/mocked_kubeconfig', - '/tmp/mocked_kubeconfig', - ] + mock_tmpfile_copy.return_value = '/tmp/mocked_kubeconfig' + + mock_oc_binary.return_value = 'oc' results = Registry.run_ansible(params, False) @@ -254,7 +254,7 @@ class RegistryTest(unittest.TestCase): mock_cmd.assert_has_calls([ mock.call(['oc', 'get', 'dc', 'docker-registry', '-o', 'json', '-n', 'default'], None), mock.call(['oc', 'get', 'svc', 'docker-registry', '-o', 'json', '-n', 'default'], None), - mock.call(['oc', 'adm', 'registry', '--daemonset=False', '--enforce-quota=False', + mock.call(['oc', 'adm', 'registry', '--ports=5000', '--replicas=1', '--selector=type=infra', '--service-account=registry', '--dry-run=True', '-o', 'json', '-n', 'default'], None), mock.call(['oc', 'create', '-f', mock.ANY, '-n', 'default'], None), diff --git a/roles/lib_openshift/src/test/unit/test_oc_adm_router.py b/roles/lib_openshift/src/test/unit/test_oc_adm_router.py index 51393dbaf..5481ac623 100755 --- a/roles/lib_openshift/src/test/unit/test_oc_adm_router.py +++ b/roles/lib_openshift/src/test/unit/test_oc_adm_router.py @@ -286,10 +286,11 @@ class RouterTest(unittest.TestCase): ] }''' + @mock.patch('oc_adm_router.locate_oc_binary') @mock.patch('oc_adm_router.Utils._write') @mock.patch('oc_adm_router.Utils.create_tmpfile_copy') @mock.patch('oc_adm_router.Router._run') - def test_state_present(self, mock_cmd, mock_tmpfile_copy, mock_write): + def test_state_present(self, mock_cmd, mock_tmpfile_copy, mock_write, mock_oc_binary): ''' Testing a create ''' params = {'state': 'present', 'debug': False, @@ -345,6 +346,10 @@ class RouterTest(unittest.TestCase): '/tmp/mocked_kubeconfig', ] + mock_oc_binary.side_effect = [ + 'oc', + ] + results = Router.run_ansible(params, False) self.assertTrue(results['changed']) diff --git a/roles/lib_openshift/src/test/unit/test_oc_objectvalidator.py b/roles/lib_openshift/src/test/unit/test_oc_objectvalidator.py index da326742f..b19a5a880 100755 --- a/roles/lib_openshift/src/test/unit/test_oc_objectvalidator.py +++ b/roles/lib_openshift/src/test/unit/test_oc_objectvalidator.py @@ -25,9 +25,10 @@ class OCObjectValidatorTest(unittest.TestCase): maxDiff = None + @mock.patch('oc_objectvalidator.locate_oc_binary') @mock.patch('oc_objectvalidator.Utils.create_tmpfile_copy') @mock.patch('oc_objectvalidator.OCObjectValidator._run') - def test_no_data(self, mock_cmd, mock_tmpfile_copy): + def test_no_data(self, mock_cmd, mock_tmpfile_copy, mock_oc_binary): ''' Testing when both all objects are empty ''' # Arrange @@ -62,6 +63,10 @@ class OCObjectValidatorTest(unittest.TestCase): '/tmp/mocked_kubeconfig', ] + mock_oc_binary.side_effect = [ + 'oc', + ] + # Act results = OCObjectValidator.run_ansible(params) @@ -76,9 +81,10 @@ class OCObjectValidatorTest(unittest.TestCase): mock.call(['oc', 'get', 'namespace', '-o', 'json', '-n', 'default'], None), ]) + @mock.patch('oc_objectvalidator.locate_oc_binary') @mock.patch('oc_objectvalidator.Utils.create_tmpfile_copy') @mock.patch('oc_objectvalidator.OCObjectValidator._run') - def test_error_code(self, mock_cmd, mock_tmpfile_copy): + def test_error_code(self, mock_cmd, mock_tmpfile_copy, mock_oc_binary): ''' Testing when we fail to get objects ''' # Arrange @@ -98,6 +104,10 @@ class OCObjectValidatorTest(unittest.TestCase): '/tmp/mocked_kubeconfig', ] + mock_oc_binary.side_effect = [ + 'oc' + ] + error_results = { 'returncode': 1, 'stderr': 'Error.', @@ -120,9 +130,10 @@ class OCObjectValidatorTest(unittest.TestCase): mock.call(['oc', 'get', 'hostsubnet', '-o', 'json', '-n', 'default'], None), ]) + @mock.patch('oc_objectvalidator.locate_oc_binary') @mock.patch('oc_objectvalidator.Utils.create_tmpfile_copy') @mock.patch('oc_objectvalidator.OCObjectValidator._run') - def test_valid_both(self, mock_cmd, mock_tmpfile_copy): + def test_valid_both(self, mock_cmd, mock_tmpfile_copy, mock_oc_binary): ''' Testing when both all objects are valid ''' # Arrange @@ -427,6 +438,10 @@ class OCObjectValidatorTest(unittest.TestCase): '/tmp/mocked_kubeconfig', ] + mock_oc_binary.side_effect = [ + 'oc' + ] + # Act results = OCObjectValidator.run_ansible(params) @@ -441,9 +456,10 @@ class OCObjectValidatorTest(unittest.TestCase): mock.call(['oc', 'get', 'namespace', '-o', 'json', '-n', 'default'], None), ]) + @mock.patch('oc_objectvalidator.locate_oc_binary') @mock.patch('oc_objectvalidator.Utils.create_tmpfile_copy') @mock.patch('oc_objectvalidator.OCObjectValidator._run') - def test_invalid_both(self, mock_cmd, mock_tmpfile_copy): + def test_invalid_both(self, mock_cmd, mock_tmpfile_copy, mock_oc_binary): ''' Testing when all objects are invalid ''' # Arrange @@ -886,6 +902,10 @@ class OCObjectValidatorTest(unittest.TestCase): '/tmp/mocked_kubeconfig', ] + mock_oc_binary.side_effect = [ + 'oc' + ] + # Act results = OCObjectValidator.run_ansible(params) |