From 5ff3071297b0bd91e5135bbe9def3a59dadfe885 Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Fri, 17 Feb 2017 09:34:10 -0500 Subject: Rename of oadm_ca to oc_adm_ca. Decided to whittle down to the direct call, server_cert. --- .../src/class/oadm_certificate_authority.py | 110 --------------------- .../src/class/oc_adm_ca_server_cert.py | 104 +++++++++++++++++++ 2 files changed, 104 insertions(+), 110 deletions(-) delete mode 100644 roles/lib_openshift/src/class/oadm_certificate_authority.py create mode 100644 roles/lib_openshift/src/class/oc_adm_ca_server_cert.py (limited to 'roles/lib_openshift/src/class') diff --git a/roles/lib_openshift/src/class/oadm_certificate_authority.py b/roles/lib_openshift/src/class/oadm_certificate_authority.py deleted file mode 100644 index 34bd0f0a9..000000000 --- a/roles/lib_openshift/src/class/oadm_certificate_authority.py +++ /dev/null @@ -1,110 +0,0 @@ -# pylint: skip-file - -class CertificateAuthorityConfig(OpenShiftCLIConfig): - ''' CertificateAuthorityConfig is a DTO for the oadm ca command ''' - def __init__(self, cmd, kubeconfig, verbose, ca_options): - super(CertificateAuthorityConfig, self).__init__('ca', None, kubeconfig, ca_options) - self.cmd = cmd - self.kubeconfig = kubeconfig - self.verbose = verbose - self._ca = ca_options - -class CertificateAuthority(OpenShiftCLI): - ''' Class to wrap the oc command line tools ''' - def __init__(self, - config, - verbose=False): - ''' Constructor for oadm ca ''' - super(CertificateAuthority, self).__init__(None, config.kubeconfig, verbose) - self.config = config - self.verbose = verbose - - def get(self): - '''get the current cert file - - If a file exists by the same name in the specified location then the cert exists - ''' - cert = self.config.config_options['cert']['value'] - if cert and os.path.exists(cert): - return open(cert).read() - - return None - - def create(self): - '''Create a deploymentconfig ''' - options = self.config.to_option_list() - - cmd = ['ca'] - cmd.append(self.config.cmd) - cmd.extend(options) - - return self.openshift_cmd(cmd, oadm=True) - - def exists(self): - ''' check whether the certificate exists and has the clusterIP ''' - - cert_path = self.config.config_options['cert']['value'] - if not os.path.exists(cert_path): - return False - - proc = subprocess.Popen(['openssl', 'x509', '-noout', '-subject', '-in', cert_path], - stdout=subprocess.PIPE, stderr=subprocess.PIPE) - stdout, stderr = proc.communicate() - if proc.returncode == 0: - for var in self.config.config_options['hostnames']['value'].split(','): - if var in stdout: - return True - - return False - - @staticmethod - def run_ansible(params, check_mode): - '''run the idempotent ansible code''' - - config = CertificateAuthorityConfig(params['cmd'], - params['kubeconfig'], - params['debug'], - {'cert_dir': {'value': params['cert_dir'], 'include': True}, - 'cert': {'value': params['cert'], 'include': True}, - 'hostnames': {'value': ','.join(params['hostnames']), 'include': True}, - 'master': {'value': params['master'], 'include': True}, - 'public_master': {'value': params['public_master'], 'include': True}, - 'overwrite': {'value': params['overwrite'], 'include': True}, - 'signer_name': {'value': params['signer_name'], 'include': True}, - 'private_key': {'value': params['private_key'], 'include': True}, - 'public_key': {'value': params['public_key'], 'include': True}, - 'key': {'value': params['key'], 'include': True}, - 'signer_cert': {'value': params['signer_cert'], 'include': True}, - 'signer_key': {'value': params['signer_key'], 'include': True}, - 'signer_serial': {'value': params['signer_serial'], 'include': True}, - }) - - - oadm_ca = CertificateAuthority(config) - - state = params['state'] - - if state == 'present': - ######## - # Create - ######## - if not oadm_ca.exists() or params['overwrite']: - - if check_mode: - return {'changed': True, - 'msg': "CHECK_MODE: Would have created the certificate.", - 'state': state} - - api_rval = oadm_ca.create() - - return {'changed': True, 'results': api_rval, 'state': state} - - ######## - # Exists - ######## - api_rval = oadm_ca.get() - return {'changed': False, 'results': api_rval, 'state': state} - - return {'failed': True, - 'msg': 'Unknown state passed. %s' % state} - diff --git a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py new file mode 100644 index 000000000..92505c08e --- /dev/null +++ b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py @@ -0,0 +1,104 @@ +# pylint: skip-file + +class CAServerCertConfig(OpenShiftCLIConfig): + ''' CertificateAuthorityConfig is a DTO for the oadm ca command ''' + def __init__(self, cmd, kubeconfig, verbose, ca_options): + super(CertificateAuthorityConfig, self).__init__('ca', None, kubeconfig, ca_options) + self.cmd = cmd + self.kubeconfig = kubeconfig + self.verbose = verbose + self._ca = ca_options + +class CAServerCert(OpenShiftCLI): + ''' Class to wrap the oc command line tools ''' + def __init__(self, + config, + verbose=False): + ''' Constructor for oadm ca ''' + super(CAServerCert, self).__init__(None, config.kubeconfig, verbose) + self.config = config + self.verbose = verbose + + def get(self): + '''get the current cert file + + If a file exists by the same name in the specified location then the cert exists + ''' + cert = self.config.config_options['cert']['value'] + if cert and os.path.exists(cert): + return open(cert).read() + + return None + + def create(self): + '''run openshift ca cmd''' + options = self.config.to_option_list() + + cmd = ['ca'] + cmd.append(self.config.cmd) + cmd.extend(options) + + return self.openshift_cmd(cmd, oadm=True) + + def exists(self): + ''' check whether the certificate exists and has the clusterIP ''' + + cert_path = self.config.config_options['cert']['value'] + if not os.path.exists(cert_path): + return False + + proc = subprocess.Popen(['openssl', 'x509', '-noout', '-subject', '-in', cert_path], + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + stdout, stderr = proc.communicate() + if proc.returncode == 0: + for var in self.config.config_options['hostnames']['value'].split(','): + if var in stdout: + return True + + return False + + @staticmethod + def run_ansible(params, check_mode): + '''run the idempotent ansible code''' + + config = CAServerCertConfig(params['cmd'], + params['kubeconfig'], + params['debug'], + {'cert': {'value': params['cert'], 'include': True}, + 'hostnames': {'value': ','.join(params['hostnames']), 'include': True}, + 'overwrite': {'value': params['overwrite'], 'include': True}, + 'signer_name': {'value': params['signer_name'], 'include': True}, + 'key': {'value': params['key'], 'include': True}, + 'signer_cert': {'value': params['signer_cert'], 'include': True}, + 'signer_key': {'value': params['signer_key'], 'include': True}, + 'signer_serial': {'value': params['signer_serial'], 'include': True}, + }) + + server_cert = CAServerCert(config) + + state = params['state'] + + if state == 'present': + ######## + # Create + ######## + if not server_cert.exists() or params['overwrite']: + + if check_mode: + return {'changed': True, + 'msg': "CHECK_MODE: Would have created the certificate.", + 'state': state} + + api_rval = server_cert.create() + + return {'changed': True, 'results': api_rval, 'state': state} + + ######## + # Exists + ######## + api_rval = server_cert.get() + return {'changed': False, 'results': api_rval, 'state': state} + + return {'failed': True, + 'msg': 'Unknown state passed. %s' % state} + -- cgit v1.2.3