From 66cc0be1dc9ba371ff8d5b537ea6a6798fe11cae Mon Sep 17 00:00:00 2001 From: Monis Khan Date: Wed, 1 Mar 2017 21:54:03 -0500 Subject: Make generic OCObjectValidator from OCSDNValidator Signed-off-by: Monis Khan --- .../lib_openshift/src/class/oc_objectvalidator.py | 77 ++++++++++++++++++++++ roles/lib_openshift/src/class/oc_sdnvalidator.py | 58 ---------------- 2 files changed, 77 insertions(+), 58 deletions(-) create mode 100644 roles/lib_openshift/src/class/oc_objectvalidator.py delete mode 100644 roles/lib_openshift/src/class/oc_sdnvalidator.py (limited to 'roles/lib_openshift/src/class') diff --git a/roles/lib_openshift/src/class/oc_objectvalidator.py b/roles/lib_openshift/src/class/oc_objectvalidator.py new file mode 100644 index 000000000..b76fc995e --- /dev/null +++ b/roles/lib_openshift/src/class/oc_objectvalidator.py @@ -0,0 +1,77 @@ +# pylint: skip-file +# flake8: noqa + +# pylint: disable=too-many-instance-attributes +class OCObjectValidator(OpenShiftCLI): + ''' Class to wrap the oc command line tools ''' + + def __init__(self, kubeconfig): + ''' Constructor for OCObjectValidator ''' + # namespace has no meaning for object validation, hardcode to 'default' + super(OCObjectValidator, self).__init__('default', kubeconfig) + + def get_invalid(self, kind, invalid_filter): + ''' return invalid object information ''' + + rval = self._get(kind) + if rval['returncode'] != 0: + return False, rval, [] + + return True, rval, list(filter(invalid_filter, rval['results'][0]['items'])) # wrap filter with list for py3 + + # pylint: disable=too-many-return-statements + @staticmethod + def run_ansible(params): + ''' run the idempotent ansible code + + params comes from the ansible portion of this module + ''' + + objectvalidator = OCObjectValidator(params['kubeconfig']) + all_invalid = {} + failed = False + + def _is_invalid_namespace(namespace): + # check if it uses a reserved name + name = namespace['metadata']['name'] + if not any((name == 'kube', + name == 'openshift', + name.startswith('kube-'), + name.startswith('openshift-'),)): + return False + + # determine if the namespace was created by a user + if 'annotations' not in namespace['metadata']: + return False + return 'openshift.io/requester' in namespace['metadata']['annotations'] + + checks = ( + ( + 'hostsubnet', + lambda x: x['metadata']['name'] != x['host'], + u'hostsubnets where metadata.name != host', + ), + ( + 'netnamespace', + lambda x: x['metadata']['name'] != x['netname'], + u'netnamespaces where metadata.name != netname', + ), + ( + 'namespace', + _is_invalid_namespace, + u'namespaces that use reserved names and were not created by infrastructure components', + ), + ) + + for resource, invalid_filter, invalid_msg in checks: + success, rval, invalid = objectvalidator.get_invalid(resource, invalid_filter) + if not success: + return {'failed': True, 'msg': 'Failed to GET {}.'.format(resource), 'state': 'list', 'results': rval} + if invalid: + failed = True + all_invalid[invalid_msg] = invalid + + if failed: + return {'failed': True, 'msg': 'All objects are not valid.', 'state': 'list', 'results': all_invalid} + + return {'msg': 'All objects are valid.'} diff --git a/roles/lib_openshift/src/class/oc_sdnvalidator.py b/roles/lib_openshift/src/class/oc_sdnvalidator.py deleted file mode 100644 index da923337b..000000000 --- a/roles/lib_openshift/src/class/oc_sdnvalidator.py +++ /dev/null @@ -1,58 +0,0 @@ -# pylint: skip-file -# flake8: noqa - -# pylint: disable=too-many-instance-attributes -class OCSDNValidator(OpenShiftCLI): - ''' Class to wrap the oc command line tools ''' - - def __init__(self, kubeconfig): - ''' Constructor for OCSDNValidator ''' - # namespace has no meaning for SDN validation, hardcode to 'default' - super(OCSDNValidator, self).__init__('default', kubeconfig) - - def get(self, kind, invalid_filter): - ''' return SDN information ''' - - rval = self._get(kind) - if rval['returncode'] != 0: - return False, rval, [] - - return True, rval, filter(invalid_filter, rval['results'][0]['items']) - - # pylint: disable=too-many-return-statements - @staticmethod - def run_ansible(params): - ''' run the idempotent ansible code - - params comes from the ansible portion of this module - ''' - - sdnvalidator = OCSDNValidator(params['kubeconfig']) - all_invalid = {} - failed = False - - checks = ( - ( - 'hostsubnet', - lambda x: x['metadata']['name'] != x['host'], - u'hostsubnets where metadata.name != host', - ), - ( - 'netnamespace', - lambda x: x['metadata']['name'] != x['netname'], - u'netnamespaces where metadata.name != netname', - ), - ) - - for resource, invalid_filter, invalid_msg in checks: - success, rval, invalid = sdnvalidator.get(resource, invalid_filter) - if not success: - return {'failed': True, 'msg': 'Failed to GET {}.'.format(resource), 'state': 'list', 'results': rval} - if invalid: - failed = True - all_invalid[invalid_msg] = invalid - - if failed: - return {'failed': True, 'msg': 'All SDN objects are not valid.', 'state': 'list', 'results': all_invalid} - - return {'msg': 'All SDN objects are valid.'} -- cgit v1.2.3