2018-07-23 04:05:25 +00:00
|
|
|
# Copyright 2018 Red Hat | Ansible
|
2017-12-23 21:41:38 +00:00
|
|
|
#
|
|
|
|
|
# This file is part of Ansible
|
|
|
|
|
#
|
|
|
|
|
# Ansible is free software: you can redistribute it and/or modify
|
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
# (at your option) any later version.
|
|
|
|
|
#
|
|
|
|
|
# Ansible is distributed in the hope that it will be useful,
|
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
|
#
|
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
|
|
from __future__ import absolute_import, division, print_function
|
|
|
|
|
|
|
|
|
|
import copy
|
openshift inventory plugin: fix exception when auth fails (#45826)
* openshift inventory: fix exception when auth fails
Fix 'ForbiddenError' object has no attribute 'message':
[WARNING]: * Failed to parse test.yml with openshift plugin: 'ForbiddenError' object has no attribute 'message'
File "ansible/lib/ansible/inventory/manager.py", line 270, in parse_source
plugin.parse(self._inventory, self._loader, source, cache=cache)
File "ansible/lib/ansible/plugins/inventory/openshift.py", line 122, in parse
self.setup(config_data, cache, cache_key)
File "ansible/lib/ansible/module_utils/k8s/inventory.py", line 58, in setup
self.fetch_objects(connections)
File "ansible/lib/ansible/module_utils/k8s/inventory.py", line 250, in fetch_objects
super(OpenShiftInventoryHelper, self).fetch_objects(connections)
File "ansible/lib/ansible/module_utils/k8s/inventory.py", line 81, in fetch_objects
namespaces = self.get_available_namespaces(client)
File "ansible/lib/ansible/module_utils/k8s/inventory.py", line 95, in get_available_namespaces
raise K8sInventoryException('Error fetching Namespace list: {0}'.format(exc.message))
Don't try to get 'message' attribute from:
- K8sInventoryException instances
- Exception instances
- KubernetesException instances (because KubernetesException can be
Exception)
* move k8s/OpenShift inventory plugin dedicated code
inventory plugin specific code should not be located in
lib/ansible/module_utils directory. Then ansible.utils methods can be
reused (for example Display).
* Remove unused class variables 'helper'
unused since 4d77878654e867c23d5f6c61422bdae7120393bc.
2018-09-26 22:16:54 +00:00
|
|
|
import json
|
|
|
|
|
import os
|
2019-02-06 17:39:17 +00:00
|
|
|
import traceback
|
2017-12-25 17:09:31 +00:00
|
|
|
|
2017-12-23 21:41:38 +00:00
|
|
|
|
2019-02-06 17:39:17 +00:00
|
|
|
from ansible.module_utils.basic import AnsibleModule, missing_required_lib
|
2018-10-02 07:24:52 +00:00
|
|
|
from ansible.module_utils.common.dict_transformations import recursive_diff
|
2018-07-09 13:33:16 +00:00
|
|
|
from ansible.module_utils.six import iteritems, string_types
|
2019-02-06 17:39:17 +00:00
|
|
|
from ansible.module_utils._text import to_native
|
2017-12-23 21:41:38 +00:00
|
|
|
|
2019-02-06 17:39:17 +00:00
|
|
|
K8S_IMP_ERR = None
|
2017-12-23 21:41:38 +00:00
|
|
|
try:
|
2018-05-30 17:04:48 +00:00
|
|
|
import kubernetes
|
2018-07-23 04:05:25 +00:00
|
|
|
import openshift
|
2018-05-30 17:04:48 +00:00
|
|
|
from openshift.dynamic import DynamicClient
|
|
|
|
|
from openshift.dynamic.exceptions import ResourceNotFoundError, ResourceNotUniqueError
|
2017-12-23 21:41:38 +00:00
|
|
|
HAS_K8S_MODULE_HELPER = True
|
2019-01-15 00:44:59 +00:00
|
|
|
k8s_import_exception = None
|
|
|
|
|
except ImportError as e:
|
2017-12-23 21:41:38 +00:00
|
|
|
HAS_K8S_MODULE_HELPER = False
|
2019-01-15 00:44:59 +00:00
|
|
|
k8s_import_exception = e
|
2019-02-06 17:39:17 +00:00
|
|
|
K8S_IMP_ERR = traceback.format_exc()
|
2017-12-23 21:41:38 +00:00
|
|
|
|
2019-02-06 17:39:17 +00:00
|
|
|
YAML_IMP_ERR = None
|
2017-12-23 21:41:38 +00:00
|
|
|
try:
|
|
|
|
|
import yaml
|
|
|
|
|
HAS_YAML = True
|
|
|
|
|
except ImportError:
|
2019-02-06 17:39:17 +00:00
|
|
|
YAML_IMP_ERR = traceback.format_exc()
|
2017-12-23 21:41:38 +00:00
|
|
|
HAS_YAML = False
|
|
|
|
|
|
2018-05-30 17:04:48 +00:00
|
|
|
try:
|
|
|
|
|
import urllib3
|
|
|
|
|
urllib3.disable_warnings()
|
|
|
|
|
except ImportError:
|
2017-12-23 21:41:38 +00:00
|
|
|
pass
|
|
|
|
|
|
2018-07-09 13:33:16 +00:00
|
|
|
|
|
|
|
|
def list_dict_str(value):
|
|
|
|
|
if isinstance(value, list):
|
|
|
|
|
return value
|
|
|
|
|
elif isinstance(value, dict):
|
|
|
|
|
return value
|
|
|
|
|
elif isinstance(value, string_types):
|
|
|
|
|
return value
|
|
|
|
|
raise TypeError
|
|
|
|
|
|
2018-07-29 11:46:06 +00:00
|
|
|
|
2018-05-30 17:04:48 +00:00
|
|
|
ARG_ATTRIBUTES_BLACKLIST = ('property_path',)
|
|
|
|
|
|
|
|
|
|
COMMON_ARG_SPEC = {
|
|
|
|
|
'state': {
|
|
|
|
|
'default': 'present',
|
|
|
|
|
'choices': ['present', 'absent'],
|
|
|
|
|
},
|
|
|
|
|
'force': {
|
|
|
|
|
'type': 'bool',
|
|
|
|
|
'default': False,
|
|
|
|
|
},
|
|
|
|
|
'resource_definition': {
|
2018-07-09 13:33:16 +00:00
|
|
|
'type': list_dict_str,
|
2018-05-30 17:04:48 +00:00
|
|
|
'aliases': ['definition', 'inline']
|
|
|
|
|
},
|
|
|
|
|
'src': {
|
|
|
|
|
'type': 'path',
|
|
|
|
|
},
|
|
|
|
|
'kind': {},
|
|
|
|
|
'name': {},
|
|
|
|
|
'namespace': {},
|
|
|
|
|
'api_version': {
|
|
|
|
|
'default': 'v1',
|
|
|
|
|
'aliases': ['api', 'version'],
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
AUTH_ARG_SPEC = {
|
|
|
|
|
'kubeconfig': {
|
|
|
|
|
'type': 'path',
|
|
|
|
|
},
|
|
|
|
|
'context': {},
|
|
|
|
|
'host': {},
|
|
|
|
|
'api_key': {
|
|
|
|
|
'no_log': True,
|
|
|
|
|
},
|
|
|
|
|
'username': {},
|
|
|
|
|
'password': {
|
|
|
|
|
'no_log': True,
|
|
|
|
|
},
|
|
|
|
|
'verify_ssl': {
|
|
|
|
|
'type': 'bool',
|
|
|
|
|
},
|
|
|
|
|
'ssl_ca_cert': {
|
|
|
|
|
'type': 'path',
|
|
|
|
|
},
|
|
|
|
|
'cert_file': {
|
|
|
|
|
'type': 'path',
|
|
|
|
|
},
|
|
|
|
|
'key_file': {
|
|
|
|
|
'type': 'path',
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class K8sAnsibleMixin(object):
|
|
|
|
|
_argspec_cache = None
|
2017-12-23 21:41:38 +00:00
|
|
|
|
|
|
|
|
@property
|
2018-01-09 12:22:46 +00:00
|
|
|
def argspec(self):
|
2018-05-30 17:04:48 +00:00
|
|
|
"""
|
|
|
|
|
Introspect the model properties, and return an Ansible module arg_spec dict.
|
|
|
|
|
:return: dict
|
|
|
|
|
"""
|
|
|
|
|
if self._argspec_cache:
|
|
|
|
|
return self._argspec_cache
|
|
|
|
|
argument_spec = copy.deepcopy(COMMON_ARG_SPEC)
|
|
|
|
|
argument_spec.update(copy.deepcopy(AUTH_ARG_SPEC))
|
|
|
|
|
self._argspec_cache = argument_spec
|
|
|
|
|
return self._argspec_cache
|
|
|
|
|
|
|
|
|
|
def get_api_client(self, **auth_params):
|
|
|
|
|
auth_args = AUTH_ARG_SPEC.keys()
|
|
|
|
|
|
|
|
|
|
auth_params = auth_params or getattr(self, 'params', {})
|
|
|
|
|
auth = copy.deepcopy(auth_params)
|
|
|
|
|
|
2018-09-10 19:30:59 +00:00
|
|
|
# If authorization variables aren't defined, look for them in environment variables
|
2019-01-30 21:52:12 +00:00
|
|
|
for arg in auth_args:
|
|
|
|
|
if auth_params.get(arg) is None:
|
|
|
|
|
env_value = os.getenv('K8S_AUTH_{0}'.format(arg.upper()), None)
|
2018-05-30 17:04:48 +00:00
|
|
|
if env_value is not None:
|
2019-02-11 14:49:00 +00:00
|
|
|
if AUTH_ARG_SPEC[arg].get('type') == 'bool':
|
|
|
|
|
env_value = env_value.lower() not in ['0', 'false', 'no']
|
2019-01-30 21:52:12 +00:00
|
|
|
auth[arg] = env_value
|
2018-05-30 17:04:48 +00:00
|
|
|
|
2018-09-10 19:30:59 +00:00
|
|
|
def auth_set(*names):
|
|
|
|
|
return all([auth.get(name) for name in names])
|
2018-05-30 17:04:48 +00:00
|
|
|
|
2018-09-10 19:30:59 +00:00
|
|
|
if auth_set('username', 'password', 'host') or auth_set('api_key', 'host'):
|
|
|
|
|
# We have enough in the parameters to authenticate, no need to load incluster or kubeconfig
|
|
|
|
|
pass
|
2018-10-23 06:53:22 +00:00
|
|
|
elif auth_set('kubeconfig') or auth_set('context'):
|
2018-09-10 19:30:59 +00:00
|
|
|
kubernetes.config.load_kube_config(auth.get('kubeconfig'), auth.get('context'))
|
2018-05-30 17:04:48 +00:00
|
|
|
else:
|
2018-09-10 19:30:59 +00:00
|
|
|
# First try to do incluster config, then kubeconfig
|
2018-05-30 17:04:48 +00:00
|
|
|
try:
|
|
|
|
|
kubernetes.config.load_incluster_config()
|
|
|
|
|
except kubernetes.config.ConfigException:
|
2018-09-10 19:30:59 +00:00
|
|
|
kubernetes.config.load_kube_config(auth.get('kubeconfig'), auth.get('context'))
|
|
|
|
|
|
|
|
|
|
# Override any values in the default configuration with Ansible parameters
|
|
|
|
|
configuration = kubernetes.client.Configuration()
|
|
|
|
|
for key, value in iteritems(auth):
|
|
|
|
|
if key in auth_args and value is not None:
|
|
|
|
|
if key == 'api_key':
|
|
|
|
|
setattr(configuration, key, {'authorization': "Bearer {0}".format(value)})
|
|
|
|
|
else:
|
|
|
|
|
setattr(configuration, key, value)
|
|
|
|
|
|
|
|
|
|
kubernetes.client.Configuration.set_default(configuration)
|
|
|
|
|
return DynamicClient(kubernetes.client.ApiClient(configuration))
|
2018-05-30 17:04:48 +00:00
|
|
|
|
|
|
|
|
def find_resource(self, kind, api_version, fail=False):
|
|
|
|
|
for attribute in ['kind', 'name', 'singular_name']:
|
|
|
|
|
try:
|
|
|
|
|
return self.client.resources.get(**{'api_version': api_version, attribute: kind})
|
|
|
|
|
except (ResourceNotFoundError, ResourceNotUniqueError):
|
|
|
|
|
pass
|
2018-05-26 05:30:16 +00:00
|
|
|
try:
|
2018-05-30 17:04:48 +00:00
|
|
|
return self.client.resources.get(api_version=api_version, short_names=[kind])
|
|
|
|
|
except (ResourceNotFoundError, ResourceNotUniqueError):
|
|
|
|
|
if fail:
|
|
|
|
|
self.fail(msg='Failed to find exact match for {0}.{1} by [kind, name, singularName, shortNames]'.format(api_version, kind))
|
2017-12-23 21:41:38 +00:00
|
|
|
|
2018-06-21 22:24:52 +00:00
|
|
|
def kubernetes_facts(self, kind, api_version, name=None, namespace=None, label_selectors=None, field_selectors=None):
|
|
|
|
|
resource = self.find_resource(kind, api_version)
|
2018-11-06 13:43:55 +00:00
|
|
|
if not resource:
|
|
|
|
|
return dict(resources=[])
|
2018-08-28 02:51:26 +00:00
|
|
|
try:
|
|
|
|
|
result = resource.get(name=name,
|
|
|
|
|
namespace=namespace,
|
|
|
|
|
label_selector=','.join(label_selectors),
|
|
|
|
|
field_selector=','.join(field_selectors)).to_dict()
|
|
|
|
|
except openshift.dynamic.exceptions.NotFoundError:
|
2018-10-12 09:11:48 +00:00
|
|
|
return dict(resources=[])
|
2018-08-28 02:51:26 +00:00
|
|
|
|
2018-06-21 22:24:52 +00:00
|
|
|
if 'items' in result:
|
2018-08-29 11:04:04 +00:00
|
|
|
return dict(resources=result['items'])
|
2018-06-21 22:24:52 +00:00
|
|
|
else:
|
2018-08-29 11:04:04 +00:00
|
|
|
return dict(resources=[result])
|
2018-06-21 22:24:52 +00:00
|
|
|
|
2018-01-09 12:22:46 +00:00
|
|
|
def remove_aliases(self):
|
2017-12-23 21:41:38 +00:00
|
|
|
"""
|
|
|
|
|
The helper doesn't know what to do with aliased keys
|
|
|
|
|
"""
|
2018-01-09 12:22:46 +00:00
|
|
|
for k, v in iteritems(self.argspec):
|
2017-12-23 21:41:38 +00:00
|
|
|
if 'aliases' in v:
|
|
|
|
|
for alias in v['aliases']:
|
|
|
|
|
if alias in self.params:
|
|
|
|
|
self.params.pop(alias)
|
|
|
|
|
|
2018-05-30 17:04:48 +00:00
|
|
|
def load_resource_definitions(self, src):
|
2017-12-23 21:41:38 +00:00
|
|
|
""" Load the requested src path """
|
|
|
|
|
result = None
|
|
|
|
|
path = os.path.normpath(src)
|
|
|
|
|
if not os.path.exists(path):
|
2018-05-30 17:04:48 +00:00
|
|
|
self.fail(msg="Error accessing {0}. Does the file exist?".format(path))
|
2017-12-23 21:41:38 +00:00
|
|
|
try:
|
2018-05-30 17:04:48 +00:00
|
|
|
with open(path, 'r') as f:
|
|
|
|
|
result = list(yaml.safe_load_all(f))
|
2017-12-23 21:41:38 +00:00
|
|
|
except (IOError, yaml.YAMLError) as exc:
|
2018-05-30 17:04:48 +00:00
|
|
|
self.fail(msg="Error loading resource_definition: {0}".format(exc))
|
2017-12-23 21:41:38 +00:00
|
|
|
return result
|
|
|
|
|
|
2018-05-30 17:04:48 +00:00
|
|
|
@staticmethod
|
|
|
|
|
def diff_objects(existing, new):
|
2018-10-02 07:24:52 +00:00
|
|
|
result = dict()
|
|
|
|
|
diff = recursive_diff(existing, new)
|
|
|
|
|
if diff:
|
|
|
|
|
result['before'] = diff[0]
|
|
|
|
|
result['after'] = diff[1]
|
|
|
|
|
return not diff, result
|
2018-05-16 15:57:36 +00:00
|
|
|
|
|
|
|
|
|
2018-05-30 17:04:48 +00:00
|
|
|
class KubernetesAnsibleModule(AnsibleModule, K8sAnsibleMixin):
|
|
|
|
|
resource_definition = None
|
|
|
|
|
api_version = None
|
|
|
|
|
kind = None
|
|
|
|
|
|
|
|
|
|
def __init__(self, *args, **kwargs):
|
|
|
|
|
|
|
|
|
|
kwargs['argument_spec'] = self.argspec
|
|
|
|
|
AnsibleModule.__init__(self, *args, **kwargs)
|
|
|
|
|
|
|
|
|
|
if not HAS_K8S_MODULE_HELPER:
|
2019-02-06 17:39:17 +00:00
|
|
|
self.fail_json(msg=missing_required_lib('openshift'), exception=K8S_IMP_ERR,
|
|
|
|
|
error=to_native(k8s_import_exception))
|
2018-07-23 04:05:25 +00:00
|
|
|
self.openshift_version = openshift.__version__
|
2018-05-30 17:04:48 +00:00
|
|
|
|
|
|
|
|
if not HAS_YAML:
|
2019-02-06 17:39:17 +00:00
|
|
|
self.fail_json(msg=missing_required_lib("PyYAML"), exception=YAML_IMP_ERR)
|
2018-05-30 17:04:48 +00:00
|
|
|
|
|
|
|
|
def execute_module(self):
|
|
|
|
|
raise NotImplementedError()
|
|
|
|
|
|
|
|
|
|
def fail(self, msg=None):
|
|
|
|
|
self.fail_json(msg=msg)
|
