From 6e94b472e882471792c8d7ed709d24a9d9aaf694 Mon Sep 17 00:00:00 2001 From: Marcus Watkins Date: Thu, 6 Jun 2019 02:51:24 -0600 Subject: [PATCH] Fix #56640: Map k8s ansible keys to api keys (#57418) * Fix #56643: Map ansible keys to api keys * Remove errant print line * Fix pep8 issue * Fix doc line * Added test for validate_certs -> verify_ssl translation for k8s module --- lib/ansible/module_utils/k8s/common.py | 33 ++++++++++++++----- .../targets/k8s/tasks/full_test.yml | 13 ++++++++ 2 files changed, 37 insertions(+), 9 deletions(-) diff --git a/lib/ansible/module_utils/k8s/common.py b/lib/ansible/module_utils/k8s/common.py index 2eaf9da9fc..eccef99066 100644 --- a/lib/ansible/module_utils/k8s/common.py +++ b/lib/ansible/module_utils/k8s/common.py @@ -125,6 +125,21 @@ AUTH_ARG_SPEC = { 'proxy': {}, } +# Map kubernetes-client parameters to ansible parameters +AUTH_ARG_MAP = { + 'kubeconfig': 'kubeconfig', + 'context': 'context', + 'host': 'host', + 'api_key': 'api_key', + 'username': 'username', + 'password': 'password', + 'verify_ssl': 'validate_certs', + 'ssl_ca_cert': 'ca_cert', + 'cert_file': 'client_cert', + 'key_file': 'client_key', + 'proxy': 'proxy', +} + class K8sAnsibleMixin(object): _argspec_cache = None @@ -143,19 +158,19 @@ class K8sAnsibleMixin(object): return self._argspec_cache def get_api_client(self, **auth_params): - auth_args = AUTH_ARG_SPEC.keys() - auth_params = auth_params or getattr(self, 'params', {}) - auth = copy.deepcopy(auth_params) + auth = {} # If authorization variables aren't defined, look for them in environment variables - for arg in auth_args: - if auth_params.get(arg) is None: - env_value = os.getenv('K8S_AUTH_{0}'.format(arg.upper()), None) + for true_name, arg_name in AUTH_ARG_MAP.items(): + if auth_params.get(arg_name) is None: + env_value = os.getenv('K8S_AUTH_{0}'.format(arg_name.upper()), None) or os.getenv('K8S_AUTH_{0}'.format(true_name.upper()), None) if env_value is not None: - if AUTH_ARG_SPEC[arg].get('type') == 'bool': + if AUTH_ARG_SPEC[arg_name].get('type') == 'bool': env_value = env_value.lower() not in ['0', 'false', 'no'] - auth[arg] = env_value + auth[true_name] = env_value + else: + auth[true_name] = auth_params[arg_name] def auth_set(*names): return all([auth.get(name) for name in names]) @@ -175,7 +190,7 @@ class K8sAnsibleMixin(object): # Override any values in the default configuration with Ansible parameters configuration = kubernetes.client.Configuration() for key, value in iteritems(auth): - if key in auth_args and value is not None: + if key in AUTH_ARG_MAP.keys() and value is not None: if key == 'api_key': setattr(configuration, key, {'authorization': "Bearer {0}".format(value)}) else: diff --git a/test/integration/targets/k8s/tasks/full_test.yml b/test/integration/targets/k8s/tasks/full_test.yml index 99e362b770..50a171a0bf 100644 --- a/test/integration/targets/k8s/tasks/full_test.yml +++ b/test/integration/targets/k8s/tasks/full_test.yml @@ -18,6 +18,19 @@ debug: var: output + - name: Setting validate_certs to true causes a failure + k8s: + name: testing + kind: namespace + validate_certs: yes + ignore_errors: yes + register: output + + - name: assert that validate_certs caused a failure (and therefore was correctly translated to verify_ssl) + assert: + that: + - output is failed + - name: k8s_info works with empty resources k8s_info: kind: Deployment