Backport/2.8/57418 (#60683)

* Backport to stable-2.8: Fix #56640: Map k8s ansible keys to api keys (#57418) * Fix #56643: Map ansible keys to api keys * Remove errant print line * Fix pep8 issue * Fix doc line * Added test for validate_certs -> verify_ssl translation for k8s module (cherry picked from commit 6e94b472e8) * Removed proxy from AUTH_ARG_MAP and added fragment for backport * Rename backport-57418.yaml to 60683-backport-57418.yaml * Update 60683-backport-57418.yaml
6 years ago · 9fe0971004
parent db9cb0682d
commit 9fe0971004
3 changed files with 38 additions and 9 deletions
--- a/changelogs/fragments/60683-backport-57418.yaml
+++ b/changelogs/fragments/60683-backport-57418.yaml
@ -0,0 +1,2 @@
+bugfixes:
+  - Backported to stable-2.8 - Fix #56640 Map k8s ansible keys to api keys (https://github.com/ansible/ansible/pull/57418)
--- a/lib/ansible/module_utils/k8s/common.py
+++ b/lib/ansible/module_utils/k8s/common.py
@ -124,6 +124,20 @@ AUTH_ARG_SPEC = {
    },
 }

+# Map kubernetes-client parameters to ansible parameters
+AUTH_ARG_MAP = {
+    'kubeconfig': 'kubeconfig',
+    'context': 'context',
+    'host': 'host',
+    'api_key': 'api_key',
+    'username': 'username',
+    'password': 'password',
+    'verify_ssl': 'validate_certs',
+    'ssl_ca_cert': 'ca_cert',
+    'cert_file': 'client_cert',
+    'key_file': 'client_key',
+}
+

 class K8sAnsibleMixin(object):
    _argspec_cache = None
@ -142,19 +156,19 @@ class K8sAnsibleMixin(object):
        return self._argspec_cache

    def get_api_client(self, **auth_params):
-        auth_args = AUTH_ARG_SPEC.keys()
-
        auth_params = auth_params or getattr(self, 'params', {})
-        auth = copy.deepcopy(auth_params)
+        auth = {}

        # If authorization variables aren't defined, look for them in environment variables
-        for arg in auth_args:
-            if auth_params.get(arg) is None:
-                env_value = os.getenv('K8S_AUTH_{0}'.format(arg.upper()), None)
+        for true_name, arg_name in AUTH_ARG_MAP.items():
+            if auth_params.get(arg_name) is None:
+                env_value = os.getenv('K8S_AUTH_{0}'.format(arg_name.upper()), None) or os.getenv('K8S_AUTH_{0}'.format(true_name.upper()), None)
                if env_value is not None:
-                    if AUTH_ARG_SPEC[arg].get('type') == 'bool':
+                    if AUTH_ARG_SPEC[arg_name].get('type') == 'bool':
                        env_value = env_value.lower() not in ['0', 'false', 'no']
-                    auth[arg] = env_value
+                    auth[true_name] = env_value
+            else:
+                auth[true_name] = auth_params[arg_name]

        def auth_set(*names):
            return all([auth.get(name) for name in names])
@ -174,7 +188,7 @@ class K8sAnsibleMixin(object):
        # Override any values in the default configuration with Ansible parameters
        configuration = kubernetes.client.Configuration()
        for key, value in iteritems(auth):
-            if key in auth_args and value is not None:
+            if key in AUTH_ARG_MAP.keys() and value is not None:
                if key == 'api_key':
                    setattr(configuration, key, {'authorization': "Bearer {0}".format(value)})
                else:
--- a/test/integration/targets/k8s/tasks/full_test.yml
+++ b/test/integration/targets/k8s/tasks/full_test.yml
@ -17,6 +17,19 @@
      debug:
        var: output

+    - name: Setting validate_certs to true causes a failure
+      k8s:
+        name: testing
+        kind: namespace
+        validate_certs: yes
+      ignore_errors: yes
+      register: output
+
+    - name: assert that validate_certs caused a failure (and therefore was correctly translated to verify_ssl)
+      assert:
+        that:
+          - output is failed
+
    - name: k8s_facts works with empty resources
      k8s_facts:
        kind: Deployment