From 9fe0971004b94ac1b042e81efddf256125c9e7f2 Mon Sep 17 00:00:00 2001
From: rob8714 <52884642+rob8714@users.noreply.github.com>
Date: Tue, 3 Sep 2019 21:42:15 +0200
Subject: [PATCH] Backport/2.8/57418 (#60683)

* Backport to stable-2.8: Fix #56640: Map k8s ansible keys to api keys (#57418)

* Fix #56643: Map ansible keys to api keys

* Remove errant print line

* Fix pep8 issue

* Fix doc line

* Added test for validate_certs -> verify_ssl translation for k8s module

(cherry picked from commit 6e94b472e882471792c8d7ed709d24a9d9aaf694)

* Removed proxy from AUTH_ARG_MAP and added fragment for backport

* Rename backport-57418.yaml to 60683-backport-57418.yaml

* Update 60683-backport-57418.yaml
---
 .../fragments/60683-backport-57418.yaml       |  2 ++
 lib/ansible/module_utils/k8s/common.py        | 32 +++++++++++++------
 .../targets/k8s/tasks/full_test.yml           | 13 ++++++++
 3 files changed, 38 insertions(+), 9 deletions(-)
 create mode 100644 changelogs/fragments/60683-backport-57418.yaml

diff --git a/changelogs/fragments/60683-backport-57418.yaml b/changelogs/fragments/60683-backport-57418.yaml
new file mode 100644
index 00000000000..34984c7850a
--- /dev/null
+++ b/changelogs/fragments/60683-backport-57418.yaml
@@ -0,0 +1,2 @@
+bugfixes:
+  - Backported to stable-2.8 - Fix #56640 Map k8s ansible keys to api keys (https://github.com/ansible/ansible/pull/57418)
diff --git a/lib/ansible/module_utils/k8s/common.py b/lib/ansible/module_utils/k8s/common.py
index a24ad67646e..4d1621fdd76 100644
--- a/lib/ansible/module_utils/k8s/common.py
+++ b/lib/ansible/module_utils/k8s/common.py
@@ -124,6 +124,20 @@ AUTH_ARG_SPEC = {
     },
 }
 
+# Map kubernetes-client parameters to ansible parameters
+AUTH_ARG_MAP = {
+    'kubeconfig': 'kubeconfig',
+    'context': 'context',
+    'host': 'host',
+    'api_key': 'api_key',
+    'username': 'username',
+    'password': 'password',
+    'verify_ssl': 'validate_certs',
+    'ssl_ca_cert': 'ca_cert',
+    'cert_file': 'client_cert',
+    'key_file': 'client_key',
+}
+
 
 class K8sAnsibleMixin(object):
     _argspec_cache = None
@@ -142,19 +156,19 @@ class K8sAnsibleMixin(object):
         return self._argspec_cache
 
     def get_api_client(self, **auth_params):
-        auth_args = AUTH_ARG_SPEC.keys()
-
         auth_params = auth_params or getattr(self, 'params', {})
-        auth = copy.deepcopy(auth_params)
+        auth = {}
 
         # If authorization variables aren't defined, look for them in environment variables
-        for arg in auth_args:
-            if auth_params.get(arg) is None:
-                env_value = os.getenv('K8S_AUTH_{0}'.format(arg.upper()), None)
+        for true_name, arg_name in AUTH_ARG_MAP.items():
+            if auth_params.get(arg_name) is None:
+                env_value = os.getenv('K8S_AUTH_{0}'.format(arg_name.upper()), None) or os.getenv('K8S_AUTH_{0}'.format(true_name.upper()), None)
                 if env_value is not None:
-                    if AUTH_ARG_SPEC[arg].get('type') == 'bool':
+                    if AUTH_ARG_SPEC[arg_name].get('type') == 'bool':
                         env_value = env_value.lower() not in ['0', 'false', 'no']
-                    auth[arg] = env_value
+                    auth[true_name] = env_value
+            else:
+                auth[true_name] = auth_params[arg_name]
 
         def auth_set(*names):
             return all([auth.get(name) for name in names])
@@ -174,7 +188,7 @@ class K8sAnsibleMixin(object):
         # Override any values in the default configuration with Ansible parameters
         configuration = kubernetes.client.Configuration()
         for key, value in iteritems(auth):
-            if key in auth_args and value is not None:
+            if key in AUTH_ARG_MAP.keys() and value is not None:
                 if key == 'api_key':
                     setattr(configuration, key, {'authorization': "Bearer {0}".format(value)})
                 else:
diff --git a/test/integration/targets/k8s/tasks/full_test.yml b/test/integration/targets/k8s/tasks/full_test.yml
index de936660a1c..54cae526a1e 100644
--- a/test/integration/targets/k8s/tasks/full_test.yml
+++ b/test/integration/targets/k8s/tasks/full_test.yml
@@ -17,6 +17,19 @@
       debug:
         var: output
 
+    - name: Setting validate_certs to true causes a failure
+      k8s:
+        name: testing
+        kind: namespace
+        validate_certs: yes
+      ignore_errors: yes
+      register: output
+
+    - name: assert that validate_certs caused a failure (and therefore was correctly translated to verify_ssl)
+      assert:
+        that:
+          - output is failed
+
     - name: k8s_facts works with empty resources
       k8s_facts:
         kind: Deployment