From aa01d9d243c18f2d6ede9357e25d9b64afec55df Mon Sep 17 00:00:00 2001 From: Fabian von Feilitzsch Date: Mon, 10 Sep 2018 15:30:59 -0400 Subject: [PATCH] Set defaults from params after loading files, allowing params to override (#44142) * Set defaults from params after loading files, allowing params to override * cleanup, add some comments --- lib/ansible/module_utils/k8s/common.py | 62 +++++++++----------------- 1 file changed, 22 insertions(+), 40 deletions(-) diff --git a/lib/ansible/module_utils/k8s/common.py b/lib/ansible/module_utils/k8s/common.py index 3788a4e2a94..ae82f323701 100644 --- a/lib/ansible/module_utils/k8s/common.py +++ b/lib/ansible/module_utils/k8s/common.py @@ -139,57 +139,39 @@ class K8sAnsibleMixin(object): auth_params = auth_params or getattr(self, 'params', {}) auth = copy.deepcopy(auth_params) - configuration = kubernetes.client.Configuration() + # If authorization variables aren't defined, look for them in environment variables for key, value in iteritems(auth_params): - if key in auth_args and value is not None: - if key == 'api_key': - setattr(configuration, key, {'authorization': "Bearer {0}".format(value)}) - else: - setattr(configuration, key, value) - elif key in auth_args and value is None: + if key in auth_args and value is None: env_value = os.getenv('K8S_AUTH_{0}'.format(key.upper()), None) if env_value is not None: - if key == 'api_key': - setattr(configuration, key, {'authorization': "Bearer {0}".format(env_value)}) - else: - setattr(configuration, key, env_value) - auth[key] = env_value + auth[key] = env_value - kubernetes.client.Configuration.set_default(configuration) + def auth_set(*names): + return all([auth.get(name) for name in names]) - if auth.get('username') and auth.get('password') and auth.get('host'): - auth_method = 'params' - elif auth.get('api_key') and auth.get('host'): - auth_method = 'params' - elif auth.get('kubeconfig') or auth.get('context'): - auth_method = 'file' + if auth_set('username', 'password', 'host') or auth_set('api_key', 'host'): + # We have enough in the parameters to authenticate, no need to load incluster or kubeconfig + pass + elif auth_set('kubeconfig', 'context'): + kubernetes.config.load_kube_config(auth.get('kubeconfig'), auth.get('context')) else: - auth_method = 'default' - - # First try to do incluster config, then kubeconfig - if auth_method == 'default': + # First try to do incluster config, then kubeconfig try: kubernetes.config.load_incluster_config() - return DynamicClient(kubernetes.client.ApiClient()) except kubernetes.config.ConfigException: - return DynamicClient(self.client_from_kubeconfig(auth.get('kubeconfig'), auth.get('context'))) - - if auth_method == 'file': - return DynamicClient(self.client_from_kubeconfig(auth.get('kubeconfig'), auth.get('context'))) + kubernetes.config.load_kube_config(auth.get('kubeconfig'), auth.get('context')) - if auth_method == 'params': - return DynamicClient(kubernetes.client.ApiClient(configuration)) + # Override any values in the default configuration with Ansible parameters + configuration = kubernetes.client.Configuration() + for key, value in iteritems(auth): + if key in auth_args and value is not None: + if key == 'api_key': + setattr(configuration, key, {'authorization': "Bearer {0}".format(value)}) + else: + setattr(configuration, key, value) - def client_from_kubeconfig(self, config_file, context): - try: - return kubernetes.config.new_client_from_config(config_file, context) - except (IOError, kubernetes.config.ConfigException): - # If we failed to load the default config file then we'll return - # an empty configuration - # If one was specified, we will crash - if not config_file: - return kubernetes.client.ApiClient() - raise + kubernetes.client.Configuration.set_default(configuration) + return DynamicClient(kubernetes.client.ApiClient(configuration)) def find_resource(self, kind, api_version, fail=False): for attribute in ['kind', 'name', 'singular_name']: