From e3540472589ecd0a5e820082a52784a34f5e0fec Mon Sep 17 00:00:00 2001 From: Fabian von Feilitzsch Date: Mon, 10 Sep 2018 20:34:30 -0400 Subject: [PATCH] Set defaults from params after loading files, allowing params to override (#45442) * Set defaults from params after loading files, allowing params to override (#44142) * Set defaults from params after loading files, allowing params to override * cleanup, add some comments (cherry picked from commit aa01d9d243c18f2d6ede9357e25d9b64afec55df) * Add client_from_kubeconfig function back for 2.7.0 since it's late in the 2.7 cycle to remove module_util code. --- lib/ansible/module_utils/k8s/common.py | 51 +++++++++++--------------- 1 file changed, 22 insertions(+), 29 deletions(-) diff --git a/lib/ansible/module_utils/k8s/common.py b/lib/ansible/module_utils/k8s/common.py index 3788a4e2a94..e05f1ee7ccb 100644 --- a/lib/ansible/module_utils/k8s/common.py +++ b/lib/ansible/module_utils/k8s/common.py @@ -139,46 +139,39 @@ class K8sAnsibleMixin(object): auth_params = auth_params or getattr(self, 'params', {}) auth = copy.deepcopy(auth_params) - configuration = kubernetes.client.Configuration() + # If authorization variables aren't defined, look for them in environment variables for key, value in iteritems(auth_params): - if key in auth_args and value is not None: - if key == 'api_key': - setattr(configuration, key, {'authorization': "Bearer {0}".format(value)}) - else: - setattr(configuration, key, value) - elif key in auth_args and value is None: + if key in auth_args and value is None: env_value = os.getenv('K8S_AUTH_{0}'.format(key.upper()), None) if env_value is not None: - if key == 'api_key': - setattr(configuration, key, {'authorization': "Bearer {0}".format(env_value)}) - else: - setattr(configuration, key, env_value) - auth[key] = env_value + auth[key] = env_value - kubernetes.client.Configuration.set_default(configuration) + def auth_set(*names): + return all([auth.get(name) for name in names]) - if auth.get('username') and auth.get('password') and auth.get('host'): - auth_method = 'params' - elif auth.get('api_key') and auth.get('host'): - auth_method = 'params' - elif auth.get('kubeconfig') or auth.get('context'): - auth_method = 'file' + if auth_set('username', 'password', 'host') or auth_set('api_key', 'host'): + # We have enough in the parameters to authenticate, no need to load incluster or kubeconfig + pass + elif auth_set('kubeconfig', 'context'): + kubernetes.config.load_kube_config(auth.get('kubeconfig'), auth.get('context')) else: - auth_method = 'default' - - # First try to do incluster config, then kubeconfig - if auth_method == 'default': + # First try to do incluster config, then kubeconfig try: kubernetes.config.load_incluster_config() - return DynamicClient(kubernetes.client.ApiClient()) except kubernetes.config.ConfigException: - return DynamicClient(self.client_from_kubeconfig(auth.get('kubeconfig'), auth.get('context'))) + kubernetes.config.load_kube_config(auth.get('kubeconfig'), auth.get('context')) - if auth_method == 'file': - return DynamicClient(self.client_from_kubeconfig(auth.get('kubeconfig'), auth.get('context'))) + # Override any values in the default configuration with Ansible parameters + configuration = kubernetes.client.Configuration() + for key, value in iteritems(auth): + if key in auth_args and value is not None: + if key == 'api_key': + setattr(configuration, key, {'authorization': "Bearer {0}".format(value)}) + else: + setattr(configuration, key, value) - if auth_method == 'params': - return DynamicClient(kubernetes.client.ApiClient(configuration)) + kubernetes.client.Configuration.set_default(configuration) + return DynamicClient(kubernetes.client.ApiClient(configuration)) def client_from_kubeconfig(self, config_file, context): try: