Set defaults from params after loading files, allowing params to override (#45442)

* Set defaults from params after loading files, allowing params to override (#44142)

* Set defaults from params after loading files, allowing params to override

* cleanup, add some comments

(cherry picked from commit aa01d9d243)

* Add client_from_kubeconfig function back for 2.7.0 since it's late in the 2.7 cycle to remove module_util code.

lib/ansible/module_utils/k8s/common.py

@@ -139,45 +139,38 @@ class K8sAnsibleMixin(object):
         auth_params = auth_params or getattr(self, 'params', {})
         auth = copy.deepcopy(auth_params)
 
-        configuration = kubernetes.client.Configuration()
+        # If authorization variables aren't defined, look for them in environment variables
         for key, value in iteritems(auth_params):
-            if key in auth_args and value is not None:
-                if key == 'api_key':
-                    setattr(configuration, key, {'authorization': "Bearer {0}".format(value)})
-                else:
-                    setattr(configuration, key, value)
-            elif key in auth_args and value is None:
+            if key in auth_args and value is None:
                 env_value = os.getenv('K8S_AUTH_{0}'.format(key.upper()), None)
                 if env_value is not None:
-                    if key == 'api_key':
-                        setattr(configuration, key, {'authorization': "Bearer {0}".format(env_value)})
-                    else:
-                        setattr(configuration, key, env_value)
                     auth[key] = env_value
 
-        kubernetes.client.Configuration.set_default(configuration)
+        def auth_set(*names):
+            return all([auth.get(name) for name in names])
 
-        if auth.get('username') and auth.get('password') and auth.get('host'):
-            auth_method = 'params'
-        elif auth.get('api_key') and auth.get('host'):
-            auth_method = 'params'
-        elif auth.get('kubeconfig') or auth.get('context'):
-            auth_method = 'file'
+        if auth_set('username', 'password', 'host') or auth_set('api_key', 'host'):
+            # We have enough in the parameters to authenticate, no need to load incluster or kubeconfig
+            pass
+        elif auth_set('kubeconfig', 'context'):
+            kubernetes.config.load_kube_config(auth.get('kubeconfig'), auth.get('context'))
         else:
-            auth_method = 'default'
-
             # First try to do incluster config, then kubeconfig
-        if auth_method == 'default':
             try:
                 kubernetes.config.load_incluster_config()
-                return DynamicClient(kubernetes.client.ApiClient())
             except kubernetes.config.ConfigException:
-                return DynamicClient(self.client_from_kubeconfig(auth.get('kubeconfig'), auth.get('context')))
+                kubernetes.config.load_kube_config(auth.get('kubeconfig'), auth.get('context'))
 
-        if auth_method == 'file':
-            return DynamicClient(self.client_from_kubeconfig(auth.get('kubeconfig'), auth.get('context')))
+        # Override any values in the default configuration with Ansible parameters
+        configuration = kubernetes.client.Configuration()
+        for key, value in iteritems(auth):
+            if key in auth_args and value is not None:
+                if key == 'api_key':
+                    setattr(configuration, key, {'authorization': "Bearer {0}".format(value)})
+                else:
+                    setattr(configuration, key, value)
 
-        if auth_method == 'params':
+        kubernetes.client.Configuration.set_default(configuration)
         return DynamicClient(kubernetes.client.ApiClient(configuration))
 
     def client_from_kubeconfig(self, config_file, context):