From e3540472589ecd0a5e820082a52784a34f5e0fec Mon Sep 17 00:00:00 2001 From: Fabian von Feilitzsch Date: Mon, 10 Sep 2018 20:34:30 -0400 Subject: [PATCH] Set defaults from params after loading files, allowing params to override (#45442) * Set defaults from params after loading files, allowing params to override (#44142) * Set defaults from params after loading files, allowing params to override * cleanup, add some comments (cherry picked from commit aa01d9d243c18f2d6ede9357e25d9b64afec55df) * Add client_from_kubeconfig function back for 2.7.0 since it's late in the 2.7 cycle to remove module_util code. --- lib/ansible/module_utils/k8s/common.py | 57 +++++++++++--------------- 1 file changed, 25 insertions(+), 32 deletions(-) diff --git a/lib/ansible/module_utils/k8s/common.py b/lib/ansible/module_utils/k8s/common.py index 3788a4e2a94..e05f1ee7ccb 100644 --- a/lib/ansible/module_utils/k8s/common.py +++ b/lib/ansible/module_utils/k8s/common.py @@ -139,46 +139,39 @@ class K8sAnsibleMixin(object): auth_params = auth_params or getattr(self, 'params', {}) auth = copy.deepcopy(auth_params) - configuration = kubernetes.client.Configuration() + # If authorization variables aren't defined, look for them in environment variables for key, value in iteritems(auth_params): + if key in auth_args and value is None: + env_value = os.getenv('K8S_AUTH_{0}'.format(key.upper()), None) + if env_value is not None: + auth[key] = env_value + + def auth_set(*names): + return all([auth.get(name) for name in names]) + + if auth_set('username', 'password', 'host') or auth_set('api_key', 'host'): + # We have enough in the parameters to authenticate, no need to load incluster or kubeconfig + pass + elif auth_set('kubeconfig', 'context'): + kubernetes.config.load_kube_config(auth.get('kubeconfig'), auth.get('context')) + else: + # First try to do incluster config, then kubeconfig + try: + kubernetes.config.load_incluster_config() + except kubernetes.config.ConfigException: + kubernetes.config.load_kube_config(auth.get('kubeconfig'), auth.get('context')) + + # Override any values in the default configuration with Ansible parameters + configuration = kubernetes.client.Configuration() + for key, value in iteritems(auth): if key in auth_args and value is not None: if key == 'api_key': setattr(configuration, key, {'authorization': "Bearer {0}".format(value)}) else: setattr(configuration, key, value) - elif key in auth_args and value is None: - env_value = os.getenv('K8S_AUTH_{0}'.format(key.upper()), None) - if env_value is not None: - if key == 'api_key': - setattr(configuration, key, {'authorization': "Bearer {0}".format(env_value)}) - else: - setattr(configuration, key, env_value) - auth[key] = env_value kubernetes.client.Configuration.set_default(configuration) - - if auth.get('username') and auth.get('password') and auth.get('host'): - auth_method = 'params' - elif auth.get('api_key') and auth.get('host'): - auth_method = 'params' - elif auth.get('kubeconfig') or auth.get('context'): - auth_method = 'file' - else: - auth_method = 'default' - - # First try to do incluster config, then kubeconfig - if auth_method == 'default': - try: - kubernetes.config.load_incluster_config() - return DynamicClient(kubernetes.client.ApiClient()) - except kubernetes.config.ConfigException: - return DynamicClient(self.client_from_kubeconfig(auth.get('kubeconfig'), auth.get('context'))) - - if auth_method == 'file': - return DynamicClient(self.client_from_kubeconfig(auth.get('kubeconfig'), auth.get('context'))) - - if auth_method == 'params': - return DynamicClient(kubernetes.client.ApiClient(configuration)) + return DynamicClient(kubernetes.client.ApiClient(configuration)) def client_from_kubeconfig(self, config_file, context): try: