From 9e2d78404f9074b3fdc76e354c0358ad1b961db1 Mon Sep 17 00:00:00 2001
From: itaru2622 <70509350+itaru2622@users.noreply.github.com>
Date: Thu, 11 Nov 2021 03:25:30 +0900
Subject: [PATCH] add no_proxy support to k8s* (#272)

add no_proxy support to k8s*

SUMMARY

close #271

ISSUE TYPE


Feature Pull Request

COMPONENT NAME

plugins/module_utils/args_common.py
plugins/modules/k8s*
ADDITIONAL INFORMATION


It requires latest kubernetes library(>=19.15.0) to use this feature.


pip install kubernetes>=19.15.0
then, use following snippet yaml:

  - k8s:
      state: present
      src: "deployment.yaml"
      proxy:      "http://proxy.yourdomain.com:8080/"
      no_proxy:   "localhost,.yourdomain.com,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192,168.0.0/16"

or use environment variable K8S_AUTH_NO_PROXY as well as K8S_AUTH_PROXY.

Reviewed-by: None <None>
Reviewed-by: None <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
---
 changelogs/fragments/272-k8s-add-support-no_proxy.yaml | 2 ++
 plugins/doc_fragments/k8s_auth_options.py              | 8 ++++++++
 plugins/module_utils/args_common.py                    | 2 ++
 plugins/module_utils/common.py                         | 7 +++++++
 4 files changed, 19 insertions(+)
 create mode 100644 changelogs/fragments/272-k8s-add-support-no_proxy.yaml

diff --git a/changelogs/fragments/272-k8s-add-support-no_proxy.yaml b/changelogs/fragments/272-k8s-add-support-no_proxy.yaml
new file mode 100644
index 00000000..9dea1105
--- /dev/null
+++ b/changelogs/fragments/272-k8s-add-support-no_proxy.yaml
@@ -0,0 +1,2 @@
+minor_changes:
+  - k8s - add no_proxy support to k8s* (https://github.com/ansible-collections/kubernetes.core/pull/272).
diff --git a/plugins/doc_fragments/k8s_auth_options.py b/plugins/doc_fragments/k8s_auth_options.py
index dc881550..f3aaeee8 100644
--- a/plugins/doc_fragments/k8s_auth_options.py
+++ b/plugins/doc_fragments/k8s_auth_options.py
@@ -77,6 +77,14 @@ options:
     - The URL of an HTTP proxy to use for the connection. Can also be specified via K8S_AUTH_PROXY environment variable.
     - Please note that this module does not pick up typical proxy settings from the environment (e.g. HTTP_PROXY).
     type: str
+  no_proxy:
+    description:
+    - The comma separated list of hosts/domains/IP/CIDR that shouldn't go through proxy. Can also be specified via K8S_AUTH_NO_PROXY environment variable.
+    - Please note that this module does not pick up typical proxy settings from the environment (e.g. NO_PROXY).
+    - This feature requires kubernetes>=19.15.0. When kubernetes library is less than 19.15.0, it fails even no_proxy set in correct.
+    - example value is "localhost,.local,.example.com,127.0.0.1,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
+    type: str
+    version_added: 2.3.0
   proxy_headers:
     description:
     - The Header used for the HTTP proxy.
diff --git a/plugins/module_utils/args_common.py b/plugins/module_utils/args_common.py
index 0ed06ef7..f1f1734b 100644
--- a/plugins/module_utils/args_common.py
+++ b/plugins/module_utils/args_common.py
@@ -29,6 +29,7 @@ AUTH_ARG_SPEC = {
     "client_cert": {"type": "path", "aliases": ["cert_file"]},
     "client_key": {"type": "path", "aliases": ["key_file"]},
     "proxy": {"type": "str"},
+    "no_proxy": {"type": "str"},
     "proxy_headers": {"type": "dict", "options": AUTH_PROXY_HEADERS_SPEC},
     "persist_config": {"type": "bool"},
 }
@@ -61,6 +62,7 @@ AUTH_ARG_MAP = {
     "cert_file": "client_cert",
     "key_file": "client_key",
     "proxy": "proxy",
+    "no_proxy": "no_proxy",
     "proxy_headers": "proxy_headers",
     "persist_config": "persist_config",
 }
diff --git a/plugins/module_utils/common.py b/plugins/module_utils/common.py
index 09ecc1ae..b306b7ff 100644
--- a/plugins/module_utils/common.py
+++ b/plugins/module_utils/common.py
@@ -212,6 +212,13 @@ def get_api_client(module=None, **kwargs):
         # Removing trailing slashes if any from hostname
         auth["host"] = auth.get("host").rstrip("/")
 
+    if auth_set("no_proxy"):
+        if LooseVersion(kubernetes.__version__) < LooseVersion("19.15.0"):
+            _raise_or_fail(
+                Exception("kubernetes >= 19.15.0 is required to use no_proxy feature."),
+                "Failed to set no_proxy due to: %s",
+            )
+
     if auth_set("username", "password", "host") or auth_set("api_key", "host"):
         # We have enough in the parameters to authenticate, no need to load incluster or kubeconfig
         pass