* Cleanup gha
* test by removing matrix excludes
* Rename sanity tests
* trigger integration tests
* Fix ansible-lint workflow
* Fix concurrency
* Add ansible-lint config
* Add ansible-lint config
* Fix integration and lint issues
* integration wf
* fix yamllint issues
* fix yamllint issues
* update readme and add ignore-2.16.txt
* fix ansible-doc
* Add version
* Use /dev/random to generate random data
The GHA environment has difficultly generating entropy. Trying to read
from /dev/urandom just blocks forever. We don't care if the random data
is cryptographically secure; it's just garbage data for the test. Read
from /dev/random, instead. This is only used during the k8s_copy test
target.
This also removes the custom test module that was being used to generate
the files. It's not worth maintaining this for two task that can be
replaced with some simple command/shell tasks.
* Fix saniry errors
* test github_action fix
* Address review comments
* Remove default types
* review comments
* isort fixes
* remove tags
* Add setuptools to venv
* Test gh changes
* update changelog
* update ignore-2.16
* Fix indentation in inventory plugin example
* Update .github/workflows/integration-tests.yaml
* Update integration-tests.yaml
---------
Co-authored-by: Mike Graves <mgraves@redhat.com>
Co-authored-by: Bikouo Aubin <79859644+abikouo@users.noreply.github.com>
Provide a mechanism to hide fields from output
SUMMARY
The k8s and k8s_info modules can be a little noisy in verbose mode, and most of that is due to managedFields.
If we can provide a mechanism to hide managedFields, the output is a lot more useful.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
k8s, k8s_info
ADDITIONAL INFORMATION
Before
ANSIBLE_COLLECTIONS_PATH=../../.. ansible -m k8s_info -a 'kind=ConfigMap name=hide-fields-cm namespace=hide-fields' localhost
[WARNING]: No inventory was parsed, only implicit localhost is available
localhost | SUCCESS => {
"api_found": true,
"changed": false,
"resources": [
{
"apiVersion": "v1",
"data": {
"another": "value",
"hello": "world"
},
"kind": "ConfigMap",
"metadata": {
"annotations": {
"kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"data\":{\"another\":\"value\",\"hello\":\"world\"},\"kind\":\"ConfigMap\",\"metadata\":{\"annotations\":{},\"name\":\"hide-fields-cm\",\"namespace\":\"hide-fields\"}}\n"
},
"creationTimestamp": "2023-06-13T01:47:47Z",
"managedFields": [
{
"apiVersion": "v1",
"fieldsType": "FieldsV1",
"fieldsV1": {
"f:data": {
".": {},
"f:another": {},
"f:hello": {}
},
"f:metadata": {
"f:annotations": {
".": {},
"f:kubectl.kubernetes.io/last-applied-configuration": {}
}
}
},
"manager": "kubectl-client-side-apply",
"operation": "Update",
"time": "2023-06-13T01:47:47Z"
}
],
"name": "hide-fields-cm",
"namespace": "hide-fields",
"resourceVersion": "2557394",
"uid": "f233da63-6374-4079-9825-3562c0ed123c"
}
}
]
}
After
ANSIBLE_COLLECTIONS_PATH=../../.. ansible -m k8s_info -a 'kind=ConfigMap name=hide-fields-cm namespace=hide-fields hidden_fields=metadata.managedFields' localhost
[WARNING]: No inventory was parsed, only implicit localhost is available
localhost | SUCCESS => {
"api_found": true,
"changed": false,
"resources": [
{
"apiVersion": "v1",
"data": {
"another": "value",
"hello": "world"
},
"kind": "ConfigMap",
"metadata": {
"annotations": {
"kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"data\":{\"another\":\"value\",\"hello\":\"world\"},\"kind\":\"ConfigMap\",\"metadata\":{\"annotations\":{},\"name\":\"hide-fields-cm\",\"namespace\":\"hide-fields\"}}\n"
},
"creationTimestamp": "2023-06-13T01:47:47Z",
"name": "hide-fields-cm",
"namespace": "hide-fields",
"resourceVersion": "2557394",
"uid": "f233da63-6374-4079-9825-3562c0ed123c"
}
}
]
}
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Will Thames
make name optional to delete all resources for the specified resource type
SUMMARY
closes#504
k8s module should allow deleting all namespace resources for the specified resource type.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
k8s
ADDITIONAL INFORMATION
Delete all Pods from namespace test
- k8s:
namespace: test
kind: Pod
api_version: v1
delete_all: true
state: absent
Reviewed-by: Gonéri Le Bouder <goneri@lebouder.net>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Bikouo Aubin
k8s_info - fix issue with kubernetes-client caching when api-server was available
SUMMARY
closes#508
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
k8s_info
ADDITIONAL INFORMATION
Reviewed-by: Mike Graves <mgraves@redhat.com>
helm - add support for -set options when running helm install
SUMMARY
helm support setting options -set, -set-string, -set-file and -set-json when running helm install
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm
ADDITIONAL INFORMATION
Reviewed-by: Alina Buzachis <None>
Reviewed-by: Bikouo Aubin <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Helm - Fix issue with alternative kubeconfig
SUMMARY
closes#538
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
helm modules
Reviewed-by: Mike Graves <mgraves@redhat.com>
fix multiple issues with dry_run logic
SUMMARY
Fix multiple issues with dry_run logic
The parameter value passed to the client set to dry_run=All instead of dry_run=True.
Add conditional check for Kubernetes release for the dry_run to be set
Add integration test that checks to ensure server side dry run is being used during check mode.
ISSUE TYPE
Bugfix Pull Request
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Jill R <None>
k8s_cp - fix issue when directory contains space in its name
Depends-On: #549
SUMMARY
There is a remaining issue not addressed by #512 when copying directory from Pod to local filesystem, if the directory contains space into its name, the directory was not copied
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
k8s_cp
ADDITIONAL INFORMATION
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Bikouo Aubin <None>
k8s - fix issue with server side apply
SUMMARY
Fix#548 and #547
ISSUE TYPE
Bugfix Pull Request
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Bikouo Aubin <None>
Added possibility to get all values by helm_info module
SUMMARY
Parameter get_all_values has been added, which is passed to function get_values. Default is False. Parameter is not required.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
helm_info
ADDITIONAL INFORMATION
Unfortunately, helm_info module lacks functionality of getting all the values of a helm release, including the default ones. This restricts upgrade and config migration capabilities. Parameter get_all_values has been added. This parameter, if set, adds -a parameter to helm get values call. The parameter is not required and defaults to False, so backwards compability is complied.
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Bikouo Aubin <None>
Honor aliases for lookup and inventory plugins
rebase and extend the following PR #71
ISSUE TYPE
Bugfix Pull Request
Reviewed-by: Mike Graves <mgraves@redhat.com>
Ensure CoreExceptions are handled gracefully
SUMMARY
CoreExceptions, when raised, should have a reasonably helpful and
actionable message associated with them. This adds a final check in
module execution to gracefully fail from these exceptions. A new
fail_from_exception method is added both to simplify exiting the module,
and to ensure that any chained exceptions are available when using -vvv.
ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Alina Buzachis <None>
Reviewed-by: Joseph Torcasso <None>
Port changes from main to refactored branch
Depends-on: ansible/ansible-zuul-jobs#1563
SUMMARY
This PR contains several commits that complete the rebase of the 2.x-refactor branch onto main. Most of the changes here had to be manually backported after rebasing as the original changes were to code that will be deprecated. In addition, rather than trying to manually sort out conflicts and changes to the sanity ignores, I rewrote the refresh_ignore_files script to fully automate the management of ignore files. Previously, these files were both manually edited and auto-generated. This should no longer be the case, and these files should never be manually edited going forward.
For the purposes of reviewing and history, I kept all changes in separate commits tied to the original commit being backported.
ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Jill R <None>
This primarily moves the diff and wait logic from the various service
methods to perform_action to eliminate code duplication. I also moved
the diff_objects function out of the service object and moved most of
the find_resource logic to a new resource client method. We ended up
with several modules creating a service object just to use one of these
methods, so it seemed to make sense to make these more accessible.
Move module dependency functions outside of module
SUMMARY
This moves the has_at_least and requires functions that had been on the
module to top level functions. The functions on the module now call
these with a few added bits of functionality.
Moving these functions to the top level and removing their requirement
on having a module makes them usable in situations where we may not yet
have a module, such as during client creation.
ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Alina Buzachis <None>
Reviewed-by: None <None>
K8sService class
SUMMARY
This refactors the perform_action() logic from common.py into a separate K8sService class.
TODO:
Unit tests.
ISSUE TYPE
New Module Pull Request
COMPONENT NAME
service.py
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Alina Buzachis <None>
Reviewed-by: None <None>
Add new waiter
SUMMARY
This refactors the waiter logic from common.py into a separate module.
ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: None <None>
Reviewed-by: Alina Buzachis <None>
Reviewed-by: None <None>
Initial work K8S client class
SUMMARY
Initial work on K8SClient Class.
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Alina Buzachis <None>
Reviewed-by: None <None>
Add resource definition refactor
SUMMARY
This refactors most of the logic around creating a list of functional
resource definitions based on input parameters for the module.
ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Alina Buzachis <None>
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
* Add new AnsibleK8SModule class
This class is intended to replace part of the K8SAnsibleMixin class and
is part of a larger refactoring effort.
* Fix sanity errors
* Fix unit tests
* Add mock to test requirements
k8s - fix issue when try to delete resources using label_selectors
SUMMARY
The kubernetes dynamic client has label_selector parameter for the delete method, however based on the documentation of REST API we cannot delete resources using labelSelector option, this fix update the way the resources are deleted. The list of resources are deleted one after another like in the kubectl go client.
Fixes#428
ISSUE TYPE
Bugfix Pull Request
Reviewed-by: Abhijeet Kasurde <None>
Upgrade black version
SUMMARY
Move off of beta version of black and pin to current calendar year
version.
The only manual changes here are to tox.ini. Everything else is from running the new version of black.
ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Abhijeet Kasurde <None>
Continue waiting when an exception is raised
SUMMARY
When an exception is raised and the wait_timeout is not reached, we should continue waiting as this may occurs due to temporary issue on cluster
Fixes#407
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Abhijeet Kasurde <None>
Fix waiting on StatefulSet scale down
SUMMARY
When scaling a StatefulSet down to 0 replicas the wait will fail
because some properties of the status (readyReplicas, updatedReplicas)
will not exist. These are probably defined as omitempty in the API and
since the value is zero are not present in the response.
Fixes#203
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
k8s_scale
ADDITIONAL INFORMATION
Reviewed-by: Gonéri Le Bouder <goneri@lebouder.net>
Use resource prefix when apiVersion is v1
SUMMARY
When getting a resource from the core api group, the prefix was not
passed, leading the lookup to happen in all api groups. This broad
search is not really necessary and leads to problems in some corner
cases, for example, when an api is deleted after the api group list is
cached.
This fix uses the 'api' prefix when the apiVersion is 'v1', as this is
almost certainly what the user wants. As a fallback, to retain backwards
compatibility, the old behavior is used if the first lookup failed to
find a resource. Given that the module defaults to 'v1' for the
apiVersion, there are likely many cases where a resource, such as
StatefulSet, is used while failing to provide an apiVersion. While
technically incorrect, this has worked in most cases, so we probably
shouldn't break this behavior.
Fixes#351
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
changelogs/fragments/364-use-resource-prefix.yaml
plugins/module_utils/common.py
Prepare for distutils.version being removed in Python 3.12
SUMMARY
distutils has been deprecafed and will be removed from
Python's stdlib in Python 3.12 (see python.org/dev/peps/pep-0632).
This PR replaces the use of distutils.version.LooseVersion and distutils.version.StrictVersion
with LooseVersion from the vendored copy of distutils.version
included with ansible-core 2.12 (ansible/ansible#74644) if available,
and falls back to distutils.version for ansible-core 2.11 and before.
Since ansible-core 2.11 and earlier do not support Python 3.12 (since
they use LooseVersion itself in various places), this incomplete fix
should be OK for now. Also, the way this PR works (by adding a new
module_utils version that abstracts away where LooseVersion comes from),
it is easy to also fix this for ansible-core 2.11 and earlier later on.
Signed-off-by: Abhijeet Kasurde akasurde@redhat.com
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
changelogs/fragments/disutils.version.yml
molecule/default/roles/helm/library/helm_test_version.py
plugins/module_utils/common.py
plugins/module_utils/version.py
plugins/modules/helm.py
Reviewed-by: Felix Fontein <felix@fontein.de>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
k8s - add support for Server Side apply
SUMMARY
Server side apply is now support for k8s module with this Pull request.
The feature is not yet released on kubernetes-client, once this is done, we can merge this pull request.
closes#87
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
k8s
ADDITIONAL INFORMATION
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
Reviewed-by: None <None>
Fix for common non-ASCII characters in CRDs
This should keep the module safe from digesting non-ASCII chars like here (https://github.com/projectcalico/api/pull/46/files)
SUMMARY
Add support for non-ASCII chars in manifests.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
core.k8s module failing if resources contain non ascii chars
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Alessandro Rossi <None>
Reviewed-by: None <None>
add support for user impersonation for k8s modules
SUMMARY
k8s module should not allow user to perform operation using impersonation as describe here
https://kubernetes.io/docs/reference/access-authn-authz/authentication/#user-impersonation
This pull request closes#40
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Abhijeet Kasurde <None>
Reviewed-by: None <None>
add no_proxy support to k8s*
SUMMARY
close#271
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
plugins/module_utils/args_common.py
plugins/modules/k8s*
ADDITIONAL INFORMATION
It requires latest kubernetes library(>=19.15.0) to use this feature.
pip install kubernetes>=19.15.0
then, use following snippet yaml:
- k8s:
state: present
src: "deployment.yaml"
proxy: "http://proxy.yourdomain.com:8080/"
no_proxy: "localhost,.yourdomain.com,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192,168.0.0/16"
or use environment variable K8S_AUTH_NO_PROXY as well as K8S_AUTH_PROXY.
Reviewed-by: None <None>
Reviewed-by: None <None>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: None <None>
Don't wait on *List resources for info module
SUMMARY
We can't use the same wait logic on *List resources because they lack
the same metadata that other resources have. We should ensure that we
are waiting on the items in the list, but not the list itself. Waiting
on the list itself results in unexpected behavior.
This fixes the waiting logic when waiting on a list to wait until the
list being queried contains one or more items, or the wait timeout has
been reached. Each item in the list can then be waited on with the usual
wait logic.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: None <None>
Reviewed-by: Alina Buzachis <None>
Reviewed-by: None <None>
Add support for dry run
SUMMARY
Kubernetes server-side dry run will be used when the kubernetes client
version is >=18.20.0. For older versions of the client, the existing
client side speculative change implementation will be used.
The effect of this change should be mostly transparent to the end user
and is reflected in the fact the tests have not changed but should still
pass. With this change, there are a few edge cases that will be
improved. One example of these edge cases is to use check mode on an
existing Service resource. With dry run this will correctly report no
changes, while the older client side implementation will erroneously
report changes to the port spec.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Gonéri Le Bouder <goneri@lebouder.net>
Reviewed-by: Mike Graves <mgraves@redhat.com>
Reviewed-by: Alina Buzachis <None>
Reviewed-by: None <None>
Reviewed-by: None <None>
