kubernetes.core

mirror of https://github.com/ansible-collections/kubernetes.core.git synced 2026-03-27 05:43:02 +00:00

Author	SHA1	Message	Date
Bianca Henderson	4fa36487ab	Selectively redact sensitive kubeconfig data from logs (#1014 ) SUMMARY Resolves #782 ISSUE TYPE Bugfix Pull Request ADDITIONAL INFORMATION The proper redaction of kubeconfig data can be seen by running this example playbook with verbosity of -vvv against the code in this PR. Prior to these changes, all info was redacted (as shown in the example below): ok: [local] => { "changed": false, "invocation": { "module_args": { "api_key": null, "binary_path": null, "ca_cert": null, "context": null, "get_all_values": false, "host": null, "kubeconfig": { "apiVersion": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "clusters": [ { "cluster": { "insecure-skip-tls-verify": true, "server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, { "cluster": { "certificate-authority-data": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, { "cluster": { "certificate-authority": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "extensions": [ { "extension": { "last-update": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "provider": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "version": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" } ], "server": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" } ], "contexts": [ { "context": { "cluster": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, { "context": { "cluster": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "user": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, "name": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER" }, [output shortened] With the changes in this PR, only sensitive data is redacted: ok: [local] => { "changed": false, "invocation": { "module_args": { "api_key": null, "binary_path": null, "ca_cert": null, "context": null, "get_all_values": false, "host": null, "kubeconfig": { "apiVersion": "v1", "clusters": [ { "cluster": { "insecure-skip-tls-verify": true, "server": "<server address>" }, "name": "exercise" }, { "cluster": { "certificate-authority-data": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "server": "<server address>" }, "name": "kind-drain-test" }, { "cluster": { "certificate-authority": "<path to .crt>", "extensions": [ { "extension": { "last-update": "Tue, 07 Oct 2025 11:25:54 EDT", "provider": "minikube.sigs.k8s.io", "version": "v1.35.0" }, "name": "cluster_info" } ], "server": "<server address>" }, "name": "minikube" } ], "contexts": [ { "context": { "cluster": "exercise-pod", "user": "bianca" }, "name": "exercise" }, { "context": { "cluster": "kind-drain-test", "user": "kind-drain-test" }, "name": "kind-drain-test" }, [output shortened] Reviewed-by: Bikouo Aubin Reviewed-by: GomathiselviS <gomathiselvi@gmail.com> Reviewed-by: Yuriy Novostavskiy <yuriy@novostavskiy.kyiv.ua> Reviewed-by: Alina Buzachis	2025-10-13 15:01:22 +00:00
Bianca Henderson	448d3fe156	[CI Fix] Remove `ansible.module_utils.six` imports (#998 ) SUMMARY This PR is essentially attempting Option B from issue #996 (Option A is implemented here); this code update accounts for the recent merge of sanity: warn on ansible.module_utils.six imports #85651. Reviewed-by: Alina Buzachis Reviewed-by: Yuriy Novostavskiy <yuriy@novostavskiy.kyiv.ua>	2025-09-22 16:08:18 +00:00
Bianca Henderson	5148ee5f74	Reapply "Remove kubeconfig value from module invocation log (#826 )" (#899 ) (#978 ) This reverts commit `1705ced` (i.e., reapplies the changes from #826); this is a temporary fix for #782 as it will re-introduce #870, which will need to be re-opened. Reviewed-by: Alina Buzachis Reviewed-by: GomathiselviS <gomathiselvi@gmail.com>	2025-08-11 16:46:40 +00:00
James Mighion	1705ced1b5	Revert "Remove kubeconfig value from module invocation log (#826 )" (#899 ) This reverts commit `6efabd3`. SUMMARY Fixes #870 A better solution is necessary to address #782. The current code makes getting manifests practically unusable. We need to revert this commit until a better solution is found. ISSUE TYPE Bugfix Pull Request COMPONENT NAME kubeconfig Reviewed-by: Bianca Henderson <beeankha@gmail.com>	2025-07-22 16:49:34 +00:00
Bikouo Aubin	6efabd3418	Remove kubeconfig value from module invocation log (#826 )	2024-12-17 17:50:22 +01:00
abikouo	39b6c43ab7	add support for user impersonation for k8s modules (#250 ) add support for user impersonation for k8s modules SUMMARY k8s module should not allow user to perform operation using impersonation as describe here https://kubernetes.io/docs/reference/access-authn-authz/authentication/#user-impersonation This pull request closes #40 ISSUE TYPE Feature Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: Mike Graves <mgraves@redhat.com> Reviewed-by: Abhijeet Kasurde <None> Reviewed-by: None <None>	2021-11-17 13:25:06 +00:00
itaru2622	9e2d78404f	add no_proxy support to k8s* (#272 ) add no_proxy support to k8s* SUMMARY close #271 ISSUE TYPE Feature Pull Request COMPONENT NAME plugins/module_utils/args_common.py plugins/modules/k8s* ADDITIONAL INFORMATION It requires latest kubernetes library(>=19.15.0) to use this feature. pip install kubernetes>=19.15.0 then, use following snippet yaml: - k8s: state: present src: "deployment.yaml" proxy: "http://proxy.yourdomain.com:8080/" no_proxy: "localhost,.yourdomain.com,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192,168.0.0/16" or use environment variable K8S_AUTH_NO_PROXY as well as K8S_AUTH_PROXY. Reviewed-by: None <None> Reviewed-by: None <None> Reviewed-by: Mike Graves <mgraves@redhat.com> Reviewed-by: None <None>	2021-11-10 18:25:30 +00:00
Abhijeet Kasurde	91b80b1d1d	Enable black formatting test (#259 ) Enable black formatting test SUMMARY Signed-off-by: Abhijeet Kasurde akasurde@redhat.com ISSUE TYPE Bugfix Pull Request COMPONENT NAME plugins/action/k8s_info.py plugins/connection/kubectl.py plugins/doc_fragments/helm_common_options.py plugins/doc_fragments/k8s_auth_options.py plugins/doc_fragments/k8s_delete_options.py plugins/doc_fragments/k8s_name_options.py plugins/doc_fragments/k8s_resource_options.py plugins/doc_fragments/k8s_scale_options.py plugins/doc_fragments/k8s_state_options.py plugins/doc_fragments/k8s_wait_options.py plugins/filter/k8s.py plugins/inventory/k8s.py plugins/lookup/k8s.py plugins/lookup/kustomize.py plugins/module_utils/ansiblemodule.py plugins/module_utils/apply.py plugins/module_utils/args_common.py plugins/module_utils/client/discovery.py plugins/module_utils/client/resource.py plugins/module_utils/common.py plugins/module_utils/exceptions.py plugins/module_utils/hashes.py plugins/module_utils/helm.py plugins/module_utils/k8sdynamicclient.py plugins/module_utils/selector.py plugins/modules/helm.py plugins/modules/helm_info.py plugins/modules/helm_plugin.py plugins/modules/helm_plugin_info.py plugins/modules/helm_repository.py plugins/modules/helm_template.py plugins/modules/k8s.py plugins/modules/k8s_cluster_info.py plugins/modules/k8s_cp.py plugins/modules/k8s_drain.py plugins/modules/k8s_exec.py plugins/modules/k8s_info.py plugins/modules/k8s_json_patch.py plugins/modules/k8s_log.py plugins/modules/k8s_rollback.py plugins/modules/k8s_scale.py plugins/modules/k8s_service.py tests/integration/targets/kubernetes/library/test_tempfile.py tests/unit/module_utils/test_apply.py tests/unit/module_utils/test_common.py tests/unit/module_utils/test_discoverer.py tests/unit/module_utils/test_hashes.py tests/unit/module_utils/test_marshal.py tests/unit/module_utils/test_selector.py tox.ini Reviewed-by: None <None> Reviewed-by: Mike Graves <mgraves@redhat.com> Reviewed-by: None <None>	2021-10-18 15:32:05 +00:00
abikouo	d78b64d792	add support for in-memory kubeconfig (#212 ) add support for in-memory kubeconfig SUMMARY k8s module support now authentication with kubeconfig parameter as file and dict. Closes #139 ISSUE TYPE Feature Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: Mike Graves <mgraves@redhat.com> Reviewed-by: None <None>	2021-08-30 09:31:07 +00:00
abikouo	46494a18bd	Revert "k8s ability to wait on arbitrary property (#105 )" (#133 ) This reverts commit `4ccb15d4ad`.	2021-06-15 14:32:21 +02:00
abikouo	4ccb15d4ad	k8s ability to wait on arbitrary property (#105 ) * missing implementation of jsonpath library * not tested * sanity * save * updates * Update args_common.py * lint validation * fix * Update k8s.py * attribute should match for all * select wait * Revert "select wait" This reverts commit `a20a1f6f01`. * sanity * Update molecule/default/tasks/waiter.yml Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com> * Update jsonpath_extractor.py * Update k8s_wait_options.py Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>	2021-06-15 10:44:26 +02:00
abikouo	d29f8c1eb7	add option proxy_headers for k8s modules (#58 ) * add option proxy_headers for k8s modules * Update and rename 50-add-support-for-proxy_headers-on-authentication to 58-add-support-for-proxy_headers-on-authentication.yaml Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>	2021-04-28 08:44:57 +02:00
Gonéri Le Bouder	39660dd40e	refactoring for ansible_module.turbo integration (#313 ) * refactoring for ansible_module.turbo integration This refactoring prepares the integration of `ansible_module.turbo` - Delay the loading of `common.py`, move the shared structure in `args_common`. - Avoid the use of one single object per module, this to increase the amount of Python structure that we can cache. - Cache the Kubernetes client. See: https://github.com/ansible-collections/community.kubernetes/pull/270 Co-authored-by: Jill Rouleau <jill.rouleau@bespokess.com>	2021-03-16 17:16:18 -04:00

13 Commits