mirror of
https://github.com/ansible-collections/kubernetes.core.git
synced 2026-03-27 13:53:03 +00:00
d311ac718e
helm_repository: Silence false no_log warning Depends-On: #424 SUMMARY Apply no_log=True to pass_credentials to silence false positive warning. Fixes: #412 Signed-off-by: Abhijeet Kasurde akasurde@redhat.com ISSUE TYPE Bugfix Pull Request COMPONENT NAME changelogs/fragments/412_pass_creds.yml plugins/modules/helm_repository.py Reviewed-by: Mike Graves <mgraves@redhat.com>
316 lines
9.3 KiB
Python
316 lines
9.3 KiB
Python
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
# Copyright: (c) 2020, Ansible Project
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
from __future__ import absolute_import, division, print_function
|
|
|
|
__metaclass__ = type
|
|
|
|
|
|
DOCUMENTATION = r"""
|
|
---
|
|
module: helm_repository
|
|
|
|
short_description: Manage Helm repositories.
|
|
|
|
version_added: "0.11.0"
|
|
|
|
author:
|
|
- Lucas Boisserie (@LucasBoisserie)
|
|
|
|
requirements:
|
|
- "helm (https://github.com/helm/helm/releases)"
|
|
- "yaml (https://pypi.org/project/PyYAML/)"
|
|
|
|
description:
|
|
- Manage Helm repositories.
|
|
|
|
options:
|
|
binary_path:
|
|
description:
|
|
- The path of a helm binary to use.
|
|
required: false
|
|
type: path
|
|
repo_name:
|
|
description:
|
|
- Chart repository name.
|
|
required: true
|
|
type: str
|
|
aliases: [ name ]
|
|
repo_url:
|
|
description:
|
|
- Chart repository url
|
|
type: str
|
|
aliases: [ url ]
|
|
repo_username:
|
|
description:
|
|
- Chart repository username for repository with basic auth.
|
|
- Required if chart_repo_password is specified.
|
|
required: false
|
|
type: str
|
|
aliases: [ username ]
|
|
repo_password:
|
|
description:
|
|
- Chart repository password for repository with basic auth.
|
|
- Required if chart_repo_username is specified.
|
|
required: false
|
|
type: str
|
|
aliases: [ password ]
|
|
repo_state:
|
|
choices: ['present', 'absent']
|
|
description:
|
|
- Desired state of repository.
|
|
required: false
|
|
default: present
|
|
aliases: [ state ]
|
|
type: str
|
|
pass_credentials:
|
|
description:
|
|
- Pass credentials to all domains.
|
|
required: false
|
|
default: false
|
|
type: bool
|
|
version_added: 2.3.0
|
|
host:
|
|
description:
|
|
- Provide a URL for accessing the API. Can also be specified via C(K8S_AUTH_HOST) environment variable.
|
|
type: str
|
|
version_added: "2.3.0"
|
|
api_key:
|
|
description:
|
|
- Token used to authenticate with the API. Can also be specified via C(K8S_AUTH_API_KEY) environment variable.
|
|
type: str
|
|
version_added: "2.3.0"
|
|
validate_certs:
|
|
description:
|
|
- Whether or not to verify the API server's SSL certificates. Can also be specified via C(K8S_AUTH_VERIFY_SSL)
|
|
environment variable.
|
|
type: bool
|
|
aliases: [ verify_ssl ]
|
|
default: True
|
|
version_added: "2.3.0"
|
|
ca_cert:
|
|
description:
|
|
- Path to a CA certificate used to authenticate with the API. The full certificate chain must be provided to
|
|
avoid certificate validation errors. Can also be specified via C(K8S_AUTH_SSL_CA_CERT) environment variable.
|
|
type: path
|
|
aliases: [ ssl_ca_cert ]
|
|
version_added: "2.3.0"
|
|
"""
|
|
|
|
EXAMPLES = r"""
|
|
- name: Add a repository
|
|
kubernetes.core.helm_repository:
|
|
name: stable
|
|
repo_url: https://kubernetes.github.io/ingress-nginx
|
|
|
|
- name: Add Red Hat Helm charts repository
|
|
kubernetes.core.helm_repository:
|
|
name: redhat-charts
|
|
repo_url: https://redhat-developer.github.com/redhat-helm-charts
|
|
"""
|
|
|
|
RETURN = r"""
|
|
stdout:
|
|
type: str
|
|
description: Full `helm` command stdout, in case you want to display it or examine the event log
|
|
returned: always
|
|
sample: '"bitnami" has been added to your repositories'
|
|
stdout_lines:
|
|
type: list
|
|
description: Full `helm` command stdout in list, in case you want to display it or examine the event log
|
|
returned: always
|
|
sample: ["\"bitnami\" has been added to your repositories"]
|
|
stderr:
|
|
type: str
|
|
description: Full `helm` command stderr, in case you want to display it or examine the event log
|
|
returned: always
|
|
sample: ''
|
|
stderr_lines:
|
|
type: list
|
|
description: Full `helm` command stderr in list, in case you want to display it or examine the event log
|
|
returned: always
|
|
sample: [""]
|
|
command:
|
|
type: str
|
|
description: Full `helm` command built by this module, in case you want to re-run the command outside the module or debug a problem.
|
|
returned: always
|
|
sample: '/usr/local/bin/helm repo add bitnami https://charts.bitnami.com/bitnami'
|
|
msg:
|
|
type: str
|
|
description: Error message returned by `helm` command
|
|
returned: on failure
|
|
sample: 'Repository already have a repository named bitnami'
|
|
"""
|
|
|
|
import traceback
|
|
|
|
try:
|
|
import yaml
|
|
|
|
IMP_YAML = True
|
|
except ImportError:
|
|
IMP_YAML_ERR = traceback.format_exc()
|
|
IMP_YAML = False
|
|
|
|
from ansible.module_utils.basic import AnsibleModule, env_fallback, missing_required_lib
|
|
from ansible_collections.kubernetes.core.plugins.module_utils.helm import run_helm
|
|
|
|
|
|
# Get repository from all repositories added
|
|
def get_repository(state, repo_name):
|
|
if state is not None:
|
|
for repository in state:
|
|
if repository["name"] == repo_name:
|
|
return repository
|
|
return None
|
|
|
|
|
|
# Get repository status
|
|
def get_repository_status(module, command, repository_name):
|
|
list_command = command + " repo list --output=yaml"
|
|
|
|
rc, out, err = run_helm(module, list_command, fails_on_error=False)
|
|
|
|
# no repo => rc=1 and 'no repositories to show' in output
|
|
if rc == 1 and "no repositories to show" in err:
|
|
return None
|
|
elif rc != 0:
|
|
module.fail_json(
|
|
msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format(
|
|
rc, out, err
|
|
),
|
|
command=list_command,
|
|
)
|
|
|
|
return get_repository(yaml.safe_load(out), repository_name)
|
|
|
|
|
|
# Install repository
|
|
def install_repository(
|
|
command,
|
|
repository_name,
|
|
repository_url,
|
|
repository_username,
|
|
repository_password,
|
|
pass_credentials,
|
|
):
|
|
install_command = command + " repo add " + repository_name + " " + repository_url
|
|
|
|
if repository_username is not None and repository_password is not None:
|
|
install_command += " --username=" + repository_username
|
|
install_command += " --password=" + repository_password
|
|
|
|
if pass_credentials:
|
|
install_command += " --pass-credentials"
|
|
|
|
return install_command
|
|
|
|
|
|
# Delete repository
|
|
def delete_repository(command, repository_name):
|
|
remove_command = command + " repo rm " + repository_name
|
|
|
|
return remove_command
|
|
|
|
|
|
def main():
|
|
global module
|
|
|
|
module = AnsibleModule(
|
|
argument_spec=dict(
|
|
binary_path=dict(type="path"),
|
|
repo_name=dict(type="str", aliases=["name"], required=True),
|
|
repo_url=dict(type="str", aliases=["url"]),
|
|
repo_username=dict(type="str", aliases=["username"]),
|
|
repo_password=dict(type="str", aliases=["password"], no_log=True),
|
|
repo_state=dict(
|
|
default="present", choices=["present", "absent"], aliases=["state"]
|
|
),
|
|
pass_credentials=dict(type="bool", default=False, no_log=True),
|
|
# Generic auth key
|
|
host=dict(type="str", fallback=(env_fallback, ["K8S_AUTH_HOST"])),
|
|
ca_cert=dict(
|
|
type="path",
|
|
aliases=["ssl_ca_cert"],
|
|
fallback=(env_fallback, ["K8S_AUTH_SSL_CA_CERT"]),
|
|
),
|
|
validate_certs=dict(
|
|
type="bool",
|
|
default=True,
|
|
aliases=["verify_ssl"],
|
|
fallback=(env_fallback, ["K8S_AUTH_VERIFY_SSL"]),
|
|
),
|
|
api_key=dict(
|
|
type="str", no_log=True, fallback=(env_fallback, ["K8S_AUTH_API_KEY"])
|
|
),
|
|
),
|
|
required_together=[["repo_username", "repo_password"]],
|
|
required_if=[("repo_state", "present", ["repo_url"])],
|
|
supports_check_mode=True,
|
|
)
|
|
|
|
if not IMP_YAML:
|
|
module.fail_json(msg=missing_required_lib("yaml"), exception=IMP_YAML_ERR)
|
|
|
|
changed = False
|
|
|
|
bin_path = module.params.get("binary_path")
|
|
repo_name = module.params.get("repo_name")
|
|
repo_url = module.params.get("repo_url")
|
|
repo_username = module.params.get("repo_username")
|
|
repo_password = module.params.get("repo_password")
|
|
repo_state = module.params.get("repo_state")
|
|
pass_credentials = module.params.get("pass_credentials")
|
|
|
|
if bin_path is not None:
|
|
helm_cmd = bin_path
|
|
else:
|
|
helm_cmd = module.get_bin_path("helm", required=True)
|
|
|
|
repository_status = get_repository_status(module, helm_cmd, repo_name)
|
|
|
|
if repo_state == "absent" and repository_status is not None:
|
|
helm_cmd = delete_repository(helm_cmd, repo_name)
|
|
changed = True
|
|
elif repo_state == "present":
|
|
if repository_status is None:
|
|
helm_cmd = install_repository(
|
|
helm_cmd,
|
|
repo_name,
|
|
repo_url,
|
|
repo_username,
|
|
repo_password,
|
|
pass_credentials,
|
|
)
|
|
changed = True
|
|
elif repository_status["url"] != repo_url:
|
|
module.fail_json(
|
|
msg="Repository already have a repository named {0}".format(repo_name)
|
|
)
|
|
|
|
if module.check_mode:
|
|
module.exit_json(changed=changed)
|
|
elif not changed:
|
|
module.exit_json(changed=False, repo_name=repo_name, repo_url=repo_url)
|
|
|
|
rc, out, err = run_helm(module, helm_cmd)
|
|
|
|
if repo_password is not None:
|
|
helm_cmd = helm_cmd.replace(repo_password, "******")
|
|
|
|
if rc != 0:
|
|
module.fail_json(
|
|
msg="Failure when executing Helm command. Exited {0}.\nstdout: {1}\nstderr: {2}".format(
|
|
rc, out, err
|
|
),
|
|
command=helm_cmd,
|
|
)
|
|
|
|
module.exit_json(changed=changed, stdout=out, stderr=err, command=helm_cmd)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|