lib_openshift modules. This is the first one. oc_route.

roles/lib_openshift/src/ansible/oc_route.py

@@ -0,0 +1,82 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+def get_cert_data(path, content):
+    '''get the data for a particular value'''
+    if not path and not content:
+        return None
+
+    rval = None
+    if path and os.path.exists(path) and os.access(path, os.R_OK):
+        rval = open(path).read()
+    elif content:
+        rval = content
+
+    return rval
+
+
+# pylint: disable=too-many-branches
+def main():
+    '''
+    ansible oc module for route
+    '''
+    module = AnsibleModule(
+        argument_spec=dict(
+            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+            state=dict(default='present', type='str',
+                       choices=['present', 'absent', 'list']),
+            debug=dict(default=False, type='bool'),
+            name=dict(default=None, required=True, type='str'),
+            namespace=dict(default=None, required=True, type='str'),
+            tls_termination=dict(default=None, type='str'),
+            dest_cacert_path=dict(default=None, type='str'),
+            cacert_path=dict(default=None, type='str'),
+            cert_path=dict(default=None, type='str'),
+            key_path=dict(default=None, type='str'),
+            dest_cacert_content=dict(default=None, type='str'),
+            cacert_content=dict(default=None, type='str'),
+            cert_content=dict(default=None, type='str'),
+            key_content=dict(default=None, type='str'),
+            service_name=dict(default=None, type='str'),
+            host=dict(default=None, type='str'),
+        ),
+        mutually_exclusive=[('dest_cacert_path', 'dest_cacert_content'),
+                            ('cacert_path', 'cacert_content'),
+                            ('cert_path', 'cert_content'),
+                            ('key_path', 'key_content'), ],
+        supports_check_mode=True,
+    )
+    files = {'destcacert': {'path': module.params['dest_cacert_path'],
+                            'content': module.params['dest_cacert_content'],
+                            'value': None, },
+             'cacert': {'path': module.params['cacert_path'],
+                        'content': module.params['cacert_content'],
+                        'value': None, },
+             'cert': {'path': module.params['cert_path'],
+                      'content': module.params['cert_content'],
+                      'value': None, },
+             'key': {'path': module.params['key_path'],
+                     'content': module.params['key_content'],
+                     'value': None, }, }
+
+    if module.params['tls_termination']:
+        for key, option in files.items():
+            if key == 'destcacert' and module.params['tls_termination'] != 'reencrypt':
+                continue
+
+            option['value'] = get_cert_data(option['path'], option['content'])
+
+            if not option['value']:
+                module.fail_json(msg='Verify that you pass a value for %s' % key)
+
+    results = OCRoute.run_ansible(module.params, files, module.check_mode)
+
+    if 'failed' in results:
+        module.fail_json(**results)
+
+    module.exit_json(**results)
+
+
+if __name__ == '__main__':
+    main()

roles/lib_openshift/src/class/oc_route.py

@@ -0,0 +1,167 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+# pylint: disable=too-many-instance-attributes
+class OCRoute(OpenShiftCLI):
+    ''' Class to wrap the oc command line tools '''
+    kind = 'route'
+
+    def __init__(self,
+                 config,
+                 verbose=False):
+        ''' Constructor for OCVolume '''
+        super(OCRoute, self).__init__(config.namespace, config.kubeconfig)
+        self.config = config
+        self.namespace = config.namespace
+        self._route = None
+
+    @property
+    def route(self):
+        ''' property function for route'''
+        if not self._route:
+            self.get()
+        return self._route
+
+    @route.setter
+    def route(self, data):
+        ''' setter function for route '''
+        self._route = data
+
+    def exists(self):
+        ''' return whether a route exists '''
+        if self.route:
+            return True
+
+        return False
+
+    def get(self):
+        '''return route information '''
+        result = self._get(self.kind, self.config.name)
+        if result['returncode'] == 0:
+            self.route = Route(content=result['results'][0])
+        elif 'routes \"%s\" not found' % self.config.name in result['stderr']:
+            result['returncode'] = 0
+            result['results'] = [{}]
+
+        return result
+
+    def delete(self):
+        '''delete the object'''
+        return self._delete(self.kind, self.config.name)
+
+    def create(self):
+        '''create the object'''
+        return self._create_from_content(self.config.name, self.config.data)
+
+    def update(self):
+        '''update the object'''
+        # need to update the tls information and the service name
+        return self._replace_content(self.kind, self.config.name, self.config.data)
+
+    def needs_update(self):
+        ''' verify an update is needed '''
+        skip = []
+        return not Utils.check_def_equal(self.config.data, self.route.yaml_dict, skip_keys=skip, debug=True)
+
+    @staticmethod
+    def run_ansible(params, files, check_mode=False):
+        ''' run the idempotent asnible code
+
+            params comes from the ansible portion for this module
+            files: a dictionary for the certificates
+                   {'cert': {'path': '',
+                             'content': '',
+                             'value': ''
+                            }
+                   }
+            check_mode: does the module support check mode.  (module.check_mode)
+        '''
+
+        rconfig = RouteConfig(params['name'],
+                              params['namespace'],
+                              params['kubeconfig'],
+                              files['destcacert']['value'],
+                              files['cacert']['value'],
+                              files['cert']['value'],
+                              files['key']['value'],
+                              params['host'],
+                              params['tls_termination'],
+                              params['service_name'])
+
+        oc_route = OCRoute(rconfig, verbose=params['debug'])
+
+        state = params['state']
+
+        api_rval = oc_route.get()
+
+        #####
+        # Get
+        #####
+        if state == 'list':
+            return {'changed': False,
+                    'results': api_rval['results'],
+                    'state': 'list'}
+
+        ########
+        # Delete
+        ########
+        if state == 'absent':
+            if oc_route.exists():
+
+                if check_mode:
+                    return {'changed': False, 'msg': 'CHECK_MODE: Would have performed a delete.'}  # noqa: E501
+
+                api_rval = oc_route.delete()
+
+                return {'changed': True, 'results': api_rval, 'state': "absent"}  # noqa: E501
+            return {'changed': False, 'state': 'absent'}
+
+        if state == 'present':
+            ########
+            # Create
+            ########
+            if not oc_route.exists():
+
+                if check_mode:
+                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'}  # noqa: E501
+
+                # Create it here
+                api_rval = oc_route.create()
+
+                if api_rval['returncode'] != 0:
+                    return {'failed': True, 'results': api_rval, 'state': "present"}  # noqa: E501
+
+                # return the created object
+                api_rval = oc_route.get()
+
+                if api_rval['returncode'] != 0:
+                    return {'failed': True, 'results': api_rval, 'state': "present"}  # noqa: E501
+
+                return {'changed': True, 'results': api_rval, 'state': "present"}  # noqa: E501
+
+            ########
+            # Update
+            ########
+            if oc_route.needs_update():
+
+                if check_mode:
+                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed an update.'}  # noqa: E501
+
+                api_rval = oc_route.update()
+
+                if api_rval['returncode'] != 0:
+                    return {'failed': True, 'results': api_rval, 'state': "present"}  # noqa: E501
+
+                # return the created object
+                api_rval = oc_route.get()
+
+                if api_rval['returncode'] != 0:
+                    return {'failed': True, 'results': api_rval, 'state': "present"}  # noqa: E501
+
+                return {'changed': True, 'results': api_rval, 'state': "present"}  # noqa: E501
+
+            return {'changed': False, 'results': api_rval, 'state': "present"}
+
+        # catch all
+        return {'failed': True, 'msg': "Unknown State passed"}

roles/lib_openshift/src/doc/license

@@ -0,0 +1,16 @@
+#
+# Copyright 2016 Red Hat, Inc. and/or its affiliates
+# and other contributors as indicated by the @author tags.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#

roles/lib_openshift/src/doc/route

@@ -0,0 +1,120 @@
+# flake8: noqa
+# pylint: skip-file
+
+DOCUMENTATION = '''
+---
+module: yedit
+short_description: Create, modify, and idempotently manage yaml files.
+description:
+  - Modify yaml files programmatically.
+options:
+  state:
+    description:
+    - State represents whether to create, modify, delete, or list
+    required: true
+    default: present
+    choices: ["present", "absent", "list"]
+    aliases: []
+  kubeconfig:
+    description:
+    - The path for the kubeconfig file to use for authentication
+    required: false
+    default: /etc/origin/master/admin.kubeconfig
+    aliases: []
+  debug:
+    description:
+    - Turn on debug output.
+    required: false
+    default: False
+    aliases: []
+  name:
+    description:
+    - Name of the object that is being queried.
+    required: false
+    default: None
+    aliases: []
+  namespace:
+    description:
+    - The namespace where the object lives.
+    required: false
+    default: str
+    aliases: []
+  tls_termination:
+    description:
+    - The options for termination. e.g. reencrypt
+    required: false
+    default: None
+    aliases: []
+  dest_cacert_path:
+    description:
+    - The path to the dest_cacert
+    required: false
+    default: None
+    aliases: []
+  cacert_path:
+    description:
+    - The path to the cacert
+    required: false
+    default: None
+    aliases: []
+  cert_path:
+    description:
+    - The path to the cert
+    required: false
+    default: None
+    aliases: []
+  key_path:
+    description:
+    - The path to the key
+    required: false
+    default: None
+    aliases: []
+  dest_cacert_content:
+    description:
+    - The dest_cacert content
+    required: false
+    default: None
+    aliases: []
+  cacert_content:
+    description:
+    - The cacert content
+    required: false
+    default: None
+    aliases: []
+  cert_content:
+    description:
+    - The cert content
+    required: false
+    default: None
+    aliases: []
+  service_name:
+    description:
+    - The name of the service that this route points to.
+    required: false
+    default: None
+    aliases: []
+  host:
+    description:
+    - The host that the route will use. e.g. myapp.x.y.z
+    required: false
+    default: None
+    aliases: []
+author:
+- "Kenny Woodson <kwoodson@redhat.com>"
+extends_documentation_fragment: []
+'''
+
+EXAMPLES = '''
+- name: Configure certificates for reencrypt route
+  oc_route:
+    name: myapproute
+    namespace: awesomeapp
+    cert_path: "/etc/origin/master/named_certificates/myapp_cert
+    key_path: "/etc/origin/master/named_certificates/myapp_key
+    cacert_path: "/etc/origin/master/named_certificates/myapp_cacert
+    dest_cacert_content:  "{{ dest_cacert_content }}"
+    service_name: myapp_php
+    host: myapp.awesomeapp.openshift.com
+    tls_termination: reencrypt
+  run_once: true
+'''

roles/lib_openshift/src/generate.py

@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+'''
+  Generate the openshift-ansible/roles/lib_openshift_cli/library/ modules.
+'''
+
+import os
+import yaml
+
+# pylint: disable=anomalous-backslash-in-string
+GEN_STR = "#!/usr/bin/env python\n" + \
+          "# pylint: disable=missing-docstring\n" + \
+          "#     ___ ___ _  _ ___ ___    _ _____ ___ ___\n" + \
+          "#    / __| __| \| | __| _ \  /_\_   _| __|   \\\n" + \
+          "#   | (_ | _|| .` | _||   / / _ \| | | _|| |) |\n" + \
+          "#    \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____\n" + \
+          "#   |   \ / _ \  | \| |/ _ \_   _| | __|   \_ _|_   _|\n" + \
+          "#   | |) | (_) | | .` | (_) || |   | _|| |) | |  | |\n" + \
+          "#   |___/ \___/  |_|\_|\___/ |_|   |___|___/___| |_|\n"
+
+OPENSHIFT_ANSIBLE_PATH = os.path.dirname(os.path.realpath(__file__))
+OPENSHIFT_ANSIBLE_SOURCES_PATH = os.path.join(OPENSHIFT_ANSIBLE_PATH, 'generate_sources.yml')  # noqa: E501
+
+
+def main():
+    ''' combine the necessary files to create the ansible module '''
+
+    library = os.path.join(OPENSHIFT_ANSIBLE_PATH, '..', 'library/')
+    sources = yaml.load(open(OPENSHIFT_ANSIBLE_SOURCES_PATH).read())
+    for fname, parts in sources.items():
+        with open(os.path.join(library, fname), 'w') as afd:
+            afd.seek(0)
+            afd.write(GEN_STR)
+            for fpart in parts:
+                with open(os.path.join(OPENSHIFT_ANSIBLE_PATH, fpart)) as pfd:
+                    # first line is pylint disable so skip it
+                    for idx, line in enumerate(pfd):
+                        if idx in [0, 1] and 'flake8: noqa' in line \
+                           or 'pylint: skip-file' in line:
+                            continue
+
+                        afd.write(line)
+
+
+if __name__ == '__main__':
+    main()

roles/lib_openshift/src/generate_sources.yml

@@ -0,0 +1,10 @@
+---
+oc_route.py:
+- doc/license
+- lib/import.py
+- doc/route
+- lib/base.py
+- ../../lib_utils/src/class/yedit.py
+- lib/route.py
+- class/oc_route.py
+- ansible/oc_route.py

roles/lib_openshift/src/lib/base.py

@@ -0,0 +1,458 @@
+# pylint: skip-file
+# flake8: noqa
+'''
+   OpenShiftCLI class that wraps the oc commands in a subprocess
+'''
+# pylint: disable=too-many-lines
+
+
+class OpenShiftCLIError(Exception):
+    '''Exception class for openshiftcli'''
+    pass
+
+
+# pylint: disable=too-few-public-methods
+class OpenShiftCLI(object):
+    ''' Class to wrap the command line tools '''
+    def __init__(self,
+                 namespace,
+                 kubeconfig='/etc/origin/master/admin.kubeconfig',
+                 verbose=False,
+                 all_namespaces=False):
+        ''' Constructor for OpenshiftCLI '''
+        self.namespace = namespace
+        self.verbose = verbose
+        self.kubeconfig = kubeconfig
+        self.all_namespaces = all_namespaces
+
+    # Pylint allows only 5 arguments to be passed.
+    # pylint: disable=too-many-arguments
+    def _replace_content(self, resource, rname, content, force=False, sep='.'):
+        ''' replace the current object with the content '''
+        res = self._get(resource, rname)
+        if not res['results']:
+            return res
+
+        fname = '/tmp/%s' % rname
+        yed = Yedit(fname, res['results'][0], separator=sep)
+        changes = []
+        for key, value in content.items():
+            changes.append(yed.put(key, value))
+
+        if any([change[0] for change in changes]):
+            yed.write()
+
+            atexit.register(Utils.cleanup, [fname])
+
+            return self._replace(fname, force)
+
+        return {'returncode': 0, 'updated': False}
+
+    def _replace(self, fname, force=False):
+        '''return all pods '''
+        cmd = ['-n', self.namespace, 'replace', '-f', fname]
+        if force:
+            cmd.append('--force')
+        return self.openshift_cmd(cmd)
+
+    def _create_from_content(self, rname, content):
+        '''return all pods '''
+        fname = '/tmp/%s' % rname
+        yed = Yedit(fname, content=content)
+        yed.write()
+
+        atexit.register(Utils.cleanup, [fname])
+
+        return self._create(fname)
+
+    def _create(self, fname):
+        '''return all pods '''
+        return self.openshift_cmd(['create', '-f', fname, '-n', self.namespace])
+
+    def _delete(self, resource, rname, selector=None):
+        '''return all pods '''
+        cmd = ['delete', resource, rname, '-n', self.namespace]
+        if selector:
+            cmd.append('--selector=%s' % selector)
+
+        return self.openshift_cmd(cmd)
+
+    def _process(self, template_name, create=False, params=None, template_data=None):  # noqa: E501
+        '''return all pods '''
+        cmd = ['process', '-n', self.namespace]
+        if template_data:
+            cmd.extend(['-f', '-'])
+        else:
+            cmd.append(template_name)
+        if params:
+            param_str = ["%s=%s" % (key, value) for key, value in params.items()]
+            cmd.append('-v')
+            cmd.extend(param_str)
+
+        results = self.openshift_cmd(cmd, output=True, input_data=template_data)
+
+        if results['returncode'] != 0 or not create:
+            return results
+
+        fname = '/tmp/%s' % template_name
+        yed = Yedit(fname, results['results'])
+        yed.write()
+
+        atexit.register(Utils.cleanup, [fname])
+
+        return self.openshift_cmd(['-n', self.namespace, 'create', '-f', fname])
+
+    def _get(self, resource, rname=None, selector=None):
+        '''return a resource by name '''
+        cmd = ['get', resource]
+        if selector:
+            cmd.append('--selector=%s' % selector)
+        if self.all_namespaces:
+            cmd.extend(['--all-namespaces'])
+        elif self.namespace:
+            cmd.extend(['-n', self.namespace])
+
+        cmd.extend(['-o', 'json'])
+
+        if rname:
+            cmd.append(rname)
+
+        rval = self.openshift_cmd(cmd, output=True)
+
+        # Ensure results are retuned in an array
+        if 'items' in rval:
+            rval['results'] = rval['items']
+        elif not isinstance(rval['results'], list):
+            rval['results'] = [rval['results']]
+
+        return rval
+
+    def _schedulable(self, node=None, selector=None, schedulable=True):
+        ''' perform oadm manage-node scheduable '''
+        cmd = ['manage-node']
+        if node:
+            cmd.extend(node)
+        else:
+            cmd.append('--selector=%s' % selector)
+
+        cmd.append('--schedulable=%s' % schedulable)
+
+        return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw')  # noqa: E501
+
+    def _list_pods(self, node=None, selector=None, pod_selector=None):
+        ''' perform oadm manage-node evacuate '''
+        cmd = ['manage-node']
+        if node:
+            cmd.extend(node)
+        else:
+            cmd.append('--selector=%s' % selector)
+
+        if pod_selector:
+            cmd.append('--pod-selector=%s' % pod_selector)
+
+        cmd.extend(['--list-pods', '-o', 'json'])
+
+        return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw')
+
+    # pylint: disable=too-many-arguments
+    def _evacuate(self, node=None, selector=None, pod_selector=None, dry_run=False, grace_period=None, force=False):
+        ''' perform oadm manage-node evacuate '''
+        cmd = ['manage-node']
+        if node:
+            cmd.extend(node)
+        else:
+            cmd.append('--selector=%s' % selector)
+
+        if dry_run:
+            cmd.append('--dry-run')
+
+        if pod_selector:
+            cmd.append('--pod-selector=%s' % pod_selector)
+
+        if grace_period:
+            cmd.append('--grace-period=%s' % int(grace_period))
+
+        if force:
+            cmd.append('--force')
+
+        cmd.append('--evacuate')
+
+        return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw')
+
+    def _import_image(self, url=None, name=None, tag=None):
+        ''' perform image import '''
+        cmd = ['import-image']
+
+        image = '{0}'.format(name)
+        if tag:
+            image += ':{0}'.format(tag)
+
+        cmd.append(image)
+
+        if url:
+            cmd.append('--from={0}/{1}'.format(url, image))
+
+        cmd.append('-n{0}'.format(self.namespace))
+
+        cmd.append('--confirm')
+        return self.openshift_cmd(cmd)
+
+    # pylint: disable=too-many-arguments
+    def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json', input_data=None):
+        '''Base command for oc '''
+        cmds = []
+        if oadm:
+            cmds = ['/usr/bin/oadm']
+        else:
+            cmds = ['/usr/bin/oc']
+
+        cmds.extend(cmd)
+
+        rval = {}
+        results = ''
+        err = None
+
+        if self.verbose:
+            print ' '.join(cmds)
+
+        proc = subprocess.Popen(cmds,
+                                stdin=subprocess.PIPE,
+                                stdout=subprocess.PIPE,
+                                stderr=subprocess.PIPE,
+                                env={'KUBECONFIG': self.kubeconfig})
+
+        stdout, stderr = proc.communicate(input_data)
+        rval = {"returncode": proc.returncode,
+                "results": results,
+                "cmd": ' '.join(cmds)}
+
+        if proc.returncode == 0:
+            if output:
+                if output_type == 'json':
+                    try:
+                        rval['results'] = json.loads(stdout)
+                    except ValueError as err:
+                        if "No JSON object could be decoded" in err.message:
+                            err = err.message
+                elif output_type == 'raw':
+                    rval['results'] = stdout
+
+            if self.verbose:
+                print stdout
+                print stderr
+
+            if err:
+                rval.update({"err": err,
+                             "stderr": stderr,
+                             "stdout": stdout,
+                             "cmd": cmds})
+
+        else:
+            rval.update({"stderr": stderr,
+                         "stdout": stdout,
+                         "results": {}})
+
+        return rval
+
+
+class Utils(object):
+    ''' utilities for openshiftcli modules '''
+    @staticmethod
+    def create_file(rname, data, ftype='yaml'):
+        ''' create a file in tmp with name and contents'''
+        path = os.path.join('/tmp', rname)
+        with open(path, 'w') as fds:
+            if ftype == 'yaml':
+                fds.write(yaml.dump(data, Dumper=yaml.RoundTripDumper))
+
+            elif ftype == 'json':
+                fds.write(json.dumps(data))
+            else:
+                fds.write(data)
+
+        # Register cleanup when module is done
+        atexit.register(Utils.cleanup, [path])
+        return path
+
+    @staticmethod
+    def create_files_from_contents(content, content_type=None):
+        '''Turn an array of dict: filename, content into a files array'''
+        if not isinstance(content, list):
+            content = [content]
+        files = []
+        for item in content:
+            path = Utils.create_file(item['path'], item['data'], ftype=content_type)
+            files.append({'name': os.path.basename(path), 'path': path})
+        return files
+
+    @staticmethod
+    def cleanup(files):
+        '''Clean up on exit '''
+        for sfile in files:
+            if os.path.exists(sfile):
+                if os.path.isdir(sfile):
+                    shutil.rmtree(sfile)
+                elif os.path.isfile(sfile):
+                    os.remove(sfile)
+
+    @staticmethod
+    def exists(results, _name):
+        ''' Check to see if the results include the name '''
+        if not results:
+            return False
+
+        if Utils.find_result(results, _name):
+            return True
+
+        return False
+
+    @staticmethod
+    def find_result(results, _name):
+        ''' Find the specified result by name'''
+        rval = None
+        for result in results:
+            if 'metadata' in result and result['metadata']['name'] == _name:
+                rval = result
+                break
+
+        return rval
+
+    @staticmethod
+    def get_resource_file(sfile, sfile_type='yaml'):
+        ''' return the service file '''
+        contents = None
+        with open(sfile) as sfd:
+            contents = sfd.read()
+
+        if sfile_type == 'yaml':
+            contents = yaml.load(contents, yaml.RoundTripLoader)
+        elif sfile_type == 'json':
+            contents = json.loads(contents)
+
+        return contents
+
+    # Disabling too-many-branches.  This is a yaml dictionary comparison function
+    # pylint: disable=too-many-branches,too-many-return-statements,too-many-statements
+    @staticmethod
+    def check_def_equal(user_def, result_def, skip_keys=None, debug=False):
+        ''' Given a user defined definition, compare it with the results given back by our query.  '''
+
+        # Currently these values are autogenerated and we do not need to check them
+        skip = ['metadata', 'status']
+        if skip_keys:
+            skip.extend(skip_keys)
+
+        for key, value in result_def.items():
+            if key in skip:
+                continue
+
+            # Both are lists
+            if isinstance(value, list):
+                if key not in user_def:
+                    if debug:
+                        print 'User data does not have key [%s]' % key
+                        print 'User data: %s' % user_def
+                    return False
+
+                if not isinstance(user_def[key], list):
+                    if debug:
+                        print 'user_def[key] is not a list key=[%s] user_def[key]=%s' % (key, user_def[key])
+                    return False
+
+                if len(user_def[key]) != len(value):
+                    if debug:
+                        print "List lengths are not equal."
+                        print "key=[%s]: user_def[%s] != value[%s]" % (key, len(user_def[key]), len(value))
+                        print "user_def: %s" % user_def[key]
+                        print "value: %s" % value
+                    return False
+
+                for values in zip(user_def[key], value):
+                    if isinstance(values[0], dict) and isinstance(values[1], dict):
+                        if debug:
+                            print 'sending list - list'
+                            print type(values[0])
+                            print type(values[1])
+                        result = Utils.check_def_equal(values[0], values[1], skip_keys=skip_keys, debug=debug)
+                        if not result:
+                            print 'list compare returned false'
+                            return False
+
+                    elif value != user_def[key]:
+                        if debug:
+                            print 'value should be identical'
+                            print value
+                            print user_def[key]
+                        return False
+
+            # recurse on a dictionary
+            elif isinstance(value, dict):
+                if key not in user_def:
+                    if debug:
+                        print "user_def does not have key [%s]" % key
+                    return False
+                if not isinstance(user_def[key], dict):
+                    if debug:
+                        print "dict returned false: not instance of dict"
+                    return False
+
+                # before passing ensure keys match
+                api_values = set(value.keys()) - set(skip)
+                user_values = set(user_def[key].keys()) - set(skip)
+                if api_values != user_values:
+                    if debug:
+                        print "keys are not equal in dict"
+                        print api_values
+                        print user_values
+                    return False
+
+                result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug)
+                if not result:
+                    if debug:
+                        print "dict returned false"
+                        print result
+                    return False
+
+            # Verify each key, value pair is the same
+            else:
+                if key not in user_def or value != user_def[key]:
+                    if debug:
+                        print "value not equal; user_def does not have key"
+                        print key
+                        print value
+                        if key in user_def:
+                            print user_def[key]
+                    return False
+
+        if debug:
+            print 'returning true'
+        return True
+
+
+class OpenShiftCLIConfig(object):
+    '''Generic Config'''
+    def __init__(self, rname, namespace, kubeconfig, options):
+        self.kubeconfig = kubeconfig
+        self.name = rname
+        self.namespace = namespace
+        self._options = options
+
+    @property
+    def config_options(self):
+        ''' return config options '''
+        return self._options
+
+    def to_option_list(self):
+        '''return all options as a string'''
+        return self.stringify()
+
+    def stringify(self):
+        ''' return the options hash as cli params in a string '''
+        rval = []
+        for key, data in self.config_options.items():
+            if data['include'] \
+               and (data['value'] or isinstance(data['value'], int)):
+                rval.append('--%s=%s' % (key.replace('_', '-'), data['value']))
+
+        return rval
+

roles/lib_openshift/src/lib/import.py

@@ -0,0 +1,16 @@
+# pylint: skip-file
+# flake8: noqa
+'''
+   OpenShiftCLI class that wraps the oc commands in a subprocess
+'''
+# pylint: disable=too-many-lines
+
+
+import atexit
+import json
+import os
+import re
+import ruamel.yaml as yaml
+import shutil
+import subprocess
+from ansible.module_utils.basic import AnsibleModule

roles/lib_openshift/src/lib/route.py

@@ -0,0 +1,101 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+# pylint: disable=too-many-instance-attributes
+class RouteConfig(object):
+    ''' Handle route options '''
+    # pylint: disable=too-many-arguments
+    def __init__(self,
+                 sname,
+                 namespace,
+                 kubeconfig,
+                 destcacert=None,
+                 cacert=None,
+                 cert=None,
+                 key=None,
+                 host=None,
+                 tls_termination=None,
+                 service_name=None):
+        ''' constructor for handling route options '''
+        self.kubeconfig = kubeconfig
+        self.name = sname
+        self.namespace = namespace
+        self.host = host
+        self.tls_termination = tls_termination
+        self.destcacert = destcacert
+        self.cacert = cacert
+        self.cert = cert
+        self.key = key
+        self.service_name = service_name
+        self.data = {}
+
+        self.create_dict()
+
+    def create_dict(self):
+        ''' return a service as a dict '''
+        self.data['apiVersion'] = 'v1'
+        self.data['kind'] = 'Route'
+        self.data['metadata'] = {}
+        self.data['metadata']['name'] = self.name
+        self.data['metadata']['namespace'] = self.namespace
+        self.data['spec'] = {}
+
+        self.data['spec']['host'] = self.host
+
+        if self.tls_termination:
+            self.data['spec']['tls'] = {}
+
+            if self.tls_termination == 'reencrypt':
+                self.data['spec']['tls']['destinationCACertificate'] = self.destcacert
+            self.data['spec']['tls']['key'] = self.key
+            self.data['spec']['tls']['caCertificate'] = self.cacert
+            self.data['spec']['tls']['certificate'] = self.cert
+            self.data['spec']['tls']['termination'] = self.tls_termination
+
+        self.data['spec']['to'] = {'kind': 'Service', 'name': self.service_name}
+
+
+# pylint: disable=too-many-instance-attributes,too-many-public-methods
+class Route(Yedit):
+    ''' Class to wrap the oc command line tools '''
+    host_path = "spec.host"
+    service_path = "spec.to.name"
+    cert_path = "spec.tls.certificate"
+    cacert_path = "spec.tls.caCertificate"
+    destcacert_path = "spec.tls.destinationCACertificate"
+    termination_path = "spec.tls.termination"
+    key_path = "spec.tls.key"
+    kind = 'route'
+
+    def __init__(self, content):
+        '''Route constructor'''
+        super(Route, self).__init__(content=content)
+
+    def get_destcacert(self):
+        ''' return cert '''
+        return self.get(Route.destcacert_path)
+
+    def get_cert(self):
+        ''' return cert '''
+        return self.get(Route.cert_path)
+
+    def get_key(self):
+        ''' return key '''
+        return self.get(Route.key_path)
+
+    def get_cacert(self):
+        ''' return cacert '''
+        return self.get(Route.cacert_path)
+
+    def get_service(self):
+        ''' return service name '''
+        return self.get(Route.service_path)
+
+    def get_termination(self):
+        ''' return tls termination'''
+        return self.get(Route.termination_path)
+
+    def get_host(self):
+        ''' return host '''
+        return self.get(Route.host_path)

roles/lib_utils/library/yedit.py

@@ -24,7 +24,6 @@
 # limitations under the License.
 #
 
-
 # pylint: disable=wrong-import-order
 import json
 import os
@@ -164,7 +163,6 @@ EXAMPLES = '''
 #     c: d
 '''
 
-
 class YeditException(Exception):
     ''' Exception class for Yedit '''
     pass
@@ -590,6 +588,48 @@ class Yedit(object):
 
         return (False, self.yaml_dict)
 
+    @staticmethod
+    def get_curr_value(invalue, val_type):
+        '''return the current value'''
+        if invalue is None:
+            return None
+
+        curr_value = invalue
+        if val_type == 'yaml':
+            curr_value = yaml.load(invalue)
+        elif val_type == 'json':
+            curr_value = json.loads(invalue)
+
+        return curr_value
+
+    @staticmethod
+    def parse_value(inc_value, vtype=''):
+        '''determine value type passed'''
+        true_bools = ['y', 'Y', 'yes', 'Yes', 'YES', 'true', 'True', 'TRUE',
+                      'on', 'On', 'ON', ]
+        false_bools = ['n', 'N', 'no', 'No', 'NO', 'false', 'False', 'FALSE',
+                       'off', 'Off', 'OFF']
+
+        # It came in as a string but you didn't specify value_type as string
+        # we will convert to bool if it matches any of the above cases
+        if isinstance(inc_value, str) and 'bool' in vtype:
+            if inc_value not in true_bools and inc_value not in false_bools:
+                raise YeditException('Not a boolean type. str=[%s] vtype=[%s]'
+                                     % (inc_value, vtype))
+        elif isinstance(inc_value, bool) and 'str' in vtype:
+            inc_value = str(inc_value)
+
+        # If vtype is not str then go ahead and attempt to yaml load it.
+        if isinstance(inc_value, str) and 'str' not in vtype:
+            try:
+                inc_value = yaml.load(inc_value)
+            except Exception:
+                raise YeditException('Could not determine type of incoming ' +
+                                     'value. value=[%s] vtype=[%s]'
+                                     % (type(inc_value), vtype))
+
+        return inc_value
+
     # pylint: disable=too-many-return-statements,too-many-branches
     @staticmethod
     def run_ansible(module):
@@ -610,8 +650,8 @@ class Yedit(object):
 
         if module.params['state'] == 'list':
             if module.params['content']:
-                content = parse_value(module.params['content'],
-                                      module.params['content_type'])
+                content = Yedit.parse_value(module.params['content'],
+                                            module.params['content_type'])
                 yamlfile.yaml_dict = content
 
             if module.params['key']:
@@ -621,8 +661,8 @@ class Yedit(object):
 
         elif module.params['state'] == 'absent':
             if module.params['content']:
-                content = parse_value(module.params['content'],
-                                      module.params['content_type'])
+                content = Yedit.parse_value(module.params['content'],
+                                            module.params['content_type'])
                 yamlfile.yaml_dict = content
 
             if module.params['update']:
@@ -639,8 +679,8 @@ class Yedit(object):
         elif module.params['state'] == 'present':
             # check if content is different than what is in the file
             if module.params['content']:
-                content = parse_value(module.params['content'],
-                                      module.params['content_type'])
+                content = Yedit.parse_value(module.params['content'],
+                                            module.params['content_type'])
 
                 # We had no edits to make and the contents are the same
                 if yamlfile.yaml_dict == content and \
@@ -653,12 +693,13 @@ class Yedit(object):
 
             # we were passed a value; parse it
             if module.params['value']:
-                value = parse_value(module.params['value'],
-                                    module.params['value_type'])
+                value = Yedit.parse_value(module.params['value'],
+                                          module.params['value_type'])
                 key = module.params['key']
                 if module.params['update']:
                     # pylint: disable=line-too-long
-                    curr_value = get_curr_value(parse_value(module.params['curr_value']), module.params['curr_value_format'])  # noqa: #501
+                    curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']),  # noqa: E501
+                                                      module.params['curr_value_format'])  # noqa: E501
 
                     rval = yamlfile.update(key, value, module.params['index'], curr_value)  # noqa: E501
 
@@ -683,49 +724,6 @@ class Yedit(object):
 
         return {'failed': True, 'msg': 'Unkown state passed'}
 
-
-def get_curr_value(invalue, val_type):
-    '''return the current value'''
-    if invalue is None:
-        return None
-
-    curr_value = invalue
-    if val_type == 'yaml':
-        curr_value = yaml.load(invalue)
-    elif val_type == 'json':
-        curr_value = json.loads(invalue)
-
-    return curr_value
-
-
-def parse_value(inc_value, vtype=''):
-    '''determine value type passed'''
-    true_bools = ['y', 'Y', 'yes', 'Yes', 'YES', 'true', 'True', 'TRUE',
-                  'on', 'On', 'ON', ]
-    false_bools = ['n', 'N', 'no', 'No', 'NO', 'false', 'False', 'FALSE',
-                   'off', 'Off', 'OFF']
-
-    # It came in as a string but you didn't specify value_type as string
-    # we will convert to bool if it matches any of the above cases
-    if isinstance(inc_value, str) and 'bool' in vtype:
-        if inc_value not in true_bools and inc_value not in false_bools:
-            raise YeditException('Not a boolean type. str=[%s] vtype=[%s]'
-                                 % (inc_value, vtype))
-    elif isinstance(inc_value, bool) and 'str' in vtype:
-        inc_value = str(inc_value)
-
-    # If vtype is not str then go ahead and attempt to yaml load it.
-    if isinstance(inc_value, str) and 'str' not in vtype:
-        try:
-            inc_value = yaml.load(inc_value)
-        except Exception:
-            raise YeditException('Could not determine type of incoming ' +
-                                 'value. value=[%s] vtype=[%s]'
-                                 % (type(inc_value), vtype))
-
-    return inc_value
-
-
 # pylint: disable=too-many-branches
 def main():
     ''' ansible oc module for secrets '''
@@ -757,7 +755,7 @@ def main():
 
     rval = Yedit.run_ansible(module)
     if 'failed' in rval and rval['failed']:
-        module.fail_json(msg=rval['msg'])
+        module.fail_json(**rval)
 
     module.exit_json(**rval)
 

roles/lib_utils/src/ansible/yedit.py

@@ -1,49 +1,6 @@
 # flake8: noqa
 # pylint: skip-file
 
-
-def get_curr_value(invalue, val_type):
-    '''return the current value'''
-    if invalue is None:
-        return None
-
-    curr_value = invalue
-    if val_type == 'yaml':
-        curr_value = yaml.load(invalue)
-    elif val_type == 'json':
-        curr_value = json.loads(invalue)
-
-    return curr_value
-
-
-def parse_value(inc_value, vtype=''):
-    '''determine value type passed'''
-    true_bools = ['y', 'Y', 'yes', 'Yes', 'YES', 'true', 'True', 'TRUE',
-                  'on', 'On', 'ON', ]
-    false_bools = ['n', 'N', 'no', 'No', 'NO', 'false', 'False', 'FALSE',
-                   'off', 'Off', 'OFF']
-
-    # It came in as a string but you didn't specify value_type as string
-    # we will convert to bool if it matches any of the above cases
-    if isinstance(inc_value, str) and 'bool' in vtype:
-        if inc_value not in true_bools and inc_value not in false_bools:
-            raise YeditException('Not a boolean type. str=[%s] vtype=[%s]'
-                                 % (inc_value, vtype))
-    elif isinstance(inc_value, bool) and 'str' in vtype:
-        inc_value = str(inc_value)
-
-    # If vtype is not str then go ahead and attempt to yaml load it.
-    if isinstance(inc_value, str) and 'str' not in vtype:
-        try:
-            inc_value = yaml.load(inc_value)
-        except Exception:
-            raise YeditException('Could not determine type of incoming ' +
-                                 'value. value=[%s] vtype=[%s]'
-                                 % (type(inc_value), vtype))
-
-    return inc_value
-
-
 # pylint: disable=too-many-branches
 def main():
     ''' ansible oc module for secrets '''
@@ -75,7 +32,7 @@ def main():
 
     rval = Yedit.run_ansible(module)
     if 'failed' in rval and rval['failed']:
-        module.fail_json(msg=rval['msg'])
+        module.fail_json(**rval)
 
     module.exit_json(**rval)
 

roles/lib_utils/src/class/yedit.py

@@ -1,6 +1,7 @@
 # flake8: noqa
 # pylint: skip-file
 
+
 class YeditException(Exception):
     ''' Exception class for Yedit '''
     pass
@@ -426,6 +427,48 @@ class Yedit(object):
 
         return (False, self.yaml_dict)
 
+    @staticmethod
+    def get_curr_value(invalue, val_type):
+        '''return the current value'''
+        if invalue is None:
+            return None
+
+        curr_value = invalue
+        if val_type == 'yaml':
+            curr_value = yaml.load(invalue)
+        elif val_type == 'json':
+            curr_value = json.loads(invalue)
+
+        return curr_value
+
+    @staticmethod
+    def parse_value(inc_value, vtype=''):
+        '''determine value type passed'''
+        true_bools = ['y', 'Y', 'yes', 'Yes', 'YES', 'true', 'True', 'TRUE',
+                      'on', 'On', 'ON', ]
+        false_bools = ['n', 'N', 'no', 'No', 'NO', 'false', 'False', 'FALSE',
+                       'off', 'Off', 'OFF']
+
+        # It came in as a string but you didn't specify value_type as string
+        # we will convert to bool if it matches any of the above cases
+        if isinstance(inc_value, str) and 'bool' in vtype:
+            if inc_value not in true_bools and inc_value not in false_bools:
+                raise YeditException('Not a boolean type. str=[%s] vtype=[%s]'
+                                     % (inc_value, vtype))
+        elif isinstance(inc_value, bool) and 'str' in vtype:
+            inc_value = str(inc_value)
+
+        # If vtype is not str then go ahead and attempt to yaml load it.
+        if isinstance(inc_value, str) and 'str' not in vtype:
+            try:
+                inc_value = yaml.load(inc_value)
+            except Exception:
+                raise YeditException('Could not determine type of incoming ' +
+                                     'value. value=[%s] vtype=[%s]'
+                                     % (type(inc_value), vtype))
+
+        return inc_value
+
     # pylint: disable=too-many-return-statements,too-many-branches
     @staticmethod
     def run_ansible(module):
@@ -446,8 +489,8 @@ class Yedit(object):
 
         if module.params['state'] == 'list':
             if module.params['content']:
-                content = parse_value(module.params['content'],
-                                      module.params['content_type'])
+                content = Yedit.parse_value(module.params['content'],
+                                            module.params['content_type'])
                 yamlfile.yaml_dict = content
 
             if module.params['key']:
@@ -457,8 +500,8 @@ class Yedit(object):
 
         elif module.params['state'] == 'absent':
             if module.params['content']:
-                content = parse_value(module.params['content'],
-                                      module.params['content_type'])
+                content = Yedit.parse_value(module.params['content'],
+                                            module.params['content_type'])
                 yamlfile.yaml_dict = content
 
             if module.params['update']:
@@ -475,8 +518,8 @@ class Yedit(object):
         elif module.params['state'] == 'present':
             # check if content is different than what is in the file
             if module.params['content']:
-                content = parse_value(module.params['content'],
-                                      module.params['content_type'])
+                content = Yedit.parse_value(module.params['content'],
+                                            module.params['content_type'])
 
                 # We had no edits to make and the contents are the same
                 if yamlfile.yaml_dict == content and \
@@ -489,12 +532,13 @@ class Yedit(object):
 
             # we were passed a value; parse it
             if module.params['value']:
-                value = parse_value(module.params['value'],
-                                    module.params['value_type'])
+                value = Yedit.parse_value(module.params['value'],
+                                          module.params['value_type'])
                 key = module.params['key']
                 if module.params['update']:
                     # pylint: disable=line-too-long
-                    curr_value = get_curr_value(parse_value(module.params['curr_value']), module.params['curr_value_format'])  # noqa: #501
+                    curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']),  # noqa: E501
+                                                      module.params['curr_value_format'])  # noqa: E501
 
                     rval = yamlfile.update(key, value, module.params['index'], curr_value)  # noqa: E501
 

roles/lib_utils/src/test/integration/kube-manager-test.yaml

@@ -0,0 +1,58 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: kube-controller-manager
+  namespace: kube-system
+spec:
+  hostNetwork: true
+  containers:
+  - name: kube-controller-manager
+    image: openshift/kube:v1.0.0
+    command:
+    - /hyperkube
+    - controller-manager
+    - --master=http://127.0.0.1:8080
+    - --leader-elect=true
+    - --service-account-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
+    - --root-ca-file=/etc/k8s/ssl/my.pem
+    - --my-new-parameter=openshift
+    livenessProbe:
+      httpGet:
+        host: 127.0.0.1
+        path: /healthz
+        port: 10252
+      initialDelaySeconds: 15
+      timeoutSeconds: 1
+    volumeMounts:
+    - mountPath: /etc/kubernetes/ssl
+      name: ssl-certs-kubernetes
+      readOnly: true
+    - mountPath: /etc/ssl/certs
+      name: ssl-certs-host
+      readOnly: 'true'
+  volumes:
+  - hostPath:
+      path: /etc/kubernetes/ssl
+    name: ssl-certs-kubernetes
+  - hostPath:
+      path: /usr/share/ca-certificates
+    name: ssl-certs-host
+yedittest: yedittest
+metadata-namespace: openshift-is-awesome
+nonexistingkey:
+- --my-new-parameter=openshift
+a:
+  b:
+    c: d
+e:
+  f:
+    g:
+      h:
+        i:
+          j: k
+z:
+  x:
+    y:
+    - 1
+    - 2
+    - 3

roles/lib_utils/src/test/integration/kube-manager-test.yaml.orig

@@ -0,0 +1,52 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: kube-controller-manager
+  namespace: kube-system
+spec:
+  hostNetwork: true
+  containers:
+  - name: kube-controller-manager
+    image: openshift/kube:v1.0.0
+    command:
+    - /hyperkube
+    - controller-manager
+    - --master=http://127.0.0.1:8080
+    - --leader-elect=true
+    - --service-account-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
+    - --root-ca-file=/etc/k8s/ssl/my.pem
+    - --my-new-parameter=openshift
+    livenessProbe:
+      httpGet:
+        host: 127.0.0.1
+        path: /healthz
+        port: 10252
+      initialDelaySeconds: 15
+      timeoutSeconds: 1
+    volumeMounts:
+    - mountPath: /etc/kubernetes/ssl
+      name: ssl-certs-kubernetes
+      readOnly: true
+    - mountPath: /etc/ssl/certs
+      name: ssl-certs-host
+      readOnly: 'true'
+  volumes:
+  - hostPath:
+      path: /etc/kubernetes/ssl
+    name: ssl-certs-kubernetes
+  - hostPath:
+      path: /usr/share/ca-certificates
+    name: ssl-certs-host
+yedittest: yedittest
+metadata-namespace: openshift-is-awesome
+nonexistingkey:
+- --my-new-parameter=openshift
+a:
+  b:
+    c: d
+e:
+  f:
+    g:
+      h:
+        i:
+          j: k