Adding oc_group to lib_openshift

roles/lib_openshift/src/ansible/oc_group.py

@@ -0,0 +1,32 @@
+# pylint: skip-file
+# flake8: noqa
+
+#pylint: disable=too-many-branches
+def main():
+    '''
+    ansible oc module for group
+    '''
+
+    module = AnsibleModule(
+        argument_spec=dict(
+            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
+            state=dict(default='present', type='str',
+                       choices=['present', 'absent', 'list']),
+            debug=dict(default=False, type='bool'),
+            name=dict(default=None, type='str'),
+            namespace=dict(default='default', type='str'),
+            # addind users to a group is handled through the oc_users module
+            #users=dict(default=None, type='list'),
+        ),
+        supports_check_mode=True,
+    )
+
+    rval = OCGroup.run_ansible(module.params, module.check_mode)
+
+    if 'failed' in rval:
+        return module.fail_json(**rval)
+
+    return module.exit_json(**rval)
+
+if __name__ == '__main__':
+    main()

roles/lib_openshift/src/class/oc_group.py

@@ -0,0 +1,148 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+class OCGroup(OpenShiftCLI):
+    ''' Class to wrap the oc command line tools '''
+    kind = 'group'
+
+    def __init__(self,
+                 config,
+                 verbose=False):
+        ''' Constructor for OCGroup '''
+        super(OCGroup, self).__init__(config.namespace, config.kubeconfig)
+        self.config = config
+        self.namespace = config.namespace
+        self._group = None
+
+    @property
+    def group(self):
+        ''' property function service'''
+        if not self._group:
+            self.get()
+        return self._group
+
+    @group.setter
+    def group(self, data):
+        ''' setter function for yedit var '''
+        self._group = data
+
+    def exists(self):
+        ''' return whether a group exists '''
+        if self.group:
+            return True
+
+        return False
+
+    def get(self):
+        '''return group information '''
+        result = self._get(self.kind, self.config.name)
+        if result['returncode'] == 0:
+            self.group = Group(content=result['results'][0])
+        elif 'groups \"{}\" not found'.format(self.config.name) in result['stderr']:
+            result['returncode'] = 0
+            result['results'] = [{}]
+
+        return result
+
+    def delete(self):
+        '''delete the object'''
+        return self._delete(self.kind, self.config.name)
+
+    def create(self):
+        '''create the object'''
+        return self._create_from_content(self.config.name, self.config.data)
+
+    def update(self):
+        '''update the object'''
+        return self._replace_content(self.kind, self.config.name, self.config.data)
+
+    def needs_update(self):
+        ''' verify an update is needed '''
+        return not Utils.check_def_equal(self.config.data, self.group.yaml_dict, skip_keys=[], debug=True)
+
+    # pylint: disable=too-many-return-statements,too-many-branches
+    @staticmethod
+    def run_ansible(params, check_mode=False):
+        '''run the idempotent ansible code'''
+
+        gconfig = GroupConfig(params['name'],
+                              params['namespace'],
+                              params['kubeconfig'],
+                             )
+        oc_group = OCGroup(gconfig, verbose=params['debug'])
+
+        state = params['state']
+
+        api_rval = oc_group.get()
+
+        if api_rval['returncode'] != 0:
+            return {'failed': True, 'msg': api_rval}
+
+        #####
+        # Get
+        #####
+        if state == 'list':
+            return {'changed': False, 'results': api_rval['results'], 'state': state}
+
+        ########
+        # Delete
+        ########
+        if state == 'absent':
+            if oc_group.exists():
+
+                if check_mode:
+                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'}
+
+                api_rval = oc_group.delete()
+
+                if api_rval['returncode'] != 0:
+                    return {'failed': True, 'msg': api_rval}
+
+                return {'changed': True, 'results': api_rval, 'state': state}
+
+            return {'changed': False, 'state': state}
+
+        if state == 'present':
+            ########
+            # Create
+            ########
+            if not oc_group.exists():
+
+                if check_mode:
+                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'}
+
+                # Create it here
+                api_rval = oc_group.create()
+
+                if api_rval['returncode'] != 0:
+                    return {'failed': True, 'msg': api_rval}
+
+                # return the created object
+                api_rval = oc_group.get()
+
+                if api_rval['returncode'] != 0:
+                    return {'failed': True, 'msg': api_rval}
+
+                return {'changed': True, 'results': api_rval, 'state': state}
+
+            ########
+            # Update
+            ########
+            if oc_group.needs_update():
+                api_rval = oc_group.update()
+
+                if api_rval['returncode'] != 0:
+                    return {'failed': True, 'msg': api_rval}
+
+                # return the created object
+                api_rval = oc_group.get()
+
+                if api_rval['returncode'] != 0:
+                    return {'failed': True, 'msg': api_rval}
+
+                return {'changed': True, 'results': api_rval, 'state': state}
+
+            return {'changed': False, 'results': api_rval, 'state': state}
+
+        return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)}

roles/lib_openshift/src/doc/group

@@ -0,0 +1,56 @@
+# flake8: noqa
+# pylint: skip-file
+
+DOCUMENTATION = '''
+---
+module: oc_group
+short_description: Modify, and idempotently manage openshift groups.
+description:
+  - Modify openshift groups programmatically.
+options:
+  state:
+    description:
+    - Supported states, present, absent, list
+    - present - will ensure object is created or updated to the value specified
+    - list - will return a group
+    - absent - will remove the group
+    required: False
+    default: present
+    choices: ["present", 'absent', 'list']
+    aliases: []
+  kubeconfig:
+    description:
+    - The path for the kubeconfig file to use for authentication
+    required: false
+    default: /etc/origin/master/admin.kubeconfig
+    aliases: []
+  debug:
+    description:
+    - Turn on debug output.
+    required: false
+    default: False
+    aliases: []
+  name:
+    description:
+    - Name of the object that is being queried.
+    required: false
+    default: None
+    aliases: []
+  namespace:
+    description:
+    - The namespace where the object lives.
+    required: false
+    default: str
+    aliases: []
+author:
+- "Joel Diaz <jdiaz@redhat.com>"
+extends_documentation_fragment: []
+'''
+
+EXAMPLES = '''
+- name: create group
+  oc_group:
+    state: present
+    name: acme_org
+  register: group_out
+'''

roles/lib_openshift/src/lib/group.py

@@ -0,0 +1,36 @@
+# pylint: skip-file
+# flake8: noqa
+
+
+class GroupConfig(object):
+    ''' Handle route options '''
+    # pylint: disable=too-many-arguments
+    def __init__(self,
+                 sname,
+                 namespace,
+                 kubeconfig):
+        ''' constructor for handling group options '''
+        self.kubeconfig = kubeconfig
+        self.name = sname
+        self.namespace = namespace
+        self.data = {}
+
+        self.create_dict()
+
+    def create_dict(self):
+        ''' return a service as a dict '''
+        self.data['apiVersion'] = 'v1'
+        self.data['kind'] = 'Group'
+        self.data['metadata'] = {}
+        self.data['metadata']['name'] = self.name
+        self.data['users'] = None
+
+
+# pylint: disable=too-many-instance-attributes
+class Group(Yedit):
+    ''' Class to wrap the oc command line tools '''
+    kind = 'group'
+
+    def __init__(self, content):
+        '''Group constructor'''
+        super(Group, self).__init__(content=content)

roles/lib_openshift/src/sources.yml

@@ -100,6 +100,17 @@ oc_env.py:
 - class/oc_env.py
 - ansible/oc_env.py
 
+oc_group.py:
+- doc/generated
+- doc/license
+- lib/import.py
+- doc/group
+- ../../lib_utils/src/class/yedit.py
+- lib/base.py
+- lib/group.py
+- class/oc_group.py
+- ansible/oc_group.py
+
 oc_label.py:
 - doc/generated
 - doc/license

roles/lib_openshift/src/test/integration/group.yml

@@ -0,0 +1,229 @@
+#!/usr/bin/ansible-playbook
+---
+- hosts: "{{ cli_master_test }}"
+  gather_facts: no
+  user: root
+
+  vars:
+
+  post_tasks:
+  - name: delete test group (so future tests work)
+    oc_group:
+      state: absent
+      name: jgroup
+
+  - name: delete 2nd test group (so future tests work)
+    oc_group:
+      state: absent
+      name: jgroup2
+
+  - name: delete test user (so future tests work)
+    oc_user:
+      state: absent
+      username: jdiaz@redhat.com
+
+  - name: get group list
+    oc_group:
+      state: list
+      name: jgroup
+    register: group_out
+  #- debug: var=group_out
+  - name: assert group 'jgroup' (test group) does not exist
+    assert:
+      that: group_out['results'][0] == {}
+
+  - name: get group list
+    oc_group:
+      state: list
+      name: jgroup2
+    register: group_out
+  #- debug: var=group_out
+  - name: assert group 'jgroup2' (test group) does not exist
+    assert:
+      that: group_out['results'][0] == {}
+
+  - name: get user list
+    oc_user:
+      state: list
+      username: 'jdiaz@redhat.com'
+    register: group_out
+  #- debug: var=group_out
+  - name: assert user 'jdiaz@redhat.com' (test user) does not exist
+    assert:
+      that: group_out['results'][0] == {}
+
+  - name: create group
+    oc_group:
+      state: present
+      name: jgroup
+    register: group_out
+  #- debug: var=group_out
+  - name: assert creating group marked changed
+    assert:
+      that: group_out['changed'] == True
+
+  - name: list group
+    oc_group:
+      state: list
+      name: jgroup
+    register: group_out
+  #- debug: var=group_out
+  - name: assert group actually created
+    assert:
+      that: group_out['results'][0]['metadata']['name'] == 'jgroup'
+
+  - name: re-add group
+    oc_group:
+      state: present
+      name: jgroup
+    register: group_out
+  #- debug: var=group_out
+  - name: assert re-adding group marked not changed
+    assert:
+      that: group_out['changed'] == False
+
+
+  - name: add user with group membership
+    oc_user:
+      state: present
+      username: jdiaz@redhat.com
+      full_name: Joel Diaz
+      groups:
+      - jgroup
+    register: group_out
+  #- debug: var=group_out
+
+  - name: get group
+    oc_group:
+      state: list
+      name: jgroup
+    register: group_out
+  - name: assert user in group
+    assert:
+      that: group_out['results'][0]['users'][0] == 'jdiaz@redhat.com'
+
+  - name: add 2nd group
+    oc_group:
+      state: present
+      name: jgroup2
+
+  - name: change group membership
+    oc_user:
+      state: present
+      username: jdiaz@redhat.com
+      full_name: Joel Diaz
+      groups:
+      - jgroup2
+    register: group_out
+  - name: assert result changed
+    assert:
+      that: group_out['changed'] == True
+
+  - name: check jgroup user membership
+    oc_group:
+      state: list
+      name: jgroup
+    register: group_out
+  #- debug: var=group_out
+  - name: assert user not present in previous group
+    assert:
+      that: group_out['results'][0]['users'] == []
+
+  - name: check jgroup2 user membership
+    oc_group:
+      state: list
+      name: jgroup2
+    register: group_out
+  #- debug: var=group_out
+  - name: assert user present in new group
+    assert:
+      that: group_out['results'][0]['users'][0] == 'jdiaz@redhat.com'
+
+  - name: multi-group membership
+    oc_user:
+      state: present
+      username: jdiaz@redhat.com
+      full_name: Joel Diaz
+      groups:
+      - jgroup
+      - jgroup2
+    register: group_out
+  - name: assert result changed
+    assert:
+      that: group_out['changed'] == True
+
+  - name: check jgroup user membership
+    oc_group:
+      state: list
+      name: jgroup
+    register: group_out
+  #- debug: var=group_out
+  - name: assert user present in group
+    assert:
+      that: group_out['results'][0]['users'][0] == 'jdiaz@redhat.com'
+
+  - name: check jgroup2 user membership
+    oc_group:
+      state: list
+      name: jgroup2
+    register: group_out
+  #- debug: var=group_out
+  - name: assert user still present in group
+    assert:
+      that: group_out['results'][0]['users'][0] == 'jdiaz@redhat.com'
+
+  - name: user delete (group cleanup)
+    oc_user:
+      state: absent
+      username: jdiaz@redhat.com
+    register: group_out
+
+  - name: get user list for jgroup
+    oc_group:
+      state: list
+      name: jgroup
+    register: group_out
+  #- debug: var=group_out
+  - name: assert that group jgroup has no members
+    assert:
+      that: group_out['results'][0]['users'] == []
+
+  - name: get user list for jgroup2
+    oc_group:
+      state: list
+      name: jgroup2
+    register: group_out
+  #- debug: var=group_out
+  - name: assert that group jgroup2 has no members
+    assert:
+      that: group_out['results'][0]['users'] == []
+
+  - name: user without groups defined
+    oc_user:
+      state: present
+      username: jdiaz@redhat.com
+      full_name: Joel Diaz
+    register: group_out
+  - name: assert result changed
+    assert:
+      that: group_out['changed'] == True
+
+  - name: check jgroup user membership
+    oc_group:
+      state: list
+      name: jgroup
+    register: group_out
+  #- debug: var=group_out
+  - name: assert user not present in group
+    assert:
+      that: group_out['results'][0]['users'] == []
+
+  - name: check jgroup2 user membership
+    oc_group:
+      state: list
+      name: jgroup2
+    register: group_out
+  #- debug: var=group_out
+  - name: assert user not present in group
+    assert:
+      that: group_out['results'][0]['users'] == []

roles/lib_openshift/src/test/unit/test_oc_group.py

@@ -0,0 +1,253 @@
+'''
+ Unit tests for oc group
+'''
+
+import copy
+import os
+import six
+import sys
+import unittest
+import mock
+
+# Removing invalid variable names for tests so that I can
+# keep them brief
+# pylint: disable=invalid-name,no-name-in-module
+# Disable import-error b/c our libraries aren't loaded in jenkins
+# pylint: disable=import-error,wrong-import-position
+# place class in our python path
+module_path = os.path.join('/'.join(os.path.realpath(__file__).split('/')[:-4]), 'library')  # noqa: E501
+sys.path.insert(0, module_path)
+from oc_group import OCGroup, locate_oc_binary  # noqa: E402
+
+
+class OCGroupTest(unittest.TestCase):
+    '''
+     Test class for OCGroup
+    '''
+    params = {'kubeconfig': '/etc/origin/master/admin.kubeconfig',
+              'state': 'present',
+              'debug': False,
+              'name': 'acme',
+              'namespace': 'test'}
+
+    @mock.patch('oc_group.Utils.create_tmpfile_copy')
+    @mock.patch('oc_group.OCGroup._run')
+    def test_create_group(self, mock_run, mock_tmpfile_copy):
+        ''' Testing a group create '''
+        params = copy.deepcopy(OCGroupTest.params)
+
+        group = '''{
+            "kind": "Group",
+            "apiVersion": "v1",
+            "metadata": {
+                "name": "acme"
+            },
+            "users": []
+        }'''
+
+        mock_run.side_effect = [
+            (1, '', 'Error from server: groups "acme" not found'),
+            (1, '', 'Error from server: groups "acme" not found'),
+            (0, '', ''),
+            (0, group, ''),
+        ]
+
+        mock_tmpfile_copy.side_effect = [
+            '/tmp/mocked_kubeconfig',
+        ]
+
+        results = OCGroup.run_ansible(params, False)
+
+        self.assertTrue(results['changed'])
+        self.assertEqual(results['results']['results'][0]['metadata']['name'], 'acme')
+
+    @mock.patch('oc_group.Utils.create_tmpfile_copy')
+    @mock.patch('oc_group.OCGroup._run')
+    def test_failed_get_group(self, mock_run, mock_tmpfile_copy):
+        ''' Testing a group create '''
+        params = copy.deepcopy(OCGroupTest.params)
+        params['state'] = 'list'
+        params['name'] = 'noexist'
+
+        mock_run.side_effect = [
+            (1, '', 'Error from server: groups "acme" not found'),
+        ]
+
+        mock_tmpfile_copy.side_effect = [
+            '/tmp/mocked_kubeconfig',
+        ]
+
+        results = OCGroup.run_ansible(params, False)
+
+        self.assertTrue(results['failed'])
+
+    @mock.patch('oc_group.Utils.create_tmpfile_copy')
+    @mock.patch('oc_group.OCGroup._run')
+    def test_delete_group(self, mock_run, mock_tmpfile_copy):
+        ''' Testing a group create '''
+        params = copy.deepcopy(OCGroupTest.params)
+        params['state'] = 'absent'
+
+        group = '''{
+            "kind": "Group",
+            "apiVersion": "v1",
+            "metadata": {
+                "name": "acme"
+            },
+            "users": [
+              "user1"
+            ]
+        }'''
+
+        mock_run.side_effect = [
+            (0, group, ''),
+            (0, '', ''),
+        ]
+
+        mock_tmpfile_copy.side_effect = [
+            '/tmp/mocked_kubeconfig',
+        ]
+
+        results = OCGroup.run_ansible(params, False)
+
+        self.assertTrue(results['changed'])
+
+    @mock.patch('oc_group.Utils.create_tmpfile_copy')
+    @mock.patch('oc_group.OCGroup._run')
+    def test_get_group(self, mock_run, mock_tmpfile_copy):
+        ''' Testing a group create '''
+        params = copy.deepcopy(OCGroupTest.params)
+        params['state'] = 'list'
+
+        group = '''{
+            "kind": "Group",
+            "apiVersion": "v1",
+            "metadata": {
+                "name": "acme"
+            },
+            "users": [
+              "user1"
+            ]
+        }'''
+
+        mock_run.side_effect = [
+            (0, group, ''),
+        ]
+
+        mock_tmpfile_copy.side_effect = [
+            '/tmp/mocked_kubeconfig',
+        ]
+
+        results = OCGroup.run_ansible(params, False)
+
+        self.assertFalse(results['changed'])
+        self.assertEqual(results['results'][0]['metadata']['name'], 'acme')
+        self.assertEqual(results['results'][0]['users'][0], 'user1')
+
+    @unittest.skipIf(six.PY3, 'py2 test only')
+    @mock.patch('os.path.exists')
+    @mock.patch('os.environ.get')
+    def test_binary_lookup_fallback(self, mock_env_get, mock_path_exists):
+        ''' Testing binary lookup fallback '''
+
+        mock_env_get.side_effect = lambda _v, _d: ''
+
+        mock_path_exists.side_effect = lambda _: False
+
+        self.assertEqual(locate_oc_binary(), 'oc')
+
+    @unittest.skipIf(six.PY3, 'py2 test only')
+    @mock.patch('os.path.exists')
+    @mock.patch('os.environ.get')
+    def test_binary_lookup_in_path(self, mock_env_get, mock_path_exists):
+        ''' Testing binary lookup in path '''
+
+        oc_bin = '/usr/bin/oc'
+
+        mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+        mock_path_exists.side_effect = lambda f: f == oc_bin
+
+        self.assertEqual(locate_oc_binary(), oc_bin)
+
+    @unittest.skipIf(six.PY3, 'py2 test only')
+    @mock.patch('os.path.exists')
+    @mock.patch('os.environ.get')
+    def test_binary_lookup_in_usr_local(self, mock_env_get, mock_path_exists):
+        ''' Testing binary lookup in /usr/local/bin '''
+
+        oc_bin = '/usr/local/bin/oc'
+
+        mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+        mock_path_exists.side_effect = lambda f: f == oc_bin
+
+        self.assertEqual(locate_oc_binary(), oc_bin)
+
+    @unittest.skipIf(six.PY3, 'py2 test only')
+    @mock.patch('os.path.exists')
+    @mock.patch('os.environ.get')
+    def test_binary_lookup_in_home(self, mock_env_get, mock_path_exists):
+        ''' Testing binary lookup in ~/bin '''
+
+        oc_bin = os.path.expanduser('~/bin/oc')
+
+        mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+        mock_path_exists.side_effect = lambda f: f == oc_bin
+
+        self.assertEqual(locate_oc_binary(), oc_bin)
+
+    @unittest.skipIf(six.PY2, 'py3 test only')
+    @mock.patch('shutil.which')
+    @mock.patch('os.environ.get')
+    def test_binary_lookup_fallback_py3(self, mock_env_get, mock_shutil_which):
+        ''' Testing binary lookup fallback '''
+
+        mock_env_get.side_effect = lambda _v, _d: ''
+
+        mock_shutil_which.side_effect = lambda _f, path=None: None
+
+        self.assertEqual(locate_oc_binary(), 'oc')
+
+    @unittest.skipIf(six.PY2, 'py3 test only')
+    @mock.patch('shutil.which')
+    @mock.patch('os.environ.get')
+    def test_binary_lookup_in_path_py3(self, mock_env_get, mock_shutil_which):
+        ''' Testing binary lookup in path '''
+
+        oc_bin = '/usr/bin/oc'
+
+        mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+        mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+        self.assertEqual(locate_oc_binary(), oc_bin)
+
+    @unittest.skipIf(six.PY2, 'py3 test only')
+    @mock.patch('shutil.which')
+    @mock.patch('os.environ.get')
+    def test_binary_lookup_in_usr_local_py3(self, mock_env_get, mock_shutil_which):
+        ''' Testing binary lookup in /usr/local/bin '''
+
+        oc_bin = '/usr/local/bin/oc'
+
+        mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+        mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+        self.assertEqual(locate_oc_binary(), oc_bin)
+
+    @unittest.skipIf(six.PY2, 'py3 test only')
+    @mock.patch('shutil.which')
+    @mock.patch('os.environ.get')
+    def test_binary_lookup_in_home_py3(self, mock_env_get, mock_shutil_which):
+        ''' Testing binary lookup in ~/bin '''
+
+        oc_bin = os.path.expanduser('~/bin/oc')
+
+        mock_env_get.side_effect = lambda _v, _d: '/bin:/usr/bin'
+
+        mock_shutil_which.side_effect = lambda _f, path=None: oc_bin
+
+        self.assertEqual(locate_oc_binary(), oc_bin)