Remove lib_openshift role

playbooks/deploy_cluster_40.yml

@@ -1,169 +0,0 @@
----
-- name: run the init
-  import_playbook: init/main.yml
-  vars:
-    l_init_fact_hosts: "nodes"
-    l_openshift_version_set_hosts: "nodes"
-    l_install_base_packages: True
-    l_repo_hosts: "nodes"
-
-# TODO(michaelgugino): break up the rest of this file into reusable chunks.
-- name: Install nodes
-  hosts: nodes
-  tasks:
-  - import_role:
-      name: openshift_node40
-      tasks_from: install.yml
-
-- name: Config bootstrap node
-  hosts: bootstrap
-  tasks:
-  - import_role:
-      name: openshift_node40
-      tasks_from: config.yml
-  - name: Wait for MCS endpoint to show up
-    uri:
-      url: "{{ mcd_endpoint }}/config/master"
-      validate_certs: false
-    delay: 10
-    retries: 60
-    register: mcs
-    until:
-    - "'status' in mcs"
-    - mcs.status == 200
-    ignore_errors: true
-  - when: mcs is failed
-    block:
-    - name: Get node logs
-      command: journalctl --no-pager -u bootkube
-      register: bootkube_logs
-      ignore_errors: true
-    - name: Collect a list of containers
-      command: crictl ps -a -q
-      register: crictl_ps_output
-    - name: Collect container logs
-      command: "crictl logs {{ item }}"
-      register: crictl_logs_output
-      with_items: "{{ crictl_ps_output.stdout_lines }}"
-      ignore_errors: true
-    - debug:
-        var: crictl_logs_output
-    - debug:
-        msg: "{{ bootkube_logs.stdout_lines }}"
-    - fail:
-        msg: MCS start failed.
-
-- name: Start masters
-  hosts: masters
-  tasks:
-  - name: Wait for bootstrap endpoint to show up
-    uri:
-      url: "{{ openshift_bootstrap_endpoint }}"
-      validate_certs: false
-    delay: 10
-    retries: 60
-    register: result
-    until:
-    - "'status' in result"
-    - result.status == 200
-  - name: Make sure etcd user exists
-    user:
-      name: etcd
-  - import_role:
-      name: openshift_node40
-      tasks_from: config.yml
-
-- name: Start workers
-  hosts: workers
-  tasks:
-  - name: Wait for bootstrap endpoint to show up
-    uri:
-      url: "{{ openshift_bootstrap_endpoint }}"
-      validate_certs: false
-    delay: 10
-    retries: 60
-    register: result
-    until:
-    - "'status' in result"
-    - result.status == 200
-  - import_role:
-      name: openshift_node40
-      tasks_from: config.yml
-
-- name: Wait for nodes to become ready
-  hosts: bootstrap
-  tasks:
-  - name: Wait for temporary control plane to show up
-    oc_obj:
-      state: list
-      kind: pod
-      namespace: kube-system
-      kubeconfig: /opt/openshift/auth/kubeconfig
-    register: control_plane_pods
-    retries: 60
-    delay: 10
-    until:
-    - "'results' in control_plane_pods and 'results' in control_plane_pods.results"
-    - control_plane_pods.results.results[0]['items'] | length > 0
-  - name: Wait for master nodes to show up
-    oc_obj:
-      state: list
-      kind: node
-      selector: "node-role.kubernetes.io/master"
-      kubeconfig: /opt/openshift/auth/kubeconfig
-    register: master_nodes
-    retries: 60
-    delay: 10
-    until:
-    - "'results' in master_nodes and 'results' in master_nodes.results"
-    - master_nodes.results.results[0]['items'] | length > 0
-  - name: Wait for bootkube service to finish
-    service_facts: {}
-    #10 mins to complete temp plane
-    retries: 120
-    delay: 5
-    until: "'bootkube.service' not in ansible_facts.services"
-    ignore_errors: true
-  - name: Fetch kubeconfig for test container
-    fetch:
-      src: /opt/openshift/auth/kubeconfig
-      dest: /tmp/artifacts/installer/auth/kubeconfig
-      flat: yes
-
-  - name: Wait for core operators to appear and complete
-    oc_obj:
-      state: list
-      kind: ClusterVersion
-      name: version
-      kubeconfig: /opt/openshift/auth/kubeconfig
-    register: cvo
-    #Give CVO 10 mins to come up
-    retries: 120
-    delay: 5
-    until:
-    - "'results' in cvo"
-    - "'results' in cvo.results"
-    - cvo.results.results | length > 0
-    - "'status' in cvo.results.results[0]"
-    - "'conditions' in cvo.results.results[0]['status']"
-    - cvo.results.results[0].status.conditions | selectattr('type', 'match', '^Available$') | map(attribute='status') | join | bool == True
-    - cvo.results.results[0].status.conditions | selectattr('type', 'match', '^Failing$') | map(attribute='status') | join | bool == False
-    - cvo.results.results[0].status.conditions | selectattr('type', 'match', '^Progressing$') | map(attribute='status') | join | bool == False
-    ignore_errors: true
-
-  - block:
-    - name: Output CVO status
-      oc_obj:
-        state: list
-        kind: ClusterVersion
-        name: version
-        kubeconfig: /opt/openshift/auth/kubeconfig
-    - name: Output operators status
-      oc_obj:
-        state: list
-        kind: ClusterOperator
-        selector: ""
-        kubeconfig: /opt/openshift/auth/kubeconfig
-    - fail:
-        msg: CVO didn't complete the install
-    when: cvo.failed

playbooks/init/basic_facts.yml

@@ -26,8 +26,6 @@
 
 - name: Read API URL from infra config
   hosts: "{{ l_init_fact_hosts | default('nodes') }}"
-  roles:
-  - lib_openshift
   tasks:
   - name: Read cluster config
     k8s_facts:

roles/lib_openshift/action_plugins/conditional_set_fact.py

@@ -1,65 +0,0 @@
-"""
-Ansible action plugin to help with setting facts conditionally based on other facts.
-"""
-
-from ansible.plugins.action import ActionBase
-
-
-DOCUMENTATION = '''
----
-action_plugin: conditional_set_fact
-
-short_description: This will set a fact if the value is defined
-
-description:
-    - "To avoid constant set_fact & when conditions for each var we can use this"
-
-author:
-    - Eric Wolinetz ewolinet@redhat.com
-'''
-
-
-EXAMPLES = '''
-- name: Conditionally set fact
-  conditional_set_fact:
-    fact1: not_defined_variable
-
-- name: Conditionally set fact
-  conditional_set_fact:
-    fact1: not_defined_variable
-    fact2: defined_variable
-
-- name: Conditionally set fact falling back on default
-  conditional_set_fact:
-    fact1: not_defined_var | defined_variable
-
-'''
-
-
-# pylint: disable=too-few-public-methods
-class ActionModule(ActionBase):
-    """Action plugin to execute deprecated var checks."""
-
-    def run(self, tmp=None, task_vars=None):
-        result = super(ActionModule, self).run(tmp, task_vars)
-        result['changed'] = False
-
-        facts = self._task.args.get('facts', [])
-        var_list = self._task.args.get('vars', [])
-
-        local_facts = dict()
-
-        for param in var_list:
-            other_vars = var_list[param].replace(" ", "")
-
-            for other_var in other_vars.split('|'):
-                if other_var in facts:
-                    local_facts[param] = facts[other_var]
-                    break
-
-        if local_facts:
-            result['changed'] = True
-
-        result['ansible_facts'] = local_facts
-
-        return result

roles/lib_openshift/library/oc_csr_approve.py

@@ -1,323 +0,0 @@
-#!/usr/bin/env python
-'''oc_csr_approve module'''
-# Copyright 2018 Red Hat, Inc. and/or its affiliates
-# and other contributors as indicated by the @author tags.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import base64
-import json
-
-from ansible.module_utils.basic import AnsibleModule
-
-try:
-    from json.decoder import JSONDecodeError
-except ImportError:
-    JSONDecodeError = ValueError
-
-DOCUMENTATION = '''
----
-module: oc_csr_approve
-
-short_description: Retrieve, approve, and verify node client csrs
-
-version_added: "2.4"
-
-description:
-    - Runs various commands to list csrs, approve csrs, and verify nodes are
-      ready.
-
-author:
-    - "Michael Gugino <mgugino@redhat.com>"
-'''
-
-EXAMPLES = '''
-# Pass in a message
-- name: Place credentials in file
-  oc_csr_approve:
-    oc_bin: "/usr/bin/oc"
-    oc_conf: "/etc/origin/master/admin.kubeconfig"
-    node_list: ['node1.example.com', 'node2.example.com']
-'''
-
-CERT_MODE = {'client': 'client auth', 'server': 'server auth'}
-
-
-def parse_subject_cn(subject_str):
-    '''parse output of openssl req -noout -subject to retrieve CN.
-       example input:
-         'subject=/C=US/CN=test.io/L=Raleigh/O=Red Hat/ST=North Carolina/OU=OpenShift\n'
-         or
-         'subject=C = US, CN = test.io, L = City, O = Company, ST = State, OU = Dept\n'
-       example output: 'test.io'
-    '''
-    stripped_string = subject_str[len('subject='):].strip()
-    kv_strings = [x.strip() for x in stripped_string.split(',')]
-    if len(kv_strings) == 1:
-        kv_strings = [x.strip() for x in stripped_string.split('/')][1:]
-    for item in kv_strings:
-        item_parts = [x.strip() for x in item.split('=')]
-        if item_parts[0] == 'CN':
-            return item_parts[1]
-
-
-class CSRapprove(object):
-    """Approves csr requests"""
-
-    def __init__(self, module, oc_bin, oc_conf, node_list):
-        '''init method'''
-        self.module = module
-        self.oc_bin = oc_bin
-        self.oc_conf = oc_conf
-        self.node_list = node_list
-        self.all_subjects_found = []
-        self.unwanted_csrs = []
-        # Build a dictionary to hold all of our output information so nothing
-        # is lost when we fail.
-        self.result = {'changed': False, 'rc': 0,
-                       'oc_get_nodes': None,
-                       'client_csrs': None,
-                       'server_csrs': None,
-                       'all_subjects_found': self.all_subjects_found,
-                       'client_approve_results': [],
-                       'server_approve_results': [],
-                       'unwanted_csrs': self.unwanted_csrs}
-
-    def run_command(self, command, rc_opts=None):
-        '''Run a command using AnsibleModule.run_command, or fail'''
-        if rc_opts is None:
-            rc_opts = {}
-        rtnc, stdout, err = self.module.run_command(command, **rc_opts)
-        if rtnc:
-            self.result['failed'] = True
-            self.result['msg'] = str(err)
-            self.result['state'] = 'unknown'
-            self.module.fail_json(**self.result)
-        return stdout
-
-    def get_nodes(self):
-        '''Get all nodes via oc get nodes -ojson'''
-        # json output is necessary for consistency here.
-        command = "{} {} get nodes -ojson".format(self.oc_bin, self.oc_conf)
-        stdout = self.run_command(command)
-        try:
-            data = json.loads(stdout)
-        except JSONDecodeError as err:
-            self.result['failed'] = True
-            self.result['msg'] = str(err)
-            self.result['state'] = 'unknown'
-            self.module.fail_json(**self.result)
-        self.result['oc_get_nodes'] = data
-        return [node['metadata']['name'] for node in data['items']]
-
-    def get_csrs(self):
-        '''Retrieve csrs from cluster using oc get csr -ojson'''
-        command = "{} {} get csr -ojson".format(self.oc_bin, self.oc_conf)
-        stdout = self.run_command(command)
-        try:
-            data = json.loads(stdout)
-        except JSONDecodeError as err:
-            self.result['failed'] = True
-            self.result['msg'] = str(err)
-            self.result['state'] = 'unknown'
-            self.module.fail_json(**self.result)
-        return data['items']
-
-    def process_csrs(self, csrs, mode):
-        '''Return a dictionary of pending csrs where the format of the dict is
-           k=csr name, v=Subject Common Name'''
-        csr_dict = {}
-        for item in csrs:
-            name = item['metadata']['name']
-            request_data = base64.b64decode(item['spec']['request'])
-            command = "openssl req -noout -subject"
-            # ansible's module.run_command accepts data to pipe via stdin as
-            # as 'data' kwarg.
-            rc_opts = {'data': request_data, 'binary_data': True}
-            stdout = self.run_command(command, rc_opts=rc_opts)
-            self.all_subjects_found.append(stdout)
-
-            status = item['status'].get('conditions')
-            if status:
-                # If status is not an empty dictionary, cert is not pending.
-                self.unwanted_csrs.append(item)
-                continue
-            if CERT_MODE[mode] not in item['spec']['usages']:
-                self.unwanted_csrs.append(item)
-                continue
-            # parse common_name from subject string.
-            common_name = parse_subject_cn(stdout)
-            if common_name and common_name.startswith('system:node:'):
-                # common name is typically prepended with system:node:.
-                common_name = common_name.split('system:node:')[1]
-            # we only want to approve csrs from nodes we know about.
-            if common_name in self.node_list:
-                csr_dict[name] = common_name
-            else:
-                self.unwanted_csrs.append(item)
-
-        return csr_dict
-
-    def confirm_needed_requests_present(self, not_ready_nodes, csr_dict):
-        '''Ensure all non-Ready nodes have a csr, or fail'''
-        nodes_needed = set(not_ready_nodes)
-        for _, val in csr_dict.items():
-            nodes_needed.discard(val)
-
-        # check that we found all of our needed nodes
-        if nodes_needed:
-            missing_nodes = ', '.join(nodes_needed)
-            self.result['failed'] = True
-            self.result['msg'] = "Could not find csr for nodes: {}".format(missing_nodes)
-            self.result['state'] = 'unknown'
-            self.module.fail_json(**self.result)
-
-    def approve_csrs(self, csr_pending_list, mode):
-        '''Loop through csr_pending_list and call:
-           oc adm certificate approve <item>'''
-        res_mode = "{}_approve_results".format(mode)
-        base_command = "{} {} adm certificate approve {}"
-        approve_results = []
-        for csr in csr_pending_list:
-            command = base_command.format(self.oc_bin, self.oc_conf, csr)
-            rtnc, stdout, err = self.module.run_command(command)
-            approve_results.append(stdout)
-            if rtnc:
-                self.result['failed'] = True
-                self.result['msg'] = str(err)
-                self.result[res_mode] = approve_results
-                self.result['state'] = 'unknown'
-                self.module.fail_json(**self.result)
-        self.result[res_mode] = approve_results
-        # We set changed for approved client or server csrs.
-        self.result['changed'] = bool(approve_results) or bool(self.result['changed'])
-
-    def get_ready_nodes_server(self, nodes_list):
-        '''Determine which nodes have working server certificates'''
-        ready_nodes_server = []
-        base_command = "{} {} get --raw /api/v1/nodes/{}/proxy/healthz"
-        for node in nodes_list:
-            # need this to look like /api/v1/nodes/<node>/proxy/healthz
-            command = base_command.format(self.oc_bin, self.oc_conf, node)
-            rtnc, _, _ = self.module.run_command(command)
-            if not rtnc:
-                # if we can hit that api endpoint, the node has a valid server
-                # cert.
-                ready_nodes_server.append(node)
-        return ready_nodes_server
-
-    def verify_server_csrs(self):
-        '''We approved some server csrs, now we need to validate they are working.
-           This function will attempt to retry 10 times in case of failure.'''
-        # Attempt to try node endpoints a few times.
-        attempts = 0
-        # Find not_ready_nodes for server-side again
-        nodes_server_ready = self.get_ready_nodes_server(self.node_list)
-        # Create list of nodes that still aren't ready.
-        not_ready_nodes_server = set([item for item in self.node_list if item not in nodes_server_ready])
-        while not_ready_nodes_server:
-            nodes_server_ready = self.get_ready_nodes_server(not_ready_nodes_server)
-
-            # if we have same number of nodes_server_ready now, all of the previous
-            # not_ready_nodes are now ready.
-            if not len(not_ready_nodes_server - set(nodes_server_ready)):
-                break
-            attempts += 1
-            if attempts > 9:
-                self.result['failed'] = True
-                self.result['rc'] = 1
-                missing_nodes = not_ready_nodes_server - set(nodes_server_ready)
-                msg = "Some nodes still not ready after approving server certs: {}"
-                msg = msg.format(", ".join(missing_nodes))
-                self.result['msg'] = msg
-                self.module.fail_json(**self.result)
-
-    def run(self):
-        '''execute the csr approval process'''
-        all_nodes = self.get_nodes()
-        # don't need to check nodes that have already joined the cluster because
-        # client csr needs to be approved for now to show in output of
-        # oc get nodes.
-        not_found_nodes = [item for item in self.node_list
-                           if item not in all_nodes]
-
-        # Get all csrs, no good way to filter on pending.
-        client_csrs = self.get_csrs()
-        # process data in csrs and build a dictionary of client requests
-        client_csr_dict = self.process_csrs(client_csrs, "client")
-        self.result['client_csrs'] = client_csr_dict
-
-        # This method is fail-happy and expects all not found nodes have available
-        # csrs.  Handle failure for this method via ansible retry/until.
-        self.confirm_needed_requests_present(not_found_nodes,
-                                             client_csr_dict)
-        # If for some reason a node is found in oc get nodes but it still needs
-        # a client csr approved, this method will approve all outstanding
-        # client csrs for any node in our self.node_list.
-        self.approve_csrs(client_csr_dict, 'client')
-
-        # # Server Cert Section # #
-        # Find not_ready_nodes for server-side
-        nodes_server_ready = self.get_ready_nodes_server(self.node_list)
-        # Create list of nodes that definitely need a server cert approved.
-        not_ready_nodes_server = [item for item in self.node_list
-                                  if item not in nodes_server_ready]
-
-        # Get all csrs again, no good way to filter on pending.
-        server_csrs = self.get_csrs()
-        # process data in csrs and build a dictionary of server requests
-        server_csr_dict = self.process_csrs(server_csrs, "server")
-        self.result['server_csrs'] = server_csr_dict
-
-        # This will fail if all server csrs are not present, but probably shouldn't
-        # at this point since we spent some time hitting the api to see if the
-        # nodes are already responding.
-        self.confirm_needed_requests_present(not_ready_nodes_server,
-                                             server_csr_dict)
-        self.approve_csrs(server_csr_dict, 'server')
-
-        self.verify_server_csrs()
-
-        # We made it here, everything was successful, cleanup some debug info
-        # so we don't spam logs.
-        for key in ('client_csrs', 'server_csrs', 'unwanted_csrs'):
-            self.result.pop(key)
-        self.module.exit_json(**self.result)
-
-
-def run_module():
-    '''Run this module'''
-    module_args = dict(
-        oc_bin=dict(type='path', required=False, default='oc'),
-        oc_conf=dict(type='path', required=False, default='/etc/origin/master/admin.kubeconfig'),
-        node_list=dict(type='list', required=True),
-    )
-    module = AnsibleModule(
-        supports_check_mode=False,
-        argument_spec=module_args
-    )
-    oc_bin = module.params['oc_bin']
-    oc_conf = '--config={}'.format(module.params['oc_conf'])
-    node_list = module.params['node_list']
-
-    approver = CSRapprove(module, oc_bin, oc_conf, node_list)
-    approver.run()
-
-
-def main():
-    '''main'''
-    run_module()
-
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/meta/main.yml

@@ -1,14 +0,0 @@
----
-galaxy_info:
-  author: OpenShift Team
-  description: OpenShift Repositories
-  company: Red Hat, Inc.
-  license: Apache License, Version 2.0
-  min_ansible_version: 1.7
-  platforms:
-  - name: EL
-    versions:
-    - 7
-  categories:
-  - cloud
-dependencies: []

roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py

@@ -1,40 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-# pylint: disable=wrong-import-position
-from ansible.module_utils.six import string_types
-
-def main():
-    '''
-    ansible oc adm module for ca create-server-cert
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            state=dict(default='present', type='str', choices=['present']),
-            debug=dict(default=False, type='bool'),
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            backup=dict(default=True, type='bool'),
-            force=dict(default=False, type='bool'),
-            # oc adm ca create-server-cert [options]
-            cert=dict(default=None, type='str'),
-            key=dict(default=None, type='str'),
-            signer_cert=dict(default='/etc/origin/master/ca.crt', type='str'),
-            signer_key=dict(default='/etc/origin/master/ca.key', type='str'),
-            signer_serial=dict(default='/etc/origin/master/ca.serial.txt', type='str'),
-            hostnames=dict(default=[], type='list'),
-            expire_days=dict(default=None, type='int'),
-        ),
-        supports_check_mode=True,
-    )
-
-    results = CAServerCert.run_ansible(module.params, module.check_mode)
-    if 'failed' in results:
-        return module.fail_json(**results)
-
-    return module.exit_json(**results)
-
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_adm_csr.py

@@ -1,43 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-def main():
-    '''
-    ansible oc module for approving certificate signing requests
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='approve', type='str',
-                       choices=['approve', 'deny', 'list']),
-            debug=dict(default=False, type='bool'),
-            nodes=dict(default=None, type='list'),
-            timeout=dict(default=30, type='int'),
-            approve_all=dict(default=False, type='bool'),
-            service_account=dict(default='system:serviceaccount:openshift-infra:node-bootstrapper', type='str'),
-            fail_on_timeout=dict(default=False, type='bool'),
-        ),
-        supports_check_mode=True,
-        mutually_exclusive=[['approve_all', 'nodes']],
-    )
-
-    if module.params['nodes'] == []:
-        module.fail_json(**dict(failed=True, msg='Please specify hosts.'))
-
-    rval = OCcsr.run_ansible(module.params, module.check_mode)
-
-    # If we timed out then we weren't finished. Fail if user requested to fail.
-    if (module.params['timeout'] > 0 and
-            module.params['fail_on_timeout'] and
-            rval['timeout']):
-        return module.fail_json(msg='Timed out accepting certificate signing requests. Failing as requested.', **rval)
-
-    if 'failed' in rval:
-        return module.fail_json(**rval)
-
-    return module.exit_json(**rval)
-
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_adm_manage_node.py

@@ -1,38 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-def main():
-    '''
-    ansible oadm module for manage-node
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            debug=dict(default=False, type='bool'),
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            node=dict(default=None, type='list'),
-            selector=dict(default=None, type='str'),
-            pod_selector=dict(default=None, type='str'),
-            schedulable=dict(default=None, type='bool'),
-            list_pods=dict(default=False, type='bool'),
-            evacuate=dict(default=False, type='bool'),
-            dry_run=dict(default=False, type='bool'),
-            force=dict(default=False, type='bool'),
-            grace_period=dict(default=None, type='int'),
-        ),
-        mutually_exclusive=[["selector", "node"], ['evacuate', 'list_pods'], ['list_pods', 'schedulable']],
-        required_one_of=[["node", "selector"]],
-
-        supports_check_mode=True,
-    )
-    results = ManageNode.run_ansible(module.params, module.check_mode)
-
-    if 'failed' in results:
-        module.fail_json(**results)
-
-    module.exit_json(**results)
-
-
-if __name__ == "__main__":
-    main()

roles/lib_openshift/src/ansible/oc_adm_policy_group.py

@@ -1,35 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-def main():
-    '''
-    ansible oc adm module for group policy
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent']),
-            debug=dict(default=False, type='bool'),
-            resource_name=dict(required=True, type='str'),
-            namespace=dict(default='default', type='str'),
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-
-            group=dict(required=True, type='str'),
-            resource_kind=dict(required=True, choices=['role', 'cluster-role', 'scc'], type='str'),
-            rolebinding_name=dict(default=None, type='str'),
-        ),
-        supports_check_mode=True,
-    )
-
-    results = PolicyGroup.run_ansible(module.params, module.check_mode)
-
-    if 'failed' in results:
-        module.fail_json(**results)
-
-    module.exit_json(**results)
-
-
-if __name__ == "__main__":
-    main()

roles/lib_openshift/src/ansible/oc_adm_policy_user.py

@@ -1,36 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-def main():
-    '''
-    ansible oc adm module for user policy
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent']),
-            debug=dict(default=False, type='bool'),
-            resource_name=dict(required=True, type='str'),
-            namespace=dict(default='default', type='str'),
-            role_namespace=dict(default=None, type='str'),
-            rolebinding_name=dict(default=None, type='str'),
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-
-            user=dict(required=True, type='str'),
-            resource_kind=dict(required=True, choices=['role', 'cluster-role', 'scc'], type='str'),
-        ),
-        supports_check_mode=True,
-    )
-
-    results = PolicyUser.run_ansible(module.params, module.check_mode)
-
-    if 'failed' in results:
-        module.fail_json(**results)
-
-    module.exit_json(**results)
-
-
-if __name__ == "__main__":
-    main()

roles/lib_openshift/src/ansible/oc_adm_registry.py

@@ -1,47 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-def main():
-    '''
-    ansible oc module for registry
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent']),
-            debug=dict(default=False, type='bool'),
-            namespace=dict(default='default', type='str'),
-            name=dict(default=None, required=True, type='str'),
-
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            images=dict(default=None, type='str'),
-            latest_images=dict(default=False, type='bool'),
-            labels=dict(default=None, type='dict'),
-            ports=dict(default=['5000'], type='list'),
-            replicas=dict(default=1, type='int'),
-            selector=dict(default=None, type='str'),
-            service_account=dict(default='registry', type='str'),
-            mount_host=dict(default=None, type='str'),
-            volume_mounts=dict(default=None, type='list'),
-            env_vars=dict(default={}, type='dict'),
-            edits=dict(default=[], type='list'),
-            enforce_quota=dict(default=False, type='bool'),
-            force=dict(default=False, type='bool'),
-            daemonset=dict(default=False, type='bool'),
-            tls_key=dict(default=None, type='str'),
-            tls_certificate=dict(default=None, type='str'),
-        ),
-
-        supports_check_mode=True,
-    )
-
-    results = Registry.run_ansible(module.params, module.check_mode)
-    if 'failed' in results:
-        module.fail_json(**results)
-
-    module.exit_json(**results)
-
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_adm_router.py

@@ -1,67 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-def main():
-    '''
-    ansible oc module for router
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent']),
-            debug=dict(default=False, type='bool'),
-            namespace=dict(default='default', type='str'),
-            name=dict(default='router', type='str'),
-
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            default_cert=dict(default=None, type='str'),
-            cert_file=dict(default=None, type='str'),
-            key_file=dict(default=None, type='str'),
-            images=dict(default=None, type='str'), #'registry.redhat.io/openshift3/ose-${component}:${version}'
-            latest_images=dict(default=False, type='bool'),
-            labels=dict(default=None, type='dict'),
-            ports=dict(default=['80:80', '443:443'], type='list'),
-            replicas=dict(default=1, type='int'),
-            selector=dict(default=None, type='str'),
-            service_account=dict(default='router', type='str'),
-            router_type=dict(default='haproxy-router', type='str'),
-            host_network=dict(default=True, type='bool'),
-            extended_validation=dict(default=True, type='bool'),
-            # external host options
-            external_host=dict(default=None, type='str'),
-            external_host_vserver=dict(default=None, type='str'),
-            external_host_insecure=dict(default=False, type='bool'),
-            external_host_partition_path=dict(default=None, type='str'),
-            external_host_username=dict(default=None, type='str'),
-            external_host_password=dict(default=None, type='str', no_log=True),
-            external_host_private_key=dict(default=None, type='str', no_log=True),
-            # Stats
-            stats_user=dict(default=None, type='str'),
-            stats_password=dict(default=None, type='str', no_log=True),
-            stats_port=dict(default=1936, type='int'),
-            # extra
-            cacert_file=dict(default=None, type='str'),
-            # edits
-            edits=dict(default=[], type='list'),
-        ),
-        mutually_exclusive=[["router_type", "images"],
-                            ["key_file", "default_cert"],
-                            ["cert_file", "default_cert"],
-                            ["cacert_file", "default_cert"],
-                           ],
-
-        required_together=[['cacert_file', 'cert_file', 'key_file']],
-        supports_check_mode=True,
-    )
-    results = Router.run_ansible(module.params, module.check_mode)
-
-    if 'failed' in results:
-        module.fail_json(**results)
-
-    module.exit_json(**results)
-
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_clusterrole.py

@@ -1,29 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-def main():
-    '''
-    ansible oc module for clusterrole
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent', 'list']),
-            debug=dict(default=False, type='bool'),
-            name=dict(default=None, type='str'),
-            rules=dict(default=None, type='list'),
-        ),
-        supports_check_mode=True,
-    )
-
-    results = OCClusterRole.run_ansible(module.params, module.check_mode)
-
-    if 'failed' in results:
-        module.fail_json(**results)
-
-    module.exit_json(**results)
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_configmap.py

@@ -1,32 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-def main():
-    '''
-    ansible oc module for managing OpenShift configmap objects
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent', 'list']),
-            debug=dict(default=False, type='bool'),
-            namespace=dict(default='default', type='str'),
-            name=dict(default=None, required=True, type='str'),
-            from_file=dict(default=None, type='dict'),
-            from_literal=dict(default=None, type='dict'),
-        ),
-        supports_check_mode=True,
-    )
-
-
-    rval = OCConfigMap.run_ansible(module.params, module.check_mode)
-    if 'failed' in rval:
-        module.fail_json(**rval)
-
-    module.exit_json(**rval)
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_edit.py

@@ -1,38 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-def main():
-    '''
-    ansible oc module for editing objects
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str',
-                       choices=['present']),
-            debug=dict(default=False, type='bool'),
-            namespace=dict(default='default', type='str'),
-            name=dict(default=None, required=True, type='str'),
-            kind=dict(required=True, type='str'),
-            file_name=dict(default=None, type='str'),
-            file_format=dict(default='yaml', type='str'),
-            content=dict(default=None, type='dict'),
-            force=dict(default=False, type='bool'),
-            separator=dict(default='.', type='str'),
-            edits=dict(default=None, type='list'),
-        ),
-        supports_check_mode=True,
-        mutually_exclusive=[['content', 'edits']],
-        required_one_of=[['content', 'edits']],
-    )
-
-    rval = Edit.run_ansible(module.params, module.check_mode)
-    if 'failed' in rval:
-        module.fail_json(**rval)
-
-    module.exit_json(**rval)
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_env.py

@@ -1,33 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-def main():
-    '''
-    ansible oc module for environment variables
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent', 'list']),
-            debug=dict(default=False, type='bool'),
-            kind=dict(default='rc', choices=['dc', 'rc', 'pods'], type='str'),
-            namespace=dict(default='default', type='str'),
-            name=dict(default=None, required=True, type='str'),
-            env_vars=dict(default=None, type='dict'),
-        ),
-        mutually_exclusive=[["content", "files"]],
-
-        supports_check_mode=True,
-    )
-    results = OCEnv.run_ansible(module.params, module.check_mode)
-
-    if 'failed' in results:
-        module.fail_json(**results)
-
-    module.exit_json(**results)
-
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_group.py

@@ -1,32 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-#pylint: disable=too-many-branches
-def main():
-    '''
-    ansible oc module for group
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent', 'list']),
-            debug=dict(default=False, type='bool'),
-            name=dict(default=None, type='str'),
-            namespace=dict(default='default', type='str'),
-            # addind users to a group is handled through the oc_users module
-            #users=dict(default=None, type='list'),
-        ),
-        supports_check_mode=True,
-    )
-
-    rval = OCGroup.run_ansible(module.params, module.check_mode)
-
-    if 'failed' in rval:
-        return module.fail_json(**rval)
-
-    return module.exit_json(**rval)
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_image.py

@@ -1,34 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-def main():
-    '''
-    ansible oc module for image import
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str',
-                       choices=['present', 'list']),
-            debug=dict(default=False, type='bool'),
-            namespace=dict(default='default', type='str'),
-            registry_url=dict(default=None, type='str'),
-            image_name=dict(default=None, required=True, type='str'),
-            image_tag=dict(default=None, type='str'),
-            force=dict(default=False, type='bool'),
-        ),
-
-        supports_check_mode=True,
-    )
-
-    rval = OCImage.run_ansible(module.params, module.check_mode)
-
-    if 'failed' in rval:
-        module.fail_json(**rval)
-
-    module.exit_json(**rval)
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_label.py

@@ -1,32 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-def main():
-    ''' ansible oc module for labels '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent', 'list', 'add']),
-            debug=dict(default=False, type='bool'),
-            kind=dict(default='node', type='str',
-                      choices=['node', 'pod', 'namespace']),
-            name=dict(default=None, type='str'),
-            namespace=dict(default=None, type='str'),
-            labels=dict(default=None, type='list'),
-            selector=dict(default=None, type='str'),
-        ),
-        supports_check_mode=True,
-        mutually_exclusive=(['name', 'selector']),
-    )
-
-    results = OCLabel.run_ansible(module.params, module.check_mode)
-
-    if 'failed' in results:
-        module.fail_json(**results)
-
-    module.exit_json(**results)
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_obj.py

@@ -1,38 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-# pylint: disable=too-many-branches
-def main():
-    '''
-    ansible oc module for services
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent', 'list']),
-            debug=dict(default=False, type='bool'),
-            namespace=dict(default='default', type='str'),
-            all_namespaces=dict(defaul=False, type='bool'),
-            name=dict(default=None, type='str'),
-            files=dict(default=None, type='list'),
-            kind=dict(required=True, type='str'),
-            delete_after=dict(default=False, type='bool'),
-            content=dict(default=None, type='dict'),
-            force=dict(default=False, type='bool'),
-            selector=dict(default=None, type='str'),
-            field_selector=dict(default=None, type='str'),
-        ),
-        mutually_exclusive=[["content", "files"], ["selector", "name"], ["field_selector", "name"]],
-
-        supports_check_mode=True,
-    )
-    rval = OCObject.run_ansible(module.params, module.check_mode)
-    if 'failed' in rval:
-        module.fail_json(**rval)
-
-    module.exit_json(**rval)
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_objectvalidator.py

@@ -1,24 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-def main():
-    '''
-    ansible oc module for validating OpenShift objects
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-        ),
-        supports_check_mode=False,
-    )
-
-
-    rval = OCObjectValidator.run_ansible(module.params)
-    if 'failed' in rval:
-        module.fail_json(**rval)
-
-    module.exit_json(**rval)
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_process.py

@@ -1,32 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-def main():
-    '''
-    ansible oc module for processing templates
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str', choices=['present', 'list']),
-            debug=dict(default=False, type='bool'),
-            namespace=dict(default='default', type='str'),
-            template_name=dict(default=None, type='str'),
-            content=dict(default=None, type='str'),
-            params=dict(default=None, type='dict'),
-            create=dict(default=False, type='bool'),
-            reconcile=dict(default=True, type='bool'),
-        ),
-        supports_check_mode=True,
-    )
-
-    rval = OCProcess.run_ansible(module.params, module.check_mode)
-    if 'failed' in rval:
-        module.fail_json(**rval)
-
-    module.exit_json(**rval)
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_project.py

@@ -1,33 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-def main():
-    '''
-    ansible oc module for project
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent', 'list']),
-            debug=dict(default=False, type='bool'),
-            name=dict(default=None, require=True, type='str'),
-            display_name=dict(default=None, type='str'),
-            node_selector=dict(default=None, type='list'),
-            description=dict(default=None, type='str'),
-            admin=dict(default=None, type='str'),
-            admin_role=dict(default='admin', type='str'),
-        ),
-        supports_check_mode=True,
-    )
-
-    rval = OCProject.run_ansible(module.params, module.check_mode)
-    if 'failed' in rval:
-        return module.fail_json(**rval)
-
-    return module.exit_json(**rval)
-
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_pvc.py

@@ -1,35 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-#pylint: disable=too-many-branches
-def main():
-    '''
-    ansible oc module for pvc
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent', 'list']),
-            debug=dict(default=False, type='bool'),
-            name=dict(default=None, required=True, type='str'),
-            namespace=dict(default=None, required=True, type='str'),
-            volume_capacity=dict(default='1G', type='str'),
-            storage_class_name=dict(default=None, required=False, type='str'),
-            selector=dict(default=None, required=False, type='dict'),
-            access_modes=dict(default=['ReadWriteOnce'], type='list'),
-        ),
-        supports_check_mode=True,
-    )
-
-    rval = OCPVC.run_ansible(module.params, module.check_mode)
-
-    if 'failed' in rval:
-        module.fail_json(**rval)
-
-    return module.exit_json(**rval)
-
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_route.py

@@ -1,50 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-# pylint: disable=too-many-branches
-def main():
-    '''
-    ansible oc module for route
-    '''
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent', 'list']),
-            debug=dict(default=False, type='bool'),
-            labels=dict(default=None, type='dict'),
-            name=dict(default=None, required=True, type='str'),
-            namespace=dict(default=None, required=True, type='str'),
-            tls_termination=dict(default=None, type='str'),
-            dest_cacert_path=dict(default=None, type='str'),
-            cacert_path=dict(default=None, type='str'),
-            cert_path=dict(default=None, type='str'),
-            key_path=dict(default=None, type='str'),
-            dest_cacert_content=dict(default=None, type='str'),
-            cacert_content=dict(default=None, type='str'),
-            cert_content=dict(default=None, type='str'),
-            key_content=dict(default=None, type='str'),
-            service_name=dict(default=None, type='str'),
-            host=dict(default=None, type='str'),
-            wildcard_policy=dict(default=None, type='str'),
-            weight=dict(default=None, type='int'),
-            port=dict(default=None, type='int'),
-        ),
-        mutually_exclusive=[('dest_cacert_path', 'dest_cacert_content'),
-                            ('cacert_path', 'cacert_content'),
-                            ('cert_path', 'cert_content'),
-                            ('key_path', 'key_content'), ],
-        supports_check_mode=True,
-    )
-
-    results = OCRoute.run_ansible(module.params, module.check_mode)
-
-    if 'failed' in results:
-        module.fail_json(**results)
-
-    module.exit_json(**results)
-
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_scale.py

@@ -1,29 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-def main():
-    '''
-    ansible oc module for scaling
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str', choices=['present', 'list']),
-            debug=dict(default=False, type='bool'),
-            kind=dict(default='dc', choices=['dc', 'rc'], type='str'),
-            namespace=dict(default='default', type='str'),
-            replicas=dict(default=None, type='int'),
-            name=dict(default=None, type='str'),
-        ),
-        supports_check_mode=True,
-    )
-    rval = OCScale.run_ansible(module.params, module.check_mode)
-    if 'failed' in rval:
-        module.fail_json(**rval)
-
-    module.exit_json(**rval)
-
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_secret.py

@@ -1,39 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-def main():
-    '''
-    ansible oc module for managing OpenShift Secrets
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent', 'list']),
-            debug=dict(default=False, type='bool'),
-            namespace=dict(default='default', type='str'),
-            name=dict(default=None, type='str'),
-            annotations=dict(default=None, type='dict'),
-            type=dict(default=None, type='str'),
-            files=dict(default=None, type='list'),
-            delete_after=dict(default=False, type='bool'),
-            contents=dict(default=None, type='list'),
-            force=dict(default=False, type='bool'),
-            decode=dict(default=False, type='bool'),
-        ),
-        mutually_exclusive=[["contents", "files"]],
-
-        supports_check_mode=True,
-    )
-
-
-    rval = OCSecret.run_ansible(module.params, module.check_mode)
-    if 'failed' in rval:
-        module.fail_json(**rval)
-
-    module.exit_json(**rval)
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_service.py

@@ -1,38 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-def main():
-    '''
-    ansible oc module for services
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent', 'list']),
-            debug=dict(default=False, type='bool'),
-            namespace=dict(default='default', type='str'),
-            name=dict(default=None, type='str'),
-            annotations=dict(default=None, type='dict'),
-            labels=dict(default=None, type='dict'),
-            selector=dict(default=None, type='dict'),
-            clusterip=dict(default=None, type='str'),
-            portalip=dict(default=None, type='str'),
-            ports=dict(default=None, type='list'),
-            session_affinity=dict(default='None', type='str'),
-            service_type=dict(default='ClusterIP', type='str'),
-            external_ips=dict(default=None, type='list'),
-        ),
-        supports_check_mode=True,
-    )
-
-    rval = OCService.run_ansible(module.params, module.check_mode)
-    if 'failed' in rval:
-        return module.fail_json(**rval)
-
-    return module.exit_json(**rval)
-
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_serviceaccount.py

@@ -1,30 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-def main():
-    '''
-    ansible oc module for service accounts
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent', 'list']),
-            debug=dict(default=False, type='bool'),
-            name=dict(default=None, required=True, type='str'),
-            namespace=dict(default=None, required=True, type='str'),
-            secrets=dict(default=None, type='list'),
-            image_pull_secrets=dict(default=None, type='list'),
-        ),
-        supports_check_mode=True,
-    )
-
-    rval = OCServiceAccount.run_ansible(module.params, module.check_mode)
-    if 'failed' in rval:
-        module.fail_json(**rval)
-
-    module.exit_json(**rval)
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_serviceaccount_secret.py

@@ -1,29 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-def main():
-    '''
-    ansible oc module to manage service account secrets.
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent', 'list']),
-            debug=dict(default=False, type='bool'),
-            namespace=dict(default=None, required=True, type='str'),
-            secret=dict(default=None, type='str'),
-            service_account=dict(required=True, type='str'),
-        ),
-        supports_check_mode=True,
-    )
-
-    rval = OCServiceAccountSecret.run_ansible(module.params, module.check_mode)
-    if 'failed' in rval:
-        module.fail_json(**rval)
-
-    module.exit_json(**rval)
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_storageclass.py

@@ -1,34 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-def main():
-    '''
-    ansible oc module for storageclass
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str', choices=['present', 'absent', 'list']),
-            debug=dict(default=False, type='bool'),
-            name=dict(default=None, type='str'),
-            annotations=dict(default=None, type='dict'),
-            parameters=dict(default=None, type='dict'),
-            provisioner=dict(required=True, type='str'),
-            api_version=dict(default='v1', type='str'),
-            default_storage_class=dict(default="false", type='str'),
-            mount_options=dict(default=None, type='list'),
-            reclaim_policy=dict(default=None, type='str'),
-        ),
-        supports_check_mode=True,
-    )
-
-    rval = OCStorageClass.run_ansible(module.params, module.check_mode)
-    if 'failed' in rval:
-        return module.fail_json(**rval)
-
-    return module.exit_json(**rval)
-
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_user.py

@@ -1,34 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-def main():
-    '''
-    ansible oc module for user
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent', 'list']),
-            debug=dict(default=False, type='bool'),
-            username=dict(default=None, type='str'),
-            full_name=dict(default=None, type='str'),
-            # setting groups for user data will not populate the
-            # 'groups' field in the user data.
-            # it will call out to the group data and make the user
-            # entry there
-            groups=dict(default=[], type='list'),
-        ),
-        supports_check_mode=True,
-    )
-
-    results = OCUser.run_ansible(module.params, module.check_mode)
-
-    if 'failed' in results:
-        module.fail_json(**results)
-
-    module.exit_json(**results)
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_version.py

@@ -1,26 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-def main():
-    ''' ansible oc module for version '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='list', type='str',
-                       choices=['list']),
-            debug=dict(default=False, type='bool'),
-        ),
-        supports_check_mode=True,
-    )
-
-    rval = OCVersion.run_ansible(module.params)
-    if 'failed' in rval:
-        module.fail_json(**rval)
-
-
-    module.exit_json(**rval)
-
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/ansible/oc_volume.py

@@ -1,41 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-def main():
-    '''
-    ansible oc module for volumes
-    '''
-
-    module = AnsibleModule(
-        argument_spec=dict(
-            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            state=dict(default='present', type='str',
-                       choices=['present', 'absent', 'list']),
-            debug=dict(default=False, type='bool'),
-            kind=dict(default='dc', choices=['dc', 'rc', 'pods'], type='str'),
-            namespace=dict(default='default', type='str'),
-            vol_name=dict(default=None, type='str'),
-            name=dict(default=None, type='str'),
-            mount_type=dict(default=None,
-                            choices=['emptydir', 'hostpath', 'secret', 'pvc', 'configmap'],
-                            type='str'),
-            mount_path=dict(default=None, type='str'),
-            # secrets require a name
-            secret_name=dict(default=None, type='str'),
-            # pvc requires a size
-            claim_size=dict(default=None, type='str'),
-            claim_name=dict(default=None, type='str'),
-            # configmap requires a name
-            configmap_name=dict(default=None, type='str'),
-        ),
-        supports_check_mode=True,
-    )
-    rval = OCVolume.run_ansible(module.params, module.check_mode)
-    if 'failed' in rval:
-        module.fail_json(**rval)
-
-    module.exit_json(**rval)
-
-
-if __name__ == '__main__':
-    main()

roles/lib_openshift/src/class/oc_adm_ca_server_cert.py

@@ -1,143 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-class CAServerCertConfig(OpenShiftCLIConfig):
-    ''' CAServerCertConfig is a DTO for the oc adm ca command '''
-    def __init__(self, kubeconfig, verbose, ca_options):
-        super(CAServerCertConfig, self).__init__('ca', None, kubeconfig, ca_options)
-        self.kubeconfig = kubeconfig
-        self.verbose = verbose
-        self._ca = ca_options
-
-
-class CAServerCert(OpenShiftCLI):
-    ''' Class to wrap the oc adm ca create-server-cert command line'''
-    def __init__(self,
-                 config,
-                 verbose=False):
-        ''' Constructor for oadm ca '''
-        super(CAServerCert, self).__init__(None, config.kubeconfig, verbose)
-        self.config = config
-        self.verbose = verbose
-
-    def get(self):
-        '''get the current cert file
-
-           If a file exists by the same name in the specified location then the cert exists
-        '''
-        cert = self.config.config_options['cert']['value']
-        if cert and os.path.exists(cert):
-            return open(cert).read()
-
-        return None
-
-    def create(self):
-        '''run openshift oc adm ca create-server-cert cmd'''
-
-        # Added this here as a safegaurd for stomping on the
-        # cert and key files if they exist
-        if self.config.config_options['backup']['value']:
-            ext = time.strftime("%Y-%m-%d@%H:%M:%S", time.localtime(time.time()))
-            date_str = "%s_" + "%s" % ext
-
-            if os.path.exists(self.config.config_options['key']['value']):
-                shutil.copy(self.config.config_options['key']['value'],
-                            date_str % self.config.config_options['key']['value'])
-            if os.path.exists(self.config.config_options['cert']['value']):
-                shutil.copy(self.config.config_options['cert']['value'],
-                            date_str % self.config.config_options['cert']['value'])
-
-        options = self.config.to_option_list()
-
-        cmd = ['ca', 'create-server-cert']
-        cmd.extend(options)
-
-        return self.openshift_cmd(cmd, oadm=True)
-
-    def exists(self):
-        ''' check whether the certificate exists and has the clusterIP '''
-
-        cert_path = self.config.config_options['cert']['value']
-        if not os.path.exists(cert_path):
-            return False
-
-        # Would prefer pyopenssl but is not installed.
-        # When we verify it is, switch this code
-        # Here is the code to get the subject and the SAN
-        # openssl x509 -text -noout -certopt \
-        #  no_header,no_version,no_serial,no_signame,no_validity,no_issuer,no_pubkey,no_sigdump,no_aux \
-        #  -in /etc/origin/master/registry.crt
-        # Instead of this solution we will use a regex.
-        cert_names = []
-        hostnames = self.config.config_options['hostnames']['value'].split(',')
-        proc = subprocess.Popen(['openssl', 'x509', '-noout', '-text', '-in', cert_path],
-                                stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-
-        x509output, _ = proc.communicate()
-        if proc.returncode == 0:
-            regex = re.compile(r"^\s*X509v3 Subject Alternative Name:\s*?\n\s*(.*)\s*\n", re.MULTILINE)
-            match = regex.search(x509output.decode())  # E501
-            if not match:
-                return False
-
-            for entry in re.split(r", *", match.group(1)):
-                if entry.startswith('DNS') or entry.startswith('IP Address'):
-                    cert_names.append(entry.split(':')[1])
-            # now that we have cert names let's compare
-            cert_set = set(cert_names)
-            hname_set = set(hostnames)
-            if cert_set.issubset(hname_set) and hname_set.issubset(cert_set):
-                return True
-
-        return False
-
-    @staticmethod
-    def run_ansible(params, check_mode):
-        '''run the oc_adm_ca_server_cert module'''
-
-        # Filter non-strings from hostnames list (Such as boolean: False)
-        params['hostnames'] = [host for host in params['hostnames'] if isinstance(host, string_types)]
-
-        config = CAServerCertConfig(params['kubeconfig'],
-                                    params['debug'],
-                                    {'cert':          {'value': params['cert'], 'include': True},
-                                     'hostnames':     {'value': ','.join(params['hostnames']), 'include': True},
-                                     'overwrite':     {'value': True, 'include': True},
-                                     'key':           {'value': params['key'], 'include': True},
-                                     'signer_cert':   {'value': params['signer_cert'], 'include': True},
-                                     'signer_key':    {'value': params['signer_key'], 'include': True},
-                                     'signer_serial': {'value': params['signer_serial'], 'include': True},
-                                     'expire_days':   {'value': params['expire_days'], 'include': True},
-                                     'backup':        {'value': params['backup'], 'include': False},
-                                    })
-
-        server_cert = CAServerCert(config)
-
-        state = params['state']
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            if not server_cert.exists() or params['force']:
-
-                if check_mode:
-                    return {'changed': True,
-                            'msg': "CHECK_MODE: Would have created the certificate.",
-                            'state': state}
-
-                api_rval = server_cert.create()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            ########
-            # Exists
-            ########
-            api_rval = server_cert.get()
-            return {'changed': False, 'results': api_rval, 'state': state}
-
-        return {'failed': True,
-                'msg': 'Unknown state passed. %s' % state}

roles/lib_openshift/src/class/oc_adm_csr.py

@@ -1,221 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-class OCcsr(OpenShiftCLI):
-    ''' Class to wrap the oc adm certificate command line'''
-    kind = 'csr'
-
-    # pylint: disable=too-many-arguments
-    def __init__(self,
-                 nodes=None,
-                 approve_all=False,
-                 service_account=None,
-                 kubeconfig='/etc/origin/master/admin.kubeconfig',
-                 verbose=False):
-        ''' Constructor for oc adm certificate '''
-        super(OCcsr, self).__init__(None, kubeconfig, verbose)
-        self.service_account = service_account
-        self.nodes = self.create_nodes(nodes)
-        self._csrs = []
-        self.approve_all = approve_all
-        self.verbose = verbose
-
-    @property
-    def csrs(self):
-        '''property for managing csrs'''
-        # any processing needed??
-        self._csrs = self._get(resource=self.kind)['results'][0]['items']
-        return self._csrs
-
-    def create_nodes(self, nodes):
-        '''create a node object to track csr signing status'''
-        nodes_list = []
-
-        if nodes is None:
-            return nodes_list
-
-        results = self._get(resource='nodes')['results'][0]['items']
-
-        for node in nodes:
-            nodes_list.append(dict(name=node, csrs={}, server_accepted=False, client_accepted=False, denied=False))
-
-            # Ready nodes have already been accepted. Mark client and server as accepted.
-            for ocnode in results:
-                if ocnode['metadata']['name'] == node:
-                    for condition in ocnode['status']['conditions']:
-                        if condition['type'] == 'Ready' and condition['status'] == 'True':
-                            nodes_list[-1]['server_accepted'] = True
-                            nodes_list[-1]['client_accepted'] = True
-
-        return nodes_list
-
-    def get(self):
-        '''get the current certificate signing requests'''
-        return self.csrs
-
-    @staticmethod
-    def action_needed(csr, action):
-        '''check to see if csr is in desired state'''
-        if csr['status'] == {}:
-            return True
-
-        state = csr['status']['conditions'][0]['type']
-
-        if action == 'approve' and state != 'Approved':
-            return True
-
-        elif action == 'deny' and state != 'Denied':
-            return True
-
-        return False
-
-    def get_csr_request(self, request):
-        '''base64 decode the request object and call openssl to determine the
-           subject and specifically the CN: from the request
-
-           Output:
-           (0, '...
-                Subject: O=system:nodes, CN=system:node:ip-172-31-54-54.ec2.internal
-                ...')
-        '''
-        import base64
-        return self._run(['openssl', 'req', '-noout', '-text'], base64.b64decode(request))[1]
-
-    def match_node(self, csr):
-        '''match an inc csr to a node in self.nodes'''
-        for node in self.nodes:
-            # we need to match based upon the csr's request certificate's CN
-            if node['name'] in self.get_csr_request(csr['spec']['request']):
-                node['csrs'][csr['metadata']['name']] = csr
-
-                # client certs may come in as either the service_account or as the node during upgrade
-                # server certs always come in as the node
-                if ((node['name'] in csr['spec']['username'] or
-                     csr['spec']['username'] in [self.service_account, 'system:admin']) and
-                        csr['status'] and csr['status']['conditions'][0]['type'] == 'Approved'):
-                    if 'server auth' in csr['spec']['usages']:
-                        node['server_accepted'] = True
-                    if 'client auth' in csr['spec']['usages']:
-                        node['client_accepted'] = True
-                # check type is 'Denied' and mark node as such
-                if csr['status'] and csr['status']['conditions'][0]['type'] == 'Denied':
-                    node['denied'] = True
-                return node
-        return None
-
-    def finished(self):
-        '''determine if there are more csrs to sign'''
-        # if nodes is set and we have nodes then return if all nodes are 'accepted'
-        if self.nodes is not None and len(self.nodes) > 0:
-            return all([(node['server_accepted'] and node['client_accepted']) or node['denied'] for node in self.nodes])
-
-        # we are approving everything or we still have nodes outstanding
-        return False
-
-    def manage(self, action):
-        '''run openshift oc adm ca create-server-cert cmd and store results into self.nodes
-
-           we attempt to verify if the node is one that was given to us to accept.
-
-           action - (allow | deny)
-        '''
-
-        results = []
-        # There are 2 types of requests:
-        # - node-bootstrapper-client-ip-172-31-51-246-ec2-internal
-        #   The client request allows the client to talk to the api/controller
-        # - node-bootstrapper-server-ip-172-31-51-246-ec2-internal
-        #   The server request allows the server to join the cluster
-        # Here we need to determine how to approve/deny
-        # we should query the csrs and verify they are from the nodes we thought
-        for csr in self.csrs:
-            node = self.match_node(csr)
-            # oc adm certificate <approve|deny> csr
-            # there are 3 known states: Denied, Approved, {}
-            # verify something is needed by OCcsr.action_needed
-            # if approve_all, then do it
-            # if you passed in nodes, you must have a node that matches
-            if self.approve_all or (node and OCcsr.action_needed(csr, action)):
-                result = self.openshift_cmd(['certificate', action, csr['metadata']['name']], oadm=True)
-                # if we successfully approved
-                if result['returncode'] == 0:
-                    # client should have service account name in username field
-                    # server should have node name in username field
-                    if node and csr['metadata']['name'] not in node['csrs']:
-                        node['csrs'][csr['metadata']['name']] = csr
-
-                    # mark node as accepted in our list of nodes
-                    # we will use {client,server}_accepted fields to determine if we're finished
-                    if (node['name'] in csr['spec']['username'] or
-                            csr['spec']['username'] in [self.service_account, 'system:admin']):
-                        if 'server auth' in csr['spec']['usages']:
-                            node['server_accepted'] = True
-                        if 'client auth' in csr['spec']['usages']:
-                            node['client_accepted'] = True
-
-                results.append(result)
-
-        return results
-
-    @staticmethod
-    def run_ansible(params, check_mode=False):
-        '''run the oc_adm_csr module'''
-
-        client = OCcsr(params['nodes'],
-                       params['approve_all'],
-                       params['service_account'],
-                       params['kubeconfig'],
-                       params['debug'])
-
-        state = params['state']
-
-        api_rval = client.get()
-
-        if state == 'list':
-            return {'changed': False, 'results': api_rval, 'state': state}
-
-        if state in ['approve', 'deny']:
-            if check_mode:
-                return {'changed': True,
-                        'msg': "CHECK_MODE: Would have {} the certificate.".format(params['state']),
-                        'state': state}
-
-            all_results = []
-            finished = False
-            timeout = False
-            # loop for timeout or block until all nodes pass
-            ctr = 0
-            while True:
-
-                all_results.extend(client.manage(params['state']))
-                if client.finished():
-                    finished = True
-                    break
-
-                if params['timeout'] == 0:
-                    if not params['approve_all']:
-                        ctr = 0
-
-                if ctr * 2 > params['timeout']:
-                    timeout = True
-                    break
-
-                # This provides time for the nodes to send their csr requests between approvals
-                time.sleep(2)
-
-                ctr += 1
-
-            for result in all_results:
-                if result['returncode'] != 0:
-                    return {'failed': True, 'msg': all_results, 'timeout': timeout}
-
-            return dict(changed=len(all_results) > 0,
-                        results=all_results,
-                        nodes=client.nodes,
-                        state=state,
-                        finished=finished,
-                        timeout=timeout)
-
-        return {'failed': True,
-                'msg': 'Unknown state passed. %s' % state}

roles/lib_openshift/src/class/oc_adm_manage_node.py

@@ -1,209 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-class ManageNodeException(Exception):
-    ''' manage-node exception class '''
-    pass
-
-
-class ManageNodeConfig(OpenShiftCLIConfig):
-    ''' ManageNodeConfig is a DTO for the manage-node command.'''
-    def __init__(self, kubeconfig, node_options):
-        super(ManageNodeConfig, self).__init__(None, None, kubeconfig, node_options)
-
-
-# pylint: disable=too-many-instance-attributes
-class ManageNode(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-
-    # pylint allows 5
-    # pylint: disable=too-many-arguments
-    def __init__(self,
-                 config,
-                 verbose=False):
-        ''' Constructor for ManageNode '''
-        super(ManageNode, self).__init__(None, kubeconfig=config.kubeconfig, verbose=verbose)
-        self.config = config
-
-    def evacuate(self):
-        ''' formulate the params and run oadm manage-node '''
-        return self._evacuate(node=self.config.config_options['node']['value'],
-                              selector=self.config.config_options['selector']['value'],
-                              pod_selector=self.config.config_options['pod_selector']['value'],
-                              dry_run=self.config.config_options['dry_run']['value'],
-                              grace_period=self.config.config_options['grace_period']['value'],
-                              force=self.config.config_options['force']['value'],
-                             )
-    def get_nodes(self, node=None, selector=''):
-        '''perform oc get node'''
-        _node = None
-        _sel = None
-        if node:
-            _node = node
-        if selector:
-            _sel = selector
-
-        results = self._get('node', name=_node, selector=_sel)
-        if results['returncode'] != 0:
-            return results
-
-        nodes = []
-        items = None
-        if results['results'][0]['kind'] == 'List':
-            items = results['results'][0]['items']
-        else:
-            items = results['results']
-
-        for node in items:
-            _node = {}
-            _node['name'] = node['metadata']['name']
-            _node['schedulable'] = True
-            if 'unschedulable' in node['spec']:
-                _node['schedulable'] = False
-            nodes.append(_node)
-
-        return nodes
-
-    def get_pods_from_node(self, node, pod_selector=None):
-        '''return pods for a node'''
-        results = self._list_pods(node=[node], pod_selector=pod_selector)
-
-        if results['returncode'] != 0:
-            return results
-
-        # When a selector or node is matched it is returned along with the json.
-        # We are going to split the results based on the regexp and then
-        # load the json for each matching node.
-        # Before we return we are going to loop over the results and pull out the node names.
-        # {'node': [pod, pod], 'node': [pod, pod]}
-        # 3.2 includes the following lines in stdout: "Listing matched pods on node:"
-        all_pods = []
-        if "Listing matched" in results['results']:
-            listing_match = re.compile('\n^Listing matched.*$\n', flags=re.MULTILINE)
-            pods = listing_match.split(results['results'])
-            for pod in pods:
-                if pod:
-                    all_pods.extend(json.loads(pod)['items'])
-
-        # 3.3 specific
-        else:
-            # this is gross but I filed a bug...
-            # https://bugzilla.redhat.com/show_bug.cgi?id=1381621
-            # build our own json from the output.
-            all_pods = json.loads(results['results'])['items']
-
-        return all_pods
-
-    def list_pods(self):
-        ''' run oadm manage-node --list-pods'''
-        _nodes = self.config.config_options['node']['value']
-        _selector = self.config.config_options['selector']['value']
-        _pod_selector = self.config.config_options['pod_selector']['value']
-
-        if not _nodes:
-            _nodes = self.get_nodes(selector=_selector)
-        else:
-            _nodes = [{'name': name} for name in _nodes]
-
-        all_pods = {}
-        for node in _nodes:
-            results = self.get_pods_from_node(node['name'], pod_selector=_pod_selector)
-            if isinstance(results, dict):
-                return results
-            all_pods[node['name']] = results
-
-        results = {}
-        results['nodes'] = all_pods
-        results['returncode'] = 0
-        return results
-
-    def schedulable(self):
-        '''oadm manage-node call for making nodes unschedulable'''
-        nodes = self.config.config_options['node']['value']
-        selector = self.config.config_options['selector']['value']
-
-        if not nodes:
-            nodes = self.get_nodes(selector=selector)
-        else:
-            tmp_nodes = []
-            for name in nodes:
-                tmp_result = self.get_nodes(name)
-                if isinstance(tmp_result, dict):
-                    tmp_nodes.append(tmp_result)
-                    continue
-                tmp_nodes.extend(tmp_result)
-            nodes = tmp_nodes
-
-        # This is a short circuit based on the way we fetch nodes.
-        # If node is a dict/list then we've already fetched them.
-        for node in nodes:
-            if isinstance(node, dict) and 'returncode' in node:
-                return {'results': nodes, 'returncode': node['returncode']}
-            if isinstance(node, list) and 'returncode' in node[0]:
-                return {'results': nodes, 'returncode': node[0]['returncode']}
-        # check all the nodes that were returned and verify they are:
-        # node['schedulable'] == self.config.config_options['schedulable']['value']
-        if any([node['schedulable'] != self.config.config_options['schedulable']['value'] for node in nodes]):
-
-            results = self._schedulable(node=self.config.config_options['node']['value'],
-                                        selector=self.config.config_options['selector']['value'],
-                                        schedulable=self.config.config_options['schedulable']['value'])
-
-            # 'NAME                            STATUS    AGE\\nip-172-31-49-140.ec2.internal   Ready     4h\\n'  # E501
-            # normalize formatting with previous return objects
-            if results['results'].startswith('NAME'):
-                nodes = []
-                # removing header line and trailing new line character of node lines
-                for node_results in results['results'].split('\n')[1:-1]:
-                    parts = node_results.split()
-                    nodes.append({'name': parts[0], 'schedulable': parts[1] == 'Ready'})
-                results['nodes'] = nodes
-
-            return results
-
-        results = {}
-        results['returncode'] = 0
-        results['changed'] = False
-        results['nodes'] = nodes
-
-        return results
-
-    @staticmethod
-    def run_ansible(params, check_mode):
-        '''run the oc_adm_manage_node module'''
-        nconfig = ManageNodeConfig(params['kubeconfig'],
-                                   {'node': {'value': params['node'], 'include': True},
-                                    'selector': {'value': params['selector'], 'include': True},
-                                    'pod_selector': {'value': params['pod_selector'], 'include': True},
-                                    'schedulable': {'value': params['schedulable'], 'include': True},
-                                    'list_pods': {'value': params['list_pods'], 'include': True},
-                                    'evacuate': {'value': params['evacuate'], 'include': True},
-                                    'dry_run': {'value': params['dry_run'], 'include': True},
-                                    'force': {'value': params['force'], 'include': True},
-                                    'grace_period': {'value': params['grace_period'], 'include': True},
-                                   })
-
-        oadm_mn = ManageNode(nconfig)
-        # Run the oadm manage-node commands
-        results = None
-        changed = False
-        if params['schedulable'] != None:
-            if check_mode:
-                # schedulable returns results after the fact.
-                # We need to redo how this works to support check_mode completely.
-                return {'changed': True, 'msg': 'CHECK_MODE: would have called schedulable.'}
-            results = oadm_mn.schedulable()
-            if 'changed' not in results:
-                changed = True
-
-        if params['evacuate']:
-            results = oadm_mn.evacuate()
-            changed = True
-        elif params['list_pods']:
-            results = oadm_mn.list_pods()
-
-        if not results or results['returncode'] != 0:
-            return {'failed': True, 'msg': results}
-
-        return {'changed': changed, 'results': results, 'state': "present"}

roles/lib_openshift/src/class/oc_adm_policy_group.py

@@ -1,229 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-class PolicyGroupException(Exception):
-    ''' PolicyGroup exception'''
-    pass
-
-
-class PolicyGroupConfig(OpenShiftCLIConfig):
-    ''' PolicyGroupConfig is a DTO for group related policy.  '''
-    def __init__(self, namespace, kubeconfig, policy_options):
-        super(PolicyGroupConfig, self).__init__(policy_options['name']['value'],
-                                                namespace, kubeconfig, policy_options)
-        self.kind = self.get_kind()
-        self.namespace = namespace
-
-    def get_kind(self):
-        ''' return the kind we are working with '''
-        if self.config_options['resource_kind']['value'] == 'role':
-            return 'rolebinding'
-        elif self.config_options['resource_kind']['value'] == 'cluster-role':
-            return 'clusterrolebinding'
-        elif self.config_options['resource_kind']['value'] == 'scc':
-            return 'scc'
-
-        return None
-
-
-# pylint: disable=too-many-return-statements
-class PolicyGroup(OpenShiftCLI):
-    ''' Class to handle attaching policies to users '''
-
-
-    def __init__(self,
-                 config,
-                 verbose=False):
-        ''' Constructor for PolicyGroup '''
-        super(PolicyGroup, self).__init__(config.namespace, config.kubeconfig, verbose)
-        self.config = config
-        self.verbose = verbose
-        self._rolebinding = None
-        self._scc = None
-        self._cluster_role_bindings = None
-        self._role_bindings = None
-
-    @property
-    def rolebindings(self):
-        if self._role_bindings is None:
-            results = self._get('rolebindings', None)
-            if results['returncode'] != 0:
-                raise OpenShiftCLIError('Could not retrieve rolebindings')
-            self._role_bindings = results['results'][0]['items']
-
-        return self._role_bindings
-
-    @property
-    def clusterrolebindings(self):
-        if self._cluster_role_bindings is None:
-            results = self._get('clusterrolebindings', None)
-            if results['returncode'] != 0:
-                raise OpenShiftCLIError('Could not retrieve clusterrolebindings')
-            self._cluster_role_bindings = results['results'][0]['items']
-
-        return self._cluster_role_bindings
-
-    @property
-    def role_binding(self):
-        ''' role_binding getter '''
-        return self._rolebinding
-
-    @role_binding.setter
-    def role_binding(self, binding):
-        ''' role_binding setter '''
-        self._rolebinding = binding
-
-    @property
-    def security_context_constraint(self):
-        ''' security_context_constraint getter '''
-        return self._scc
-
-    @security_context_constraint.setter
-    def security_context_constraint(self, scc):
-        ''' security_context_constraint setter '''
-        self._scc = scc
-
-    def get(self):
-        '''fetch the desired kind'''
-        resource_name = self.config.config_options['name']['value']
-        if resource_name == 'cluster-reader':
-            resource_name += 's'
-
-        # oc adm policy add-... creates policy bindings with the name
-        # "[resource_name]-binding", however some bindings in the system
-        # simply use "[resource_name]". So try both.
-
-        results = self._get(self.config.kind, resource_name)
-        if results['returncode'] == 0:
-            return results
-
-        # Now try -binding naming convention
-        return self._get(self.config.kind, resource_name + "-binding")
-
-    def exists_role_binding(self):
-        ''' return whether role_binding exists '''
-        bindings = None
-        if self.config.config_options['resource_kind']['value'] == 'cluster-role':
-            bindings = self.clusterrolebindings
-        else:
-            bindings = self.rolebindings
-
-        if bindings is None:
-            return False
-
-        for binding in bindings:
-            if self.config.config_options['rolebinding_name']['value'] is not None and \
-                    binding['metadata']['name'] != self.config.config_options['rolebinding_name']['value']:
-                continue
-            if binding['roleRef']['name'] == self.config.config_options['name']['value'] and \
-                    binding['groupNames'] is not None and \
-                    self.config.config_options['group']['value'] in binding['groupNames']:
-                self.role_binding = binding
-                return True
-
-        return False
-
-    def exists_scc(self):
-        ''' return whether scc exists '''
-        results = self.get()
-        if results['returncode'] == 0:
-            self.security_context_constraint = SecurityContextConstraints(results['results'][0])
-
-            if self.security_context_constraint.find_group(self.config.config_options['group']['value']) != None:
-                return True
-
-            return False
-
-        return results
-
-    def exists(self):
-        '''does the object exist?'''
-        if self.config.config_options['resource_kind']['value'] == 'cluster-role':
-            return self.exists_role_binding()
-
-        elif self.config.config_options['resource_kind']['value'] == 'role':
-            return self.exists_role_binding()
-
-        elif self.config.config_options['resource_kind']['value'] == 'scc':
-            return self.exists_scc()
-
-        return False
-
-    def perform(self):
-        '''perform action on resource'''
-        cmd = ['policy',
-               self.config.config_options['action']['value'],
-               self.config.config_options['name']['value'],
-               self.config.config_options['group']['value']]
-
-        if self.config.config_options['rolebinding_name']['value'] is not None:
-            cmd.extend(['--rolebinding-name', self.config.config_options['rolebinding_name']['value']])
-
-        return self.openshift_cmd(cmd, oadm=True)
-
-    @staticmethod
-    def run_ansible(params, check_mode):
-        '''run the oc_adm_policy_group module'''
-
-        state = params['state']
-
-        action = None
-        if state == 'present':
-            action = 'add-' + params['resource_kind'] + '-to-group'
-        else:
-            action = 'remove-' + params['resource_kind'] + '-from-group'
-
-        nconfig = PolicyGroupConfig(params['namespace'],
-                                    params['kubeconfig'],
-                                    {'action': {'value': action, 'include': False},
-                                     'group': {'value': params['group'], 'include': False},
-                                     'resource_kind': {'value': params['resource_kind'], 'include': False},
-                                     'name': {'value': params['resource_name'], 'include': False},
-                                     'rolebinding_name': {'value': params['rolebinding_name'], 'include': False},
-                                    })
-
-        policygroup = PolicyGroup(nconfig, params['debug'])
-
-        # Run the oc adm policy group related command
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if not policygroup.exists():
-                return {'changed': False, 'state': 'absent'}
-
-            if check_mode:
-                return {'changed': False, 'msg': 'CHECK_MODE: would have performed a delete.'}
-
-            api_rval = policygroup.perform()
-
-            if api_rval['returncode'] != 0:
-                return {'msg': api_rval}
-
-            return {'changed': True, 'results' : api_rval, state:'absent'}
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            results = policygroup.exists()
-            if isinstance(results, dict) and 'returncode' in results and results['returncode'] != 0:
-                return {'msg': results}
-
-            if not results:
-
-                if check_mode:
-                    return {'changed': False, 'msg': 'CHECK_MODE: would have performed a create.'}
-
-                api_rval = policygroup.perform()
-
-                if api_rval['returncode'] != 0:
-                    return {'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, state: 'present'}
-
-            return {'changed': False, state: 'present'}
-
-        return {'failed': True, 'changed': False, 'results': 'Unknown state passed. %s' % state, state: 'unknown'}

roles/lib_openshift/src/class/oc_adm_policy_user.py

@@ -1,227 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-class PolicyUserException(Exception):
-    ''' PolicyUser exception'''
-    pass
-
-
-class PolicyUserConfig(OpenShiftCLIConfig):
-    ''' PolicyUserConfig is a DTO for user related policy.  '''
-    def __init__(self, namespace, kubeconfig, policy_options):
-        super(PolicyUserConfig, self).__init__(policy_options['name']['value'],
-                                               namespace, kubeconfig, policy_options)
-        self.kind = self.get_kind()
-        self.namespace = namespace
-
-    def get_kind(self):
-        ''' return the kind we are working with '''
-        if self.config_options['resource_kind']['value'] == 'role':
-            return 'rolebinding'
-        elif self.config_options['resource_kind']['value'] == 'cluster-role':
-            return 'clusterrolebinding'
-        elif self.config_options['resource_kind']['value'] == 'scc':
-            return 'scc'
-
-        return None
-
-
-# pylint: disable=too-many-return-statements
-class PolicyUser(OpenShiftCLI):
-    ''' Class to handle attaching policies to users '''
-
-    def __init__(self,
-                 config,
-                 verbose=False):
-        ''' Constructor for PolicyUser '''
-        super(PolicyUser, self).__init__(config.namespace, config.kubeconfig, verbose)
-        self.config = config
-        self.verbose = verbose
-        self._rolebinding = None
-        self._scc = None
-        self._cluster_role_bindings = None
-        self._role_bindings = None
-
-    @property
-    def rolebindings(self):
-        if self._role_bindings is None:
-            results = self._get('rolebindings', None)
-            if results['returncode'] != 0:
-                raise OpenShiftCLIError('Could not retrieve rolebindings')
-            self._role_bindings = results['results'][0]['items']
-
-        return self._role_bindings
-
-    @property
-    def clusterrolebindings(self):
-        if self._cluster_role_bindings is None:
-            results = self._get('clusterrolebindings', None)
-            if results['returncode'] != 0:
-                raise OpenShiftCLIError('Could not retrieve clusterrolebindings')
-            self._cluster_role_bindings = results['results'][0]['items']
-
-        return self._cluster_role_bindings
-
-    @property
-    def role_binding(self):
-        ''' role_binding property '''
-        return self._rolebinding
-
-    @role_binding.setter
-    def role_binding(self, binding):
-        ''' setter for role_binding property '''
-        self._rolebinding = binding
-
-    @property
-    def security_context_constraint(self):
-        ''' security_context_constraint property '''
-        return self._scc
-
-    @security_context_constraint.setter
-    def security_context_constraint(self, scc):
-        ''' setter for security_context_constraint property '''
-        self._scc = scc
-
-    def get(self):
-        '''fetch the desired kind
-
-           This is only used for scc objects.
-           The {cluster}rolebindings happen in exists.
-        '''
-        resource_name = self.config.config_options['name']['value']
-        if resource_name == 'cluster-reader':
-            resource_name += 's'
-
-        return self._get(self.config.kind, resource_name)
-
-    def exists_role_binding(self):
-        ''' return whether role_binding exists '''
-        bindings = None
-        if self.config.config_options['resource_kind']['value'] == 'cluster-role':
-            bindings = self.clusterrolebindings
-        else:
-            bindings = self.rolebindings
-
-        if bindings is None:
-            return False
-
-        for binding in bindings:
-            if self.config.config_options['rolebinding_name']['value'] is not None and \
-                    binding['metadata']['name'] != self.config.config_options['rolebinding_name']['value']:
-                continue
-            if binding['roleRef']['name'] == self.config.config_options['name']['value'] and \
-                    'userNames' in binding and binding['userNames'] is not None and \
-                    self.config.config_options['user']['value'] in binding['userNames']:
-                self.role_binding = binding
-                return True
-
-        return False
-
-    def exists_scc(self):
-        ''' return whether scc exists '''
-        results = self.get()
-        if results['returncode'] == 0:
-            self.security_context_constraint = SecurityContextConstraints(results['results'][0])
-
-            if self.security_context_constraint.find_user(self.config.config_options['user']['value']) != None:
-                return True
-
-            return False
-
-        return results
-
-    def exists(self):
-        '''does the object exist?'''
-        if self.config.config_options['resource_kind']['value'] == 'cluster-role':
-            return self.exists_role_binding()
-
-        elif self.config.config_options['resource_kind']['value'] == 'role':
-            return self.exists_role_binding()
-
-        elif self.config.config_options['resource_kind']['value'] == 'scc':
-            return self.exists_scc()
-
-        return False
-
-    def perform(self):
-        '''perform action on resource'''
-        cmd = ['policy',
-               self.config.config_options['action']['value'],
-               self.config.config_options['name']['value'],
-               self.config.config_options['user']['value']]
-
-        if self.config.config_options['role_namespace']['value'] is not None:
-            cmd.extend(['--role-namespace', self.config.config_options['role_namespace']['value']])
-
-        if self.config.config_options['rolebinding_name']['value'] is not None:
-            cmd.extend(['--rolebinding-name', self.config.config_options['rolebinding_name']['value']])
-
-        return self.openshift_cmd(cmd, oadm=True)
-
-    @staticmethod
-    def run_ansible(params, check_mode):
-        '''run the oc_adm_policy_user module'''
-
-        state = params['state']
-
-        action = None
-        if state == 'present':
-            action = 'add-' + params['resource_kind'] + '-to-user'
-        else:
-            action = 'remove-' + params['resource_kind'] + '-from-user'
-
-        nconfig = PolicyUserConfig(params['namespace'],
-                                   params['kubeconfig'],
-                                   {'action': {'value': action, 'include': False},
-                                    'user': {'value': params['user'], 'include': False},
-                                    'resource_kind': {'value': params['resource_kind'], 'include': False},
-                                    'name': {'value': params['resource_name'], 'include': False},
-                                    'role_namespace': {'value': params['role_namespace'], 'include': False},
-                                    'rolebinding_name': {'value': params['rolebinding_name'], 'include': False},
-                                   })
-
-        policyuser = PolicyUser(nconfig, params['debug'])
-
-        # Run the oc adm policy user related command
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if not policyuser.exists():
-                return {'changed': False, 'state': 'absent'}
-
-            if check_mode:
-                return {'changed': False, 'msg': 'CHECK_MODE: would have performed a delete.'}
-
-            api_rval = policyuser.perform()
-
-            if api_rval['returncode'] != 0:
-                return {'msg': api_rval}
-
-            return {'changed': True, 'results' : api_rval, state:'absent'}
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            results = policyuser.exists()
-            if isinstance(results, dict) and 'returncode' in results and results['returncode'] != 0:
-                return {'msg': results}
-
-            if not results:
-
-                if check_mode:
-                    return {'changed': False, 'msg': 'CHECK_MODE: would have performed a create.'}
-
-                api_rval = policyuser.perform()
-
-                if api_rval['returncode'] != 0:
-                    return {'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, state: 'present'}
-
-            return {'changed': False, state: 'present'}
-
-        return {'failed': True, 'changed': False, 'results': 'Unknown state passed. %s' % state, state: 'unknown'}

roles/lib_openshift/src/class/oc_adm_registry.py

@@ -1,430 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-class RegistryException(Exception):
-    ''' Registry Exception Class '''
-    pass
-
-
-class RegistryConfig(OpenShiftCLIConfig):
-    ''' RegistryConfig is a DTO for the registry.  '''
-    def __init__(self, rname, namespace, kubeconfig, registry_options):
-        super(RegistryConfig, self).__init__(rname, namespace, kubeconfig, registry_options)
-
-
-class Registry(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-
-    volume_mount_path = 'spec.template.spec.containers[0].volumeMounts'
-    volume_path = 'spec.template.spec.volumes'
-    env_path = 'spec.template.spec.containers[0].env'
-
-    def __init__(self,
-                 registry_config,
-                 verbose=False):
-        ''' Constructor for Registry
-
-           a registry consists of 3 or more parts
-           - dc/docker-registry
-           - svc/docker-registry
-
-           Parameters:
-           :registry_config:
-           :verbose:
-        '''
-        super(Registry, self).__init__(registry_config.namespace, registry_config.kubeconfig, verbose)
-        self.version = OCVersion(registry_config.kubeconfig, verbose)
-        self.svc_ip = None
-        self.portal_ip = None
-        self.config = registry_config
-        self.verbose = verbose
-        self.registry_parts = [{'kind': 'dc', 'name': self.config.name},
-                               {'kind': 'svc', 'name': self.config.name},
-                              ]
-
-        self.__prepared_registry = None
-        self.volume_mounts = []
-        self.volumes = []
-        if self.config.config_options['volume_mounts']['value']:
-            for volume in self.config.config_options['volume_mounts']['value']:
-                volume_info = {'secret_name': volume.get('secret_name', None),
-                               'name':        volume.get('name', None),
-                               'type':        volume.get('type', None),
-                               'path':        volume.get('path', None),
-                               'claimName':   volume.get('claim_name', None),
-                               'claimSize':   volume.get('claim_size', None),
-                              }
-
-                vol, vol_mount = Volume.create_volume_structure(volume_info)
-                self.volumes.append(vol)
-                self.volume_mounts.append(vol_mount)
-
-        self.dconfig = None
-        self.svc = None
-
-    @property
-    def deploymentconfig(self):
-        ''' deploymentconfig property '''
-        return self.dconfig
-
-    @deploymentconfig.setter
-    def deploymentconfig(self, config):
-        ''' setter for deploymentconfig property '''
-        self.dconfig = config
-
-    @property
-    def service(self):
-        ''' service property '''
-        return self.svc
-
-    @service.setter
-    def service(self, config):
-        ''' setter for service property '''
-        self.svc = config
-
-    @property
-    def prepared_registry(self):
-        ''' prepared_registry property '''
-        if not self.__prepared_registry:
-            results = self.prepare_registry()
-            if not results or ('returncode' in results and results['returncode'] != 0):
-                raise RegistryException('Could not perform registry preparation. {}'.format(results))
-            self.__prepared_registry = results
-
-        return self.__prepared_registry
-
-    @prepared_registry.setter
-    def prepared_registry(self, data):
-        ''' setter method for prepared_registry attribute '''
-        self.__prepared_registry = data
-
-    def get(self):
-        ''' return the self.registry_parts '''
-        self.deploymentconfig = None
-        self.service = None
-
-        rval = 0
-        for part in self.registry_parts:
-            result = self._get(part['kind'], name=part['name'])
-            if result['returncode'] == 0 and part['kind'] == 'dc':
-                self.deploymentconfig = DeploymentConfig(result['results'][0])
-            elif result['returncode'] == 0 and part['kind'] == 'svc':
-                self.service = Service(result['results'][0])
-
-            if result['returncode'] != 0:
-                rval = result['returncode']
-
-
-        return {'returncode': rval, 'deploymentconfig': self.deploymentconfig, 'service': self.service}
-
-    def exists(self):
-        '''does the object exist?'''
-        if self.deploymentconfig and self.service:
-            return True
-
-        return False
-
-    def delete(self, complete=True):
-        '''return all pods '''
-        parts = []
-        for part in self.registry_parts:
-            if not complete and part['kind'] == 'svc':
-                continue
-            parts.append(self._delete(part['kind'], part['name']))
-
-        # Clean up returned results
-        rval = 0
-        for part in parts:
-            # pylint: disable=invalid-sequence-index
-            if 'returncode' in part and part['returncode'] != 0:
-                rval = part['returncode']
-
-        return {'returncode': rval, 'results': parts}
-
-    def prepare_registry(self):
-        ''' prepare a registry for instantiation '''
-        options = self.config.to_option_list(ascommalist='labels')
-
-        cmd = ['registry']
-        cmd.extend(options)
-        cmd.extend(['--dry-run=True', '-o', 'json'])
-
-        results = self.openshift_cmd(cmd, oadm=True, output=True, output_type='json')
-        # probably need to parse this
-        # pylint thinks results is a string
-        # pylint: disable=no-member
-        if results['returncode'] != 0 and 'items' not in results['results']:
-            raise RegistryException('Could not perform registry preparation. {}'.format(results))
-
-        service = None
-        deploymentconfig = None
-        # pylint: disable=invalid-sequence-index
-        for res in results['results']['items']:
-            if res['kind'] == 'DeploymentConfig':
-                deploymentconfig = DeploymentConfig(res)
-            elif res['kind'] == 'Service':
-                service = Service(res)
-
-        # Verify we got a service and a deploymentconfig
-        if not service or not deploymentconfig:
-            return results
-
-        # results will need to get parsed here and modifications added
-        deploymentconfig = DeploymentConfig(self.add_modifications(deploymentconfig))
-
-        # modify service ip
-        if self.svc_ip:
-            service.put('spec.clusterIP', self.svc_ip)
-        if self.portal_ip:
-            service.put('spec.portalIP', self.portal_ip)
-
-        # the dry-run doesn't apply the selector correctly
-        if self.service:
-            service.put('spec.selector', self.service.get_selector())
-
-        # need to create the service and the deploymentconfig
-        service_file = Utils.create_tmp_file_from_contents('service', service.yaml_dict)
-        deployment_file = Utils.create_tmp_file_from_contents('deploymentconfig', deploymentconfig.yaml_dict)
-
-        return {"service": service,
-                "service_file": service_file,
-                "service_update": False,
-                "deployment": deploymentconfig,
-                "deployment_file": deployment_file,
-                "deployment_update": False}
-
-    def create(self):
-        '''Create a registry'''
-        results = []
-        self.needs_update()
-        # if the object is none, then we need to create it
-        # if the object needs an update, then we should call replace
-        # Handle the deploymentconfig
-        if self.deploymentconfig is None:
-            results.append(self._create(self.prepared_registry['deployment_file']))
-        elif self.prepared_registry['deployment_update']:
-            results.append(self._replace(self.prepared_registry['deployment_file']))
-
-        # Handle the service
-        if self.service is None:
-            results.append(self._create(self.prepared_registry['service_file']))
-        elif self.prepared_registry['service_update']:
-            results.append(self._replace(self.prepared_registry['service_file']))
-
-        # Clean up returned results
-        rval = 0
-        for result in results:
-            # pylint: disable=invalid-sequence-index
-            if 'returncode' in result and result['returncode'] != 0:
-                rval = result['returncode']
-
-        return {'returncode': rval, 'results': results}
-
-    def update(self):
-        '''run update for the registry.  This performs a replace if required'''
-        # Store the current service IP
-        if self.service:
-            svcip = self.service.get('spec.clusterIP')
-            if svcip:
-                self.svc_ip = svcip
-            portip = self.service.get('spec.portalIP')
-            if portip:
-                self.portal_ip = portip
-
-        results = []
-        if self.prepared_registry['deployment_update']:
-            results.append(self._replace(self.prepared_registry['deployment_file']))
-        if self.prepared_registry['service_update']:
-            results.append(self._replace(self.prepared_registry['service_file']))
-
-        # Clean up returned results
-        rval = 0
-        for result in results:
-            if result['returncode'] != 0:
-                rval = result['returncode']
-
-        return {'returncode': rval, 'results': results}
-
-    def add_modifications(self, deploymentconfig):
-        ''' update a deployment config with changes '''
-        # The environment variable for REGISTRY_HTTP_SECRET is autogenerated
-        # We should set the generated deploymentconfig to the in memory version
-        # the following modifications will overwrite if needed
-        if self.deploymentconfig:
-            result = self.deploymentconfig.get_env_var('REGISTRY_HTTP_SECRET')
-            if result:
-                deploymentconfig.update_env_var('REGISTRY_HTTP_SECRET', result['value'])
-
-        # Currently we know that our deployment of a registry requires a few extra modifications
-        # Modification 1
-        # we need specific environment variables to be set
-        for key, value in self.config.config_options['env_vars'].get('value', {}).items():
-            if not deploymentconfig.exists_env_key(key):
-                deploymentconfig.add_env_value(key, value)
-            else:
-                deploymentconfig.update_env_var(key, value)
-
-        # Modification 2
-        # we need specific volume variables to be set
-        for volume in self.volumes:
-            deploymentconfig.update_volume(volume)
-
-        for vol_mount in self.volume_mounts:
-            deploymentconfig.update_volume_mount(vol_mount)
-
-        # Modification 3
-        # Edits
-        edit_results = []
-        for edit in self.config.config_options['edits'].get('value', []):
-            if edit['action'] == 'put':
-                edit_results.append(deploymentconfig.put(edit['key'],
-                                                         edit['value']))
-            if edit['action'] == 'update':
-                edit_results.append(deploymentconfig.update(edit['key'],
-                                                            edit['value'],
-                                                            edit.get('index', None),
-                                                            edit.get('curr_value', None)))
-            if edit['action'] == 'append':
-                edit_results.append(deploymentconfig.append(edit['key'],
-                                                            edit['value']))
-
-        if edit_results and not any([res[0] for res in edit_results]):
-            return None
-
-        return deploymentconfig.yaml_dict
-
-    def needs_update(self):
-        ''' check to see if we need to update '''
-        exclude_list = ['clusterIP', 'portalIP', 'type', 'protocol']
-        if self.service is None or \
-                not Utils.check_def_equal(self.prepared_registry['service'].yaml_dict,
-                                          self.service.yaml_dict,
-                                          exclude_list,
-                                          debug=self.verbose):
-            self.prepared_registry['service_update'] = True
-
-        exclude_list = ['dnsPolicy',
-                        'terminationGracePeriodSeconds',
-                        'restartPolicy', 'timeoutSeconds',
-                        'livenessProbe', 'readinessProbe',
-                        'terminationMessagePath',
-                        'securityContext',
-                        'imagePullPolicy',
-                        'protocol', # ports.portocol: TCP
-                        'type', # strategy: {'type': 'rolling'}
-                        'defaultMode', # added on secrets
-                        'activeDeadlineSeconds', # added in 1.5 for timeouts
-                       ]
-
-        if self.deploymentconfig is None or \
-                not Utils.check_def_equal(self.prepared_registry['deployment'].yaml_dict,
-                                          self.deploymentconfig.yaml_dict,
-                                          exclude_list,
-                                          debug=self.verbose):
-            self.prepared_registry['deployment_update'] = True
-
-        return self.prepared_registry['deployment_update'] or self.prepared_registry['service_update'] or False
-
-    # In the future, we would like to break out each ansible state into a function.
-    # pylint: disable=too-many-branches,too-many-return-statements
-    @staticmethod
-    def run_ansible(params, check_mode):
-        '''run the oc_adm_registry module'''
-
-        registry_options = {'images': {'value': params['images'], 'include': True},
-                            'latest_images': {'value': params['latest_images'], 'include': True},
-                            'labels': {'value': params['labels'], 'include': True},
-                            'ports': {'value': ','.join(params['ports']), 'include': True},
-                            'replicas': {'value': params['replicas'], 'include': True},
-                            'selector': {'value': params['selector'], 'include': True},
-                            'service_account': {'value': params['service_account'], 'include': True},
-                            'mount_host': {'value': params['mount_host'], 'include': True},
-                            'env_vars': {'value': params['env_vars'], 'include': False},
-                            'volume_mounts': {'value': params['volume_mounts'], 'include': False},
-                            'edits': {'value': params['edits'], 'include': False},
-                            'tls_key': {'value': params['tls_key'], 'include': True},
-                            'tls_certificate': {'value': params['tls_certificate'], 'include': True},
-                           }
-
-        # Do not always pass the daemonset and enforce-quota parameters because they are not understood
-        # by old versions of oc.
-        # Default value is false. So, it's safe to not pass an explicit false value to oc versions which
-        # understand these parameters.
-        if params['daemonset']:
-            registry_options['daemonset'] = {'value': params['daemonset'], 'include': True}
-        if params['enforce_quota']:
-            registry_options['enforce_quota'] = {'value': params['enforce_quota'], 'include': True}
-
-        rconfig = RegistryConfig(params['name'],
-                                 params['namespace'],
-                                 params['kubeconfig'],
-                                 registry_options)
-
-
-        ocregistry = Registry(rconfig, params['debug'])
-
-        api_rval = ocregistry.get()
-
-        state = params['state']
-        ########
-        # get
-        ########
-        if state == 'list':
-
-            if api_rval['returncode'] != 0:
-                return {'failed': True, 'msg': api_rval}
-
-            return {'changed': False, 'results': api_rval, 'state': state}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if not ocregistry.exists():
-                return {'changed': False, 'state': state}
-
-            if check_mode:
-                return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'}
-
-            # Unsure as to why this is angry with the return type.
-            # pylint: disable=redefined-variable-type
-            api_rval = ocregistry.delete()
-
-            if api_rval['returncode'] != 0:
-                return {'failed': True, 'msg': api_rval}
-
-            return {'changed': True, 'results': api_rval, 'state': state}
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            if not ocregistry.exists():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'}
-
-                api_rval = ocregistry.create()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            ########
-            # Update
-            ########
-            if not params['force'] and not ocregistry.needs_update():
-                return {'changed': False, 'state': state}
-
-            if check_mode:
-                return {'changed': True, 'msg': 'CHECK_MODE: Would have performed an update.'}
-
-            api_rval = ocregistry.update()
-
-            if api_rval['returncode'] != 0:
-                return {'failed': True, 'msg': api_rval}
-
-            return {'changed': True, 'results': api_rval, 'state': state}
-
-        return {'failed': True, 'msg': 'Unknown state passed. %s' % state}

roles/lib_openshift/src/class/oc_adm_router.py

@@ -1,508 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-class RouterException(Exception):
-    ''' Router exception'''
-    pass
-
-
-class RouterConfig(OpenShiftCLIConfig):
-    ''' RouterConfig is a DTO for the router.  '''
-    def __init__(self, rname, namespace, kubeconfig, router_options):
-        super(RouterConfig, self).__init__(rname, namespace, kubeconfig, router_options)
-
-
-class Router(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-    def __init__(self,
-                 router_config,
-                 verbose=False):
-        ''' Constructor for OpenshiftOC
-
-           a router consists of 3 or more parts
-           - dc/router
-           - svc/router
-           - sa/router
-           - secret/router-certs
-           - clusterrolebinding/router-router-role
-        '''
-        super(Router, self).__init__(router_config.namespace, router_config.kubeconfig, verbose)
-        self.config = router_config
-        self.verbose = verbose
-        self.router_parts = [{'kind': 'dc', 'name': self.config.name},
-                             {'kind': 'svc', 'name': self.config.name},
-                             {'kind': 'sa', 'name': self.config.config_options['service_account']['value']},
-                             {'kind': 'secret', 'name': self.config.name + '-certs'},
-                             {'kind': 'clusterrolebinding', 'name': 'router-' + self.config.name + '-role'},
-                            ]
-
-        self.__prepared_router = None
-        self.dconfig = None
-        self.svc = None
-        self._secret = None
-        self._serviceaccount = None
-        self._rolebinding = None
-
-    @property
-    def prepared_router(self):
-        ''' property for the prepared router'''
-        if self.__prepared_router is None:
-            results = self._prepare_router()
-            if not results or 'returncode' in results and results['returncode'] != 0:
-                if 'stderr' in results:
-                    raise RouterException('Could not perform router preparation: %s' % results['stderr'])
-
-                raise RouterException('Could not perform router preparation.')
-            self.__prepared_router = results
-
-        return self.__prepared_router
-
-    @prepared_router.setter
-    def prepared_router(self, obj):
-        '''setter for the prepared_router'''
-        self.__prepared_router = obj
-
-    @property
-    def deploymentconfig(self):
-        ''' property deploymentconfig'''
-        return self.dconfig
-
-    @deploymentconfig.setter
-    def deploymentconfig(self, config):
-        ''' setter for property deploymentconfig '''
-        self.dconfig = config
-
-    @property
-    def service(self):
-        ''' property for service '''
-        return self.svc
-
-    @service.setter
-    def service(self, config):
-        ''' setter for property service '''
-        self.svc = config
-
-    @property
-    def secret(self):
-        ''' property secret '''
-        return self._secret
-
-    @secret.setter
-    def secret(self, config):
-        ''' setter for property secret '''
-        self._secret = config
-
-    @property
-    def serviceaccount(self):
-        ''' property for serviceaccount '''
-        return self._serviceaccount
-
-    @serviceaccount.setter
-    def serviceaccount(self, config):
-        ''' setter for property serviceaccount '''
-        self._serviceaccount = config
-
-    @property
-    def rolebinding(self):
-        ''' property rolebinding '''
-        return self._rolebinding
-
-    @rolebinding.setter
-    def rolebinding(self, config):
-        ''' setter for property rolebinding '''
-        self._rolebinding = config
-
-    def get_object_by_kind(self, kind):
-        '''return the current object kind by name'''
-        if re.match("^(dc|deploymentconfig)$", kind, flags=re.IGNORECASE):
-            return self.deploymentconfig
-        elif re.match("^(svc|service)$", kind, flags=re.IGNORECASE):
-            return self.service
-        elif re.match("^(sa|serviceaccount)$", kind, flags=re.IGNORECASE):
-            return self.serviceaccount
-        elif re.match("secret", kind, flags=re.IGNORECASE):
-            return self.secret
-        elif re.match("clusterrolebinding", kind, flags=re.IGNORECASE):
-            return self.rolebinding
-
-        return None
-
-    def get(self):
-        ''' return the self.router_parts '''
-        self.service = None
-        self.deploymentconfig = None
-        self.serviceaccount = None
-        self.secret = None
-        self.rolebinding = None
-        for part in self.router_parts:
-            result = self._get(part['kind'], name=part['name'])
-            if result['returncode'] == 0 and part['kind'] == 'dc':
-                self.deploymentconfig = DeploymentConfig(result['results'][0])
-            elif result['returncode'] == 0 and part['kind'] == 'svc':
-                self.service = Service(content=result['results'][0])
-            elif result['returncode'] == 0 and part['kind'] == 'sa':
-                self.serviceaccount = ServiceAccount(content=result['results'][0])
-            elif result['returncode'] == 0 and part['kind'] == 'secret':
-                self.secret = Secret(content=result['results'][0])
-            elif result['returncode'] == 0 and part['kind'] == 'clusterrolebinding':
-                self.rolebinding = RoleBinding(content=result['results'][0])
-
-        return {'deploymentconfig': self.deploymentconfig,
-                'service': self.service,
-                'serviceaccount': self.serviceaccount,
-                'secret': self.secret,
-                'clusterrolebinding': self.rolebinding,
-               }
-
-    def exists(self):
-        '''return a whether svc or dc exists '''
-        if self.deploymentconfig and self.service and self.secret and self.serviceaccount:
-            return True
-
-        return False
-
-    def delete(self):
-        '''return all pods '''
-        parts = []
-        for part in self.router_parts:
-            parts.append(self._delete(part['kind'], part['name']))
-
-        rval = 0
-        for part in parts:
-            if part['returncode'] != 0 and not 'already exist' in part['stderr']:
-                rval = part['returncode']
-
-        return {'returncode': rval, 'results': parts}
-
-    def add_modifications(self, deploymentconfig):
-        '''modify the deployment config'''
-        # We want modifications in the form of edits coming in from the module.
-        # Let's apply these here
-
-        # If extended validation is enabled, set the corresponding environment
-        # variable.
-        if self.config.config_options['extended_validation']['value']:
-            if not deploymentconfig.exists_env_key('EXTENDED_VALIDATION'):
-                deploymentconfig.add_env_value('EXTENDED_VALIDATION', "true")
-            else:
-                deploymentconfig.update_env_var('EXTENDED_VALIDATION', "true")
-
-        # Apply any edits.
-        edit_results = []
-        for edit in self.config.config_options['edits'].get('value', []):
-            if edit['action'] == 'put':
-                edit_results.append(deploymentconfig.put(edit['key'],
-                                                         edit['value']))
-            if edit['action'] == 'update':
-                edit_results.append(deploymentconfig.update(edit['key'],
-                                                            edit['value'],
-                                                            edit.get('index', None),
-                                                            edit.get('curr_value', None)))
-            if edit['action'] == 'append':
-                edit_results.append(deploymentconfig.append(edit['key'],
-                                                            edit['value']))
-
-        if edit_results and not any([res[0] for res in edit_results]):
-            return None
-
-        return deploymentconfig
-
-    # pylint: disable=too-many-branches
-    def _prepare_router(self):
-        '''prepare router for instantiation'''
-        # if cacert, key, and cert were passed, combine them into a pem file
-        if (self.config.config_options['cacert_file']['value'] and
-                self.config.config_options['cert_file']['value'] and
-                self.config.config_options['key_file']['value']):
-
-            router_pem = '/tmp/router.pem'
-            with open(router_pem, 'w') as rfd:
-                rfd.write(open(self.config.config_options['cert_file']['value']).read())
-                rfd.write(open(self.config.config_options['key_file']['value']).read())
-                if self.config.config_options['cacert_file']['value'] and \
-                   os.path.exists(self.config.config_options['cacert_file']['value']):
-                    rfd.write(open(self.config.config_options['cacert_file']['value']).read())
-
-            atexit.register(Utils.cleanup, [router_pem])
-
-            self.config.config_options['default_cert']['value'] = router_pem
-
-        elif self.config.config_options['default_cert']['value'] is None:
-            # No certificate was passed to us.  do not pass one to oc adm router
-            self.config.config_options['default_cert']['include'] = False
-
-        options = self.config.to_option_list(ascommalist='labels')
-
-        cmd = ['router', self.config.name]
-        cmd.extend(options)
-        cmd.extend(['--dry-run=True', '-o', 'json'])
-
-        results = self.openshift_cmd(cmd, oadm=True, output=True, output_type='json')
-
-        # pylint: disable=maybe-no-member
-        if results['returncode'] != 0 or 'items' not in results['results']:
-            return results
-
-        oc_objects = {'DeploymentConfig': {'obj': None, 'path': None, 'update': False},
-                      'Secret': {'obj': None, 'path': None, 'update': False},
-                      'ServiceAccount': {'obj': None, 'path': None, 'update': False},
-                      'ClusterRoleBinding': {'obj': None, 'path': None, 'update': False},
-                      'Service': {'obj': None, 'path': None, 'update': False},
-                     }
-        # pylint: disable=invalid-sequence-index
-        for res in results['results']['items']:
-            if res['kind'] == 'DeploymentConfig':
-                oc_objects['DeploymentConfig']['obj'] = DeploymentConfig(res)
-            elif res['kind'] == 'Service':
-                oc_objects['Service']['obj'] = Service(res)
-            elif res['kind'] == 'ServiceAccount':
-                oc_objects['ServiceAccount']['obj'] = ServiceAccount(res)
-            elif res['kind'] == 'Secret':
-                oc_objects['Secret']['obj'] = Secret(res)
-            elif res['kind'] == 'ClusterRoleBinding':
-                oc_objects['ClusterRoleBinding']['obj'] = RoleBinding(res)
-
-        # Currently only deploymentconfig needs updating
-        # Verify we got a deploymentconfig
-        if not oc_objects['DeploymentConfig']['obj']:
-            return results
-
-        # add modifications added
-        oc_objects['DeploymentConfig']['obj'] = self.add_modifications(oc_objects['DeploymentConfig']['obj'])
-
-        for oc_type, oc_data in oc_objects.items():
-            if oc_data['obj'] is not None:
-                oc_data['path'] = Utils.create_tmp_file_from_contents(oc_type, oc_data['obj'].yaml_dict)
-
-        return oc_objects
-
-    def create(self):
-        '''Create a router
-
-           This includes the different parts:
-           - deploymentconfig
-           - service
-           - serviceaccount
-           - secrets
-           - clusterrolebinding
-        '''
-        results = []
-        self.needs_update()
-
-        # pylint: disable=maybe-no-member
-        for kind, oc_data in self.prepared_router.items():
-            if oc_data['obj'] is not None:
-                time.sleep(1)
-                if self.get_object_by_kind(kind) is None:
-                    results.append(self._create(oc_data['path']))
-
-                elif oc_data['update']:
-                    results.append(self._replace(oc_data['path']))
-
-
-        rval = 0
-        for result in results:
-            if result['returncode'] != 0 and not 'already exist' in result['stderr']:
-                rval = result['returncode']
-
-        return {'returncode': rval, 'results': results}
-
-    def update(self):
-        '''run update for the router.  This performs a replace'''
-        results = []
-
-        # pylint: disable=maybe-no-member
-        for _, oc_data in self.prepared_router.items():
-            if oc_data['update']:
-                results.append(self._replace(oc_data['path']))
-
-        rval = 0
-        for result in results:
-            if result['returncode'] != 0:
-                rval = result['returncode']
-
-        return {'returncode': rval, 'results': results}
-
-    # pylint: disable=too-many-return-statements,too-many-branches
-    def needs_update(self):
-        ''' check to see if we need to update '''
-        # ServiceAccount:
-        #   Need to determine changes from the pregenerated ones from the original
-        #   Since these are auto generated, we can skip
-        skip = ['secrets', 'imagePullSecrets']
-        if self.serviceaccount is None or \
-                not Utils.check_def_equal(self.prepared_router['ServiceAccount']['obj'].yaml_dict,
-                                          self.serviceaccount.yaml_dict,
-                                          skip_keys=skip,
-                                          debug=self.verbose):
-            self.prepared_router['ServiceAccount']['update'] = True
-
-        # Secret:
-        #   See if one was generated from our dry-run and verify it if needed
-        if self.prepared_router['Secret']['obj']:
-            if not self.secret:
-                self.prepared_router['Secret']['update'] = True
-
-            if self.secret is None or \
-                    not Utils.check_def_equal(self.prepared_router['Secret']['obj'].yaml_dict,
-                                              self.secret.yaml_dict,
-                                              skip_keys=skip,
-                                              debug=self.verbose):
-                self.prepared_router['Secret']['update'] = True
-
-        # Service:
-        #   Fix the ports to have protocol=TCP
-        for port in self.prepared_router['Service']['obj'].get('spec.ports'):
-            port['protocol'] = 'TCP'
-
-        skip = ['portalIP', 'clusterIP', 'sessionAffinity', 'type']
-        if self.service is None or \
-                not Utils.check_def_equal(self.prepared_router['Service']['obj'].yaml_dict,
-                                          self.service.yaml_dict,
-                                          skip_keys=skip,
-                                          debug=self.verbose):
-            self.prepared_router['Service']['update'] = True
-
-        # DeploymentConfig:
-        #   Router needs some exceptions.
-        #   We do not want to check the autogenerated password for stats admin
-        if self.deploymentconfig is not None:
-            if not self.config.config_options['stats_password']['value']:
-                for idx, env_var in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\
-                            'spec.template.spec.containers[0].env') or []):
-                    if env_var['name'] == 'STATS_PASSWORD':
-                        env_var['value'] = \
-                          self.deploymentconfig.get('spec.template.spec.containers[0].env[%s].value' % idx)
-                        break
-
-            # dry-run doesn't add the protocol to the ports section.  We will manually do that.
-            for idx, port in enumerate(self.prepared_router['DeploymentConfig']['obj'].get(\
-                            'spec.template.spec.containers[0].ports') or []):
-                if not 'protocol' in port:
-                    port['protocol'] = 'TCP'
-
-        # These are different when generating
-        skip = ['dnsPolicy',
-                'terminationGracePeriodSeconds',
-                'restartPolicy', 'timeoutSeconds',
-                'livenessProbe', 'readinessProbe',
-                'terminationMessagePath', 'hostPort',
-                'defaultMode',
-               ]
-
-        if self.deploymentconfig is None or \
-                not Utils.check_def_equal(self.prepared_router['DeploymentConfig']['obj'].yaml_dict,
-                                          self.deploymentconfig.yaml_dict,
-                                          skip_keys=skip,
-                                          debug=self.verbose):
-            self.prepared_router['DeploymentConfig']['update'] = True
-
-        # Check if any of the parts need updating, if so, return True
-        # else, no need to update
-        # pylint: disable=no-member
-        return any([self.prepared_router[oc_type]['update'] for oc_type in self.prepared_router.keys()])
-
-    @staticmethod
-    def run_ansible(params, check_mode):
-        '''run the oc_adm_router module'''
-
-        rconfig = RouterConfig(params['name'],
-                               params['namespace'],
-                               params['kubeconfig'],
-                               {'default_cert': {'value': params['default_cert'], 'include': True},
-                                'cert_file': {'value': params['cert_file'], 'include': False},
-                                'key_file': {'value': params['key_file'], 'include': False},
-                                'images': {'value': params['images'], 'include': True},
-                                'latest_images': {'value': params['latest_images'], 'include': True},
-                                'labels': {'value': params['labels'], 'include': True},
-                                'ports': {'value': ','.join(params['ports']), 'include': True},
-                                'replicas': {'value': params['replicas'], 'include': True},
-                                'selector': {'value': params['selector'], 'include': True},
-                                'service_account': {'value': params['service_account'], 'include': True},
-                                'router_type': {'value': params['router_type'], 'include': False},
-                                'host_network': {'value': params['host_network'], 'include': True},
-                                'extended_validation': {'value': params['extended_validation'], 'include': False},
-                                'external_host': {'value': params['external_host'], 'include': True},
-                                'external_host_vserver': {'value': params['external_host_vserver'],
-                                                          'include': True},
-                                'external_host_insecure': {'value': params['external_host_insecure'],
-                                                           'include': True},
-                                'external_host_partition_path': {'value': params['external_host_partition_path'],
-                                                                 'include': True},
-                                'external_host_username': {'value': params['external_host_username'],
-                                                           'include': True},
-                                'external_host_password': {'value': params['external_host_password'],
-                                                           'include': True},
-                                'external_host_private_key': {'value': params['external_host_private_key'],
-                                                              'include': True},
-                                'stats_user': {'value': params['stats_user'], 'include': True},
-                                'stats_password': {'value': params['stats_password'], 'include': True},
-                                'stats_port': {'value': params['stats_port'], 'include': True},
-                                # extra
-                                'cacert_file': {'value': params['cacert_file'], 'include': False},
-                                # edits
-                                'edits': {'value': params['edits'], 'include': False},
-                               })
-
-
-        state = params['state']
-
-        ocrouter = Router(rconfig, verbose=params['debug'])
-
-        api_rval = ocrouter.get()
-
-        ########
-        # get
-        ########
-        if state == 'list':
-            return {'changed': False, 'results': api_rval, 'state': state}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if not ocrouter.exists():
-                return {'changed': False, 'state': state}
-
-            if check_mode:
-                return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'}
-
-            # In case of delete we return a list of each object
-            # that represents a router and its result in a list
-            # pylint: disable=redefined-variable-type
-            api_rval = ocrouter.delete()
-
-            return {'changed': True, 'results': api_rval, 'state': state}
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            if not ocrouter.exists():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'}
-
-                api_rval = ocrouter.create()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            ########
-            # Update
-            ########
-            if not ocrouter.needs_update():
-                return {'changed': False, 'state': state}
-
-            if check_mode:
-                return {'changed': False, 'msg': 'CHECK_MODE: Would have performed an update.'}
-
-            api_rval = ocrouter.update()
-
-            if api_rval['returncode'] != 0:
-                return {'failed': True, 'msg': api_rval}
-
-            return {'changed': True, 'results': api_rval, 'state': state}

roles/lib_openshift/src/class/oc_clusterrole.py

@@ -1,167 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-# pylint: disable=too-many-instance-attributes
-class OCClusterRole(OpenShiftCLI):
-    ''' Class to manage clusterrole objects'''
-    kind = 'clusterrole'
-
-    def __init__(self,
-                 name,
-                 rules=None,
-                 kubeconfig=None,
-                 verbose=False):
-        ''' Constructor for OCClusterRole '''
-        super(OCClusterRole, self).__init__(None, kubeconfig=kubeconfig, verbose=verbose)
-        self.verbose = verbose
-        self.name = name
-        self._clusterrole = None
-        self._inc_clusterrole = ClusterRole.builder(name, rules)
-
-    @property
-    def clusterrole(self):
-        ''' property for clusterrole'''
-        if self._clusterrole is None:
-            self.get()
-        return self._clusterrole
-
-    @clusterrole.setter
-    def clusterrole(self, data):
-        ''' setter function for clusterrole property'''
-        self._clusterrole = data
-
-    @property
-    def inc_clusterrole(self):
-        ''' property for inc_clusterrole'''
-        return self._inc_clusterrole
-
-    @inc_clusterrole.setter
-    def inc_clusterrole(self, data):
-        ''' setter function for inc_clusterrole property'''
-        self._inc_clusterrole = data
-
-    def exists(self):
-        ''' return whether a clusterrole exists '''
-        if self.clusterrole:
-            return True
-
-        return False
-
-    def get(self):
-        '''return a clusterrole '''
-        result = self._get(self.kind, self.name)
-
-        if result['returncode'] == 0:
-            self.clusterrole = ClusterRole(content=result['results'][0])
-            result['results'] = self.clusterrole.yaml_dict
-
-        elif '"{}" not found'.format(self.name) in result['stderr']:
-            result['returncode'] = 0
-            self.clusterrole = None
-
-        return result
-
-    def delete(self):
-        '''delete the object'''
-        return self._delete(self.kind, self.name)
-
-    def create(self):
-        '''create a clusterrole from the proposed incoming clusterrole'''
-        return self._create_from_content(self.name, self.inc_clusterrole.yaml_dict)
-
-    def update(self):
-        '''update a project'''
-        return self._replace_content(self.kind, self.name, self.inc_clusterrole.yaml_dict)
-
-    def needs_update(self):
-        ''' verify an update is needed'''
-        return not self.clusterrole.compare(self.inc_clusterrole, self.verbose)
-
-    # pylint: disable=too-many-return-statements,too-many-branches
-    @staticmethod
-    def run_ansible(params, check_mode):
-        '''run the oc_clusterrole module'''
-
-        oc_clusterrole = OCClusterRole(params['name'],
-                                       params['rules'],
-                                       params['kubeconfig'],
-                                       params['debug'])
-
-        state = params['state']
-
-        api_rval = oc_clusterrole.get()
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            return {'changed': False, 'results': api_rval, 'state': state}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if oc_clusterrole.exists():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'}
-
-                api_rval = oc_clusterrole.delete()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            return {'changed': False, 'state': state}
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            if not oc_clusterrole.exists():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'}
-
-                # Create it here
-                api_rval = oc_clusterrole.create()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_clusterrole.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            ########
-            # Update
-            ########
-            if oc_clusterrole.needs_update():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed an update.'}
-
-                api_rval = oc_clusterrole.update()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_clusterrole.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            return {'changed': False, 'results': api_rval, 'state': state}
-
-        return {'failed': True,
-                'changed': False,
-                'msg': 'Unknown state passed. [%s]' % state}

roles/lib_openshift/src/class/oc_configmap.py

@@ -1,191 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-# pylint: disable=too-many-arguments
-class OCConfigMap(OpenShiftCLI):
-    ''' Openshift ConfigMap Class
-
-        ConfigMaps are a way to store data inside of objects
-    '''
-    def __init__(self,
-                 name,
-                 from_file,
-                 from_literal,
-                 state,
-                 namespace,
-                 kubeconfig='/etc/origin/master/admin.kubeconfig',
-                 verbose=False):
-        ''' Constructor for OpenshiftOC '''
-        super(OCConfigMap, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
-        self.name = name
-        self.state = state
-        self._configmap = None
-        self._inc_configmap = None
-        self.from_file = from_file if from_file is not None else {}
-        self.from_literal = from_literal if from_literal is not None else {}
-
-    @property
-    def configmap(self):
-        if self._configmap is None:
-            self._configmap = self.get()
-
-        return self._configmap
-
-    @configmap.setter
-    def configmap(self, inc_map):
-        self._configmap = inc_map
-
-    @property
-    def inc_configmap(self):
-        if self._inc_configmap is None:
-            results = self.create(dryrun=True, output=True)
-            self._inc_configmap = results['results']
-
-        return self._inc_configmap
-
-    @inc_configmap.setter
-    def inc_configmap(self, inc_map):
-        self._inc_configmap = inc_map
-
-    def from_file_to_params(self):
-        '''return from_files in a string ready for cli'''
-        return ["--from-file={}={}".format(key, value) for key, value in self.from_file.items()]
-
-    def from_literal_to_params(self):
-        '''return from_literal in a string ready for cli'''
-        return ["--from-literal={}={}".format(key, value) for key, value in self.from_literal.items()]
-
-    def get(self):
-        '''return a configmap by name '''
-        results = self._get('configmap', self.name)
-        if results['returncode'] == 0 and results['results'][0]:
-            self.configmap = results['results'][0]
-
-        if results['returncode'] != 0 and '"{}" not found'.format(self.name) in results['stderr']:
-            results['returncode'] = 0
-
-        return results
-
-    def delete(self):
-        '''delete a configmap by name'''
-        return self._delete('configmap', self.name)
-
-    def create(self, dryrun=False, output=False):
-        '''Create a configmap
-
-           :dryrun: Product what you would have done. default: False
-           :output: Whether to parse output. default: False
-        '''
-
-        cmd = ['create', 'configmap', self.name]
-        if self.from_literal is not None:
-            cmd.extend(self.from_literal_to_params())
-
-        if self.from_file is not None:
-            cmd.extend(self.from_file_to_params())
-
-        if dryrun:
-            cmd.extend(['--dry-run', '-ojson'])
-
-        results = self.openshift_cmd(cmd, output=output)
-
-        return results
-
-    def update(self):
-        '''run update configmap '''
-        return self._replace_content('configmap', self.name, self.inc_configmap)
-
-    def needs_update(self):
-        '''compare the current configmap with the proposed and return if they are equal'''
-        return not Utils.check_def_equal(self.inc_configmap, self.configmap, debug=self.verbose)
-
-    @staticmethod
-    # pylint: disable=too-many-return-statements,too-many-branches
-    # TODO: This function should be refactored into its individual parts.
-    def run_ansible(params, check_mode):
-        '''run the oc_configmap module'''
-
-        oc_cm = OCConfigMap(params['name'],
-                            params['from_file'],
-                            params['from_literal'],
-                            params['state'],
-                            params['namespace'],
-                            kubeconfig=params['kubeconfig'],
-                            verbose=params['debug'])
-
-        state = params['state']
-
-        api_rval = oc_cm.get()
-
-        if 'failed' in api_rval:
-            return {'failed': True, 'msg': api_rval}
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            return {'changed': False, 'results': api_rval, 'state': state}
-
-        if not params['name']:
-            return {'failed': True,
-                    'msg': 'Please specify a name when state is absent|present.'}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if not Utils.exists(api_rval['results'], params['name']):
-                return {'changed': False, 'state': 'absent'}
-
-            if check_mode:
-                return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'}
-
-            api_rval = oc_cm.delete()
-
-            if api_rval['returncode'] != 0:
-                return {'failed': True, 'msg': api_rval}
-
-            return {'changed': True, 'results': api_rval, 'state': state}
-
-        ########
-        # Create
-        ########
-        if state == 'present':
-            if not Utils.exists(api_rval['results'], params['name']):
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'Would have performed a create.'}
-
-                api_rval = oc_cm.create()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                api_rval = oc_cm.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            ########
-            # Update
-            ########
-            if oc_cm.needs_update():
-
-                api_rval = oc_cm.update()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                api_rval = oc_cm.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            return {'changed': False, 'results': api_rval, 'state': state}
-
-        return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)}

roles/lib_openshift/src/class/oc_edit.py

@@ -1,101 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-class Edit(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools
-    '''
-    # pylint: disable=too-many-arguments
-    def __init__(self,
-                 kind,
-                 namespace,
-                 resource_name=None,
-                 kubeconfig='/etc/origin/master/admin.kubeconfig',
-                 separator='.',
-                 verbose=False):
-        ''' Constructor for OpenshiftOC '''
-        super(Edit, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
-        self.kind = kind
-        self.name = resource_name
-        self.separator = separator
-
-    def get(self):
-        '''return a secret by name '''
-        return self._get(self.kind, self.name)
-
-    def update(self, file_name, content, edits, force=False, content_type='yaml'):
-        '''run update '''
-        if file_name:
-            if content_type == 'yaml':
-                data = yaml.load(open(file_name))
-            elif content_type == 'json':
-                data = json.loads(open(file_name).read())
-
-            yed = Yedit(filename=file_name, content=data, separator=self.separator)
-            # Keep this for compatibility
-            if content is not None:
-                changes = []
-
-                for key, value in content.items():
-                    changes.append(yed.put(key, value))
-
-                if any([not change[0] for change in changes]):
-                    return {'returncode': 0, 'updated': False}
-
-            elif edits is not None:
-                results = Yedit.process_edits(edits, yed)
-
-                if not results['changed']:
-                    return results
-
-            yed.write()
-
-            atexit.register(Utils.cleanup, [file_name])
-
-            return self._replace(file_name, force=force)
-
-        return self._replace_content(self.kind, self.name, content, edits, force=force, sep=self.separator)
-
-    @staticmethod
-    def run_ansible(params, check_mode):
-        '''run the oc_edit module'''
-
-        ocedit = Edit(params['kind'],
-                      params['namespace'],
-                      params['name'],
-                      kubeconfig=params['kubeconfig'],
-                      separator=params['separator'],
-                      verbose=params['debug'])
-
-        api_rval = ocedit.get()
-
-        ########
-        # Create
-        ########
-        if not Utils.exists(api_rval['results'], params['name']):
-            return {"failed": True, 'msg': api_rval}
-
-        ########
-        # Update
-        ########
-        if check_mode:
-            return {'changed': True, 'msg': 'CHECK_MODE: Would have performed edit'}
-
-        api_rval = ocedit.update(params['file_name'],
-                                 params['content'],
-                                 params['edits'],
-                                 params['force'],
-                                 params['file_format'])
-
-        if api_rval['returncode'] != 0:
-            return {"failed": True, 'msg': api_rval}
-
-        if 'updated' in api_rval and not api_rval['updated']:
-            return {"changed": False, 'results': api_rval, 'state': 'present'}
-
-        # return the created object
-        api_rval = ocedit.get()
-
-        if api_rval['returncode'] != 0:
-            return {"failed": True, 'msg': api_rval}
-
-        return {"changed": True, 'results': api_rval, 'state': 'present'}

roles/lib_openshift/src/class/oc_env.py

@@ -1,142 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-# pylint: disable=too-many-instance-attributes
-class OCEnv(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-
-    container_path = {"pod": "spec.containers[0].env",
-                      "dc":  "spec.template.spec.containers[0].env",
-                      "rc":  "spec.template.spec.containers[0].env",
-                     }
-
-    # pylint allows 5. we need 6
-    # pylint: disable=too-many-arguments
-    def __init__(self,
-                 namespace,
-                 kind,
-                 env_vars,
-                 resource_name=None,
-                 kubeconfig='/etc/origin/master/admin.kubeconfig',
-                 verbose=False):
-        ''' Constructor for OpenshiftOC '''
-        super(OCEnv, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
-        self.kind = kind
-        self.name = resource_name
-        self.env_vars = env_vars
-        self._resource = None
-
-    @property
-    def resource(self):
-        ''' property function for resource var'''
-        if not self._resource:
-            self.get()
-        return self._resource
-
-    @resource.setter
-    def resource(self, data):
-        ''' setter function for resource var'''
-        self._resource = data
-
-    def key_value_exists(self, key, value):
-        ''' return whether a key, value  pair exists '''
-        return self.resource.exists_env_value(key, value)
-
-    def key_exists(self, key):
-        ''' return whether a key exists '''
-        return self.resource.exists_env_key(key)
-
-    def get(self):
-        '''return environment variables '''
-        result = self._get(self.kind, self.name)
-        if result['returncode'] == 0:
-            if self.kind == 'dc':
-                self.resource = DeploymentConfig(content=result['results'][0])
-                result['results'] = self.resource.get(OCEnv.container_path[self.kind]) or []
-        return result
-
-    def delete(self):
-        ''' delete environment variables '''
-        if self.resource.delete_env_var(self.env_vars.keys()):
-            return self._replace_content(self.kind, self.name, self.resource.yaml_dict)
-
-        return {'returncode': 0, 'changed': False}
-
-    def put(self):
-        '''place env vars into dc '''
-        for update_key, update_value in self.env_vars.items():
-            self.resource.update_env_var(update_key, update_value)
-
-        return self._replace_content(self.kind, self.name, self.resource.yaml_dict)
-
-    # pylint: disable=too-many-return-statements
-    @staticmethod
-    def run_ansible(params, check_mode):
-        '''run the oc_env module'''
-
-        ocenv = OCEnv(params['namespace'],
-                      params['kind'],
-                      params['env_vars'],
-                      resource_name=params['name'],
-                      kubeconfig=params['kubeconfig'],
-                      verbose=params['debug'])
-
-        state = params['state']
-
-        api_rval = ocenv.get()
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            return {'changed': False, 'results': api_rval['results'], 'state': "list"}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            for key in params.get('env_vars', {}).keys():
-                if ocenv.resource.exists_env_key(key):
-
-                    if check_mode:
-                        return {'changed': False,
-                                'msg': 'CHECK_MODE: Would have performed a delete.'}
-
-                    api_rval = ocenv.delete()
-
-                    return {'changed': True, 'state': 'absent'}
-
-            return {'changed': False, 'state': 'absent'}
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            for key, value in params.get('env_vars', {}).items():
-                if not ocenv.key_value_exists(key, value):
-
-                    if check_mode:
-                        return {'changed': False,
-                                'msg': 'CHECK_MODE: Would have performed a create.'}
-
-                    # Create it here
-                    api_rval = ocenv.put()
-
-                    if api_rval['returncode'] != 0:
-                        return {'failed': True, 'msg': api_rval}
-
-                    # return the created object
-                    api_rval = ocenv.get()
-
-                    if api_rval['returncode'] != 0:
-                        return {'failed': True, 'msg': api_rval}
-
-                    return {'changed': True, 'results': api_rval['results'], 'state': 'present'}
-
-            return {'changed': False, 'results': api_rval['results'], 'state': 'present'}
-
-
-        return {'failed': True,
-                'changed': False,
-                'msg': 'Unknown state passed. %s' % state}

roles/lib_openshift/src/class/oc_group.py

@@ -1,148 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-class OCGroup(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-    kind = 'group'
-
-    def __init__(self,
-                 config,
-                 verbose=False):
-        ''' Constructor for OCGroup '''
-        super(OCGroup, self).__init__(config.namespace, config.kubeconfig)
-        self.config = config
-        self.namespace = config.namespace
-        self._group = None
-
-    @property
-    def group(self):
-        ''' property function service'''
-        if not self._group:
-            self.get()
-        return self._group
-
-    @group.setter
-    def group(self, data):
-        ''' setter function for yedit var '''
-        self._group = data
-
-    def exists(self):
-        ''' return whether a group exists '''
-        if self.group:
-            return True
-
-        return False
-
-    def get(self):
-        '''return group information '''
-        result = self._get(self.kind, self.config.name)
-        if result['returncode'] == 0:
-            self.group = Group(content=result['results'][0])
-        elif 'groups.user.openshift.io \"{}\" not found'.format(self.config.name) in result['stderr']:
-            result['returncode'] = 0
-            result['results'] = [{}]
-
-        return result
-
-    def delete(self):
-        '''delete the object'''
-        return self._delete(self.kind, self.config.name)
-
-    def create(self):
-        '''create the object'''
-        return self._create_from_content(self.config.name, self.config.data)
-
-    def update(self):
-        '''update the object'''
-        return self._replace_content(self.kind, self.config.name, self.config.data)
-
-    def needs_update(self):
-        ''' verify an update is needed '''
-        return not Utils.check_def_equal(self.config.data, self.group.yaml_dict, skip_keys=['users'], debug=True)
-
-    # pylint: disable=too-many-return-statements,too-many-branches
-    @staticmethod
-    def run_ansible(params, check_mode=False):
-        '''run the oc_group module'''
-
-        gconfig = GroupConfig(params['name'],
-                              params['namespace'],
-                              params['kubeconfig'],
-                             )
-        oc_group = OCGroup(gconfig, verbose=params['debug'])
-
-        state = params['state']
-
-        api_rval = oc_group.get()
-
-        if api_rval['returncode'] != 0:
-            return {'failed': True, 'msg': api_rval}
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            return {'changed': False, 'results': api_rval['results'], 'state': state}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if oc_group.exists():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'}
-
-                api_rval = oc_group.delete()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            return {'changed': False, 'state': state}
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            if not oc_group.exists():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'}
-
-                # Create it here
-                api_rval = oc_group.create()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_group.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            ########
-            # Update
-            ########
-            if oc_group.needs_update():
-                api_rval = oc_group.update()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_group.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            return {'changed': False, 'results': api_rval, 'state': state}
-
-        return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)}

roles/lib_openshift/src/class/oc_image.py

@@ -1,91 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-# pylint: disable=too-many-arguments
-class OCImage(OpenShiftCLI):
-    ''' Class to import and create an imagestream object'''
-    def __init__(self,
-                 namespace,
-                 registry_url,
-                 image_name,
-                 image_tag,
-                 kubeconfig='/etc/origin/master/admin.kubeconfig',
-                 verbose=False):
-        ''' Constructor for OCImage'''
-        super(OCImage, self).__init__(namespace, kubeconfig)
-        self.registry_url = registry_url
-        self.image_name = image_name
-        self.image_tag = image_tag
-        self.verbose = verbose
-
-    def get(self):
-        '''return a image by name '''
-        results = self._get('imagestream', self.image_name)
-        results['exists'] = False
-        if results['returncode'] == 0 and results['results'][0]:
-            results['exists'] = True
-
-        if results['returncode'] != 0 and '"{}" not found'.format(self.image_name) in results['stderr']:
-            results['returncode'] = 0
-
-        return results
-
-    def create(self, url=None, name=None, tag=None):
-        '''Create an image '''
-        return self._import_image(url, name, tag)
-
-
-    # pylint: disable=too-many-return-statements
-    @staticmethod
-    def run_ansible(params, check_mode):
-        ''' run the oc_image module'''
-
-        ocimage = OCImage(params['namespace'],
-                          params['registry_url'],
-                          params['image_name'],
-                          params['image_tag'],
-                          kubeconfig=params['kubeconfig'],
-                          verbose=params['debug'])
-
-        state = params['state']
-
-        api_rval = ocimage.get()
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            if api_rval['returncode'] != 0:
-                return {"failed": True, "msg": api_rval}
-            return {"changed": False, "results": api_rval, "state": "list"}
-
-        ########
-        # Create
-        ########
-        if state == 'present':
-
-            if not Utils.exists(api_rval['results'], params['image_name']):
-
-                if check_mode:
-                    return {"changed": False, "msg": 'CHECK_MODE: Would have performed a create'}
-
-                api_rval = ocimage.create(params['registry_url'],
-                                          params['image_name'],
-                                          params['image_tag'])
-
-                if api_rval['returncode'] != 0:
-                    return {"failed": True, "msg": api_rval}
-
-                # return the newly created object
-                api_rval = ocimage.get()
-
-                if api_rval['returncode'] != 0:
-                    return {"failed": True, "msg": api_rval}
-
-                return {"changed": True, "results": api_rval, "state": "present"}
-
-            # image exists, no change
-            return {"changed": False, "results": api_rval, "state": "present"}
-
-        return {"failed": True, "changed": False, "msg": "Unknown state passed. {0}".format(state)}

roles/lib_openshift/src/class/oc_label.py

@@ -1,292 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-# pylint: disable=too-many-instance-attributes
-class OCLabel(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-
-    # pylint allows 5
-    # pylint: disable=too-many-arguments
-    def __init__(self,
-                 name,
-                 namespace,
-                 kind,
-                 kubeconfig,
-                 labels=None,
-                 selector=None,
-                 verbose=False):
-        ''' Constructor for OCLabel '''
-        super(OCLabel, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
-        self.name = name
-        self.kind = kind
-        self.labels = labels
-        self._curr_labels = None
-        self.selector = selector
-
-    @property
-    def current_labels(self):
-        '''property for the current labels'''
-        if self._curr_labels is None:
-            results = self.get()
-            self._curr_labels = results['labels']
-
-        return self._curr_labels
-
-    @current_labels.setter
-    def current_labels(self, data):
-        '''property setter for current labels'''
-        self._curr_labels = data
-
-    def compare_labels(self, host_labels):
-        ''' compare incoming labels against current labels'''
-
-        for label in self.labels:
-            if label['key'] not in host_labels or \
-               label['value'] != host_labels[label['key']]:
-                return False
-        return True
-
-    def all_user_labels_exist(self):
-        ''' return whether all the labels already exist '''
-
-        for current_host_labels in self.current_labels:
-            rbool = self.compare_labels(current_host_labels)
-            if not rbool:
-                return False
-        return True
-
-    def any_label_exists(self):
-        ''' return whether any single label already exists '''
-
-        for current_host_labels in self.current_labels:
-            for label in self.labels:
-                if label['key'] in current_host_labels:
-                    return True
-        return False
-
-    def get_user_keys(self):
-        ''' go through list of user key:values and return all keys '''
-
-        user_keys = []
-        for label in self.labels:
-            user_keys.append(label['key'])
-
-        return user_keys
-
-    def get_current_label_keys(self):
-        ''' collect all the current label keys '''
-
-        current_label_keys = []
-        for current_host_labels in self.current_labels:
-            for key in current_host_labels.keys():
-                current_label_keys.append(key)
-
-        return list(set(current_label_keys))
-
-    def get_extra_current_labels(self):
-        ''' return list of labels that are currently stored, but aren't
-            in user-provided list '''
-
-        extra_labels = []
-        user_label_keys = self.get_user_keys()
-        current_label_keys = self.get_current_label_keys()
-
-        for current_key in current_label_keys:
-            if current_key not in user_label_keys:
-                extra_labels.append(current_key)
-
-        return extra_labels
-
-    def extra_current_labels(self):
-        ''' return whether there are labels currently stored that user
-            hasn't directly provided '''
-        extra_labels = self.get_extra_current_labels()
-
-        if len(extra_labels) > 0:
-            return True
-
-        return False
-
-    def replace(self):
-        ''' replace currently stored labels with user provided labels '''
-        cmd = self.cmd_template()
-
-        # First delete any extra labels
-        extra_labels = self.get_extra_current_labels()
-        if len(extra_labels) > 0:
-            for label in extra_labels:
-                cmd.append("{}-".format(label))
-
-        # Now add/modify the user-provided label list
-        if len(self.labels) > 0:
-            for label in self.labels:
-                cmd.append("{}={}".format(label['key'], label['value']))
-
-        # --overwrite for the case where we are updating existing labels
-        cmd.append("--overwrite")
-        return self.openshift_cmd(cmd)
-
-    def get(self):
-        '''return label information '''
-
-        result_dict = {}
-        label_list = []
-
-        if self.name:
-            result = self._get(resource=self.kind, name=self.name, selector=self.selector)
-
-            if result['results'][0] and 'labels' in result['results'][0]['metadata']:
-                label_list.append(result['results'][0]['metadata']['labels'])
-            else:
-                label_list.append({})
-
-        else:
-            result = self._get(resource=self.kind, selector=self.selector)
-
-            for item in result['results'][0]['items']:
-                if 'labels' in item['metadata']:
-                    label_list.append(item['metadata']['labels'])
-                else:
-                    label_list.append({})
-
-        self.current_labels = label_list
-        result_dict['labels'] = self.current_labels
-        result_dict['item_count'] = len(self.current_labels)
-        result['results'] = result_dict
-
-        return result
-
-    def cmd_template(self):
-        ''' boilerplate oc command for modifying lables on this object '''
-        # let's build the cmd with what we have passed in
-        cmd = ["label", self.kind]
-
-        if self.selector:
-            cmd.extend(["--selector", self.selector])
-        elif self.name:
-            cmd.extend([self.name])
-
-        return cmd
-
-    def add(self):
-        ''' add labels '''
-        cmd = self.cmd_template()
-
-        for label in self.labels:
-            cmd.append("{}={}".format(label['key'], label['value']))
-
-        cmd.append("--overwrite")
-
-        return self.openshift_cmd(cmd)
-
-    def delete(self):
-        '''delete the labels'''
-        cmd = self.cmd_template()
-        for label in self.labels:
-            cmd.append("{}-".format(label['key']))
-
-        return self.openshift_cmd(cmd)
-
-    # pylint: disable=too-many-branches,too-many-return-statements
-    @staticmethod
-    def run_ansible(params, check_mode=False):
-        ''' run the oc_label module
-
-            prams comes from the ansible portion of this module
-            check_mode: does the module support check mode. (module.check_mode)
-        '''
-        oc_label = OCLabel(params['name'],
-                           params['namespace'],
-                           params['kind'],
-                           params['kubeconfig'],
-                           params['labels'],
-                           params['selector'],
-                           verbose=params['debug'])
-
-        state = params['state']
-        name = params['name']
-        selector = params['selector']
-
-        api_rval = oc_label.get()
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            return {'changed': False, 'results': api_rval['results'], 'state': "list"}
-
-        #######
-        # Add
-        #######
-        if state == 'add':
-            if not (name or selector):
-                return {'failed': True,
-                        'msg': "Param 'name' or 'selector' is required if state == 'add'"}
-            if not oc_label.all_user_labels_exist():
-                if check_mode:
-                    return {'changed': False, 'msg': 'Would have performed an addition.'}
-                api_rval = oc_label.add()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': "add"}
-
-            return {'changed': False, 'state': "add"}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if not (name or selector):
-                return {'failed': True,
-                        'msg': "Param 'name' or 'selector' is required if state == 'absent'"}
-
-            if oc_label.any_label_exists():
-                if check_mode:
-                    return {'changed': False, 'msg': 'Would have performed a delete.'}
-
-                api_rval = oc_label.delete()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': "absent"}
-
-            return {'changed': False, 'state': "absent"}
-
-        if state == 'present':
-            ########
-            # Update
-            ########
-            if not (name or selector):
-                return {'failed': True,
-                        'msg': "Param 'name' or 'selector' is required if state == 'present'"}
-            # if all the labels passed in don't already exist
-            # or if there are currently stored labels that haven't
-            # been passed in
-            if not oc_label.all_user_labels_exist() or \
-               oc_label.extra_current_labels():
-                if check_mode:
-                    return {'changed': False, 'msg': 'Would have made changes.'}
-
-                api_rval = oc_label.replace()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_label.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': "present"}
-
-            return {'changed': False, 'results': api_rval, 'state': "present"}
-
-        return {'failed': True,
-                'changed': False,
-                'results': 'Unknown state passed. %s' % state,
-                'state': "unknown"}

roles/lib_openshift/src/class/oc_obj.py

@@ -1,217 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-# pylint: disable=too-many-instance-attributes
-class OCObject(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-
-    # pylint allows 5. we need 6
-    # pylint: disable=too-many-arguments
-    def __init__(self,
-                 kind,
-                 namespace,
-                 name=None,
-                 selector=None,
-                 kubeconfig='/etc/origin/master/admin.kubeconfig',
-                 verbose=False,
-                 all_namespaces=False,
-                 field_selector=None):
-        ''' Constructor for OpenshiftOC '''
-        super(OCObject, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose,
-                                       all_namespaces=all_namespaces)
-        self.kind = kind
-        self.name = name
-        self.selector = selector
-        self.field_selector = field_selector
-
-    def get(self):
-        '''return a kind by name '''
-        results = self._get(self.kind, name=self.name, selector=self.selector, field_selector=self.field_selector)
-        if (results['returncode'] != 0 and 'stderr' in results and
-                '\"{}\" not found'.format(self.name) in results['stderr']):
-            results['returncode'] = 0
-
-        return results
-
-    def delete(self):
-        '''delete the object'''
-        results = self._delete(self.kind, name=self.name, selector=self.selector)
-        if (results['returncode'] != 0 and 'stderr' in results and
-                '\"{}\" not found'.format(self.name) in results['stderr']):
-            results['returncode'] = 0
-
-        return results
-
-    def create(self, files=None, content=None):
-        '''
-           Create a config
-
-           NOTE: This creates the first file OR the first conent.
-           TODO: Handle all files and content passed in
-        '''
-        if files:
-            return self._create(files[0])
-
-        # pylint: disable=no-member
-        # The purpose of this change is twofold:
-        # - we need a check to only use the ruamel specific dumper if ruamel is loaded
-        # - the dumper or the flow style change is needed so openshift is able to parse
-        # the resulting yaml, at least until gopkg.in/yaml.v2 is updated
-        if hasattr(yaml, 'RoundTripDumper'):
-            content['data'] = yaml.dump(content['data'], Dumper=yaml.RoundTripDumper)
-        else:
-            content['data'] = yaml.safe_dump(content['data'], default_flow_style=False)
-
-        content_file = Utils.create_tmp_files_from_contents(content)[0]
-
-        return self._create(content_file['path'])
-
-    # pylint: disable=too-many-function-args
-    def update(self, files=None, content=None, force=False):
-        '''update a current openshift object
-
-           This receives a list of file names or content
-           and takes the first and calls replace.
-
-           TODO: take an entire list
-        '''
-        if files:
-            return self._replace(files[0], force)
-
-        if content and 'data' in content:
-            content = content['data']
-
-        return self.update_content(content, force)
-
-    def update_content(self, content, force=False):
-        '''update an object through using the content param'''
-        return self._replace_content(self.kind, self.name, content, force=force)
-
-    def needs_update(self, files=None, content=None, content_type='yaml'):
-        ''' check to see if we need to update '''
-        objects = self.get()
-        if objects['returncode'] != 0:
-            return objects
-
-        data = None
-        if files:
-            data = Utils.get_resource_file(files[0], content_type)
-        elif content and 'data' in content:
-            data = content['data']
-        else:
-            data = content
-
-            # if equal then no need.  So not equal is True
-        return not Utils.check_def_equal(data, objects['results'][0], skip_keys=None, debug=False)
-
-    # pylint: disable=too-many-return-statements,too-many-branches
-    @staticmethod
-    def run_ansible(params, check_mode=False):
-        '''run the oc_obj module'''
-
-        ocobj = OCObject(params['kind'],
-                         params['namespace'],
-                         params['name'],
-                         params['selector'],
-                         kubeconfig=params['kubeconfig'],
-                         verbose=params['debug'],
-                         all_namespaces=params['all_namespaces'],
-                         field_selector=params['field_selector'])
-
-        state = params['state']
-
-        api_rval = ocobj.get()
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            if api_rval['returncode'] != 0:
-                return {'changed': False, 'failed': True, 'msg': api_rval}
-            return {'changed': False, 'results': api_rval, 'state': state}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            # verify it's not in our results
-            # pylint: disable=too-many-boolean-expressions
-            if (params['name'] is not None or params['selector'] is not None) and \
-               (len(api_rval['results']) == 0 or \
-               (not api_rval['results'][0]) or \
-               ('items' in api_rval['results'][0] and len(api_rval['results'][0]['items']) == 0)):
-                return {'changed': False, 'state': state}
-
-            if check_mode:
-                return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete'}
-
-            api_rval = ocobj.delete()
-
-            if api_rval['returncode'] != 0:
-                return {'failed': True, 'msg': api_rval}
-
-            return {'changed': True, 'results': api_rval, 'state': state}
-
-        # create/update: Must define a name beyond this point
-        if not params['name']:
-            return {'failed': True, 'msg': 'Please specify a name when state is present.'}
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            if not Utils.exists(api_rval['results'], params['name']):
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create'}
-
-                # Create it here
-                api_rval = ocobj.create(params['files'], params['content'])
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = ocobj.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # Remove files
-                if params['files'] and params['delete_after']:
-                    Utils.cleanup(params['files'])
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            ########
-            # Update
-            ########
-            # if a file path is passed, use it.
-            update = ocobj.needs_update(params['files'], params['content'])
-            if not isinstance(update, bool):
-                return {'failed': True, 'msg': update}
-
-            # No changes
-            if not update:
-                if params['files'] and params['delete_after']:
-                    Utils.cleanup(params['files'])
-
-                return {'changed': False, 'results': api_rval['results'][0], 'state': state}
-
-            if check_mode:
-                return {'changed': True, 'msg': 'CHECK_MODE: Would have performed an update.'}
-
-            api_rval = ocobj.update(params['files'],
-                                    params['content'],
-                                    params['force'])
-
-
-            if api_rval['returncode'] != 0:
-                return {'failed': True, 'msg': api_rval}
-
-            # return the created object
-            api_rval = ocobj.get()
-
-            if api_rval['returncode'] != 0:
-                return {'failed': True, 'msg': api_rval}
-
-            return {'changed': True, 'results': api_rval, 'state': state}

roles/lib_openshift/src/class/oc_objectvalidator.py

@@ -1,88 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-# pylint: disable=too-many-instance-attributes
-class OCObjectValidator(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-
-    def __init__(self, kubeconfig):
-        ''' Constructor for OCObjectValidator '''
-        # namespace has no meaning for object validation, hardcode to 'default'
-        super(OCObjectValidator, self).__init__('default', kubeconfig)
-
-    def get_invalid(self, kind, invalid_filter):
-        ''' return invalid object information '''
-
-        rval = self._get(kind)
-        if rval['returncode'] != 0:
-            return False, rval, []
-
-        return True, rval, list(filter(invalid_filter, rval['results'][0]['items']))  # wrap filter with list for py3
-
-    # pylint: disable=too-many-return-statements
-    @staticmethod
-    def run_ansible(params):
-        ''' run the oc_objectvalidator module
-
-            params comes from the ansible portion of this module
-        '''
-
-        objectvalidator = OCObjectValidator(params['kubeconfig'])
-        all_invalid = {}
-        failed = False
-
-        def _is_invalid_namespace(namespace):
-            # check if it uses a reserved name
-            name = namespace['metadata']['name']
-            if not any((name == 'kube',
-                        name == 'kubernetes',
-                        name == 'openshift',
-                        name.startswith('kube-'),
-                        name.startswith('kubernetes-'),
-                        name.startswith('openshift-'),)):
-                return False
-
-            # determine if the namespace was created by a user
-            if 'annotations' not in namespace['metadata']:
-                return False
-            return 'openshift.io/requester' in namespace['metadata']['annotations']
-
-        checks = (
-            (
-                'hostsubnet',
-                lambda x: x['metadata']['name'] != x['host'],
-                u'hostsubnets where metadata.name != host',
-            ),
-            (
-                'netnamespace',
-                lambda x: x['metadata']['name'] != x['netname'],
-                u'netnamespaces where metadata.name != netname',
-            ),
-            (
-                'namespace',
-                _is_invalid_namespace,
-                u'namespaces that use reserved names and were not created by infrastructure components',
-            ),
-        )
-
-        for resource, invalid_filter, invalid_msg in checks:
-            success, rval, invalid = objectvalidator.get_invalid(resource, invalid_filter)
-            if not success:
-                return {'failed': True, 'msg': 'Failed to GET {}.'.format(resource), 'state': 'list', 'results': rval}
-            if invalid:
-                failed = True
-                all_invalid[invalid_msg] = invalid
-
-        if failed:
-            return {
-                'failed': True,
-                'msg': (
-                    "All objects are not valid.  If you are a supported customer please contact "
-                    "Red Hat Support providing the complete output above. If you are not a customer "
-                    "please contact users@lists.openshift.redhat.com for assistance."
-                    ),
-                'state': 'list',
-                'results': all_invalid
-                }
-
-        return {'msg': 'All objects are valid.'}

roles/lib_openshift/src/class/oc_process.py

@@ -1,184 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-# pylint: disable=too-many-instance-attributes
-class OCProcess(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-
-    # pylint allows 5. we need 6
-    # pylint: disable=too-many-arguments
-    def __init__(self,
-                 namespace,
-                 tname=None,
-                 params=None,
-                 create=False,
-                 kubeconfig='/etc/origin/master/admin.kubeconfig',
-                 tdata=None,
-                 verbose=False):
-        ''' Constructor for OpenshiftOC '''
-        super(OCProcess, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
-        self.name = tname
-        self.data = tdata
-        self.params = params
-        self.create = create
-        self._template = None
-
-    @property
-    def template(self):
-        '''template property'''
-        if self._template is None:
-            results = self._process(self.name, False, self.params, self.data)
-            if results['returncode'] != 0:
-                raise OpenShiftCLIError('Error processing template [%s]: %s' %(self.name, results))
-            self._template = results['results']['items']
-
-        return self._template
-
-    def get(self):
-        '''get the template'''
-        results = self._get('template', self.name)
-        if results['returncode'] != 0:
-            # Does the template exist??
-            if 'not found' in results['stderr']:
-                results['returncode'] = 0
-                results['exists'] = False
-                results['results'] = []
-
-        return results
-
-    def delete(self, obj):
-        '''delete a resource'''
-        return self._delete(obj['kind'], obj['metadata']['name'])
-
-    def create_obj(self, obj):
-        '''create a resource'''
-        return self._create_from_content(obj['metadata']['name'], obj)
-
-    def process(self, create=None):
-        '''process a template'''
-        do_create = False
-        if create != None:
-            do_create = create
-        else:
-            do_create = self.create
-
-        return self._process(self.name, do_create, self.params, self.data)
-
-    def exists(self):
-        '''return whether the template exists'''
-        # Always return true if we're being passed template data
-        if self.data:
-            return True
-        t_results = self._get('template', self.name)
-
-        if t_results['returncode'] != 0:
-            # Does the template exist??
-            if 'not found' in t_results['stderr']:
-                return False
-            else:
-                raise OpenShiftCLIError('Something went wrong. %s' % t_results)
-
-        return True
-
-    def needs_update(self):
-        '''attempt to process the template and return it for comparison with oc objects'''
-        obj_results = []
-        for obj in self.template:
-
-            # build a list of types to skip
-            skip = []
-
-            if obj['kind'] == 'ServiceAccount':
-                skip.extend(['secrets', 'imagePullSecrets'])
-            if obj['kind'] == 'BuildConfig':
-                skip.extend(['lastTriggeredImageID'])
-            if obj['kind'] == 'ImageStream':
-                skip.extend(['generation'])
-            if obj['kind'] == 'DeploymentConfig':
-                skip.extend(['lastTriggeredImage'])
-
-            # fetch the current object
-            curr_obj_results = self._get(obj['kind'], obj['metadata']['name'])
-            if curr_obj_results['returncode'] != 0:
-                # Does the template exist??
-                if 'not found' in curr_obj_results['stderr']:
-                    obj_results.append((obj, True))
-                    continue
-
-            # check the generated object against the existing object
-            if not Utils.check_def_equal(obj, curr_obj_results['results'][0], skip_keys=skip):
-                obj_results.append((obj, True))
-                continue
-
-            obj_results.append((obj, False))
-
-        return obj_results
-
-    # pylint: disable=too-many-return-statements
-    @staticmethod
-    def run_ansible(params, check_mode):
-        '''run the oc_process module'''
-
-        ocprocess = OCProcess(params['namespace'],
-                              params['template_name'],
-                              params['params'],
-                              params['create'],
-                              kubeconfig=params['kubeconfig'],
-                              tdata=params['content'],
-                              verbose=params['debug'])
-
-        state = params['state']
-
-        api_rval = ocprocess.get()
-
-        if state == 'list':
-            if api_rval['returncode'] != 0:
-                return {"failed": True, "msg" : api_rval}
-
-            return {"changed" : False, "results": api_rval, "state": state}
-
-        elif state == 'present':
-            if check_mode and params['create']:
-                return {"changed": True, 'msg': "CHECK_MODE: Would have processed template."}
-
-            if not ocprocess.exists() or not params['reconcile']:
-            #FIXME: this code will never get run in a way that succeeds when
-            #       module.params['reconcile'] is true. Because oc_process doesn't
-            #       create the actual template, the check of ocprocess.exists()
-            #       is meaningless. Either it's already here and this code
-            #       won't be run, or this code will fail because there is no
-            #       template available for oc process to use. Have we conflated
-            #       the template's existence with the existence of the objects
-            #       it describes?
-
-            # Create it here
-                api_rval = ocprocess.process()
-                if api_rval['returncode'] != 0:
-                    return {"failed": True, "msg": api_rval}
-
-                if params['create']:
-                    return {"changed": True, "results": api_rval, "state": state}
-
-                return {"changed": False, "results": api_rval, "state": state}
-
-        # verify results
-        update = False
-        rval = []
-        all_results = ocprocess.needs_update()
-        for obj, status in all_results:
-            if status:
-                ocprocess.delete(obj)
-                results = ocprocess.create_obj(obj)
-                results['kind'] = obj['kind']
-                rval.append(results)
-                update = True
-
-        if not update:
-            return {"changed": update, "results": api_rval, "state": state}
-
-        for cmd in rval:
-            if cmd['returncode'] != 0:
-                return {"failed": True, "changed": update, "msg": rval, "state": state}
-
-        return {"changed": update, "results": rval, "state": state}

roles/lib_openshift/src/class/oc_project.py

@@ -1,195 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-# pylint: disable=too-many-instance-attributes
-class OCProject(OpenShiftCLI):
-    ''' Project Class to manage project/namespace objects'''
-    kind = 'namespace'
-
-    def __init__(self,
-                 config,
-                 verbose=False):
-        ''' Constructor for OCProject '''
-        super(OCProject, self).__init__(None, config.kubeconfig)
-        self.config = config
-        self._project = None
-
-    @property
-    def project(self):
-        ''' property for project'''
-        if not self._project:
-            self.get()
-        return self._project
-
-    @project.setter
-    def project(self, data):
-        ''' setter function for project propeorty'''
-        self._project = data
-
-    def exists(self):
-        ''' return whether a project exists '''
-        if self.project:
-            return True
-
-        return False
-
-    def get(self):
-        '''return project '''
-        result = self._get(self.kind, self.config.name)
-
-        if result['returncode'] == 0:
-            self.project = Project(content=result['results'][0])
-            result['results'] = self.project.yaml_dict
-
-        elif 'namespaces "%s" not found' % self.config.name in result['stderr']:
-            result = {'results': [], 'returncode': 0}
-
-        return result
-
-    def delete(self):
-        '''delete the object'''
-        return self._delete(self.kind, self.config.name)
-
-    def create(self):
-        '''create a project '''
-        cmd = ['new-project', self.config.name]
-        cmd.extend(self.config.to_option_list())
-
-        return self.openshift_cmd(cmd, oadm=True)
-
-    def update(self):
-        '''update a project '''
-
-        if self.config.config_options['display_name']['value'] is not None:
-            self.project.update_annotation('display-name', self.config.config_options['display_name']['value'])
-
-        if self.config.config_options['description']['value'] is not None:
-            self.project.update_annotation('description', self.config.config_options['description']['value'])
-
-        # work around for immutable project field
-        if self.config.config_options['node_selector']['value'] is not None:
-            self.project.update_annotation('node-selector', self.config.config_options['node_selector']['value'])
-
-        return self._replace_content(self.kind, self.config.name, self.project.yaml_dict)
-
-    def needs_update(self):
-        ''' verify an update is needed '''
-        if self.config.config_options['display_name']['value'] is not None:
-            result = self.project.find_annotation("display-name")
-            if result != self.config.config_options['display_name']['value']:
-                return True
-
-        if self.config.config_options['description']['value'] is not None:
-            result = self.project.find_annotation("description")
-            if result != self.config.config_options['description']['value']:
-                return True
-
-        if self.config.config_options['node_selector']['value'] is not None:
-            result = self.project.find_annotation("node-selector")
-            if result != self.config.config_options['node_selector']['value']:
-                return True
-
-        return False
-
-    # pylint: disable=too-many-return-statements,too-many-branches
-    @staticmethod
-    def run_ansible(params, check_mode):
-        '''run the oc_project module'''
-
-        node_selector = None
-        if params['node_selector'] is not None:
-            node_selector = ','.join(params['node_selector'])
-
-        pconfig = ProjectConfig(
-            params['name'],
-            'None',
-            params['kubeconfig'],
-            {
-                'admin': {'value': params['admin'], 'include': True},
-                'admin_role': {'value': params['admin_role'], 'include': True},
-                'description': {'value': params['description'], 'include': True},
-                'display_name': {'value': params['display_name'], 'include': True},
-                'node_selector': {'value': node_selector, 'include': True},
-            },
-        )
-
-        oadm_project = OCProject(pconfig, verbose=params['debug'])
-
-        state = params['state']
-
-        api_rval = oadm_project.get()
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            return {'changed': False, 'results': api_rval['results'], 'state': state}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if oadm_project.exists():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'}
-
-                api_rval = oadm_project.delete()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            return {'changed': False, 'state': state}
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            if not oadm_project.exists():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'}
-
-                # Create it here
-                api_rval = oadm_project.create()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oadm_project.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            ########
-            # Update
-            ########
-            if oadm_project.needs_update():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed an update.'}
-
-                api_rval = oadm_project.update()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oadm_project.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            return {'changed': False, 'results': api_rval, 'state': state}
-
-        return {'failed': True,
-                'changed': False,
-                'msg': 'Unknown state passed. [%s]' % state}

roles/lib_openshift/src/class/oc_pvc.py

@@ -1,172 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-# pylint: disable=too-many-instance-attributes
-class OCPVC(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-    kind = 'pvc'
-
-    # pylint allows 5
-    # pylint: disable=too-many-arguments
-    def __init__(self,
-                 config,
-                 verbose=False):
-        ''' Constructor for OCVolume '''
-        super(OCPVC, self).__init__(config.namespace, config.kubeconfig)
-        self.config = config
-        self.namespace = config.namespace
-        self._pvc = None
-
-    @property
-    def pvc(self):
-        ''' property function pvc'''
-        if not self._pvc:
-            self.get()
-        return self._pvc
-
-    @pvc.setter
-    def pvc(self, data):
-        ''' setter function for yedit var '''
-        self._pvc = data
-
-    def bound(self):
-        '''return whether the pvc is bound'''
-        if self.pvc.get_volume_name():
-            return True
-
-        return False
-
-    def exists(self):
-        ''' return whether a pvc exists '''
-        if self.pvc:
-            return True
-
-        return False
-
-    def get(self):
-        '''return pvc information '''
-        result = self._get(self.kind, self.config.name)
-        if result['returncode'] == 0:
-            self.pvc = PersistentVolumeClaim(content=result['results'][0])
-        elif '\"%s\" not found' % self.config.name in result['stderr']:
-            result['returncode'] = 0
-            result['results'] = [{}]
-        elif 'namespaces \"%s\" not found' % self.config.namespace in result['stderr']:
-            result['returncode'] = 0
-            result['results'] = [{}]
-
-        return result
-
-    def delete(self):
-        '''delete the object'''
-        return self._delete(self.kind, self.config.name)
-
-    def create(self):
-        '''create the object'''
-        return self._create_from_content(self.config.name, self.config.data)
-
-    def update(self):
-        '''update the object'''
-        # need to update the tls information and the service name
-        return self._replace_content(self.kind, self.config.name, self.config.data)
-
-    def needs_update(self):
-        ''' verify an update is needed '''
-        if self.pvc.get_volume_name() or self.pvc.is_bound():
-            return False
-
-        skip = []
-        return not Utils.check_def_equal(self.config.data, self.pvc.yaml_dict, skip_keys=skip, debug=True)
-
-    # pylint: disable=too-many-branches,too-many-return-statements
-    @staticmethod
-    def run_ansible(params, check_mode):
-        '''run the oc_pvc module'''
-        pconfig = PersistentVolumeClaimConfig(params['name'],
-                                              params['namespace'],
-                                              params['kubeconfig'],
-                                              params['access_modes'],
-                                              params['volume_capacity'],
-                                              params['selector'],
-                                              params['storage_class_name'],
-                                             )
-        oc_pvc = OCPVC(pconfig, verbose=params['debug'])
-
-        state = params['state']
-
-        api_rval = oc_pvc.get()
-        if api_rval['returncode'] != 0:
-            return {'failed': True, 'msg': api_rval}
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            return {'changed': False, 'results': api_rval['results'], 'state': state}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if oc_pvc.exists():
-
-                if check_mode:
-                    return {'changed': False, 'msg': 'CHECK_MODE: Would have performed a delete.'}
-
-                api_rval = oc_pvc.delete()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            return {'changed': False, 'state': state}
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            if not oc_pvc.exists():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'}
-
-                # Create it here
-                api_rval = oc_pvc.create()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_pvc.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            ########
-            # Update
-            ########
-            if oc_pvc.pvc.is_bound() or oc_pvc.pvc.get_volume_name():
-                api_rval['msg'] = '##### - This volume is currently bound.  Will not update - ####'
-                return {'changed': False, 'results': api_rval, 'state': state}
-
-            if oc_pvc.needs_update():
-                api_rval = oc_pvc.update()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_pvc.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            return {'changed': False, 'results': api_rval, 'state': state}
-
-        return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)}

roles/lib_openshift/src/class/oc_route.py

@@ -1,211 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-# pylint: disable=too-many-instance-attributes
-class OCRoute(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-    kind = 'route'
-
-    def __init__(self,
-                 config,
-                 verbose=False):
-        ''' Constructor for OCVolume '''
-        super(OCRoute, self).__init__(config.namespace, kubeconfig=config.kubeconfig, verbose=verbose)
-        self.config = config
-        self._route = None
-
-    @property
-    def route(self):
-        ''' property function for route'''
-        if not self._route:
-            self.get()
-        return self._route
-
-    @route.setter
-    def route(self, data):
-        ''' setter function for route '''
-        self._route = data
-
-    def exists(self):
-        ''' return whether a route exists '''
-        if self.route:
-            return True
-
-        return False
-
-    def get(self):
-        '''return route information '''
-        result = self._get(self.kind, self.config.name)
-        if result['returncode'] == 0:
-            self.route = Route(content=result['results'][0])
-        elif 'routes \"%s\" not found' % self.config.name in result['stderr']:
-            result['returncode'] = 0
-            result['results'] = [{}]
-        elif 'namespaces \"%s\" not found' % self.config.namespace in result['stderr']:
-            result['returncode'] = 0
-            result['results'] = [{}]
-
-        return result
-
-    def delete(self):
-        '''delete the object'''
-        return self._delete(self.kind, self.config.name)
-
-    def create(self):
-        '''create the object'''
-        return self._create_from_content(self.config.name, self.config.data)
-
-    def update(self):
-        '''update the object'''
-        return self._replace_content(self.kind,
-                                     self.config.name,
-                                     self.config.data,
-                                     force=(self.config.host != self.route.get_host()))
-
-    def needs_update(self):
-        ''' verify an update is needed '''
-        skip = []
-        return not Utils.check_def_equal(self.config.data, self.route.yaml_dict, skip_keys=skip, debug=self.verbose)
-
-    @staticmethod
-    def get_cert_data(path, content):
-        '''get the data for a particular value'''
-        rval = None
-        if path and os.path.exists(path) and os.access(path, os.R_OK):
-            rval = open(path).read()
-        elif content:
-            rval = content
-
-        return rval
-
-    # pylint: disable=too-many-return-statements,too-many-branches
-    @staticmethod
-    def run_ansible(params, check_mode=False):
-        ''' run the oc_route module
-
-            params comes from the ansible portion for this module
-            files: a dictionary for the certificates
-                   {'cert': {'path': '',
-                             'content': '',
-                             'value': ''
-                            }
-                   }
-            check_mode: does the module support check mode.  (module.check_mode)
-        '''
-        files = {'destcacert': {'path': params['dest_cacert_path'],
-                                'content': params['dest_cacert_content'],
-                                'value': None, },
-                 'cacert': {'path': params['cacert_path'],
-                            'content': params['cacert_content'],
-                            'value': None, },
-                 'cert': {'path': params['cert_path'],
-                          'content': params['cert_content'],
-                          'value': None, },
-                 'key': {'path': params['key_path'],
-                         'content': params['key_content'],
-                         'value': None, }, }
-
-        if params['tls_termination'] and params['tls_termination'].lower() != 'passthrough':  # E501
-
-            for key, option in files.items():
-                if not option['path'] and not option['content']:
-                    continue
-
-                option['value'] = OCRoute.get_cert_data(option['path'], option['content'])  # E501
-
-                if not option['value']:
-                    return {'failed': True,
-                            'msg': 'Verify that you pass a correct value for %s' % key}
-
-        rconfig = RouteConfig(params['name'],
-                              params['namespace'],
-                              params['kubeconfig'],
-                              params['labels'],
-                              files['destcacert']['value'],
-                              files['cacert']['value'],
-                              files['cert']['value'],
-                              files['key']['value'],
-                              params['host'],
-                              params['tls_termination'],
-                              params['service_name'],
-                              params['wildcard_policy'],
-                              params['weight'],
-                              params['port'])
-
-        oc_route = OCRoute(rconfig, verbose=params['debug'])
-
-        state = params['state']
-
-        api_rval = oc_route.get()
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            return {'changed': False,
-                    'results': api_rval['results'],
-                    'state': 'list'}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if oc_route.exists():
-
-                if check_mode:
-                    return {'changed': False, 'msg': 'CHECK_MODE: Would have performed a delete.'}  # noqa: E501
-
-                api_rval = oc_route.delete()
-
-                return {'changed': True, 'results': api_rval, 'state': "absent"}  # noqa: E501
-            return {'changed': False, 'state': 'absent'}
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            if not oc_route.exists():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'}  # noqa: E501
-
-                # Create it here
-                api_rval = oc_route.create()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval, 'state': "present"}  # noqa: E501
-
-                # return the created object
-                api_rval = oc_route.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval, 'state': "present"}  # noqa: E501
-
-                return {'changed': True, 'results': api_rval, 'state': "present"}  # noqa: E501
-
-            ########
-            # Update
-            ########
-            if oc_route.needs_update():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed an update.'}  # noqa: E501
-
-                api_rval = oc_route.update()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval, 'state': "present"}  # noqa: E501
-
-                # return the created object
-                api_rval = oc_route.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval, 'state': "present"}  # noqa: E501
-
-                return {'changed': True, 'results': api_rval, 'state': "present"}  # noqa: E501
-
-            return {'changed': False, 'results': api_rval, 'state': "present"}
-
-        # catch all
-        return {'failed': True, 'msg': "Unknown State passed"}

roles/lib_openshift/src/class/oc_scale.py

@@ -1,108 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-# pylint: disable=too-many-instance-attributes
-class OCScale(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-
-    # pylint allows 5
-    # pylint: disable=too-many-arguments
-    def __init__(self,
-                 resource_name,
-                 namespace,
-                 replicas,
-                 kind,
-                 kubeconfig='/etc/origin/master/admin.kubeconfig',
-                 verbose=False):
-        ''' Constructor for OCScale '''
-        super(OCScale, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
-        self.kind = kind
-        self.replicas = replicas
-        self.name = resource_name
-        self._resource = None
-
-    @property
-    def resource(self):
-        ''' property function for resource var '''
-        if not self._resource:
-            self.get()
-        return self._resource
-
-    @resource.setter
-    def resource(self, data):
-        ''' setter function for resource var '''
-        self._resource = data
-
-    def get(self):
-        '''return replicas information '''
-        vol = self._get(self.kind, self.name)
-        if vol['returncode'] == 0:
-            if self.kind == 'dc':
-                # The resource returned from a query could be an rc or dc.
-                # pylint: disable=redefined-variable-type
-                self.resource = DeploymentConfig(content=vol['results'][0])
-                vol['results'] = [self.resource.get_replicas()]
-            if self.kind == 'rc':
-                # The resource returned from a query could be an rc or dc.
-                # pylint: disable=redefined-variable-type
-                self.resource = ReplicationController(content=vol['results'][0])
-                vol['results'] = [self.resource.get_replicas()]
-
-        return vol
-
-    def put(self):
-        '''update replicas into dc '''
-        self.resource.update_replicas(self.replicas)
-        return self._replace_content(self.kind, self.name, self.resource.yaml_dict)
-
-    def needs_update(self):
-        ''' verify whether an update is needed '''
-        return self.resource.needs_update_replicas(self.replicas)
-
-    # pylint: disable=too-many-return-statements
-    @staticmethod
-    def run_ansible(params, check_mode):
-        '''run the oc_scale module'''
-
-        oc_scale = OCScale(params['name'],
-                           params['namespace'],
-                           params['replicas'],
-                           params['kind'],
-                           params['kubeconfig'],
-                           verbose=params['debug'])
-
-        state = params['state']
-
-        api_rval = oc_scale.get()
-        if api_rval['returncode'] != 0:
-            return {'failed': True, 'msg': api_rval}
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            return {'changed': False, 'result': api_rval['results'], 'state': 'list'}  # noqa: E501
-
-        elif state == 'present':
-            ########
-            # Update
-            ########
-            if oc_scale.needs_update():
-                if check_mode:
-                    return {'changed': True, 'result': 'CHECK_MODE: Would have updated.'}  # noqa: E501
-                api_rval = oc_scale.put()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_scale.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'result': api_rval['results'], 'state': 'present'}  # noqa: E501
-
-            return {'changed': False, 'result': api_rval['results'], 'state': 'present'}  # noqa: E501
-
-        return {'failed': True, 'msg': 'Unknown state passed. [{}]'.format(state)}

roles/lib_openshift/src/class/oc_secret.py

@@ -1,209 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-# pylint: skip-file
-
-# pylint: disable=wrong-import-position,wrong-import-order
-import base64
-
-# pylint: disable=too-many-arguments
-class OCSecret(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools
-    '''
-    def __init__(self,
-                 namespace,
-                 secret_name=None,
-                 secret_type=None,
-                 decode=False,
-                 kubeconfig='/etc/origin/master/admin.kubeconfig',
-                 verbose=False):
-        ''' Constructor for OpenshiftOC '''
-        super(OCSecret, self).__init__(namespace, kubeconfig=kubeconfig, verbose=verbose)
-        self.name = secret_name
-        self.type = secret_type
-        self.decode = decode
-
-    def get(self):
-        '''return a secret by name '''
-        results = self._get('secrets', self.name)
-        results['decoded'] = {}
-        results['exists'] = False
-        if results['returncode'] == 0 and results['results'][0]:
-            results['exists'] = True
-            if self.decode:
-                if 'data' in results['results'][0]:
-                    for sname, value in results['results'][0]['data'].items():
-                        results['decoded'][sname] = base64.b64decode(value)
-
-        if results['returncode'] != 0 and '"%s" not found' % self.name in results['stderr']:
-            results['returncode'] = 0
-
-        return results
-
-    def delete(self):
-        '''delete a secret by name'''
-        return self._delete('secrets', self.name)
-
-    def create(self, files=None, contents=None, force=False):
-        '''Create a secret '''
-        if not files:
-            files = Utils.create_tmp_files_from_contents(contents)
-
-        secrets = ["%s=%s" % (sfile['name'], sfile['path']) for sfile in files]
-        cmd = ['secrets', 'new', self.name]
-        if self.type is not None:
-            cmd.append("--type=%s" % (self.type))
-            if force:
-                cmd.append('--confirm')
-        cmd.extend(secrets)
-
-        results = self.openshift_cmd(cmd)
-
-        return results
-
-    def update(self, files, force=False):
-        '''run update secret
-
-           This receives a list of file names and converts it into a secret.
-           The secret is then written to disk and passed into the `oc replace` command.
-        '''
-        secret = self.prep_secret(files, force=force)
-        if secret['returncode'] != 0:
-            return secret
-
-        sfile_path = '/tmp/%s' % self.name
-        with open(sfile_path, 'w') as sfd:
-            sfd.write(json.dumps(secret['results']))
-
-        atexit.register(Utils.cleanup, [sfile_path])
-
-        return self._replace(sfile_path, force=force)
-
-    def prep_secret(self, files=None, contents=None, force=False):
-        ''' return what the secret would look like if created
-            This is accomplished by passing -ojson.  This will most likely change in the future
-        '''
-        if not files:
-            files = Utils.create_tmp_files_from_contents(contents)
-
-        secrets = ["%s=%s" % (sfile['name'], sfile['path']) for sfile in files]
-        cmd = ['-ojson', 'secrets', 'new', self.name]
-        if self.type is not None:
-            cmd.extend(["--type=%s" % (self.type)])
-            if force:
-                cmd.append('--confirm')
-        cmd.extend(secrets)
-
-        return self.openshift_cmd(cmd, output=True)
-
-    @staticmethod
-    # pylint: disable=too-many-return-statements,too-many-branches
-    # TODO: This function should be refactored into its individual parts.
-    def run_ansible(params, check_mode):
-        '''run the oc_secret module'''
-
-        ocsecret = OCSecret(params['namespace'],
-                            params['name'],
-                            params['type'],
-                            params['decode'],
-                            kubeconfig=params['kubeconfig'],
-                            verbose=params['debug'])
-
-        state = params['state']
-
-        api_rval = ocsecret.get()
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            return {'changed': False, 'results': api_rval, state: 'list'}
-
-        if not params['name']:
-            return {'failed': True,
-                    'msg': 'Please specify a name when state is absent|present.'}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if not Utils.exists(api_rval['results'], params['name']):
-                return {'changed': False, 'state': 'absent'}
-
-            if check_mode:
-                return {'changed': True, 'msg': 'Would have performed a delete.'}
-
-            api_rval = ocsecret.delete()
-            return {'changed': True, 'results': api_rval, 'state': 'absent'}
-
-        if state == 'present':
-            if params['files']:
-                files = params['files']
-            elif params['contents']:
-                files = Utils.create_tmp_files_from_contents(params['contents'])
-            else:
-                files = [{'name': 'null', 'path': os.devnull}]
-
-            ########
-            # Create
-            ########
-            if not Utils.exists(api_rval['results'], params['name']):
-
-                if check_mode:
-                    return {'changed': True,
-                            'msg': 'Would have performed a create.'}
-
-                api_rval = ocsecret.create(files, params['contents'], force=params['force'])
-
-                # Remove files
-                if files and params['delete_after']:
-                    Utils.cleanup([ftmp['path'] for ftmp in files])
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True,
-                            'msg': api_rval}
-
-                return {'changed': True,
-                        'results': api_rval,
-                        'state': 'present'}
-
-            ########
-            # Update
-            ########
-            secret = ocsecret.prep_secret(params['files'], params['contents'], force=params['force'])
-
-            if secret['returncode'] != 0:
-                return {'failed': True, 'msg': secret}
-
-            if Utils.check_def_equal(secret['results'], api_rval['results'][0]):
-
-                # Remove files
-                if files and params['delete_after']:
-                    Utils.cleanup([ftmp['path'] for ftmp in files])
-
-                return {'changed': False,
-                        'results': secret['results'],
-                        'state': 'present'}
-
-            if check_mode:
-                return {'changed': True,
-                        'msg': 'Would have performed an update.'}
-
-            api_rval = ocsecret.update(files, force=params['force'])
-
-            # Remove files
-            if secret and params['delete_after']:
-                Utils.cleanup([ftmp['path'] for ftmp in files])
-
-            if api_rval['returncode'] != 0:
-                return {'failed': True,
-                        'msg': api_rval}
-
-            return {'changed': True,
-                    'results': api_rval,
-                    'state': 'present'}
-
-        return {'failed': True,
-                'changed': False,
-                'msg': 'Unknown state passed. %s' % state,
-                'state': 'unknown'}

roles/lib_openshift/src/class/oc_service.py

@@ -1,180 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-# pylint: disable=too-many-instance-attributes
-class OCService(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-    kind = 'service'
-
-    # pylint allows 5
-    # pylint: disable=too-many-arguments
-    def __init__(self,
-                 sname,
-                 namespace,
-                 labels,
-                 annotations,
-                 selector,
-                 cluster_ip,
-                 portal_ip,
-                 ports,
-                 session_affinity,
-                 service_type,
-                 external_ips,
-                 kubeconfig='/etc/origin/master/admin.kubeconfig',
-                 verbose=False):
-        ''' Constructor for OCVolume '''
-        super(OCService, self).__init__(namespace, kubeconfig, verbose)
-        self.namespace = namespace
-        self.config = ServiceConfig(sname, namespace, ports, annotations, selector, labels,
-                                    cluster_ip, portal_ip, session_affinity, service_type,
-                                    external_ips)
-        self.user_svc = Service(content=self.config.data)
-        self.svc = None
-
-    @property
-    def service(self):
-        ''' property function service'''
-        if not self.svc:
-            self.get()
-        return self.svc
-
-    @service.setter
-    def service(self, data):
-        ''' setter function for service var '''
-        self.svc = data
-
-    def exists(self):
-        ''' return whether a service exists '''
-        if self.service:
-            return True
-
-        return False
-
-    def get(self):
-        '''return service information '''
-        result = self._get(self.kind, self.config.name)
-        if result['returncode'] == 0:
-            self.service = Service(content=result['results'][0])
-            result['clusterip'] = self.service.get('spec.clusterIP')
-        elif 'services \"%s\" not found' % self.config.name  in result['stderr']:
-            result['clusterip'] = ''
-            result['returncode'] = 0
-        elif 'namespaces \"%s\" not found' % self.config.namespace  in result['stderr']:
-            result['clusterip'] = ''
-            result['returncode'] = 0
-
-        return result
-
-    def delete(self):
-        '''delete the service'''
-        return self._delete(self.kind, self.config.name)
-
-    def create(self):
-        '''create a service '''
-        return self._create_from_content(self.config.name, self.user_svc.yaml_dict)
-
-    def update(self):
-        '''create a service '''
-        # Need to copy over the portalIP and the serviceIP settings
-
-        self.user_svc.add_cluster_ip(self.service.get('spec.clusterIP'))
-        self.user_svc.add_portal_ip(self.service.get('spec.portalIP'))
-        return self._replace_content(self.kind, self.config.name, self.user_svc.yaml_dict)
-
-    def needs_update(self):
-        ''' verify an update is needed '''
-        skip = ['clusterIP', 'portalIP']
-        return not Utils.check_def_equal(self.user_svc.yaml_dict, self.service.yaml_dict, skip_keys=skip, debug=True)
-
-    # pylint: disable=too-many-return-statements,too-many-branches
-    @staticmethod
-    def run_ansible(params, check_mode):
-        '''Run the oc_service module'''
-        oc_svc = OCService(params['name'],
-                           params['namespace'],
-                           params['labels'],
-                           params['annotations'],
-                           params['selector'],
-                           params['clusterip'],
-                           params['portalip'],
-                           params['ports'],
-                           params['session_affinity'],
-                           params['service_type'],
-                           params['external_ips'],
-                           params['kubeconfig'],
-                           params['debug'])
-
-        state = params['state']
-
-        api_rval = oc_svc.get()
-
-        if api_rval['returncode'] != 0:
-            return {'failed': True, 'msg': api_rval}
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            return {'changed': False, 'results': api_rval, 'state': state}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if oc_svc.exists():
-
-                if check_mode:
-                    return {'changed': True,
-                            'msg': 'CHECK_MODE: Would have performed a delete.'}  # noqa: E501
-
-                api_rval = oc_svc.delete()
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            return {'changed': False, 'state': state}
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            if not oc_svc.exists():
-
-                if check_mode:
-                    return {'changed': True,
-                            'msg': 'CHECK_MODE: Would have performed a create.'}  # noqa: E501
-
-                # Create it here
-                api_rval = oc_svc.create()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_svc.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            ########
-            # Update
-            ########
-            if oc_svc.needs_update():
-                api_rval = oc_svc.update()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_svc.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            return {'changed': False, 'results': api_rval, 'state': state}
-
-        return {'failed': True, 'msg': 'UNKNOWN state passed. [%s]' % state}

roles/lib_openshift/src/class/oc_serviceaccount.py

@@ -1,167 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-# pylint: disable=too-many-instance-attributes
-class OCServiceAccount(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-    kind = 'sa'
-
-    # pylint allows 5
-    # pylint: disable=too-many-arguments
-    def __init__(self,
-                 config,
-                 verbose=False):
-        ''' Constructor for OCVolume '''
-        super(OCServiceAccount, self).__init__(config.namespace, kubeconfig=config.kubeconfig, verbose=verbose)
-        self.config = config
-        self.service_account = None
-
-    def exists(self):
-        ''' return whether a volume exists '''
-        if self.service_account:
-            return True
-
-        return False
-
-    def get(self):
-        '''return volume information '''
-        result = self._get(self.kind, self.config.name)
-        if result['returncode'] == 0:
-            self.service_account = ServiceAccount(content=result['results'][0])
-        elif '\"%s\" not found' % self.config.name in result['stderr']:
-            result['returncode'] = 0
-            result['results'] = [{}]
-        elif 'namespaces \"%s\" not found' % self.config.namespace in result['stderr']:
-            result['returncode'] = 0
-            result['results'] = [{}]
-
-        return result
-
-    def delete(self):
-        '''delete the object'''
-        return self._delete(self.kind, self.config.name)
-
-    def create(self):
-        '''create the object'''
-        return self._create_from_content(self.config.name, self.config.data)
-
-    def update(self):
-        '''update the object'''
-        # need to update the tls information and the service name
-        for secret in self.config.secrets:
-            result = self.service_account.find_secret(secret)
-            if not result:
-                self.service_account.add_secret(secret)
-
-        for secret in self.config.image_pull_secrets:
-            result = self.service_account.find_image_pull_secret(secret)
-            if not result:
-                self.service_account.add_image_pull_secret(secret)
-
-        return self._replace_content(self.kind, self.config.name, self.config.data)
-
-    def needs_update(self):
-        ''' verify an update is needed '''
-        # since creating an service account generates secrets and imagepullsecrets
-        # check_def_equal will not work
-        # Instead, verify all secrets passed are in the list
-        for secret in self.config.secrets:
-            result = self.service_account.find_secret(secret)
-            if not result:
-                return True
-
-        for secret in self.config.image_pull_secrets:
-            result = self.service_account.find_image_pull_secret(secret)
-            if not result:
-                return True
-
-        return False
-
-    @staticmethod
-    # pylint: disable=too-many-return-statements,too-many-branches
-    # TODO: This function should be refactored into its individual parts.
-    def run_ansible(params, check_mode):
-        '''run the oc_serviceaccount module'''
-
-        rconfig = ServiceAccountConfig(params['name'],
-                                       params['namespace'],
-                                       params['kubeconfig'],
-                                       params['secrets'],
-                                       params['image_pull_secrets'],
-                                      )
-
-        oc_sa = OCServiceAccount(rconfig,
-                                 verbose=params['debug'])
-
-        state = params['state']
-
-        api_rval = oc_sa.get()
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            return {'changed': False, 'results': api_rval['results'], 'state': 'list'}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if oc_sa.exists():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'Would have performed a delete.'}
-
-                api_rval = oc_sa.delete()
-
-                return {'changed': True, 'results': api_rval, 'state': 'absent'}
-
-            return {'changed': False, 'state': 'absent'}
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            if not oc_sa.exists():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'Would have performed a create.'}
-
-                # Create it here
-                api_rval = oc_sa.create()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_sa.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': 'present'}
-
-            ########
-            # Update
-            ########
-            if oc_sa.needs_update():
-                api_rval = oc_sa.update()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_sa.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': 'present'}
-
-            return {'changed': False, 'results': api_rval, 'state': 'present'}
-
-
-        return {'failed': True,
-                'changed': False,
-                'msg': 'Unknown state passed. %s' % state,
-                'state': 'unknown'}

roles/lib_openshift/src/class/oc_serviceaccount_secret.py

@@ -1,138 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-class OCServiceAccountSecret(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-
-    kind = 'sa'
-    def __init__(self, config, verbose=False):
-        ''' Constructor for OpenshiftOC '''
-        super(OCServiceAccountSecret, self).__init__(config.namespace, kubeconfig=config.kubeconfig, verbose=verbose)
-        self.config = config
-        self.verbose = verbose
-        self._service_account = None
-
-    @property
-    def service_account(self):
-        ''' Property for the service account '''
-        if not self._service_account:
-            self.get()
-        return self._service_account
-
-    @service_account.setter
-    def service_account(self, data):
-        ''' setter for the service account '''
-        self._service_account = data
-
-    def exists(self, in_secret):
-        ''' verifies if secret exists in the service account '''
-        result = self.service_account.find_secret(in_secret)
-        if not result:
-            return False
-        return True
-
-    def get(self):
-        ''' get the service account definition from the master '''
-        sao = self._get(OCServiceAccountSecret.kind, self.config.name)
-        if sao['returncode'] == 0:
-            self.service_account = ServiceAccount(content=sao['results'][0])
-            sao['results'] = self.service_account.get('secrets')
-        return sao
-
-    def delete(self):
-        ''' delete secrets '''
-
-        modified = []
-        for rem_secret in self.config.secrets:
-            modified.append(self.service_account.delete_secret(rem_secret))
-
-        if any(modified):
-            return self._replace_content(OCServiceAccountSecret.kind, self.config.name, self.service_account.yaml_dict)
-
-        return {'returncode': 0, 'changed': False}
-
-    def put(self):
-        ''' place secrets into sa '''
-        modified = False
-        for add_secret in self.config.secrets:
-            if not self.service_account.find_secret(add_secret):
-                self.service_account.add_secret(add_secret)
-                modified = True
-
-        if modified:
-            return self._replace_content(OCServiceAccountSecret.kind, self.config.name, self.service_account.yaml_dict)
-
-        return {'returncode': 0, 'changed': False}
-
-
-    @staticmethod
-    # pylint: disable=too-many-return-statements,too-many-branches
-    # TODO: This function should be refactored into its individual parts.
-    def run_ansible(params, check_mode):
-        ''' run the oc_serviceaccount_secret module'''
-
-        sconfig = ServiceAccountConfig(params['service_account'],
-                                       params['namespace'],
-                                       params['kubeconfig'],
-                                       [params['secret']],
-                                       None)
-
-        oc_sa_sec = OCServiceAccountSecret(sconfig, verbose=params['debug'])
-
-        state = params['state']
-
-        api_rval = oc_sa_sec.get()
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            return {'changed': False, 'results': api_rval['results'], 'state': "list"}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if oc_sa_sec.exists(params['secret']):
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'Would have removed the " + \
-                            "secret from the service account.'}
-
-                api_rval = oc_sa_sec.delete()
-
-                return {'changed': True, 'results': api_rval, 'state': "absent"}
-
-            return {'changed': False, 'state': "absent"}
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            if not oc_sa_sec.exists(params['secret']):
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'Would have added the ' + \
-                            'secret to the service account.'}
-
-                # Create it here
-                api_rval = oc_sa_sec.put()
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_sa_sec.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': "present"}
-
-
-            return {'changed': False, 'results': api_rval, 'state': "present"}
-
-
-        return {'failed': True,
-                'changed': False,
-                'msg': 'Unknown state passed. %s' % state,
-                'state': 'unknown'}

roles/lib_openshift/src/class/oc_storageclass.py

@@ -1,178 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-# pylint: disable=too-many-instance-attributes
-class OCStorageClass(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-    kind = 'storageclass'
-
-    # pylint allows 5
-    # pylint: disable=too-many-arguments
-    def __init__(self,
-                 config,
-                 verbose=False):
-        ''' Constructor for OCStorageClass '''
-        super(OCStorageClass, self).__init__(None, kubeconfig=config.kubeconfig, verbose=verbose)
-        self.config = config
-        self.storage_class = None
-
-    def exists(self):
-        ''' return whether a storageclass exists'''
-        if self.storage_class:
-            return True
-
-        return False
-
-    def get(self):
-        '''return storageclass '''
-        result = self._get(self.kind, self.config.name)
-        if result['returncode'] == 0:
-            self.storage_class = StorageClass(content=result['results'][0])
-        elif '\"%s\" not found' % self.config.name in result['stderr']:
-            result['returncode'] = 0
-            result['results'] = [{}]
-
-        return result
-
-    def delete(self):
-        '''delete the object'''
-        return self._delete(self.kind, self.config.name)
-
-    def create(self):
-        '''create the object'''
-        return self._create_from_content(self.config.name, self.config.data)
-
-    def update(self):
-        '''update the object'''
-        # parameters are currently unable to be updated.  need to delete and recreate
-        self.delete()
-        # pause here and attempt to wait for delete.
-        # Better option would be to poll
-        time.sleep(5)
-        return self.create()
-
-    def needs_update(self):
-        ''' verify an update is needed '''
-        # check if params have updated
-        if self.storage_class.get_parameters() != self.config.parameters:
-            return True
-
-        for anno_key, anno_value in self.storage_class.get_annotations().items():
-            if 'is-default-class' in anno_key and anno_value != self.config.default_storage_class:
-                return True
-
-        # check if mount options have updated
-        if set(self.storage_class.get_mount_options()) != set(self.config.mount_options):
-            return True
-
-        # check if reclaim policy has been updated
-        if self.storage_class.get_reclaim_policy() != self.config.reclaim_policy:
-            return True
-
-        return False
-
-    @staticmethod
-    def provisioner_name_qualified(provisioner_name):
-        pattern = re.compile(r'^[a-z0-9A-Z-_.]+\/[a-z0-9A-Z-_.]+$')
-        return pattern.match(provisioner_name)
-
-    @staticmethod
-    # pylint: disable=too-many-return-statements,too-many-branches
-    # TODO: This function should be refactored into its individual parts.
-    def run_ansible(params, check_mode):
-        '''run the oc_storageclass module'''
-
-        # Make sure that the provisioner is fully qualified before using it
-        # E.g. if 'aws-efs' is provided as a provisioner, convert it to 'kubernetes.io/aws-efs'
-        # but if the name is already qualified  (e.g. 'openshift.org/aws-efs') then leave it be.
-        raw_provisioner_name = params['provisioner']
-        if OCStorageClass.provisioner_name_qualified(raw_provisioner_name):
-            qualified_provisioner_name = raw_provisioner_name
-        else:
-            qualified_provisioner_name = "kubernetes.io/{}".format(params['provisioner'])
-
-        rconfig = StorageClassConfig(params['name'],
-                                     provisioner=qualified_provisioner_name,
-                                     parameters=params['parameters'],
-                                     annotations=params['annotations'],
-                                     api_version="storage.k8s.io/{}".format(params['api_version']),
-                                     default_storage_class=params.get('default_storage_class', 'false'),
-                                     kubeconfig=params['kubeconfig'],
-                                     mount_options=params['mount_options'],
-                                     reclaim_policy=params['reclaim_policy']
-                                    )
-
-        oc_sc = OCStorageClass(rconfig, verbose=params['debug'])
-
-        state = params['state']
-
-        api_rval = oc_sc.get()
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            return {'changed': False, 'results': api_rval['results'], 'state': 'list'}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if oc_sc.exists():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'Would have performed a delete.'}
-
-                api_rval = oc_sc.delete()
-
-                return {'changed': True, 'results': api_rval, 'state': 'absent'}
-
-            return {'changed': False, 'state': 'absent'}
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            if not oc_sc.exists():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'Would have performed a create.'}
-
-                # Create it here
-                api_rval = oc_sc.create()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_sc.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': 'present'}
-
-            ########
-            # Update
-            ########
-            if oc_sc.needs_update():
-                api_rval = oc_sc.update()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_sc.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': 'present'}
-
-            return {'changed': False, 'results': api_rval, 'state': 'present'}
-
-
-        return {'failed': True,
-                'changed': False,
-                'msg': 'Unknown state passed. %s' % state,
-                'state': 'unknown'}

roles/lib_openshift/src/class/oc_user.py

@@ -1,227 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-# pylint: disable=too-many-instance-attributes
-class OCUser(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-    kind = 'users'
-
-    def __init__(self,
-                 config,
-                 groups=None,
-                 verbose=False):
-        ''' Constructor for OCUser '''
-        # namespace has no meaning for user operations, hardcode to 'default'
-        super(OCUser, self).__init__('default', config.kubeconfig)
-        self.config = config
-        self.groups = groups
-        self._user = None
-
-    @property
-    def user(self):
-        ''' property function user'''
-        if not self._user:
-            self.get()
-        return self._user
-
-    @user.setter
-    def user(self, data):
-        ''' setter function for user '''
-        self._user = data
-
-    def exists(self):
-        ''' return whether a user exists '''
-        if self.user:
-            return True
-
-        return False
-
-    def get(self):
-        ''' return user information '''
-        result = self._get(self.kind, self.config.username)
-        if result['returncode'] == 0:
-            self.user = User(content=result['results'][0])
-        elif 'users \"%s\" not found' % self.config.username in result['stderr']:
-            result['returncode'] = 0
-            result['results'] = [{}]
-
-        return result
-
-    def delete(self):
-        ''' delete the object '''
-        return self._delete(self.kind, self.config.username)
-
-    def create_group_entries(self):
-        ''' make entries for user to the provided group list '''
-        if self.groups != None:
-            for group in self.groups:
-                cmd = ['groups', 'add-users', group, self.config.username]
-                rval = self.openshift_cmd(cmd, oadm=True)
-                if rval['returncode'] != 0:
-                    return rval
-
-                return rval
-
-        return {'returncode': 0}
-
-    def create(self):
-        ''' create the object '''
-        rval = self.create_group_entries()
-        if rval['returncode'] != 0:
-            return rval
-
-        return self._create_from_content(self.config.username, self.config.data)
-
-    def group_update(self):
-        ''' update group membership '''
-        rval = {'returncode': 0}
-        cmd = ['get', 'groups', '-o', 'json']
-        all_groups = self.openshift_cmd(cmd, output=True)
-
-        # pylint misindentifying all_groups['results']['items'] type
-        # pylint: disable=invalid-sequence-index
-        for group in all_groups['results']['items']:
-            # If we're supposed to be in this group
-            if group['metadata']['name'] in self.groups \
-               and (group['users'] is None or self.config.username not in group['users']):
-                cmd = ['groups', 'add-users', group['metadata']['name'],
-                       self.config.username]
-                rval = self.openshift_cmd(cmd, oadm=True)
-                if rval['returncode'] != 0:
-                    return rval
-            # else if we're in the group, but aren't supposed to be
-            elif group['users'] != None and self.config.username in group['users'] \
-                 and group['metadata']['name'] not in self.groups:
-                cmd = ['groups', 'remove-users', group['metadata']['name'],
-                       self.config.username]
-                rval = self.openshift_cmd(cmd, oadm=True)
-                if rval['returncode'] != 0:
-                    return rval
-
-        return rval
-
-    def update(self):
-        ''' update the object '''
-        rval = self.group_update()
-        if rval['returncode'] != 0:
-            return rval
-
-        # need to update the user's info
-        return self._replace_content(self.kind, self.config.username, self.config.data, force=True)
-
-    def needs_group_update(self):
-        ''' check if there are group membership changes '''
-        cmd = ['get', 'groups', '-o', 'json']
-        all_groups = self.openshift_cmd(cmd, output=True)
-
-        # pylint misindentifying all_groups['results']['items'] type
-        # pylint: disable=invalid-sequence-index
-        for group in all_groups['results']['items']:
-            # If we're supposed to be in this group
-            if group['metadata']['name'] in self.groups \
-               and (group['users'] is None or self.config.username not in group['users']):
-                return True
-            # else if we're in the group, but aren't supposed to be
-            elif group['users'] != None and self.config.username in group['users'] \
-                 and group['metadata']['name'] not in self.groups:
-                return True
-
-        return False
-
-    def needs_update(self):
-        ''' verify an update is needed '''
-        skip = []
-        if self.needs_group_update():
-            return True
-
-        return not Utils.check_def_equal(self.config.data, self.user.yaml_dict, skip_keys=skip, debug=True)
-
-    # pylint: disable=too-many-return-statements
-    @staticmethod
-    def run_ansible(params, check_mode=False):
-        ''' run the oc_user module
-
-            params comes from the ansible portion of this module
-            check_mode: does the module support check mode. (module.check_mode)
-        '''
-
-        uconfig = UserConfig(params['kubeconfig'],
-                             params['username'],
-                             params['full_name'],
-                            )
-
-        oc_user = OCUser(uconfig, params['groups'],
-                         verbose=params['debug'])
-        state = params['state']
-
-        api_rval = oc_user.get()
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            return {'changed': False, 'results': api_rval['results'], 'state': "list"}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if oc_user.exists():
-
-                if check_mode:
-                    return {'changed': False, 'msg': 'Would have performed a delete.'}
-
-                api_rval = oc_user.delete()
-
-                return {'changed': True, 'results': api_rval, 'state': "absent"}
-            return {'changed': False, 'state': "absent"}
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            if not oc_user.exists():
-
-                if check_mode:
-                    return {'changed': False, 'msg': 'Would have performed a create.'}
-
-                # Create it here
-                api_rval = oc_user.create()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_user.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': "present"}
-
-            ########
-            # Update
-            ########
-            if oc_user.needs_update():
-                api_rval = oc_user.update()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                orig_cmd = api_rval['cmd']
-                # return the created object
-                api_rval = oc_user.get()
-                # overwrite the get/list cmd
-                api_rval['cmd'] = orig_cmd
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': "present"}
-
-            return {'changed': False, 'results': api_rval, 'state': "present"}
-
-        return {'failed': True,
-                'changed': False,
-                'results': 'Unknown state passed. %s' % state,
-                'state': "unknown"}

roles/lib_openshift/src/class/oc_version.py

@@ -1,47 +0,0 @@
-# flake8: noqa
-# pylint: skip-file
-
-
-# pylint: disable=too-many-instance-attributes
-class OCVersion(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-    # pylint allows 5
-    # pylint: disable=too-many-arguments
-    def __init__(self,
-                 config,
-                 debug):
-        ''' Constructor for OCVersion '''
-        super(OCVersion, self).__init__(None, config)
-        self.debug = debug
-
-    def get(self):
-        '''get and return version information '''
-
-        results = {}
-
-        version_results = self._version()
-
-        if version_results['returncode'] == 0:
-            filtered_vers = Utils.filter_versions(version_results['results'])
-            custom_vers = Utils.add_custom_versions(filtered_vers)
-
-            results['returncode'] = version_results['returncode']
-            results.update(filtered_vers)
-            results.update(custom_vers)
-
-            return results
-
-        raise OpenShiftCLIError('Problem detecting openshift version.')
-
-    @staticmethod
-    def run_ansible(params):
-        '''run the oc_version module'''
-        oc_version = OCVersion(params['kubeconfig'], params['debug'])
-
-        if params['state'] == 'list':
-
-            #pylint: disable=protected-access
-            result = oc_version.get()
-            return {'state': params['state'],
-                    'results': result,
-                    'changed': False}

roles/lib_openshift/src/class/oc_volume.py

@@ -1,195 +0,0 @@
-# pylint: skip-file
-# flake8: noqa
-
-
-# pylint: disable=too-many-instance-attributes
-class OCVolume(OpenShiftCLI):
-    ''' Class to wrap the oc command line tools '''
-    volume_mounts_path = {"pod": "spec.containers[0].volumeMounts",
-                          "dc":  "spec.template.spec.containers[0].volumeMounts",
-                          "rc":  "spec.template.spec.containers[0].volumeMounts",
-                         }
-    volumes_path = {"pod": "spec.volumes",
-                    "dc":  "spec.template.spec.volumes",
-                    "rc":  "spec.template.spec.volumes",
-                   }
-
-    # pylint allows 5
-    # pylint: disable=too-many-arguments
-    def __init__(self,
-                 kind,
-                 resource_name,
-                 namespace,
-                 vol_name,
-                 mount_path,
-                 mount_type,
-                 secret_name,
-                 claim_size,
-                 claim_name,
-                 configmap_name,
-                 kubeconfig='/etc/origin/master/admin.kubeconfig',
-                 verbose=False):
-        ''' Constructor for OCVolume '''
-        super(OCVolume, self).__init__(namespace, kubeconfig)
-        self.kind = kind
-        self.volume_info = {'name': vol_name,
-                            'secret_name': secret_name,
-                            'path': mount_path,
-                            'type': mount_type,
-                            'claimSize': claim_size,
-                            'claimName': claim_name,
-                            'configmap_name': configmap_name}
-        self.volume, self.volume_mount = Volume.create_volume_structure(self.volume_info)
-        self.name = resource_name
-        self.namespace = namespace
-        self.kubeconfig = kubeconfig
-        self.verbose = verbose
-        self._resource = None
-
-    @property
-    def resource(self):
-        ''' property function for resource var '''
-        if not self._resource:
-            self.get()
-        return self._resource
-
-    @resource.setter
-    def resource(self, data):
-        ''' setter function for resource var '''
-        self._resource = data
-
-    def exists(self):
-        ''' return whether a volume exists '''
-        volume_mount_found = False
-        volume_found = self.resource.exists_volume(self.volume)
-        if not self.volume_mount and volume_found:
-            return True
-
-        if self.volume_mount:
-            volume_mount_found = self.resource.exists_volume_mount(self.volume_mount)
-
-        if volume_found and self.volume_mount and volume_mount_found:
-            return True
-
-        return False
-
-    def get(self):
-        '''return volume information '''
-        vol = self._get(self.kind, self.name)
-        if vol['returncode'] == 0:
-            if self.kind == 'dc':
-                self.resource = DeploymentConfig(content=vol['results'][0])
-                vol['results'] = self.resource.get_volumes()
-
-        return vol
-
-    def delete(self):
-        '''remove a volume'''
-        self.resource.delete_volume_by_name(self.volume)
-        return self._replace_content(self.kind, self.name, self.resource.yaml_dict)
-
-    def put(self):
-        '''place volume into dc '''
-        self.resource.update_volume(self.volume)
-        self.resource.get_volumes()
-        self.resource.update_volume_mount(self.volume_mount)
-        return self._replace_content(self.kind, self.name, self.resource.yaml_dict)
-
-    def needs_update(self):
-        ''' verify an update is needed '''
-        return self.resource.needs_update_volume(self.volume, self.volume_mount)
-
-    # pylint: disable=too-many-branches,too-many-return-statements
-    @staticmethod
-    def run_ansible(params, check_mode=False):
-        '''run the oc_volume module'''
-        oc_volume = OCVolume(params['kind'],
-                             params['name'],
-                             params['namespace'],
-                             params['vol_name'],
-                             params['mount_path'],
-                             params['mount_type'],
-                             # secrets
-                             params['secret_name'],
-                             # pvc
-                             params['claim_size'],
-                             params['claim_name'],
-                             # configmap
-                             params['configmap_name'],
-                             kubeconfig=params['kubeconfig'],
-                             verbose=params['debug'])
-
-        state = params['state']
-
-        api_rval = oc_volume.get()
-
-        if api_rval['returncode'] != 0:
-            return {'failed': True, 'msg': api_rval}
-
-        #####
-        # Get
-        #####
-        if state == 'list':
-            return {'changed': False, 'results': api_rval['results'], 'state': state}
-
-        ########
-        # Delete
-        ########
-        if state == 'absent':
-            if oc_volume.exists():
-
-                if check_mode:
-                    return {'changed': False, 'msg': 'CHECK_MODE: Would have performed a delete.'}
-
-                api_rval = oc_volume.delete()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            return {'changed': False, 'state': state}
-
-        if state == 'present':
-            ########
-            # Create
-            ########
-            if not oc_volume.exists():
-
-                if check_mode:
-                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'}
-
-                # Create it here
-                api_rval = oc_volume.put()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_volume.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, 'state': state}
-
-            ########
-            # Update
-            ########
-            if oc_volume.needs_update():
-                api_rval = oc_volume.put()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                # return the created object
-                api_rval = oc_volume.get()
-
-                if api_rval['returncode'] != 0:
-                    return {'failed': True, 'msg': api_rval}
-
-                return {'changed': True, 'results': api_rval, state: state}
-
-            return {'changed': False, 'results': api_rval, state: state}
-
-        return {'failed': True, 'msg': 'Unknown state passed. {}'.format(state)}

roles/lib_openshift/src/doc/ca_server_cert

@@ -1,102 +0,0 @@
-# flake8: noqa
-# pylint: skip-file
-
-DOCUMENTATION = '''
----
-module: oc_adm_ca_server_cert
-short_description: Module to run openshift oc adm ca create-server-cert
-description:
-  - Wrapper around the openshift `oc adm ca create-server-cert` command.
-options:
-  state:
-    description:
-    - Present is the only supported state.  The state present means that `oc adm ca` will generate a certificate
-    - and verify if the hostnames and the ClusterIP exists in the certificate.
-    - When create-server-cert is desired then the following parameters are passed.
-    - ['cert', 'key', 'signer_cert', 'signer_key', 'signer_serial']
-    required: false
-    default: present
-    choices: 
-    - present
-    aliases: []
-  kubeconfig:
-    description:
-    - The path for the kubeconfig file to use for authentication
-    required: false
-    default: /etc/origin/master/admin.kubeconfig
-    aliases: []
-  debug:
-    description:
-    - Turn on debug output.
-    required: false
-    default: False
-    aliases: []
-  cert:
-    description:
-    - The certificate file. Choose a name that indicates what the service is.
-    required: false
-    default: None
-    aliases: []
-  key:
-    description:
-    - The key file. Choose a name that indicates what the service is.
-    required: false
-    default: None
-    aliases: []
-  force:
-    description:
-    - Force updating of the existing cert and key files
-    required: false
-    default: False
-    aliases: []
-  signer_cert:
-    description:
-    - The signer certificate file.
-    required: false
-    default: /etc/origin/master/ca.crt
-    aliases: []
-  signer_key:
-    description:
-    - The signer key file.
-    required: false
-    default: /etc/origin/master/ca.key
-    aliases: []
-  signer_serial:
-    description:
-    - The signer serial file.
-    required: false
-    default: /etc/origin/master/ca.serial.txt
-    aliases: []
-  hostnames:
-    description:
-    - Every hostname or IP that server certs should be valid for
-    required: false
-    default: []
-    aliases: []
-  backup:
-    description:
-    - Whether to backup the cert and key files before writing them.
-    required: false
-    default: True
-    aliases: []
-  expire_days:
-    description
-    - Validity of the certificate in days
-    required: false
-    default: None
-    aliases: []
-author:
-- "Kenny Woodson <kwoodson@redhat.com>"
-extends_documentation_fragment: []
-'''
-
-EXAMPLES = '''
-- name: Create a self-signed cert
-  oc_adm_ca_server_cert:
-    signer_cert: /etc/origin/master/ca.crt
-    signer_key: /etc/origin/master/ca.key
-    signer_serial: /etc/origin/master/ca.serial.txt
-    hostnames: "registry.test.openshift.com,127.0.0.1,docker-registry.default.svc.cluster.local"
-    cert: /etc/origin/master/registry.crt
-    key: /etc/origin/master/registry.key
-'''

roles/lib_openshift/src/doc/clusterrole

@@ -1,66 +0,0 @@
-# flake8: noqa
-# pylint: skip-file
-
-DOCUMENTATION = '''
----
-module: oc_clusterrole
-short_description: Modify, and idempotently manage openshift clusterroles
-description:
-  - Manage openshift clusterroles
-options:
-  state:
-    description:
-    - State controls the action that will be taken with resource
-    - present - will ensure object is created or updated to the value specified
-    - list - will return a clusterrole
-    - absent - will remove a clusterrole
-    required: False
-    default: present
-    choices: ["present", 'absent', 'list']
-    aliases: []
-  kubeconfig:
-    description:
-    - The path for the kubeconfig file to use for authentication
-    required: false
-    default: /etc/origin/master/admin.kubeconfig
-    aliases: []
-  debug:
-    description:
-    - Turn on debug output.
-    required: false
-    default: False
-    aliases: []
-  name:
-    description:
-    - Name of the object that is being queried.
-    required: false
-    default: None
-    aliases: []
-  rules:
-    description:
-    - A list of dictionaries that have the rule parameters.
-    - e.g. rules=[{'apiGroups': [""], 'attributeRestrictions': None, 'verbs': ['get'], 'resources': []}]
-    required: false
-    default: None
-    aliases: []
-author:
-- "Kenny Woodson <kwoodson@redhat.com>"
-extends_documentation_fragment: []
-'''
-
-EXAMPLES = '''
-- name: query a list of env vars on dc
-  oc_clusterrole:
-    name: myclusterrole
-    state: list
-
-- name: Set the following variables.
-  oc_clusterrole:
-    name: myclusterrole
-    rules:
-      apiGroups:
-      - ""
-      attributeRestrictions: null
-      verbs: []
-      resources: []
-'''

roles/lib_openshift/src/doc/configmap

@@ -1,72 +0,0 @@
-# flake8: noqa
-# pylint: skip-file
-
-DOCUMENTATION = '''
----
-module: oc_configmap
-short_description: Modify, and idempotently manage openshift configmaps
-description:
-  - Modify openshift configmaps programmatically.
-options:
-  state:
-    description:
-    - State controls the action that will be taken with resource
-    - present - will ensure object is created or updated to the value specified
-    - list - will return a configmap
-    - absent - will remove the configmap
-    required: False
-    default: present
-    choices: ["present", 'absent', 'list']
-    aliases: []
-  kubeconfig:
-    description:
-    - The path for the kubeconfig file to use for authentication
-    required: false
-    default: /etc/origin/master/admin.kubeconfig
-    aliases: []
-  debug:
-    description:
-    - Turn on debug output.
-    required: false
-    default: False
-    aliases: []
-  name:
-    description:
-    - Name of the object that is being queried.
-    required: True
-    default: None
-    aliases: []
-  namespace:
-    description:
-    - The namespace where the object lives.
-    required: false
-    default: default
-    aliases: []
-  from_file:
-    description:
-    - A dict of key, value pairs representing the configmap key and the value represents the file path.
-    required: false
-    default: None
-    aliases: []
-  from_literal:
-    description:
-    - A dict of key, value pairs representing the configmap key and the value represents the string content
-    required: false
-    default: None
-    aliases: []
-author:
-- "kenny woodson <kwoodson@redhat.com>"
-extends_documentation_fragment: []
-'''
-
-EXAMPLES = '''
-- name: create group
-  oc_configmap:
-    state: present
-    name: testmap
-    from_file:
-      secret: /path/to/secret
-    from_literal:
-      title: systemadmin
-  register: configout
-'''

roles/lib_openshift/src/doc/csr

@@ -1,82 +0,0 @@
-# flake8: noqa
-# pylint: skip-file
-
-DOCUMENTATION = '''
----
-module: oc_adm_csr
-short_description: Module to approve or deny openshift certificate signing requests
-description:
-  - Wrapper around the openshift `oc adm certificate approve|deny <csr>` command.
-options:
-  state:
-    description:
-    - State controls the action that will be taken with resource
-    - approve - create the certificate
-    - deny - remove the certificate
-    - list - return the current representation of a certificate
-    required: false
-    default: approve
-    choices: ["approve", "deny", "list"]
-    aliases: []
-  kubeconfig:
-    description:
-    - The path for the kubeconfig file to use for authentication
-    required: false
-    default: /etc/origin/master/admin.kubeconfig
-    aliases: []
-  debug:
-    description:
-    - Turn on debug output.
-    required: false
-    default: False
-    aliases: []
-  nodes:
-    description:
-    - A list of the names of the nodes in which to accept the certificates
-    required: false
-    default: None
-    aliases: []
-  timeout:
-    description:
-    - This flag allows for a timeout value when approving nodes.
-    required: false
-    default: 30
-    aliases: []
-  timeout:
-    description:
-    - This flag allows for a timeout value when doing node approvals.
-    - A zero value for the timeout will block until the nodes have been accepted
-    required: false
-    default: 30
-    aliases: []
-  approve_all:
-    description:
-    - This flag allows for the module to approve all CSRs that are found.
-    - This facilitates testing.
-    required: false
-    default: False
-    aliases: []
-  service_account:
-    description:
-    - This parameter tells the approval process which service account is being used for the requests
-    required: false
-    default: node-bootstrapper
-    aliases: []
-author:
-- "Kenny Woodson <kwoodson@redhat.com>"
-extends_documentation_fragment: []
-'''
-
-EXAMPLES = '''
-- name: Approve certificates for node xyz
-  oc_adm_scr:
-    nodes:
-    - xyz
-    timeout: 300
-
-- name: Approve certificates for node xyz
-  oc_adm_scr:
-    nodes:
-    - xyz
-    timeout: 0
-'''

roles/lib_openshift/src/doc/edit

@@ -1,122 +0,0 @@
-# flake8: noqa
-# pylint: skip-file
-
-DOCUMENTATION = '''
----
-module: oc_edit
-short_description: Modify, and idempotently manage openshift objects.
-description:
-  - Modify openshift objects programmatically.
-options:
-  state:
-    description:
-    - Currently present is only supported state.
-    required: true
-    default: present
-    choices: ["present"]
-    aliases: []
-  kubeconfig:
-    description:
-    - The path for the kubeconfig file to use for authentication
-    required: false
-    default: /etc/origin/master/admin.kubeconfig
-    aliases: []
-  debug:
-    description:
-    - Turn on debug output.
-    required: false
-    default: False
-    aliases: []
-  name:
-    description:
-    - Name of the object that is being queried.
-    required: false
-    default: None
-    aliases: []
-  namespace:
-    description:
-    - The namespace where the object lives.
-    required: false
-    default: str
-    aliases: []
-  kind:
-    description:
-    - The kind attribute of the object.
-    required: True
-    default: None
-    choices:
-    - bc
-    - buildconfig
-    - configmaps
-    - dc
-    - deploymentconfig
-    - imagestream
-    - imagestreamtag
-    - is
-    - istag
-    - namespace
-    - project
-    - projects
-    - node
-    - ns
-    - persistentvolume
-    - pv
-    - rc
-    - replicationcontroller
-    - routes
-    - scc
-    - secret
-    - securitycontextconstraints
-    - service
-    - svc
-    aliases: []
-  file_name:
-    description:
-    - The file name in which to edit
-    required: false
-    default: None
-    aliases: []
-  file_format:
-    description:
-    - The format of the file being edited.
-    required: false
-    default: yaml
-    aliases: []
-  content:
-    description:
-    - Content of the file
-    required: false
-    default: None
-    aliases: []
-  edits:
-    description:
-    - a list of dictionaries with a yedit format for edits
-    required: false
-    default: None
-    aliases: []
-  force:
-    description:
-    - Whether or not to force the operation
-    required: false
-    default: None
-    aliases: []
-  separator:
-    description:
-    - The separator format for the edit.
-    required: false
-    default: '.'
-    aliases: []
-author:
-- "Kenny Woodson <kwoodson@redhat.com>"
-extends_documentation_fragment: []
-'''
-
-EXAMPLES = '''
-oc_edit:
-  kind: rc
-  name: hawkular-cassandra-rc
-  namespace: openshift-infra
-  content:
-    spec.template.spec.containers[0].resources.limits.memory: 512
-    spec.template.spec.containers[0].resources.requests.memory: 256
-'''

roles/lib_openshift/src/doc/env

@@ -1,83 +0,0 @@
-# flake8: noqa
-# pylint: skip-file
-
-DOCUMENTATION = '''
----
-module: oc_env
-short_description: Modify, and idempotently manage openshift environment variables on pods, deploymentconfigs, and replication controllers.
-description:
-  - Modify openshift environment variables programmatically.
-options:
-  state:
-    description:
-    - State controls the action that will be taken with resource
-    - present - will ensure object is created or updated to the value specified
-    - list - will return a list of environment variables
-    - absent - will remove the environment varibale from the object
-    required: False
-    default: present
-    choices: ["present", 'absent', 'list']
-    aliases: []
-  kubeconfig:
-    description:
-    - The path for the kubeconfig file to use for authentication
-    required: false
-    default: /etc/origin/master/admin.kubeconfig
-    aliases: []
-  debug:
-    description:
-    - Turn on debug output.
-    required: false
-    default: False
-    aliases: []
-  name:
-    description:
-    - Name of the object that is being queried.
-    required: false
-    default: None
-    aliases: []
-  namespace:
-    description:
-    - The namespace where the object lives.
-    required: false
-    default: str
-    aliases: []
-  kind:
-    description:
-    - The kind attribute of the object.
-    required: False
-    default: dc
-    choices:
-    - rc
-    - dc
-    - pods
-    aliases: []
-  env_vars:
-    description:
-    - The environment variables to insert.  The format is a dict of value pairs.
-    - e.g. {key1: value1, key2: value2}) 
-    required: False
-    default: None
-    aliases: []
-author:
-- "Kenny Woodson <kwoodson@redhat.com>"
-extends_documentation_fragment: []
-'''
-
-EXAMPLES = '''
-- name: query a list of env vars on dc
-  oc_env:
-    kind: dc
-    name: myawesomedc
-    namespace: phpapp
-
-- name: Set the following variables.
-  oc_env:
-    kind: dc
-    name: myawesomedc
-    namespace: phpapp
-    env_vars:
-      SUPER_TURBO_MODE: 'true'
-      ENABLE_PORTS: 'false'
-      SERVICE_PORT: 9999
-'''