shixiong
/
okd


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164
							# pylint: skip-file
# flake8: noqa

# pylint: disable=too-many-instance-attributes
class OCServiceAccount(OpenShiftCLI):
    ''' Class to wrap the oc command line tools '''
    kind = 'sa'

    # pylint allows 5
    # pylint: disable=too-many-arguments
    def __init__(self,
                 config,
                 verbose=False):
        ''' Constructor for OCVolume '''
        super(OCServiceAccount, self).__init__(config.namespace, kubeconfig=config.kubeconfig, verbose=verbose)
        self.config = config
        self.service_account = None

    def exists(self):
        ''' return whether a volume exists '''
        if self.service_account:
            return True

        return False

    def get(self):
        '''return volume information '''
        result = self._get(self.kind, self.config.name)
        if result['returncode'] == 0:
            self.service_account = ServiceAccount(content=result['results'][0])
        elif '\"%s\" not found' % self.config.name in result['stderr']:
            result['returncode'] = 0
            result['results'] = [{}]

        return result

    def delete(self):
        '''delete the object'''
        return self._delete(self.kind, self.config.name)

    def create(self):
        '''create the object'''
        return self._create_from_content(self.config.name, self.config.data)

    def update(self):
        '''update the object'''
        # need to update the tls information and the service name
        for secret in self.config.secrets:
            result = self.service_account.find_secret(secret)
            if not result:
                self.service_account.add_secret(secret)

        for secret in self.config.image_pull_secrets:
            result = self.service_account.find_image_pull_secret(secret)
            if not result:
                self.service_account.add_image_pull_secret(secret)

        return self._replace_content(self.kind, self.config.name, self.config.data)

    def needs_update(self):
        ''' verify an update is needed '''
        # since creating an service account generates secrets and imagepullsecrets
        # check_def_equal will not work
        # Instead, verify all secrets passed are in the list
        for secret in self.config.secrets:
            result = self.service_account.find_secret(secret)
            if not result:
                return True

        for secret in self.config.image_pull_secrets:
            result = self.service_account.find_image_pull_secret(secret)
            if not result:
                return True

        return False

    @staticmethod
    # pylint: disable=too-many-return-statements,too-many-branches
    # TODO: This function should be refactored into its individual parts.
    def run_ansible(params, check_mode):
        '''run the ansible idempotent code'''

        rconfig = ServiceAccountConfig(params['name'],
                                       params['namespace'],
                                       params['kubeconfig'],
                                       params['secrets'],
                                       params['image_pull_secrets'],
                                      )

        oc_sa = OCServiceAccount(rconfig,
                                 verbose=params['debug'])

        state = params['state']

        api_rval = oc_sa.get()

        #####
        # Get
        #####
        if state == 'list':
            return {'changed': False, 'results': api_rval['results'], 'state': 'list'}

        ########
        # Delete
        ########
        if state == 'absent':
            if oc_sa.exists():

                if check_mode:
                    return {'changed': True, 'msg': 'Would have performed a delete.'}

                api_rval = oc_sa.delete()

                return {'changed': True, 'results': api_rval, 'state': 'absent'}

            return {'changed': False, 'state': 'absent'}

        if state == 'present':
            ########
            # Create
            ########
            if not oc_sa.exists():

                if check_mode:
                    return {'changed': True, 'msg': 'Would have performed a create.'}

                # Create it here
                api_rval = oc_sa.create()

                if api_rval['returncode'] != 0:
                    return {'failed': True, 'msg': api_rval}

                # return the created object
                api_rval = oc_sa.get()

                if api_rval['returncode'] != 0:
                    return {'failed': True, 'msg': api_rval}

                return {'changed': True, 'results': api_rval, 'state': 'present'}

            ########
            # Update
            ########
            if oc_sa.needs_update():
                api_rval = oc_sa.update()

                if api_rval['returncode'] != 0:
                    return {'failed': True, 'msg': api_rval}

                # return the created object
                api_rval = oc_sa.get()

                if api_rval['returncode'] != 0:
                    return {'failed': True, 'msg': api_rval}

                return {'changed': True, 'results': api_rval, 'state': 'present'}

            return {'changed': False, 'results': api_rval, 'state': 'present'}


        return {'failed': True,
                'changed': False,
                'msg': 'Unknown state passed. %s' % state,
                'state': 'unknown'}