k8s append_hash (#48830)

* Add append_hash functionality to k8s module

append_hash adds a hash based on the contents of a ConfigMap
or Secret to the name - this enables immutable ConfigMaps and
Secrets.

* Provide k8s_config_resource_name plugin

The k8s_config_resource_name filter plugin provides a means of determining
the name of ConfigMaps and Secrets created with append_hash

* Add changelog fragment

* fix failing tests

* Update openshift version needed for append_hash

test/integration/targets/k8s/playbooks/full_test.yml

@@ -3,6 +3,7 @@
   gather_facts: no
   vars:
     ansible_python_interpreter: "{{ ansible_playbook_python }}"
+    playbook_namespace: ansible-test-k8s-full
 
   roles:
     - k8s

test/integration/targets/k8s/playbooks/merge_type_fail.yml

@@ -1,16 +0,0 @@
-- hosts: localhost
-  connection: local
-  gather_facts: no
-  vars:
-    ansible_python_interpreter: "{{ ansible_playbook_python }}"
-    recreate_crd_default_merge_expectation: recreate_crd is failed
-
-  tasks:
-    - python_requirements_facts:
-        dependencies:
-          - openshift==0.6.0
-          - kubernetes==6.0.0
-
-    - include_role:
-        name: k8s
-        tasks_from: crd

test/integration/targets/k8s/playbooks/older_openshift_fail.yml

@@ -31,7 +31,7 @@
       assert:
         that:
           - k8s_append_hash is failed
-          - "k8s_append_hash.msg == 'openshift >= 0.7.FIXME is required for append_hash'"
+          - "k8s_append_hash.msg == 'openshift >= 0.7.2 is required for append_hash'"
 
     # merge_type
     - include_role:
@@ -58,4 +58,4 @@
       assert:
         that:
           - k8s_validate is failed
-          - "k8s_validate.msg == 'openshift >= 0.7.FIXME is required for validate'"
+          - "k8s_validate.msg == 'openshift >= 0.8.0 is required for validate'"

test/integration/targets/k8s/playbooks/roles/k8s/tasks/append_hash.yml

@@ -0,0 +1,68 @@
+- block:
+    - name: Ensure that append_hash namespace exists
+      k8s:
+        kind: Namespace
+        name: append-hash
+
+    - name: create k8s_resource variable
+      set_fact:
+        k8s_resource:
+          metadata:
+            name: config-map-test
+            namespace: append-hash
+          apiVersion: v1
+          kind: ConfigMap
+          data:
+            hello: world
+
+    - name: Create config map
+      k8s:
+        definition: "{{ k8s_resource }}"
+        append_hash: yes
+      register: k8s_configmap1
+
+    - name: check configmap is created with a hash
+      assert:
+        that:
+          - k8s_configmap1 is changed
+          - k8s_configmap1.result.metadata.name != 'config-map-test'
+          - k8s_configmap1.result.metadata.name[:-10] == 'config-map-test-'
+
+    - name: recreate same config map
+      k8s:
+        definition: "{{ k8s_resource }}"
+        append_hash: yes
+      register: k8s_configmap2
+
+    - name: check configmaps are different
+      assert:
+        that:
+          - k8s_configmap2 is not changed
+          - k8s_configmap1.result.metadata.name == k8s_configmap2.result.metadata.name
+
+    - name: add key to config map
+      k8s:
+        definition:
+          metadata:
+            name: config-map-test
+            namespace: append-hash
+          apiVersion: v1
+          kind: ConfigMap
+          data:
+            hello: world
+            another: value
+        append_hash: yes
+      register: k8s_configmap3
+
+    - name: check configmaps are different
+      assert:
+        that:
+          - k8s_configmap3 is changed
+          - k8s_configmap1.result.metadata.name != k8s_configmap3.result.metadata.name
+
+  always:
+    - name: ensure that namespace is removed
+      k8s:
+        kind: Namespace
+        name: append-hash
+        state: absent

test/integration/targets/k8s/playbooks/roles/k8s/tasks/main.yml

@@ -278,15 +278,16 @@
         - testing5
       register: k8s_facts
 
+
     - name: Resources are terminating if still in results
       assert:
         that: not item.resources or item.resources[0].status.phase == "Terminating"
       loop: "{{ k8s_facts.results }}"
 
     - include_tasks: crd.yml
+    - include_tasks: append_hash.yml
 
   always:
-
     - name: Delete all namespaces
       k8s:
         state: absent

test/integration/targets/k8s/runme.sh

@@ -28,7 +28,7 @@ ansible-playbook -v playbooks/validate_installed.yml "$@"
 virtualenv --system-site-packages --python "${PYTHON}" "${MYTMPDIR}/openshift-0.6.0"
 source "${MYTMPDIR}/openshift-0.6.0/bin/activate"
 $PYTHON -m pip install openshift==0.6.0 kubernetes==6.0.0
-ansible-playbook -v playbooks/merge_type_fail.yml "$@"
+ansible-playbook -v playbooks/older_openshift_fail.yml "$@"
 
 # Run full test suite
 virtualenv --system-site-packages --python "${PYTHON}" "${MYTMPDIR}/openshift-recent"