mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-22 12:50:22 -07:00
Provide Kubernetes resource validation to k8s module (#43352)
* Provide Kubernetes resource validation to k8s module
Use kubernetes-validate to validate Kubernetes resource
definitions against the published schema
* Additional tests for kubernetes-validate
* Improve k8s error messages on exceptions
Parse the response body for the message rather than returning
a JSON blob
If we've validated and there are warnings, return those too - they
can be more helpful
```
"msg": "Failed to patch object: {\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},
\"status\":\"Failure\",\"message\":\"[pos 334]: json: decNum: got first char 'h'\",\"code\":500}\n",
```
vs
```
"msg": "Failed to patch object: [pos 334]: json: decNum: got first char 'h'\nresource
validation error at spec.replicas: 'hello' is not of type u'integer'",
```
* Update versions used
In particular openshift/origin:3.9.0
* Add changelog for k8s validate change
This commit is contained in:
Will Thames
John R Barker
parent
ae0054a79e
commit
aaf29c785f
11 changed files with 355 additions and 22 deletions
|
|
@ -20,6 +20,7 @@ from __future__ import absolute_import, division, print_function
|
|||
|
||||
import copy
|
||||
from datetime import datetime
|
||||
from distutils.version import LooseVersion
|
||||
import time
|
||||
import sys
|
||||
|
||||
|
|
@ -31,14 +32,28 @@ from ansible.module_utils.common.dict_transformations import dict_merge
|
|||
|
||||
try:
|
||||
import yaml
|
||||
from openshift.dynamic.exceptions import DynamicApiError, NotFoundError, ConflictError, ForbiddenError
|
||||
from openshift.dynamic.exceptions import DynamicApiError, NotFoundError, ConflictError, ForbiddenError, KubernetesValidateMissing
|
||||
except ImportError:
|
||||
# Exceptions handled in common
|
||||
pass
|
||||
|
||||
try:
|
||||
import kubernetes_validate
|
||||
HAS_KUBERNETES_VALIDATE = True
|
||||
except ImportError:
|
||||
HAS_KUBERNETES_VALIDATE = False
|
||||
|
||||
|
||||
class KubernetesRawModule(KubernetesAnsibleModule):
|
||||
|
||||
@property
|
||||
def validate_spec(self):
|
||||
return dict(
|
||||
fail_on_error=dict(type='bool'),
|
||||
version=dict(),
|
||||
strict=dict(type='bool', default=True)
|
||||
)
|
||||
|
||||
@property
|
||||
def argspec(self):
|
||||
argument_spec = copy.deepcopy(COMMON_ARG_SPEC)
|
||||
|
|
@ -46,6 +61,7 @@ class KubernetesRawModule(KubernetesAnsibleModule):
|
|||
argument_spec['merge_type'] = dict(type='list', choices=['json', 'merge', 'strategic-merge'])
|
||||
argument_spec['wait'] = dict(type='bool', default=False)
|
||||
argument_spec['wait_timeout'] = dict(type='int', default=120)
|
||||
argument_spec['validate'] = dict(type='dict', default=None, options=self.validate_spec)
|
||||
return argument_spec
|
||||
|
||||
def __init__(self, *args, **kwargs):
|
||||
|
|
@ -59,12 +75,17 @@ class KubernetesRawModule(KubernetesAnsibleModule):
|
|||
mutually_exclusive=mutually_exclusive,
|
||||
supports_check_mode=True,
|
||||
**kwargs)
|
||||
|
||||
self.kind = self.params.pop('kind')
|
||||
self.api_version = self.params.pop('api_version')
|
||||
self.name = self.params.pop('name')
|
||||
self.namespace = self.params.pop('namespace')
|
||||
resource_definition = self.params.pop('resource_definition')
|
||||
self.kind = self.params.get('kind')
|
||||
self.api_version = self.params.get('api_version')
|
||||
self.name = self.params.get('name')
|
||||
self.namespace = self.params.get('namespace')
|
||||
resource_definition = self.params.get('resource_definition')
|
||||
if self.params['validate']:
|
||||
if LooseVersion(self.openshift_version) < LooseVersion("0.8.0"):
|
||||
self.fail_json(msg="openshift >= 0.8.0 is required for validate")
|
||||
if self.params['merge_type']:
|
||||
if LooseVersion(self.openshift_version) < LooseVersion("0.6.2"):
|
||||
self.fail_json(msg="openshift >= 0.6.2 is required for merge_type")
|
||||
if resource_definition:
|
||||
if isinstance(resource_definition, string_types):
|
||||
try:
|
||||
|
|
@ -101,7 +122,11 @@ class KubernetesRawModule(KubernetesAnsibleModule):
|
|||
api_version = definition.get('apiVersion', self.api_version)
|
||||
resource = self.find_resource(search_kind, api_version, fail=True)
|
||||
definition = self.set_defaults(resource, definition)
|
||||
self.warnings = []
|
||||
if self.params['validate'] is not None:
|
||||
self.warnings = self.validate(definition)
|
||||
result = self.perform_action(resource, definition)
|
||||
result['warnings'] = self.warnings
|
||||
changed = changed or result['changed']
|
||||
results.append(result)
|
||||
|
||||
|
|
@ -115,6 +140,17 @@ class KubernetesRawModule(KubernetesAnsibleModule):
|
|||
}
|
||||
})
|
||||
|
||||
def validate(self, resource):
|
||||
try:
|
||||
warnings, errors = self.client.validate(resource, self.params['validate'].get('version'), self.params['validate'].get('strict'))
|
||||
except KubernetesValidateMissing:
|
||||
self.fail_json(msg="kubernetes-validate python library is required to validate resources")
|
||||
|
||||
if errors and self.params['validate']['fail_on_error']:
|
||||
self.fail_json(msg="\n".join(errors))
|
||||
else:
|
||||
return warnings + errors
|
||||
|
||||
def set_defaults(self, resource, definition):
|
||||
definition['kind'] = resource.kind
|
||||
definition['apiVersion'] = resource.group_version
|
||||
|
|
@ -198,8 +234,10 @@ class KubernetesRawModule(KubernetesAnsibleModule):
|
|||
if the resource you are creating does not directly create a resource of the same kind.".format(name))
|
||||
return result
|
||||
except DynamicApiError as exc:
|
||||
self.fail_json(msg="Failed to create object: {0}".format(exc.body),
|
||||
error=exc.status, status=exc.status, reason=exc.reason, definition=definition)
|
||||
msg = "Failed to create object: {0}".format(exc.body)
|
||||
if self.warnings:
|
||||
msg += "\n" + "\n ".join(self.warnings)
|
||||
self.fail_json(msg=msg, error=exc.status, status=exc.status, reason=exc.reason)
|
||||
success = True
|
||||
result['result'] = k8s_obj
|
||||
if wait:
|
||||
|
|
@ -220,8 +258,11 @@ class KubernetesRawModule(KubernetesAnsibleModule):
|
|||
try:
|
||||
k8s_obj = resource.replace(definition, name=name, namespace=namespace).to_dict()
|
||||
except DynamicApiError as exc:
|
||||
self.fail_json(msg="Failed to replace object: {0}".format(exc.body),
|
||||
error=exc.status, status=exc.status, reason=exc.reason)
|
||||
msg = "Failed to replace object: {0}".format(exc.body)
|
||||
if self.warnings:
|
||||
msg += "\n" + "\n ".join(self.warnings)
|
||||
self.fail_json(msg=msg, error=exc.status, status=exc.status, reason=exc.reason)
|
||||
match, diffs = self.diff_objects(existing.to_dict(), k8s_obj)
|
||||
success = True
|
||||
result['result'] = k8s_obj
|
||||
if wait:
|
||||
|
|
@ -238,13 +279,9 @@ class KubernetesRawModule(KubernetesAnsibleModule):
|
|||
if self.check_mode:
|
||||
k8s_obj = dict_merge(existing.to_dict(), definition)
|
||||
else:
|
||||
from distutils.version import LooseVersion
|
||||
if LooseVersion(self.openshift_version) < LooseVersion("0.6.2"):
|
||||
if self.params['merge_type']:
|
||||
self.fail_json(msg="openshift >= 0.6.2 is required for merge_type")
|
||||
else:
|
||||
k8s_obj, error = self.patch_resource(resource, definition, existing, name,
|
||||
namespace)
|
||||
k8s_obj, error = self.patch_resource(resource, definition, existing, name,
|
||||
namespace)
|
||||
else:
|
||||
for merge_type in self.params['merge_type'] or ['strategic-merge', 'merge']:
|
||||
k8s_obj, error = self.patch_resource(resource, definition, existing, name,
|
||||
|
|
@ -278,8 +315,10 @@ class KubernetesRawModule(KubernetesAnsibleModule):
|
|||
error = {}
|
||||
return k8s_obj, {}
|
||||
except DynamicApiError as exc:
|
||||
error = dict(msg="Failed to patch object: {0}".format(exc.body),
|
||||
error=exc.status, status=exc.status, reason=exc.reason)
|
||||
msg = "Failed to patch object: {0}".format(exc.body)
|
||||
if self.warnings:
|
||||
msg += "\n" + "\n ".join(self.warnings)
|
||||
error = dict(msg=msg, error=exc.status, status=exc.status, reason=exc.reason, warnings=self.warnings)
|
||||
return None, error
|
||||
|
||||
def create_project_request(self, definition):
|
||||
|
|
|
|||
|
|
@ -73,6 +73,22 @@ options:
|
|||
- How long in seconds to wait for the resource to end up in the desired state. Ignored if C(wait) is not set.
|
||||
default: 120
|
||||
version_added: "2.8"
|
||||
validate:
|
||||
description:
|
||||
- how (if at all) to validate the resource definition against the kubernetes schema.
|
||||
Requires the kubernetes-validate python module
|
||||
suboptions:
|
||||
fail_on_error:
|
||||
description: whether to fail on validation errors.
|
||||
required: yes
|
||||
type: bool
|
||||
version:
|
||||
description: version of Kubernetes to validate against. defaults to Kubernetes server version
|
||||
strict:
|
||||
description: whether to fail when passing unexpected properties
|
||||
default: no
|
||||
type: bool
|
||||
version_added: "2.8"
|
||||
|
||||
requirements:
|
||||
- "python >= 2.7"
|
||||
|
|
@ -141,6 +157,21 @@ EXAMPLES = '''
|
|||
k8s:
|
||||
state: present
|
||||
definition: "{{ lookup('template', '/testing/deployment.yml') }}"
|
||||
|
||||
- name: fail on validation errors
|
||||
k8s:
|
||||
state: present
|
||||
definition: "{{ lookup('template', '/testing/deployment.yml') }}"
|
||||
validate:
|
||||
fail_on_error: yes
|
||||
|
||||
- name: warn on validation errors, check for unexpected properties
|
||||
k8s:
|
||||
state: present
|
||||
definition: "{{ lookup('template', '/testing/deployment.yml') }}"
|
||||
validate:
|
||||
fail_on_error: no
|
||||
strict: yes
|
||||
'''
|
||||
|
||||
RETURN = '''
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue