Code review updates + Support in-memory kubeconfig for kubectl connec…

…tion plugin
ansible-collections · Sep 5, 2022 · 8d40c99 · 8d40c99
1 parent 86ce713
commit 8d40c99
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 10 deletions.
diff --git a/plugins/connection/kubectl.py b/plugins/connection/kubectl.py
@@ -75,6 +75,7 @@
       kubectl_kubeconfig:
         description:
           - Path to a kubectl config file. Defaults to I(~/.kube/config)
+          - The configuration can be provided as dictionary. Added in version 2.4.0.
         default: ''
         vars:
           - name: ansible_kubectl_kubeconfig
@@ -175,6 +176,8 @@
 import os.path
 import shutil
 import subprocess
+import tempfile
+import json
 
 from ansible.parsing.yaml.loader import AnsibleLoader
 from ansible.errors import AnsibleError, AnsibleFileNotFound
@@ -222,6 +225,12 @@ def __init__(self, play_context, new_stdin, *args, **kwargs):
         self.transport_cmd = kwargs.get(cmd_arg, shutil.which(self.transport))
         if not self.transport_cmd:
             raise AnsibleError("{0} command not found in PATH".format(self.transport))
+        self._file_to_delete = None
+
+    def delete_temporary_file(self):
+        if self._file_to_delete is not None:
+            os.remove(self._file_to_delete)
+            self._file_to_delete = None
 
     def _build_exec_cmd(self, cmd):
         """Build the local kubectl exec command to run cmd on remote_host"""
@@ -244,6 +253,18 @@ def _build_exec_cmd(self, cmd):
                         self.connection_options[key], str(skip_verify_ssl).lower()
                     )
                 )
+            elif key.endswith("kubeconfig") and self.get_option(key) != "":
+                kubeconfig_path = self.get_option(key)
+                if isinstance(kubeconfig_path, dict):
+                    fd, tmpfile = tempfile.mkstemp()
+                    with os.fdopen(fd, "w") as fp:
+                        json.dump(kubeconfig_path, fp)
+                    kubeconfig_path = tmpfile
+                    self._file_to_delete = tmpfile
+
+                cmd_arg = self.connection_options[key]
+                local_cmd += [cmd_arg, kubeconfig_path]
+                censored_local_cmd += [cmd_arg, kubeconfig_path]
             elif (
                 not key.endswith("container")
                 and self.get_option(key)
@@ -311,6 +332,7 @@ def exec_command(self, cmd, in_data=None, sudoable=False):
         )
 
         stdout, stderr = p.communicate(in_data)
+        self.delete_temporary_file()
         return (p.returncode, stdout, stderr)
 
     def _prefix_login_path(self, remote_path):
@@ -363,6 +385,7 @@ def put_file(self, in_path, out_path):
                     "kubectl connection requires dd command in the container to put files"
                 )
             stdout, stderr = p.communicate()
+            self.delete_temporary_file()
 
             if p.returncode != 0:
                 raise AnsibleError(
@@ -401,6 +424,7 @@ def fetch_file(self, in_path, out_path):
                     )
                 )
             stdout, stderr = p.communicate()
+            self.delete_temporary_file()
 
             if p.returncode != 0:
                 raise AnsibleError(

diff --git a/plugins/modules/helm.py b/plugins/modules/helm.py
@@ -360,7 +360,6 @@
 )
 from ansible_collections.kubernetes.core.plugins.module_utils.helm_args_common import (
     HELM_AUTH_ARG_SPEC,
-    HELM_AUTH_MUTUALLY_EXCLUSIVE,
 )
 
 
@@ -650,13 +649,6 @@ def argument_spec():
     return arg_spec
 
 
-def mutually_exclusive():
-    mutual_ex = copy.deepcopy(HELM_AUTH_MUTUALLY_EXCLUSIVE)
-    mutual_ex.append(("replace", "history_max"))
-    mutual_ex.append(("wait_timeout", "timeout"))
-    return mutual_ex
-
-
 def main():
     global module
     module = AnsibleModule(
@@ -665,7 +657,12 @@ def main():
             ("release_state", "present", ["release_name", "chart_ref"]),
             ("release_state", "absent", ["release_name"]),
         ],
-        mutually_exclusive=mutually_exclusive(),
+        mutually_exclusive=[
+            ("context", "ca_cert"),
+            ("kubeconfig", "ca_cert"),
+            ("replace", "history_max"),
+            ("wait_timeout", "timeout"),
+        ],
         supports_check_mode=True,
     )
 

diff --git a/plugins/modules/helm_plugin.py b/plugins/modules/helm_plugin.py
@@ -145,6 +145,12 @@ def argument_spec():
     return arg_spec
 
 
+def mutually_exclusive():
+    mutually_ex = copy.deepcopy(HELM_AUTH_MUTUALLY_EXCLUSIVE)
+    mutually_ex.append(("plugin_name", "plugin_path"))
+    return mutually_ex
+
+
 def main():
     module = AnsibleModule(
         argument_spec=argument_spec(),
@@ -154,7 +160,7 @@ def main():
             ("state", "absent", ("plugin_name",)),
             ("state", "latest", ("plugin_name",)),
         ],
-        mutually_exclusive=HELM_AUTH_MUTUALLY_EXCLUSIVE,
+        mutually_exclusive=mutually_exclusive(),
     )
 
     state = module.params.get("state")