summaryrefslogtreecommitdiffstats
path: root/roles/lib_openshift/library
diff options
context:
space:
mode:
authorScott Dodson <sdodson@redhat.com>2017-03-06 13:21:25 -0500
committerGitHub <noreply@github.com>2017-03-06 13:21:25 -0500
commit839f19377361bbf562f59e833baf2c0799921402 (patch)
tree8cdf5136ef8c6ac3fc00a8cf3016bab4c35611a7 /roles/lib_openshift/library
parent816df41015439e266f38ad25fb2def223e412b3e (diff)
parent66cc0be1dc9ba371ff8d5b537ea6a6798fe11cae (diff)
downloadopenshift-839f19377361bbf562f59e833baf2c0799921402.tar.gz
openshift-839f19377361bbf562f59e833baf2c0799921402.tar.bz2
openshift-839f19377361bbf562f59e833baf2c0799921402.tar.xz
openshift-839f19377361bbf562f59e833baf2c0799921402.zip
Merge pull request #3535 from enj/enj/f/reserve_ns_module
Add pre-upgrade check for reserved namespaces
Diffstat (limited to 'roles/lib_openshift/library')
-rw-r--r--roles/lib_openshift/library/oc_objectvalidator.py (renamed from roles/lib_openshift/library/oc_sdnvalidator.py)71
1 files changed, 45 insertions, 26 deletions
diff --git a/roles/lib_openshift/library/oc_sdnvalidator.py b/roles/lib_openshift/library/oc_objectvalidator.py
index bc7487b95..f6802a9b3 100644
--- a/roles/lib_openshift/library/oc_sdnvalidator.py
+++ b/roles/lib_openshift/library/oc_objectvalidator.py
@@ -50,14 +50,14 @@ from ansible.module_utils.basic import AnsibleModule
# -*- -*- -*- End included fragment: lib/import.py -*- -*- -*-
-# -*- -*- -*- Begin included fragment: doc/sdnvalidator -*- -*- -*-
+# -*- -*- -*- Begin included fragment: doc/objectvalidator -*- -*- -*-
DOCUMENTATION = '''
---
-module: oc_sdnvalidator
-short_description: Validate SDN objects
+module: oc_objectvalidator
+short_description: Validate OpenShift objects
description:
- - Validate SDN objects
+ - Validate OpenShift objects
options:
kubeconfig:
description:
@@ -71,13 +71,13 @@ extends_documentation_fragment: []
'''
EXAMPLES = '''
-oc_version:
-- name: get oc sdnvalidator
- sdnvalidator:
- register: oc_sdnvalidator
+oc_objectvalidator:
+- name: run oc_objectvalidator
+ oc_objectvalidator:
+ register: oc_objectvalidator
'''
-# -*- -*- -*- End included fragment: doc/sdnvalidator -*- -*- -*-
+# -*- -*- -*- End included fragment: doc/objectvalidator -*- -*- -*-
# -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*-
# pylint: disable=undefined-variable,missing-docstring
@@ -1307,25 +1307,25 @@ class OpenShiftCLIConfig(object):
# -*- -*- -*- End included fragment: lib/base.py -*- -*- -*-
-# -*- -*- -*- Begin included fragment: class/oc_sdnvalidator.py -*- -*- -*-
+# -*- -*- -*- Begin included fragment: class/oc_objectvalidator.py -*- -*- -*-
# pylint: disable=too-many-instance-attributes
-class OCSDNValidator(OpenShiftCLI):
+class OCObjectValidator(OpenShiftCLI):
''' Class to wrap the oc command line tools '''
def __init__(self, kubeconfig):
- ''' Constructor for OCSDNValidator '''
- # namespace has no meaning for SDN validation, hardcode to 'default'
- super(OCSDNValidator, self).__init__('default', kubeconfig)
+ ''' Constructor for OCObjectValidator '''
+ # namespace has no meaning for object validation, hardcode to 'default'
+ super(OCObjectValidator, self).__init__('default', kubeconfig)
- def get(self, kind, invalid_filter):
- ''' return SDN information '''
+ def get_invalid(self, kind, invalid_filter):
+ ''' return invalid object information '''
rval = self._get(kind)
if rval['returncode'] != 0:
return False, rval, []
- return True, rval, filter(invalid_filter, rval['results'][0]['items'])
+ return True, rval, list(filter(invalid_filter, rval['results'][0]['items'])) # wrap filter with list for py3
# pylint: disable=too-many-return-statements
@staticmethod
@@ -1335,10 +1335,24 @@ class OCSDNValidator(OpenShiftCLI):
params comes from the ansible portion of this module
'''
- sdnvalidator = OCSDNValidator(params['kubeconfig'])
+ objectvalidator = OCObjectValidator(params['kubeconfig'])
all_invalid = {}
failed = False
+ def _is_invalid_namespace(namespace):
+ # check if it uses a reserved name
+ name = namespace['metadata']['name']
+ if not any((name == 'kube',
+ name == 'openshift',
+ name.startswith('kube-'),
+ name.startswith('openshift-'),)):
+ return False
+
+ # determine if the namespace was created by a user
+ if 'annotations' not in namespace['metadata']:
+ return False
+ return 'openshift.io/requester' in namespace['metadata']['annotations']
+
checks = (
(
'hostsubnet',
@@ -1350,10 +1364,15 @@ class OCSDNValidator(OpenShiftCLI):
lambda x: x['metadata']['name'] != x['netname'],
u'netnamespaces where metadata.name != netname',
),
+ (
+ 'namespace',
+ _is_invalid_namespace,
+ u'namespaces that use reserved names and were not created by infrastructure components',
+ ),
)
for resource, invalid_filter, invalid_msg in checks:
- success, rval, invalid = sdnvalidator.get(resource, invalid_filter)
+ success, rval, invalid = objectvalidator.get_invalid(resource, invalid_filter)
if not success:
return {'failed': True, 'msg': 'Failed to GET {}.'.format(resource), 'state': 'list', 'results': rval}
if invalid:
@@ -1361,17 +1380,17 @@ class OCSDNValidator(OpenShiftCLI):
all_invalid[invalid_msg] = invalid
if failed:
- return {'failed': True, 'msg': 'All SDN objects are not valid.', 'state': 'list', 'results': all_invalid}
+ return {'failed': True, 'msg': 'All objects are not valid.', 'state': 'list', 'results': all_invalid}
- return {'msg': 'All SDN objects are valid.'}
+ return {'msg': 'All objects are valid.'}
-# -*- -*- -*- End included fragment: class/oc_sdnvalidator.py -*- -*- -*-
+# -*- -*- -*- End included fragment: class/oc_objectvalidator.py -*- -*- -*-
-# -*- -*- -*- Begin included fragment: ansible/oc_sdnvalidator.py -*- -*- -*-
+# -*- -*- -*- Begin included fragment: ansible/oc_objectvalidator.py -*- -*- -*-
def main():
'''
- ansible oc module for validating OpenShift SDN objects
+ ansible oc module for validating OpenShift objects
'''
module = AnsibleModule(
@@ -1382,7 +1401,7 @@ def main():
)
- rval = OCSDNValidator.run_ansible(module.params)
+ rval = OCObjectValidator.run_ansible(module.params)
if 'failed' in rval:
module.fail_json(**rval)
@@ -1391,4 +1410,4 @@ def main():
if __name__ == '__main__':
main()
-# -*- -*- -*- End included fragment: ansible/oc_sdnvalidator.py -*- -*- -*-
+# -*- -*- -*- End included fragment: ansible/oc_objectvalidator.py -*- -*- -*-