From 6473004b66fc3ae3b185e38b0d167307a6497d1a Mon Sep 17 00:00:00 2001
From: Kenny Woodson <kwoodson@redhat.com>
Date: Mon, 10 Apr 2017 16:06:21 -0400
Subject: Adding module calls instead of command for idempotency.

---
 roles/lib_openshift/library/oc_adm_policy_user.py   |  2 +-
 roles/lib_openshift/library/oc_clusterrole.py       | 14 +++++++++-----
 roles/lib_openshift/src/class/oc_adm_policy_user.py |  2 +-
 roles/lib_openshift/src/class/oc_clusterrole.py     |  6 +++++-
 roles/lib_openshift/src/lib/rule.py                 |  8 ++++----
 5 files changed, 20 insertions(+), 12 deletions(-)

(limited to 'roles/lib_openshift')

diff --git a/roles/lib_openshift/library/oc_adm_policy_user.py b/roles/lib_openshift/library/oc_adm_policy_user.py
index 5f7e4b8fa..09b0561a7 100644
--- a/roles/lib_openshift/library/oc_adm_policy_user.py
+++ b/roles/lib_openshift/library/oc_adm_policy_user.py
@@ -1960,7 +1960,7 @@ class PolicyUser(OpenShiftCLI):
     @property
     def policybindings(self):
         if self._policy_bindings is None:
-            results = self._get('clusterpolicybindings', None)
+            results = self._get('policybindings', None)
             if results['returncode'] != 0:
                 raise OpenShiftCLIError('Could not retrieve policybindings')
             self._policy_bindings = results['results'][0]['items'][0]
diff --git a/roles/lib_openshift/library/oc_clusterrole.py b/roles/lib_openshift/library/oc_clusterrole.py
index a34ce351e..e2cbcfb81 100644
--- a/roles/lib_openshift/library/oc_clusterrole.py
+++ b/roles/lib_openshift/library/oc_clusterrole.py
@@ -1531,10 +1531,10 @@ class Rule(object):
 
         results = []
         for rule in inc_rules:
-            results.append(Rule(rule['apiGroups'],
-                                rule['attributeRestrictions'],
-                                rule['resources'],
-                                rule['verbs']))
+            results.append(Rule(rule.get('apiGroups', ['']),
+                                rule.get('attributeRestrictions', None),
+                                rule.get('resources', []),
+                                rule.get('verbs', [])))
 
         return results
 
@@ -1633,7 +1633,7 @@ class OCClusterRole(OpenShiftCLI):
     @property
     def clusterrole(self):
         ''' property for clusterrole'''
-        if not self._clusterrole:
+        if self._clusterrole is None:
             self.get()
         return self._clusterrole
 
@@ -1669,6 +1669,7 @@ class OCClusterRole(OpenShiftCLI):
 
         elif 'clusterrole "{}" not found'.format(self.name) in result['stderr']:
             result['returncode'] = 0
+            self.clusterrole = None
 
         return result
 
@@ -1738,6 +1739,9 @@ class OCClusterRole(OpenShiftCLI):
                 # Create it here
                 api_rval = oc_clusterrole.create()
 
+                if api_rval['returncode'] != 0:
+                    return {'failed': True, 'msg': api_rval}
+
                 # return the created object
                 api_rval = oc_clusterrole.get()
 
diff --git a/roles/lib_openshift/src/class/oc_adm_policy_user.py b/roles/lib_openshift/src/class/oc_adm_policy_user.py
index 88fcc1ddc..37a685ebb 100644
--- a/roles/lib_openshift/src/class/oc_adm_policy_user.py
+++ b/roles/lib_openshift/src/class/oc_adm_policy_user.py
@@ -46,7 +46,7 @@ class PolicyUser(OpenShiftCLI):
     @property
     def policybindings(self):
         if self._policy_bindings is None:
-            results = self._get('clusterpolicybindings', None)
+            results = self._get('policybindings', None)
             if results['returncode'] != 0:
                 raise OpenShiftCLIError('Could not retrieve policybindings')
             self._policy_bindings = results['results'][0]['items'][0]
diff --git a/roles/lib_openshift/src/class/oc_clusterrole.py b/roles/lib_openshift/src/class/oc_clusterrole.py
index 1d3d977db..ae6795446 100644
--- a/roles/lib_openshift/src/class/oc_clusterrole.py
+++ b/roles/lib_openshift/src/class/oc_clusterrole.py
@@ -22,7 +22,7 @@ class OCClusterRole(OpenShiftCLI):
     @property
     def clusterrole(self):
         ''' property for clusterrole'''
-        if not self._clusterrole:
+        if self._clusterrole is None:
             self.get()
         return self._clusterrole
 
@@ -58,6 +58,7 @@ class OCClusterRole(OpenShiftCLI):
 
         elif 'clusterrole "{}" not found'.format(self.name) in result['stderr']:
             result['returncode'] = 0
+            self.clusterrole = None
 
         return result
 
@@ -127,6 +128,9 @@ class OCClusterRole(OpenShiftCLI):
                 # Create it here
                 api_rval = oc_clusterrole.create()
 
+                if api_rval['returncode'] != 0:
+                    return {'failed': True, 'msg': api_rval}
+
                 # return the created object
                 api_rval = oc_clusterrole.get()
 
diff --git a/roles/lib_openshift/src/lib/rule.py b/roles/lib_openshift/src/lib/rule.py
index 4590dcf90..fe5ed9723 100644
--- a/roles/lib_openshift/src/lib/rule.py
+++ b/roles/lib_openshift/src/lib/rule.py
@@ -136,9 +136,9 @@ class Rule(object):
 
         results = []
         for rule in inc_rules:
-            results.append(Rule(rule['apiGroups'],
-                                rule['attributeRestrictions'],
-                                rule['resources'],
-                                rule['verbs']))
+            results.append(Rule(rule.get('apiGroups', ['']),
+                                rule.get('attributeRestrictions', None),
+                                rule.get('resources', []),
+                                rule.get('verbs', [])))
 
         return results
-- 
cgit v1.2.3