Adding oadm_ca to lib_openshift.

1 files changed, 110 insertions, 0 deletions

diff --git a/roles/lib_openshift/src/class/oadm_certificate_authority.py b/roles/lib_openshift/src/class/oadm_certificate_authority.py
new file mode 100644
index 000000000..34bd0f0a9
--- /dev/null
+++ b/roles/lib_openshift/src/class/oadm_certificate_authority.py
@@ -0,0 +1,110 @@
+# pylint: skip-file
+
+class CertificateAuthorityConfig(OpenShiftCLIConfig):
+    ''' CertificateAuthorityConfig is a DTO for the oadm ca command '''
+    def __init__(self, cmd, kubeconfig, verbose, ca_options):
+        super(CertificateAuthorityConfig, self).__init__('ca', None, kubeconfig, ca_options)
+        self.cmd = cmd
+        self.kubeconfig = kubeconfig
+        self.verbose = verbose
+        self._ca = ca_options
+
+class CertificateAuthority(OpenShiftCLI):
+    ''' Class to wrap the oc command line tools '''
+    def __init__(self,
+                 config,
+                 verbose=False):
+        ''' Constructor for oadm ca '''
+        super(CertificateAuthority, self).__init__(None, config.kubeconfig, verbose)
+        self.config = config
+        self.verbose = verbose
+
+    def get(self):
+        '''get the current cert file
+
+           If a file exists by the same name in the specified location then the cert exists
+        '''
+        cert = self.config.config_options['cert']['value']
+        if cert and os.path.exists(cert):
+            return open(cert).read()
+
+        return None
+
+    def create(self):
+        '''Create a deploymentconfig '''
+        options = self.config.to_option_list()
+
+        cmd = ['ca']
+        cmd.append(self.config.cmd)
+        cmd.extend(options)
+
+        return self.openshift_cmd(cmd, oadm=True)
+
+    def exists(self):
+        ''' check whether the certificate exists and has the clusterIP '''
+
+        cert_path = self.config.config_options['cert']['value']
+        if not os.path.exists(cert_path):
+            return False
+
+        proc = subprocess.Popen(['openssl', 'x509', '-noout', '-subject', '-in', cert_path],
+                                stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        stdout, stderr = proc.communicate()
+        if proc.returncode == 0:
+            for var in self.config.config_options['hostnames']['value'].split(','):
+                if var in stdout:
+                    return True
+
+        return False
+
+    @staticmethod
+    def run_ansible(params, check_mode):
+        '''run the idempotent ansible code'''
+
+        config = CertificateAuthorityConfig(params['cmd'],
+                                            params['kubeconfig'],
+                                            params['debug'],
+                                            {'cert_dir':      {'value': params['cert_dir'], 'include': True},
+                                             'cert':          {'value': params['cert'], 'include': True},
+                                             'hostnames':     {'value': ','.join(params['hostnames']), 'include': True},
+                                             'master':        {'value': params['master'], 'include': True},
+                                             'public_master': {'value': params['public_master'], 'include': True},
+                                             'overwrite':     {'value': params['overwrite'], 'include': True},
+                                             'signer_name':   {'value': params['signer_name'], 'include': True},
+                                             'private_key':   {'value': params['private_key'], 'include': True},
+                                             'public_key':    {'value': params['public_key'], 'include': True},
+                                             'key':           {'value': params['key'], 'include': True},
+                                             'signer_cert':   {'value': params['signer_cert'], 'include': True},
+                                             'signer_key':    {'value': params['signer_key'], 'include': True},
+                                             'signer_serial': {'value': params['signer_serial'], 'include': True},
+                                            })
+
+
+        oadm_ca = CertificateAuthority(config)
+
+        state = params['state']
+
+        if state == 'present':
+            ########
+            # Create
+            ########
+            if not oadm_ca.exists() or params['overwrite']:
+
+                if check_mode:
+                    return {'changed': True,
+                            'msg': "CHECK_MODE: Would have created the certificate.",
+                            'state': state}
+
+                api_rval = oadm_ca.create()
+
+                return {'changed': True, 'results': api_rval, 'state': state}
+
+            ########
+            # Exists
+            ########
+            api_rval = oadm_ca.get()
+            return {'changed': False, 'results': api_rval, 'state': state}
+
+        return {'failed': True,
+                'msg': 'Unknown state passed. %s' % state}
+