ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ceph_key: refact the code and minor fixes 

This commit refactors the code to remove a duplicate condition and it
makes the `state: absent` code idempotent

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 13e2311cbe)
pull/5706/head
Guillaume Abrioux 2020-08-04 13:53:24 +02:00
parent f22078b16d
commit 2cc7ed21f0
1 changed files with 48 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
library/ceph_key.py
View File

@ -536,7 +536,6 @@ def run_module():
if module.check_mode: if module.check_mode:
return result return result
startd = datetime.datetime.now() startd = datetime.datetime.now()
# will return either the image name or None # will return either the image name or None
@ -545,10 +544,16 @@ def run_module():
# Test if the key exists, if it does we skip its creation # Test if the key exists, if it does we skip its creation
# We only want to run this check when a key needs to be added # We only want to run this check when a key needs to be added
# There is no guarantee that any cluster is running and we don't need one # There is no guarantee that any cluster is running and we don't need one
key_exist = 1
_secret = secret _secret = secret
_caps = caps _caps = caps
if (state in ["present", "update", "info"]): key_exist = 1
user = "client.admin"
keyring_filename = cluster + '.' + user + '.keyring'
user_key = os.path.join("/etc/ceph/", keyring_filename)
output_format = "json"
if (state in ["present", "update"]):
# if dest is not a directory, the user wants to change the file's name # if dest is not a directory, the user wants to change the file's name
# (e,g: /etc/ceph/ceph.mgr.ceph-mon2.keyring) # (e,g: /etc/ceph/ceph.mgr.ceph-mon2.keyring)
if not os.path.isdir(dest): if not os.path.isdir(dest):
@ -564,51 +569,41 @@ def run_module():
file_args['path'] = file_path file_args['path'] = file_path
if state != 'info': if import_key:
if import_key: _info_key = []
user = "client.admin" rc, cmd, out, err = exec_commands(
user_key = os.path.join( module, info_key(cluster, name, user, user_key, output_format, container_image)) # noqa E501
"/etc/ceph/" + cluster + ".client.admin.keyring") key_exist = rc
output_format = "json" if not caps and key_exist != 0:
_info_key = [] fatal("Capabilities must be provided when state is 'present'", module) # noqa E501
rc, cmd, out, err = exec_commands( if key_exist != 0 and secret is None and caps is None:
module, info_key(cluster, name, user, user_key, output_format, container_image)) # noqa E501 fatal("Keyring doesn't exist, you must provide 'secret' and 'caps'", module) # noqa E501
key_exist = rc if key_exist == 0:
if key_exist == 0: _info_key = json.loads(out)
_info_key = json.loads(out) if not secret:
if not secret: secret = _info_key[0]['key']
secret = _info_key[0]['key'] _secret = _info_key[0]['key']
_secret = _info_key[0]['key'] if not caps:
if not caps: caps = _info_key[0]['caps']
caps = _info_key[0]['caps'] _caps = _info_key[0]['caps']
_caps = _info_key[0]['caps'] if secret == _secret and caps == _caps:
if secret == _secret and caps == _caps: if not os.path.isfile(file_path):
if not os.path.isfile(file_path): rc, cmd, out, err = exec_commands(module, get_key(cluster, name, file_path, container_image)) # noqa E501
rc, cmd, out, err = exec_commands(module, get_key(cluster, name, file_path, container_image)) # noqa E501 result["rc"] = rc
result["rc"] = rc if rc != 0:
if rc != 0: result["stdout"] = "Couldn't fetch the key {0} at {1}.".format(name, file_path) # noqa E501
result["stdout"] = "Couldn't fetch the key {0} at {1}.".format(name, file_path) # noqa E501 module.exit_json(**result)
module.exit_json(**result) result["stdout"] = "fetched the key {0} at {1}.".format(name, file_path) # noqa E501
result["stdout"] = "fetched the key {0} at {1}.".format(name, file_path) # noqa E501
result["stdout"] = "{0} already exists and doesn't need to be updated.".format(name) # noqa E501 result["stdout"] = "{0} already exists and doesn't need to be updated.".format(name) # noqa E501
result["rc"] = 0
module.set_fs_attributes_if_different(file_args, False)
module.exit_json(**result)
else:
if os.path.isfile(file_path) and not secret or not caps:
result["stdout"] = "{0} already exists in {1} you must provide secret *and* caps when import_key is {2}".format(name, dest, import_key) # noqa E501
result["rc"] = 0 result["rc"] = 0
module.set_fs_attributes_if_different(file_args, False)
module.exit_json(**result) module.exit_json(**result)
else:
# "update" is here only for backward compatibility if os.path.isfile(file_path) and not secret or not caps:
if state in ["present", "update"]: result["stdout"] = "{0} already exists in {1} you must provide secret *and* caps when import_key is {2}".format(name, dest, import_key) # noqa E501
if not caps and import_key and rc != 0: result["rc"] = 0
fatal("Capabilities must be provided when state is 'present'", module) # noqa E501 module.exit_json(**result)
if import_key and key_exist != 0 and secret is None and caps is None:
fatal("Keyring doesn't exist, you must provide 'secret' and 'caps'", module) # noqa E501
# There's no need to run create_key() if neither secret nor caps have changed
if (key_exist == 0 and (secret != _secret or caps != _caps)) or key_exist != 0: if (key_exist == 0 and (secret != _secret or caps != _caps)) or key_exist != 0:
rc, cmd, out, err = exec_commands(module, create_key( rc, cmd, out, err = exec_commands(module, create_key(
module, result, cluster, name, secret, caps, import_key, file_path, container_image)) # noqa E501 module, result, cluster, name, secret, caps, import_key, file_path, container_image)) # noqa E501
@ -616,19 +611,20 @@ def run_module():
result["stdout"] = "Couldn't create or update {0}".format(name) result["stdout"] = "Couldn't create or update {0}".format(name)
result["stderr"] = err result["stderr"] = err
module.exit_json(**result) module.exit_json(**result)
module.set_fs_attributes_if_different(file_args, False)
changed = True changed = True
module.set_fs_attributes_if_different(file_args, False)
elif state == "absent": elif state == "absent":
rc, cmd, out, err = exec_commands( if key_exist == 0:
module, delete_key(cluster, name, container_image)) rc, cmd, out, err = exec_commands(
module, delete_key(cluster, name, container_image))
if rc == 0:
changed = True
else:
rc = 0
elif state == "info": elif state == "info":
user = "client.admin"
keyring_filename = cluster + '.' + user + '.keyring'
user_key = os.path.join("/etc/ceph/", keyring_filename)
output_format = "json"
rc, cmd, out, err = exec_commands( rc, cmd, out, err = exec_commands(
module, info_key(cluster, name, user, user_key, output_format, container_image)) # noqa E501 module, info_key(cluster, name, user, user_key, output_format, container_image)) # noqa E501
if rc != 0: if rc != 0:
@ -637,9 +633,6 @@ def run_module():
module.exit_json(**result) module.exit_json(**result)
elif state == "list": elif state == "list":
user = "client.admin"
keyring_filename = cluster + '.' + user + '.keyring'
user_key = os.path.join("/etc/ceph/", keyring_filename)
rc, cmd, out, err = exec_commands( rc, cmd, out, err = exec_commands(
module, list_keys(cluster, user, user_key, container_image)) module, list_keys(cluster, user, user_key, container_image))