diff options
author | Monis Khan <mkhan@redhat.com> | 2017-03-01 21:54:03 -0500 |
---|---|---|
committer | Scott Dodson <sdodson@redhat.com> | 2017-03-06 13:09:41 -0500 |
commit | 66cc0be1dc9ba371ff8d5b537ea6a6798fe11cae (patch) | |
tree | 8cdf5136ef8c6ac3fc00a8cf3016bab4c35611a7 /roles/lib_openshift/src/class/oc_objectvalidator.py | |
parent | 816df41015439e266f38ad25fb2def223e412b3e (diff) | |
download | openshift-66cc0be1dc9ba371ff8d5b537ea6a6798fe11cae.tar.gz openshift-66cc0be1dc9ba371ff8d5b537ea6a6798fe11cae.tar.bz2 openshift-66cc0be1dc9ba371ff8d5b537ea6a6798fe11cae.tar.xz openshift-66cc0be1dc9ba371ff8d5b537ea6a6798fe11cae.zip |
Make generic OCObjectValidator from OCSDNValidator
Signed-off-by: Monis Khan <mkhan@redhat.com>
Diffstat (limited to 'roles/lib_openshift/src/class/oc_objectvalidator.py')
-rw-r--r-- | roles/lib_openshift/src/class/oc_objectvalidator.py | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/roles/lib_openshift/src/class/oc_objectvalidator.py b/roles/lib_openshift/src/class/oc_objectvalidator.py new file mode 100644 index 000000000..b76fc995e --- /dev/null +++ b/roles/lib_openshift/src/class/oc_objectvalidator.py @@ -0,0 +1,77 @@ +# pylint: skip-file +# flake8: noqa + +# pylint: disable=too-many-instance-attributes +class OCObjectValidator(OpenShiftCLI): + ''' Class to wrap the oc command line tools ''' + + def __init__(self, kubeconfig): + ''' Constructor for OCObjectValidator ''' + # namespace has no meaning for object validation, hardcode to 'default' + super(OCObjectValidator, self).__init__('default', kubeconfig) + + def get_invalid(self, kind, invalid_filter): + ''' return invalid object information ''' + + rval = self._get(kind) + if rval['returncode'] != 0: + return False, rval, [] + + return True, rval, list(filter(invalid_filter, rval['results'][0]['items'])) # wrap filter with list for py3 + + # pylint: disable=too-many-return-statements + @staticmethod + def run_ansible(params): + ''' run the idempotent ansible code + + params comes from the ansible portion of this module + ''' + + objectvalidator = OCObjectValidator(params['kubeconfig']) + all_invalid = {} + failed = False + + def _is_invalid_namespace(namespace): + # check if it uses a reserved name + name = namespace['metadata']['name'] + if not any((name == 'kube', + name == 'openshift', + name.startswith('kube-'), + name.startswith('openshift-'),)): + return False + + # determine if the namespace was created by a user + if 'annotations' not in namespace['metadata']: + return False + return 'openshift.io/requester' in namespace['metadata']['annotations'] + + checks = ( + ( + 'hostsubnet', + lambda x: x['metadata']['name'] != x['host'], + u'hostsubnets where metadata.name != host', + ), + ( + 'netnamespace', + lambda x: x['metadata']['name'] != x['netname'], + u'netnamespaces where metadata.name != netname', + ), + ( + 'namespace', + _is_invalid_namespace, + u'namespaces that use reserved names and were not created by infrastructure components', + ), + ) + + for resource, invalid_filter, invalid_msg in checks: + success, rval, invalid = objectvalidator.get_invalid(resource, invalid_filter) + if not success: + return {'failed': True, 'msg': 'Failed to GET {}.'.format(resource), 'state': 'list', 'results': rval} + if invalid: + failed = True + all_invalid[invalid_msg] = invalid + + if failed: + return {'failed': True, 'msg': 'All objects are not valid.', 'state': 'list', 'results': all_invalid} + + return {'msg': 'All objects are valid.'} |