Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

communishift: Added EFS secrets to project namespace

Browse source 
Signed-off-by: David Kirwan <dkirwan@redhat.com>
Signed-off-by: Lenka Segura <lsegura@redhat.com>
Signed-off-by: Patrik Polakovic <ppolakov@redhat.com>
This commit is contained in:
Lenka Segura 2022-08-18 16:43:59 +02:00
parent b76f37feed
commit 81a5f3db0d
3 changed files with 29 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

22
roles/communishift/library/communishift_storage_efs.py
View file

@ -62,12 +62,12 @@ RETURN = r"""
accesspoint_id: accesspoint_id:
description: The AccessPointId returned by the AWS EFS API creation request. description: The AccessPointId returned by the AWS EFS API creation request.
type: str type: str
returned: Only if AccessPoint does not exist and has been successfully created. returned: If the EFS Filesystem exists and the AccessPoint been successfully created or already exists.
sample: 'fsap-0938462b9b5f77388' sample: 'fsap-0938462b9b5f77388'
full_response: full_response:
description: The response returned by the AWS EFS boto3 client.create_access_point(). description: The response returned by the AWS EFS boto3 client.create_access_point() or client.describe_access_points().
type: str type: str
returned: Only if AccessPoint does not exist and has been successfully created. returned: If the EFS Filesystem exists and the AccessPoint has been successfully created or already exists.
sample: '{'ResponseMetadata': {'RequestId': '9c3d3e41-4332-4fe3-8388-f04ccf0400a2', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requ sample: '{'ResponseMetadata': {'RequestId': '9c3d3e41-4332-4fe3-8388-f04ccf0400a2', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requ
estid': '9c3d3e41-4332-4fe3-8388-f04ccf0400a2', 'content-type': 'application/json', 'content-length': '503', 'date': 'Tue, 16 estid': '9c3d3e41-4332-4fe3-8388-f04ccf0400a2', 'content-type': 'application/json', 'content-length': '503', 'date': 'Tue, 16
Aug 2022 10:17:43 GMT'}, 'RetryAttempts': 0}, 'ClientToken': 'communishift_storage_efs', 'Tags': [{'Key': 'communishift', 'Val Aug 2022 10:17:43 GMT'}, 'RetryAttempts': 0}, 'ClientToken': 'communishift_storage_efs', 'Tags': [{'Key': 'communishift', 'Val
@ -75,8 +75,7 @@ ue': 'projectname'}], 'AccessPointId': 'fsap-0938462b9b5f77388', 'AccessPointArn
access-point/fsap-0938462b9b5f77388', 'FileSystemId': 'fs-0343e73f7765a503b', 'PosixUser': {'Uid': 50000, 'Gid': 50000} access-point/fsap-0938462b9b5f77388', 'FileSystemId': 'fs-0343e73f7765a503b', 'PosixUser': {'Uid': 50000, 'Gid': 50000}
, 'RootDirectory': {'Path': '/', 'CreationInfo': {'OwnerUid': 50000, 'OwnerGid': 50000, 'Permissions': '775'}}, 'OwnerId': 'XXXX', , 'RootDirectory': {'Path': '/', 'CreationInfo': {'OwnerUid': 50000, 'OwnerGid': 50000, 'Permissions': '775'}}, 'OwnerId': 'XXXX',
'LifeCycleState': 'creating'}' 'LifeCycleState': 'creating'}'
msg:
message:
description: The output message that the test module generates. description: The output message that the test module generates.
type: str type: str
returned: always returned: always
@ -101,7 +100,7 @@ def run_module():
# changed is if this module effectively modified the target # changed is if this module effectively modified the target
# state will include any data that you want your module to pass back # state will include any data that you want your module to pass back
# for consumption, for example, in a subsequent task # for consumption, for example, in a subsequent task
result = dict(changed=False, accesspoint_id="", full_response="", message="") result = dict(changed=False, accesspoint_id="", full_response="", msg="")
# the AnsibleModule object will be our abstraction working with Ansible # the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the # this includes instantiation, a couple of common attr would be the
@ -147,11 +146,16 @@ def run_module():
result["accesspoint_id"] = response["AccessPointId"] result["accesspoint_id"] = response["AccessPointId"]
result["full_response"] = response result["full_response"] = response
result["changed"] = True result["changed"] = True
result["message"] = "AWS EFS AccessPoint created successfully." result["msg"] = "AWS EFS AccessPoint created successfully."
module.exit_json(**result) module.exit_json(**result)
except efs_client.exceptions.AccessPointAlreadyExists: except efs_client.exceptions.AccessPointAlreadyExists:
result["message"] = "AWS EFS AccessPoint already exists." response = efs_client.describe_access_points(
module.fail_json("", **result) FileSystemId=module.params["aws_efs_filesystem_id"]
)
result["accesspoint_id"] = response["AccessPoints"][0]["AccessPointId"]
result["full_response"] = response
result["msg"] = "AWS EFS AccessPoint already exists."
module.fail_json(**result)
def main(): def main():

15
roles/communishift/tasks/create-efs-secret.yml Normal file
View file

@ -0,0 +1,15 @@
---
- name: Create a k8s Secret
community.okd.k8s:
api_key: "{{ communishift_ocp_api_token }}"
host: "{{ communishift_ocp_api_host }}"
state: present
definition:
apiVersion: v1
kind: Secret
metadata:
name: "{{ communishift_project_name }}-efs-credentials"
namespace: "{{ communishift_project_name }}"
data:
efs_filesystem_id: "{{ filesystem_id | b64encode }}"
efs_accesspoint_id: "{{ accesspoint_id | b64encode }}"

1
roles/communishift/tasks/main.yml
View file

@ -8,3 +8,4 @@
- include_tasks: create-namespace.yml - include_tasks: create-namespace.yml
- include_tasks: create-group.yml - include_tasks: create-group.yml
- include_tasks: create-efs.yml - include_tasks: create-efs.yml
- include_tasks: create-efs-secret.yml