diff --git a/ibm/mas_devops/meta/runtime.yml b/ibm/mas_devops/meta/runtime.yml index 8d4c46761c..a32908d084 100644 --- a/ibm/mas_devops/meta/runtime.yml +++ b/ibm/mas_devops/meta/runtime.yml @@ -13,3 +13,4 @@ action_groups: - verify_workloads - wait_for_app_ready - wait_for_conditions + - update_global_pull_secret diff --git a/ibm/mas_devops/plugins/action/update_global_pull_secret.py b/ibm/mas_devops/plugins/action/update_global_pull_secret.py new file mode 100644 index 0000000000..9f89de599f --- /dev/null +++ b/ibm/mas_devops/plugins/action/update_global_pull_secret.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python3 + +import logging +import urllib3 +from ansible_collections.kubernetes.core.plugins.module_utils.k8s.client import get_api_client +from ansible.errors import AnsibleError +from ansible.plugins.action import ActionBase + +from mas.devops.ocp import updateGlobalPullSecret + +urllib3.disable_warnings() # Disabling warnings will prevent InsecureRequestWarnings from dynClient +logging.basicConfig(level=logging.INFO, format='%(asctime)s %(name)-20s %(levelname)-8s %(message)s', datefmt='%Y-%m-%d %H:%M:%S') + +class ActionModule(ActionBase): + """ + Update the global pull secret in openshift-config namespace with registry credentials. + + Usage Example + ------------- + tasks: + - name: "Update Global Pull Secret" + ibm.mas_devops.update_global_pull_secret: + registry_url: "{{ registry_private_url }}" + username: "{{ registry_username }}" + password: "{{ registry_password }}" + register: result + """ + def run(self, tmp=None, task_vars=None): + super(ActionModule, self).run(tmp, task_vars) + + registryUrl = self._task.args.get('registry_url', None) + username = self._task.args.get('username', None) + password = self._task.args.get('password', None) + + if registryUrl is None: + raise AnsibleError(f"Error: registry_url argument was not provided") + if username is None: + raise AnsibleError(f"Error: username argument was not provided") + if password is None: + raise AnsibleError(f"Error: password argument was not provided") + + # Initialize DynamicClient and update the global pull secret + host = self._task.args.get('host', None) + api_key = self._task.args.get('api_key', None) + + dynClient = get_api_client(api_key=api_key, host=host) + result = updateGlobalPullSecret(dynClient, registryUrl, username, password) + + return dict( + message=f"Successfully updated global pull secret with credentials for {registryUrl}", + success=True, + failed=False, + changed=result.get('changed', True), + name=result.get('name'), + namespace=result.get('namespace'), + registry=result.get('registry') + ) \ No newline at end of file diff --git a/ibm/mas_devops/roles/ocp_idms/tasks/update-pull-secret-dev.yml b/ibm/mas_devops/roles/ocp_idms/tasks/update-pull-secret-dev.yml index de9277bbc1..4bdd8254ab 100644 --- a/ibm/mas_devops/roles/ocp_idms/tasks/update-pull-secret-dev.yml +++ b/ibm/mas_devops/roles/ocp_idms/tasks/update-pull-secret-dev.yml @@ -2,57 +2,11 @@ # 1. Update default cluster image pull secret # ============================================================================= -# 1.1 Generate the new secret content -- name: "update-pull-secret-dev : Set new secret content" - vars: - artifactoryAuthB64: "{{ artifactory_auth | b64encode }}" - content: - - "{\"auths\":{\"{{ fvt_image_registry }}\":{\"username\":\"{{ artifactory_username }}\",\"password\":\"{{ artifactory_token }}\",\"email\":\"{{ artifactory_username }}\",\"auth\":\"{{ artifactoryAuthB64 }}\"}" - - "}" - - "}" - set_fact: - new_secret_dev: "{{ content | join('') }}" - no_log: true - -# 1.2 Find the existing secret, and we are going to modify it rather than replace -- name: "update-pull-secret-dev : Retrieve existing pull-secret content" - kubernetes.core.k8s_info: - api: v1 - kind: Secret - name: pull-secret - namespace: openshift-config - register: pullsecret - no_log: true - -- name: "update-pull-secret-dev : Get the original cred secrets" - set_fact: - original_secret: "{{ item.data }}" - with_items: "{{ pullsecret.resources }}" - no_log: true - -- name: "update-pull-secret-dev : Get the dockerconfigjson info" - set_fact: - secret_string: '{{ original_secret[".dockerconfigjson"] | b64decode | from_json }}' - no_log: true - -# 1.3 Append our new credentials to the secret -- name: "update-pull-secret-dev : Combine new secret content" - set_fact: - new_secret_string: '{{ secret_string | combine( new_secret_dev, recursive=True) }}' - no_log: true - -# 1.4. Overwrite the secret -- name: "update-pull-secret-dev : Update new pull-secret" - kubernetes.core.k8s: - definition: - apiVersion: v1 - kind: Secret - type: kubernetes.io/dockerconfigjson - metadata: - name: pull-secret - namespace: openshift-config - data: - .dockerconfigjson: "{{ new_secret_string | to_json | b64encode }}" +- name: "update-pull-secret-dev : Update global pull secret" + ibm.mas_devops.update_global_pull_secret: + registry_url: "{{ fvt_image_registry }}" + username: "{{ artifactory_username }}" + password: "{{ artifactory_token }}" register: secretUpdateResult no_log: true diff --git a/ibm/mas_devops/roles/ocp_idms/tasks/update-pull-secret.yml b/ibm/mas_devops/roles/ocp_idms/tasks/update-pull-secret.yml index d40a158399..c74a3a42fc 100644 --- a/ibm/mas_devops/roles/ocp_idms/tasks/update-pull-secret.yml +++ b/ibm/mas_devops/roles/ocp_idms/tasks/update-pull-secret.yml @@ -2,57 +2,11 @@ # 1. Update default cluster image pull secret # ============================================================================= -# 1.1 Generate the new secret content -- name: "update-pull-secret : Set new secret content" - vars: - registryAuthB64: "{{ registry_auth | b64encode }}" - content: - - "{\"auths\":{\"{{ registry_private_url }}\":{\"username\":\"{{ registry_username }}\",\"password\":\"{{ registry_password }}\",\"email\":\"{{ registry_username }}\",\"auth\":\"{{ registryAuthB64 }}\"}" - - "}" - - "}" - set_fact: - new_secret: "{{ content | join('') }}" - no_log: true - -# 1.2 Find the existing secret, and we are going to modify it rather than replace -- name: "update-pull-secret : Retrieve existing pull-secret content" - kubernetes.core.k8s_info: - api: v1 - kind: Secret - name: pull-secret - namespace: openshift-config - register: pullsecret - no_log: true - -- name: "update-pull-secret : Get the original cred secrets" - set_fact: - original_secret: "{{ item.data }}" - with_items: "{{ pullsecret.resources }}" - no_log: true - -- name: "update-pull-secret : Get the dockerconfigjson info" - set_fact: - secret_string: '{{ original_secret[".dockerconfigjson"] | b64decode | from_json }}' - no_log: true - -# 1.3 Append our new credentials to the secret -- name: "update-pull-secret : Combine new secret content" - set_fact: - new_secret_string: '{{ secret_string | combine( new_secret, recursive=True) }}' - no_log: true - -# 1.4. Overwrite the secret -- name: "update-pull-secret : Update new pull-secret" - kubernetes.core.k8s: - definition: - apiVersion: v1 - kind: Secret - type: kubernetes.io/dockerconfigjson - metadata: - name: pull-secret - namespace: openshift-config - data: - .dockerconfigjson: "{{ new_secret_string | to_json | b64encode }}" +- name: "update-pull-secret : Update global pull secret" + ibm.mas_devops.update_global_pull_secret: + registry_url: "{{ registry_private_url }}" + username: "{{ registry_username }}" + password: "{{ registry_password }}" register: secretUpdateResult no_log: true