ansible-collections · ansible-zuul · Oct 18, 2021 · Oct 11, 2021
diff --git a/plugins/action/k8s_info.py b/plugins/action/k8s_info.py
diff --git a/plugins/connection/kubectl.py b/plugins/connection/kubectl.py
@@ -17,7 +17,8 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
-from __future__ import (absolute_import, division, print_function)
+from __future__ import absolute_import, division, print_function
+
 __metaclass__ = type
 
 DOCUMENTATION = r"""
@@ -185,26 +186,26 @@
 display = Display()
 
 
-CONNECTION_TRANSPORT = 'kubectl'
+CONNECTION_TRANSPORT = "kubectl"
 
 CONNECTION_OPTIONS = {
-    'kubectl_container': '-c',
-    'kubectl_namespace': '-n',
-    'kubectl_kubeconfig': '--kubeconfig',
-    'kubectl_context': '--context',
-    'kubectl_host': '--server',
-    'kubectl_username': '--username',
-    'kubectl_password': '--password',
-    'client_cert': '--client-certificate',
-    'client_key': '--client-key',
-    'ca_cert': '--certificate-authority',
-    'validate_certs': '--insecure-skip-tls-verify',
-    'kubectl_token': '--token'
+    "kubectl_container": "-c",
+    "kubectl_namespace": "-n",
+    "kubectl_kubeconfig": "--kubeconfig",
+    "kubectl_context": "--context",
+    "kubectl_host": "--server",
+    "kubectl_username": "--username",
+    "kubectl_password": "--password",
+    "client_cert": "--client-certificate",
+    "client_key": "--client-key",
+    "ca_cert": "--certificate-authority",
+    "validate_certs": "--insecure-skip-tls-verify",
+    "kubectl_token": "--token",
 }
 
 
 class Connection(ConnectionBase):
-    ''' Local kubectl based connections '''
+    """ Local kubectl based connections """
 
     transport = CONNECTION_TRANSPORT
     connection_options = CONNECTION_OPTIONS
@@ -217,153 +218,206 @@ def __init__(self, play_context, new_stdin, *args, **kwargs):
 
         # Note: kubectl runs commands as the user that started the container.
         # It is impossible to set the remote user for a kubectl connection.
-        cmd_arg = '{0}_command'.format(self.transport)
+        cmd_arg = "{0}_command".format(self.transport)
         if cmd_arg in kwargs:
             self.transport_cmd = kwargs[cmd_arg]
         else:
             self.transport_cmd = distutils.spawn.find_executable(self.transport)
             if not self.transport_cmd:
-                raise AnsibleError("{0} command not found in PATH".format(self.transport))
+                raise AnsibleError(
+                    "{0} command not found in PATH".format(self.transport)
+                )
 
     def _build_exec_cmd(self, cmd):
-        """ Build the local kubectl exec command to run cmd on remote_host
-        """
+        """Build the local kubectl exec command to run cmd on remote_host"""
         local_cmd = [self.transport_cmd]
         censored_local_cmd = [self.transport_cmd]
 
         # Build command options based on doc string
         doc_yaml = AnsibleLoader(self.documentation).get_single_data()
-        for key in doc_yaml.get('options'):
-            if key.endswith('verify_ssl') and self.get_option(key) != '':
+        for key in doc_yaml.get("options"):
+            if key.endswith("verify_ssl") and self.get_option(key) != "":
                 # Translate verify_ssl to skip_verify_ssl, and output as string
                 skip_verify_ssl = not self.get_option(key)
-                local_cmd.append(u'{0}={1}'.format(self.connection_options[key], str(skip_verify_ssl).lower()))
-                censored_local_cmd.append(u'{0}={1}'.format(self.connection_options[key], str(skip_verify_ssl).lower()))
-            elif not key.endswith('container') and self.get_option(key) and self.connection_options.get(key):
+                local_cmd.append(
+                    u"{0}={1}".format(
+                        self.connection_options[key], str(skip_verify_ssl).lower()
+                    )
+                )
+                censored_local_cmd.append(
+                    u"{0}={1}".format(
+                        self.connection_options[key], str(skip_verify_ssl).lower()
+                    )
+                )
+            elif (
+                not key.endswith("container")
+                and self.get_option(key)
+                and self.connection_options.get(key)
+            ):
                 cmd_arg = self.connection_options[key]
                 local_cmd += [cmd_arg, self.get_option(key)]
                 # Redact password and token from console log
-                if key.endswith(('_token', '_password')):
-                    censored_local_cmd += [cmd_arg, '********']
+                if key.endswith(("_token", "_password")):
+                    censored_local_cmd += [cmd_arg, "********"]
                 else:
                     censored_local_cmd += [cmd_arg, self.get_option(key)]
 
-        extra_args_name = u'{0}_extra_args'.format(self.transport)
+        extra_args_name = u"{0}_extra_args".format(self.transport)
         if self.get_option(extra_args_name):
-            local_cmd += self.get_option(extra_args_name).split(' ')
-            censored_local_cmd += self.get_option(extra_args_name).split(' ')
+            local_cmd += self.get_option(extra_args_name).split(" ")
+            censored_local_cmd += self.get_option(extra_args_name).split(" ")
 
-        pod = self.get_option(u'{0}_pod'.format(self.transport))
+        pod = self.get_option(u"{0}_pod".format(self.transport))
         if not pod:
             pod = self._play_context.remote_addr
         # -i is needed to keep stdin open which allows pipelining to work
-        local_cmd += ['exec', '-i', pod]
-        censored_local_cmd += ['exec', '-i', pod]
+        local_cmd += ["exec", "-i", pod]
+        censored_local_cmd += ["exec", "-i", pod]
 
         # if the pod has more than one container, then container is required
-        container_arg_name = u'{0}_container'.format(self.transport)
+        container_arg_name = u"{0}_container".format(self.transport)
         if self.get_option(container_arg_name):
-            local_cmd += ['-c', self.get_option(container_arg_name)]
-            censored_local_cmd += ['-c', self.get_option(container_arg_name)]
+            local_cmd += ["-c", self.get_option(container_arg_name)]
+            censored_local_cmd += ["-c", self.get_option(container_arg_name)]
 
-        local_cmd += ['--'] + cmd
-        censored_local_cmd += ['--'] + cmd
+        local_cmd += ["--"] + cmd
+        censored_local_cmd += ["--"] + cmd
 
         return local_cmd, censored_local_cmd
 
     def _connect(self, port=None):
         """ Connect to the container. Nothing to do """
         super(Connection, self)._connect()
         if not self._connected:
-            display.vvv(u"ESTABLISH {0} CONNECTION".format(self.transport), host=self._play_context.remote_addr)
+            display.vvv(
+                u"ESTABLISH {0} CONNECTION".format(self.transport),
+                host=self._play_context.remote_addr,
+            )
             self._connected = True
 
     def exec_command(self, cmd, in_data=None, sudoable=False):
         """ Run a command in the container """
         super(Connection, self).exec_command(cmd, in_data=in_data, sudoable=sudoable)
 
-        local_cmd, censored_local_cmd = self._build_exec_cmd([self._play_context.executable, '-c', cmd])
-
-        display.vvv("EXEC %s" % (censored_local_cmd,), host=self._play_context.remote_addr)
-        local_cmd = [to_bytes(i, errors='surrogate_or_strict') for i in local_cmd]
-        p = subprocess.Popen(local_cmd, shell=False, stdin=subprocess.PIPE,
-                             stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        local_cmd, censored_local_cmd = self._build_exec_cmd(
+            [self._play_context.executable, "-c", cmd]
+        )
+
+        display.vvv(
+            "EXEC %s" % (censored_local_cmd,), host=self._play_context.remote_addr
+        )
+        local_cmd = [to_bytes(i, errors="surrogate_or_strict") for i in local_cmd]
+        p = subprocess.Popen(
+            local_cmd,
+            shell=False,
+            stdin=subprocess.PIPE,
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE,
+        )
 
         stdout, stderr = p.communicate(in_data)
         return (p.returncode, stdout, stderr)
 
     def _prefix_login_path(self, remote_path):
-        ''' Make sure that we put files into a standard path
+        """Make sure that we put files into a standard path
 
-            If a path is relative, then we need to choose where to put it.
-            ssh chooses $HOME but we aren't guaranteed that a home dir will
-            exist in any given chroot.  So for now we're choosing "/" instead.
-            This also happens to be the former default.
+        If a path is relative, then we need to choose where to put it.
+        ssh chooses $HOME but we aren't guaranteed that a home dir will
+        exist in any given chroot.  So for now we're choosing "/" instead.
+        This also happens to be the former default.
 
-            Can revisit using $HOME instead if it's a problem
-        '''
+        Can revisit using $HOME instead if it's a problem
+        """
         if not remote_path.startswith(os.path.sep):
             remote_path = os.path.join(os.path.sep, remote_path)
         return os.path.normpath(remote_path)
 
     def put_file(self, in_path, out_path):
         """ Transfer a file from local to the container """
         super(Connection, self).put_file(in_path, out_path)
-        display.vvv("PUT %s TO %s" % (in_path, out_path), host=self._play_context.remote_addr)
+        display.vvv(
+            "PUT %s TO %s" % (in_path, out_path), host=self._play_context.remote_addr
+        )
 
         out_path = self._prefix_login_path(out_path)
-        if not os.path.exists(to_bytes(in_path, errors='surrogate_or_strict')):
-            raise AnsibleFileNotFound(
-                "file or module does not exist: %s" % in_path)
+        if not os.path.exists(to_bytes(in_path, errors="surrogate_or_strict")):
+            raise AnsibleFileNotFound("file or module does not exist: %s" % in_path)
 
         out_path = shlex_quote(out_path)
         # kubectl doesn't have native support for copying files into
         # running containers, so we use kubectl exec to implement this
-        with open(to_bytes(in_path, errors='surrogate_or_strict'), 'rb') as in_file:
+        with open(to_bytes(in_path, errors="surrogate_or_strict"), "rb") as in_file:
             if not os.fstat(in_file.fileno()).st_size:
-                count = ' count=0'
+                count = " count=0"
             else:
-                count = ''
-            args, dummy = self._build_exec_cmd([self._play_context.executable, "-c", "dd of=%s bs=%s%s" % (out_path, BUFSIZE, count)])
-            args = [to_bytes(i, errors='surrogate_or_strict') for i in args]
+                count = ""
+            args, dummy = self._build_exec_cmd(
+                [
+                    self._play_context.executable,
+                    "-c",
+                    "dd of=%s bs=%s%s" % (out_path, BUFSIZE, count),
+                ]
+            )
+            args = [to_bytes(i, errors="surrogate_or_strict") for i in args]
             try:
-                p = subprocess.Popen(args, stdin=in_file,
-                                     stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+                p = subprocess.Popen(
+                    args, stdin=in_file, stdout=subprocess.PIPE, stderr=subprocess.PIPE
+                )
             except OSError:
-                raise AnsibleError("kubectl connection requires dd command in the container to put files")
+                raise AnsibleError(
+                    "kubectl connection requires dd command in the container to put files"
+                )
             stdout, stderr = p.communicate()
 
             if p.returncode != 0:
-                raise AnsibleError("failed to transfer file %s to %s:\n%s\n%s" % (in_path, out_path, stdout, stderr))
+                raise AnsibleError(
+                    "failed to transfer file %s to %s:\n%s\n%s"
+                    % (in_path, out_path, stdout, stderr)
+                )
 
     def fetch_file(self, in_path, out_path):
         """ Fetch a file from container to local. """
         super(Connection, self).fetch_file(in_path, out_path)
-        display.vvv("FETCH %s TO %s" % (in_path, out_path), host=self._play_context.remote_addr)
+        display.vvv(
+            "FETCH %s TO %s" % (in_path, out_path), host=self._play_context.remote_addr
+        )
 
         in_path = self._prefix_login_path(in_path)
         out_dir = os.path.dirname(out_path)
 
         # kubectl doesn't have native support for fetching files from
         # running containers, so we use kubectl exec to implement this
-        args, dummy = self._build_exec_cmd([self._play_context.executable, "-c", "dd if=%s bs=%s" % (in_path, BUFSIZE)])
-        args = [to_bytes(i, errors='surrogate_or_strict') for i in args]
+        args, dummy = self._build_exec_cmd(
+            [self._play_context.executable, "-c", "dd if=%s bs=%s" % (in_path, BUFSIZE)]
+        )
+        args = [to_bytes(i, errors="surrogate_or_strict") for i in args]
         actual_out_path = os.path.join(out_dir, os.path.basename(in_path))
-        with open(to_bytes(actual_out_path, errors='surrogate_or_strict'), 'wb') as out_file:
+        with open(
+            to_bytes(actual_out_path, errors="surrogate_or_strict"), "wb"
+        ) as out_file:
             try:
-                p = subprocess.Popen(args, stdin=subprocess.PIPE,
-                                     stdout=out_file, stderr=subprocess.PIPE)
+                p = subprocess.Popen(
+                    args, stdin=subprocess.PIPE, stdout=out_file, stderr=subprocess.PIPE
+                )
             except OSError:
                 raise AnsibleError(
-                    "{0} connection requires dd command in the container to fetch files".format(self.transport)
+                    "{0} connection requires dd command in the container to fetch files".format(
+                        self.transport
+                    )
                 )
             stdout, stderr = p.communicate()
 
             if p.returncode != 0:
-                raise AnsibleError("failed to fetch file %s to %s:\n%s\n%s" % (in_path, out_path, stdout, stderr))
+                raise AnsibleError(
+                    "failed to fetch file %s to %s:\n%s\n%s"
+                    % (in_path, out_path, stdout, stderr)
+                )
 
         if actual_out_path != out_path:
-            os.rename(to_bytes(actual_out_path, errors='strict'), to_bytes(out_path, errors='strict'))
+            os.rename(
+                to_bytes(actual_out_path, errors="strict"),
+                to_bytes(out_path, errors="strict"),
+            )
 
     def close(self):
         """ Terminate the connection. Nothing to do for kubectl"""

diff --git a/plugins/doc_fragments/helm_common_options.py b/plugins/doc_fragments/helm_common_options.py
@@ -6,13 +6,14 @@
 
 # Options for common Helm modules
 
-from __future__ import (absolute_import, division, print_function)
+from __future__ import absolute_import, division, print_function
+
 __metaclass__ = type
 
 
 class ModuleDocFragment(object):
 
-    DOCUMENTATION = r'''
+    DOCUMENTATION = r"""
 options:
   binary_path:
     description:
@@ -56,4 +57,4 @@ class ModuleDocFragment(object):
     type: path
     aliases: [ ssl_ca_cert ]
     version_added: "1.2.0"
-'''
+"""
diff --git a/plugins/doc_fragments/k8s_auth_options.py b/plugins/doc_fragments/k8s_auth_options.py
@@ -5,13 +5,14 @@
 
 # Options for authenticating with the API.
 
-from __future__ import (absolute_import, division, print_function)
+from __future__ import absolute_import, division, print_function
+
 __metaclass__ = type
 
 
 class ModuleDocFragment(object):
 
-    DOCUMENTATION = r'''
+    DOCUMENTATION = r"""
 options:
   host:
     description:
@@ -114,4 +115,4 @@ class ModuleDocFragment(object):
   - "To avoid SSL certificate validation errors when C(validate_certs) is I(True), the full
     certificate chain for the API server must be provided via C(ca_cert) or in the
     kubeconfig file."
-'''
+"""
diff --git a/plugins/doc_fragments/k8s_delete_options.py b/plugins/doc_fragments/k8s_delete_options.py
@@ -5,13 +5,14 @@
 
 # Options for specifying object wait
 
-from __future__ import (absolute_import, division, print_function)
+from __future__ import absolute_import, division, print_function
+
 __metaclass__ = type
 
 
 class ModuleDocFragment(object):
 
-    DOCUMENTATION = r'''
+    DOCUMENTATION = r"""
 options:
   delete_options:
     type: dict
@@ -48,4 +49,4 @@ class ModuleDocFragment(object):
             type: str
             description:
             - Specify the UID of the target object.
-'''
+"""