Add redeem option to resource module#92
Add redeem option to resource module#92AryanP123 wants to merge 1 commit intoskupperproject:mainfrom
Conversation
| description: | ||
| - Redeem C(AccessToken) documents without keeping them in the namespace or cluster; only Secret and Link are applied. | ||
| - Other documents in the same definition are applied first. With C(spec.url) and C(spec.code), uses HTTP (as C(skupper token redeem)). | ||
| - On Kubernetes without URL/code, applies the token until the controller redeems it, then removes the AccessToken CR. |
There was a problem hiding this comment.
On a second thought, I believe that if platform is Kubernetes, we could just log a warning, saying that the redeem flag is only used when platform is not Kubernetes.
The Skupper V2 Controller for Kubernetes, already has the mechanisms needed to handle AccessTokens.
| os.unlink(tmp) | ||
| except OSError: | ||
| pass | ||
| docs = list(yaml.safe_load_all(body)) |
There was a problem hiding this comment.
Not sure if the order actually matters.
Maybe safer to check if the documents returned are of kinds Secret or Link.
| if fails: | ||
| self.module.fail_json( | ||
| msg="Failed to redeem {} AccessToken(s)".format(len(fails)), | ||
| redeem_failures=fails, | ||
| redeemed_link_and_secret=out or None, | ||
| ) |
There was a problem hiding this comment.
In case of a redeem failure, we should just warn users about failed AccessTokens, but not fail the module execution.
This would help to maintain idempotence, as if someone executes the module with the same resources twice, second time would return a not changed (with a warning) but not a failure.
| ) | ||
| return out, redeem_changed | ||
|
|
||
| def _redeem_kube( |
There was a problem hiding this comment.
As I mentioned on an earlier comment, I believe we should not do it for kube and eventually just log a warning saying that the redeem flag is only relevant for non kubernetes platforms.
| ''' | ||
|
|
||
| RETURN = r''' | ||
| redeemed_link_and_secret: |
There was a problem hiding this comment.
Maybe a shorter name? Like redeemed_links ?
| changed = k8s_client.delete(namespace, definitions) | ||
| changed = k8s.delete(namespace, definitions) | ||
| elif redeem: | ||
| wo, tokens = _split_access_tokens(definitions) |
There was a problem hiding this comment.
Maybe just add a warning, saying redeem is ignored for k8s?
2 participants
Fixes #62