-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
adding container registry facts #43325
Changes from all commits
37950fd
86d5d77
004c848
bba91d0
1bb7207
e6443c7
cca2866
eb669a9
1cfbe5f
7767de0
77cca51
897cc03
06b2a1e
8699ba0
2889601
e72712d
3018940
bfc6c1b
01744ed
a4e87b5
e10bf65
d24fbcf
9e90709
080dbf9
ce3b249
c1e2b9c
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,264 @@ | ||
#!/usr/bin/python | ||
# | ||
# Copyright (c) 2018 Zim Kalinowski, <zikalino@microsoft.com> | ||
# | ||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) | ||
|
||
from __future__ import absolute_import, division, print_function | ||
__metaclass__ = type | ||
|
||
|
||
ANSIBLE_METADATA = {'metadata_version': '1.1', | ||
'status': ['preview'], | ||
'supported_by': 'community'} | ||
|
||
|
||
DOCUMENTATION = ''' | ||
--- | ||
module: azure_rm_containerregistry_facts | ||
version_added: "2.7" | ||
short_description: Get Azure Container Registry facts. | ||
description: | ||
- Get facts for Container Registry. | ||
|
||
options: | ||
resource_group: | ||
description: | ||
- The name of the resource group to which the container registry belongs. | ||
required: True | ||
name: | ||
description: | ||
- The name of the container registry. | ||
retrieve_credentials: | ||
description: | ||
- Retrieve credentials for container registry. | ||
type: bool | ||
default: no | ||
tags: | ||
description: | ||
- Limit results by providing a list of tags. Format tags as 'key' or 'key:value'. | ||
|
||
extends_documentation_fragment: | ||
- azure | ||
|
||
author: | ||
- "Zim Kalinowski (@zikalino)" | ||
|
||
''' | ||
|
||
EXAMPLES = ''' | ||
- name: Get instance of Registry | ||
azure_rm_containerregistry_facts: | ||
resource_group: sampleresourcegroup | ||
name: sampleregistry | ||
|
||
- name: List instances of Registry | ||
azure_rm_containerregistry_facts: | ||
resource_group: sampleresourcegroup | ||
''' | ||
|
||
RETURN = ''' | ||
registries: | ||
description: A list of dictionaries containing facts for registries. | ||
returned: always | ||
type: complex | ||
contains: | ||
id: | ||
description: | ||
- The resource ID. | ||
returned: always | ||
type: str | ||
sample: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.ContainerRegistry/registr | ||
ies/myRegistry" | ||
name: | ||
description: | ||
- The name of the resource. | ||
returned: always | ||
type: str | ||
sample: myRegistry | ||
location: | ||
description: | ||
- The location of the resource. This cannot be changed after the resource is created. | ||
returned: always | ||
type: str | ||
sample: westus | ||
admin_user_enabled: | ||
description: | ||
- Is admin user enabled. | ||
returned: always | ||
type: bool | ||
sample: yes | ||
sku: | ||
description: | ||
- The SKU name of the container registry. | ||
returned: always | ||
type: str | ||
sample: classic | ||
provisioning_state: | ||
description: | ||
- Provisioning state of the container registry | ||
returned: always | ||
type: str | ||
sample: Succeeded | ||
login_server: | ||
description: | ||
- Login server for the registry. | ||
returned: always | ||
type: str | ||
sample: acrd08521b.azurecr.io | ||
credentials: | ||
description: | ||
- Credentials, fields will be empty if admin user is not enabled for ACR | ||
return: when C(retrieve_credentials) is set and C(admin_user_enabled) is set on ACR | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. returned :( will lint fail? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ok, I will recheck this once again |
||
type: complex | ||
contains: | ||
username: | ||
description: | ||
- The user name for container registry. | ||
returned: when registry exists and C(admin_user_enabled) is set | ||
type: str | ||
sample: zim | ||
password: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. jordan mentioned to add no_log to returned value this morning. do you know how to add it? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. not really, we can search... but I guess I we have option to specifically enable passwords, we can skip it for now There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. don't think so. the option is weak, just make it little difficult to get credential. no_log is really make it not available in another other place other than ansible There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @yungezz no_log can be placed in the playbook, we do not have to do anything in the module itself |
||
description: | ||
- password value | ||
returned: when registry exists and C(admin_user_enabled) is set | ||
type: str | ||
sample: pass1value | ||
password2: | ||
description: | ||
- password2 value | ||
returned: when registry exists and C(admin_user_enabled) is set | ||
type: str | ||
sample: pass2value | ||
''' | ||
|
||
from ansible.module_utils.azure_rm_common import AzureRMModuleBase | ||
|
||
try: | ||
from msrestazure.azure_exceptions import CloudError | ||
from msrestazure.azure_operation import AzureOperationPoller | ||
from azure.mgmt.containerregistry import ContainerRegistryManagementClient | ||
from msrest.serialization import Model | ||
except ImportError: | ||
# This is handled in azure_rm_common | ||
pass | ||
|
||
|
||
class AzureRMContainerRegistryFacts(AzureRMModuleBase): | ||
def __init__(self): | ||
# define user inputs into argument | ||
self.module_arg_spec = dict( | ||
resource_group=dict( | ||
type='str', | ||
required=True | ||
), | ||
name=dict( | ||
type='str' | ||
), | ||
tags=dict( | ||
type='list' | ||
), | ||
retrieve_credentials=dict( | ||
type='bool', | ||
default=False | ||
) | ||
) | ||
# store the results of the module operation | ||
self.results = dict( | ||
changed=False | ||
) | ||
self.resource_group = None | ||
self.name = None | ||
self.retrieve_credentials = False | ||
super(AzureRMContainerRegistryFacts, self).__init__(self.module_arg_spec, supports_tags=False) | ||
|
||
def exec_module(self, **kwargs): | ||
for key in self.module_arg_spec: | ||
setattr(self, key, kwargs[key]) | ||
|
||
if self.name: | ||
self.results['registries'] = self.get() | ||
elif self.resource_group: | ||
self.results['registries'] = self.list_by_resource_group() | ||
else: | ||
self.results['registries'] = self.list_all() | ||
|
||
return self.results | ||
|
||
def get(self): | ||
response = None | ||
results = [] | ||
try: | ||
response = self.containerregistry_client.registries.get(resource_group_name=self.resource_group, | ||
registry_name=self.name) | ||
self.log("Response : {0}".format(response)) | ||
except CloudError as e: | ||
self.log('Could not get facts for Registries.') | ||
|
||
if response is not None: | ||
if self.has_tags(response.tags, self.tags): | ||
results.append(self.format_item(response)) | ||
|
||
return results | ||
|
||
def list_all(self): | ||
response = None | ||
results = [] | ||
try: | ||
response = self.containerregistry_client.registries.list() | ||
self.log("Response : {0}".format(response)) | ||
except CloudError as e: | ||
self.fail('Could not get facts for Registries.') | ||
|
||
if response is not None: | ||
for item in response: | ||
if self.has_tags(item.tags, self.tags): | ||
results.append(self.format_item(item)) | ||
return results | ||
|
||
def list_by_resource_group(self): | ||
response = None | ||
results = [] | ||
try: | ||
response = self.containerregistry_client.registries.list_by_resource_group(resource_group_name=self.resource_group) | ||
self.log("Response : {0}".format(response)) | ||
except CloudError as e: | ||
self.fail('Could not get facts for Registries.') | ||
|
||
if response is not None: | ||
for item in response: | ||
if self.has_tags(item.tags, self.tags): | ||
results.append(self.format_item(item)) | ||
return results | ||
|
||
def format_item(self, item): | ||
d = item.as_dict() | ||
resource_group = d['id'].split('resourceGroups/')[1].split('/')[0] | ||
name = d['name'] | ||
credentials = {} | ||
admin_user_enabled = d['admin_user_enabled'] | ||
|
||
if self.retrieve_credentials and admin_user_enabled: | ||
credentials = self.containerregistry_client.registries.list_credentials(resource_group, name) | ||
|
||
d = { | ||
'resource_group': resource_group, | ||
'name': d['name'], | ||
'location': d['location'], | ||
'admin_user_enabled': admin_user_enabled, | ||
'sku': d['sku']['tier'].lower(), | ||
'provisioning_state': d['provisioning_state'], | ||
'login_server': d['login_server'], | ||
'id': d['id'], | ||
'tags': d.get('tags', None), | ||
'credentials': credentials | ||
} | ||
return d | ||
|
||
|
||
def main(): | ||
AzureRMContainerRegistryFacts() | ||
|
||
|
||
if __name__ == '__main__': | ||
main() |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -24,7 +24,7 @@ | |
- output.credentials['password'] is defined | ||
- output.credentials['password2'] is defined | ||
|
||
- name: Update the ACS instance sku, tags and admin_user_enabled | ||
- name: Update the ACR instance sku, tags and admin_user_enabled | ||
azure_rm_containerregistry: | ||
name: "acr{{ resource_group | hash('md5') | truncate(7, True, '') }}" | ||
resource_group: "{{ resource_group }}" | ||
|
@@ -37,7 +37,19 @@ | |
Environment: Production | ||
register: output | ||
|
||
- name: Assert the ACS instance is well updated | ||
- name: Create second container registry (to test facts) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. why create a registry delegated for test? why not use previously created one There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. because there's only one created, and I want to test is a list is returned |
||
azure_rm_containerregistry: | ||
name: "acr{{ resource_group | hash('md5') | truncate(7, True, '') }}sec" | ||
resource_group: "{{ resource_group }}" | ||
location: eastus2 | ||
state: present | ||
admin_user_enabled: false | ||
sku: Premium | ||
tags: | ||
Release: beta1 | ||
Environment: Production | ||
|
||
- name: Assert the ACR instance is well updated | ||
assert: | ||
that: | ||
- output.changed == True | ||
|
@@ -48,8 +60,59 @@ | |
- output.credentials['password'] is not defined | ||
- output.credentials['password2'] is not defined | ||
|
||
- name: Delete an container registry | ||
- name: Gather facts for single Container Registry | ||
azure_rm_containerregistry_facts: | ||
resource_group: "{{ resource_group }}" | ||
name: "acr{{ resource_group | hash('md5') | truncate(7, True, '') }}" | ||
register: output | ||
|
||
- name: Assert that facts are returned | ||
assert: | ||
that: | ||
- output.changed == False | ||
- output.registries[0]['name'] != None | ||
- output.registries[0]['location'] != None | ||
- output.registries[0]['admin_user_enabled'] != None | ||
- output.registries[0]['sku'] != None | ||
- output.registries[0]['provisioning_state'] != None | ||
- output.registries[0]['login_server'] != None | ||
- output.registries[0]['id'] != None | ||
- output.registries[0]['credentials'] != None | ||
|
||
- name: Gather facts for all Container Registries in the resource group | ||
azure_rm_containerregistry_facts: | ||
resource_group: "{{ resource_group }}" | ||
register: output | ||
|
||
- name: Assert that facts are returned | ||
assert: | ||
that: | ||
- output.changed == False | ||
- output.registries[0]['name'] != None | ||
- output.registries[0]['location'] != None | ||
- output.registries[0]['admin_user_enabled'] != None | ||
- output.registries[0]['sku'] != None | ||
- output.registries[0]['provisioning_state'] != None | ||
- output.registries[0]['login_server'] != None | ||
- output.registries[0]['id'] != None | ||
- output.registries[0]['credentials'] != None | ||
- output.registries[1]['name'] != None | ||
- output.registries[1]['location'] != None | ||
- output.registries[1]['admin_user_enabled'] != None | ||
- output.registries[1]['sku'] != None | ||
- output.registries[1]['provisioning_state'] != None | ||
- output.registries[1]['login_server'] != None | ||
- output.registries[1]['id'] != None | ||
- output.registries[1]['credentials'] != None | ||
|
||
- name: Delete first container registry | ||
azure_rm_containerregistry: | ||
name: "acr{{ resource_group | hash('md5') | truncate(7, True, '') }}" | ||
resource_group: "{{ resource_group }}" | ||
state: absent | ||
state: absent | ||
|
||
- name: Delete second container registry | ||
azure_rm_containerregistry: | ||
name: "acr{{ resource_group | hash('md5') | truncate(7, True, '') }}sec" | ||
resource_group: "{{ resource_group }}" | ||
state: absent |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there way to get login credentials? i want to login to my container registry to push some image in next step
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, in fact there is, but there is a separate api for that, also an api to regenerate credentials. do you think we should include credentials here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just checked azure_rm_containerregistry module, there's no way to set username/password there. So if not returned in facts, user has no way to push image to the registry if provisioned by ansible. If you could provide interface in main module to let user set username/password, it would be better, then maybe we don't need username/password returned in facts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just followed exactly the same way of returning it as in container registry module