Set defaults from params after loading files, allowing params to override

lib/ansible/module_utils/k8s/common.py

@@ -139,57 +139,39 @@ def get_api_client(self, **auth_params):
         auth_params = auth_params or getattr(self, 'params', {})
         auth = copy.deepcopy(auth_params)
 
-        configuration = kubernetes.client.Configuration()
+        # If authorization variables aren't defined, look for them in environment variables
         for key, value in iteritems(auth_params):
-            if key in auth_args and value is not None:
-                if key == 'api_key':
-                    setattr(configuration, key, {'authorization': "Bearer {0}".format(value)})
-                else:
-                    setattr(configuration, key, value)
-            elif key in auth_args and value is None:
+            if key in auth_args and value is None:
                 env_value = os.getenv('K8S_AUTH_{0}'.format(key.upper()), None)
                 if env_value is not None:
-                    if key == 'api_key':
-                        setattr(configuration, key, {'authorization': "Bearer {0}".format(env_value)})
-                    else:
-                        setattr(configuration, key, env_value)
-                        auth[key] = env_value
+                    auth[key] = env_value
 
-        kubernetes.client.Configuration.set_default(configuration)
+        def auth_set(*names):
+            return all([auth.get(name) for name in names])
 
-        if auth.get('username') and auth.get('password') and auth.get('host'):
-            auth_method = 'params'
-        elif auth.get('api_key') and auth.get('host'):
-            auth_method = 'params'
-        elif auth.get('kubeconfig') or auth.get('context'):
-            auth_method = 'file'
+        if auth_set('username', 'password', 'host') or auth_set('api_key', 'host'):
+            # We have enough in the parameters to authenticate, no need to load incluster or kubeconfig
+            pass
+        elif auth_set('kubeconfig', 'context'):
+            kubernetes.config.load_kube_config(auth.get('kubeconfig'), auth.get('context'))
         else:
-            auth_method = 'default'
-
-        # First try to do incluster config, then kubeconfig
-        if auth_method == 'default':
+            # First try to do incluster config, then kubeconfig
             try:
                 kubernetes.config.load_incluster_config()
-                return DynamicClient(kubernetes.client.ApiClient())
             except kubernetes.config.ConfigException:
-                return DynamicClient(self.client_from_kubeconfig(auth.get('kubeconfig'), auth.get('context')))
-
-        if auth_method == 'file':
-            return DynamicClient(self.client_from_kubeconfig(auth.get('kubeconfig'), auth.get('context')))
+                kubernetes.config.load_kube_config(auth.get('kubeconfig'), auth.get('context'))
 
-        if auth_method == 'params':
-            return DynamicClient(kubernetes.client.ApiClient(configuration))
+        # Override any values in the default configuration with Ansible parameters
+        configuration = kubernetes.client.Configuration()
+        for key, value in iteritems(auth):
+            if key in auth_args and value is not None:
+                if key == 'api_key':
+                    setattr(configuration, key, {'authorization': "Bearer {0}".format(value)})
+                else:
+                    setattr(configuration, key, value)
 
-    def client_from_kubeconfig(self, config_file, context):
-        try:
-            return kubernetes.config.new_client_from_config(config_file, context)
-        except (IOError, kubernetes.config.ConfigException):
-            # If we failed to load the default config file then we'll return
-            # an empty configuration
-            # If one was specified, we will crash
-            if not config_file:
-                return kubernetes.client.ApiClient()
-            raise
+        kubernetes.client.Configuration.set_default(configuration)
+        return DynamicClient(kubernetes.client.ApiClient(configuration))
 
     def find_resource(self, kind, api_version, fail=False):
         for attribute in ['kind', 'name', 'singular_name']: