diff --git a/changelogs/fragments/20240426-add-support-of-kubectl-local-env-vars-for-connection-plugin.yml b/changelogs/fragments/20240426-add-support-of-kubectl-local-env-vars-for-connection-plugin.yml new file mode 100644 index 0000000000..226ad58271 --- /dev/null +++ b/changelogs/fragments/20240426-add-support-of-kubectl-local-env-vars-for-connection-plugin.yml @@ -0,0 +1,3 @@ +--- +minor_changes: + - kubectl - added support of local enviroment variable that will be used for kubectl and may be requried for establishing connections ifself (https://github.com/ansible-collections/kubernetes.core/pull/702) diff --git a/docs/kubernetes.core.kubectl_connection.rst b/docs/kubernetes.core.kubectl_connection.rst index 0bb06eb1c1..48db359929 100644 --- a/docs/kubernetes.core.kubectl_connection.rst +++ b/docs/kubernetes.core.kubectl_connection.rst @@ -211,6 +211,27 @@ Parameters
The configuration can be provided as dictionary. Added in version 2.4.0.
+ + +
+ kubectl_local_env_vars + +
+ dictionary +
+
added in 3.1.0
+ + + Default:
{}
+ + +
var: ansible_kubectl_local_env_vars
+ + +
Local enviromantal variable to be passed locally to the kubectl command line.
+
Please be aware that this passes information directly on the command line and it could expose sensitive data.
+ +
diff --git a/plugins/connection/kubectl.py b/plugins/connection/kubectl.py index 8aff4efed7..2a5e1b988f 100644 --- a/plugins/connection/kubectl.py +++ b/plugins/connection/kubectl.py @@ -72,6 +72,15 @@ - name: ansible_kubectl_extra_args env: - name: K8S_AUTH_EXTRA_ARGS + kubectl_local_env_vars: + description: + - Local enviromantal variable to be passed locally to the kubectl command line. + - Please be aware that this passes information directly on the command line and it could expose sensitive data. + default: {} + type: dict + version_added: 3.1.0 + vars: + - name: ansible_kubectl_local_env_vars kubectl_kubeconfig: description: - Path to a kubectl config file. Defaults to I(~/.kube/config) @@ -301,6 +310,19 @@ def _build_exec_cmd(self, cmd): return local_cmd, censored_local_cmd + def _local_env(self): + """Return a dict of local environment variables to pass to the kubectl command""" + local_env = {} + local_local_env_vars_name = "{0}_local_env_vars".format(self.transport) + local_env_vars = self.get_option(local_local_env_vars_name) + if local_env_vars: + if isinstance(local_env_vars, dict): + local_env_vars = json.dumps(local_env_vars) + local_env = os.environ.copy() + local_env.update(json.loads(local_env_vars)) + return local_env + return None + def _connect(self, port=None): """Connect to the container. Nothing to do""" super(Connection, self)._connect() @@ -329,6 +351,7 @@ def exec_command(self, cmd, in_data=None, sudoable=False): stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, + env=self._local_env(), ) stdout, stderr = p.communicate(in_data) @@ -378,7 +401,11 @@ def put_file(self, in_path, out_path): args = [to_bytes(i, errors="surrogate_or_strict") for i in args] try: p = subprocess.Popen( - args, stdin=in_file, stdout=subprocess.PIPE, stderr=subprocess.PIPE + args, + stdin=in_file, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + env=self._local_env(), ) except OSError: raise AnsibleError( @@ -415,7 +442,11 @@ def fetch_file(self, in_path, out_path): ) as out_file: try: p = subprocess.Popen( - args, stdin=subprocess.PIPE, stdout=out_file, stderr=subprocess.PIPE + args, + stdin=subprocess.PIPE, + stdout=out_file, + stderr=subprocess.PIPE, + env=self._local_env(), ) except OSError: raise AnsibleError(