security: add dry run mode for external cluster script

Adding dry run mode for external cluster script.
This will add cli argument `--dry-run`. By default
`dry-run` option will be `False`
which means it will only print something like below.
```
The script will do some write operations like:

1. The script will be fetching/creating Ceph CSI keyring for cephFS provisioner
2. The script will be fetching/creating Ceph CSI keyring for cephFS node
3. The script will be fetching/creating Ceph CSI keyring for RBD provisioner
4. The script will be fetching/creating Ceph CSI keyring for RBD node
5. The script will be fetching/creating key for rook external user
6. The script will be fetching/creating ragdos admin user to get access key and secret key
```

Signed-off-by: subhamkrai <srai@redhat.com>

deploy/examples/create-external-cluster-resources.py

@@ -193,6 +193,8 @@ def gen_arg_parser(cls, args_to_parse=None):
                                   help="Ceph Manager prometheus exporter endpoints (comma separated list of <IP> entries of active and standby mgrs)")
         output_group.add_argument("--monitoring-endpoint-port", default="", required=False,
                                   help="Ceph Manager prometheus exporter port")
+        output_group.add_argument("--dry-run", default=False, required=False,
+                                  help="Dry run the python script")
 
         upgrade_group = argP.add_argument_group('upgrade')
         upgrade_group.add_argument("--upgrade", action='store_true', default=False,
@@ -212,7 +214,7 @@ def validate_rgw_endpoint_tls_cert(self):
                 return contents.rstrip()
 
     def _check_conflicting_options(self):
-        if not self._arg_parser.upgrade and not self._arg_parser.rbd_data_pool_name:
+        if not self._arg_parser.upgrade and not self._arg_parser.rbd_data_pool_name and not self._arg_parser.dry_run:
             raise ExecutionFailureException(
                 "Either '--upgrade' or '--rbd-data-pool-name <pool_name>' should be specified")
         if self._arg_parser.upgrade and self._arg_parser.rbd_data_pool_name:
@@ -458,7 +460,7 @@ def create_cephCSIKeyring_cephFSProvisioner(self):
         if self._arg_parser.restricted_auth_permission:
             if metadata_pool == "":
                 raise ExecutionFailureException(
-                 "'cephfs_metadata_pool_name' not found, please set the '--cephfs-metadata-pool-name' flag")
+                    "'cephfs_metadata_pool_name' not found, please set the '--cephfs-metadata-pool-name' flag")
             cmd_json = {"prefix": "auth get-or-create",
                         "entity": entity,
                         "caps": ["mon", "allow r", "mgr", "allow rw",
@@ -492,9 +494,10 @@ def create_cephCSIKeyring_cephFSNode(self):
             cmd_json = {"prefix": "auth get-or-create",
                         "entity": entity,
                         "caps": ["mon", "allow r",
-                        "mgr", "allow rw",
-                        "osd", "allow rw tag cephfs data={}".format(data_pool),
-                        "mds", "allow rw"],
+                                 "mgr", "allow rw",
+                                 "osd", "allow rw tag cephfs data={}".format(
+                                     data_pool),
+                                 "mds", "allow rw"],
                         "format": "json"}
         else:
             cmd_json = {"prefix": "auth get-or-create",
@@ -518,7 +521,7 @@ def create_cephCSIKeyring_RBDProvisioner(self):
         entity = "client.csi-rbd-provisioner"
         if cluster_name:
             entity = "client.csi-rbd-provisioner-{}".format(cluster_name)
-        cmd_json={}
+        cmd_json = {}
         if self._arg_parser.restricted_auth_permission:
             if rbd_pool_name == "":
                 raise ExecutionFailureException(
@@ -597,8 +600,10 @@ def get_cephfs_data_pool_details(self):
                 return
 
         if matching_json_out:
-            self._arg_parser.cephfs_filesystem_name = str(matching_json_out['name'])
-            self._arg_parser.cephfs_metadata_pool_name  = str(matching_json_out['metadata_pool'])
+            self._arg_parser.cephfs_filesystem_name = str(
+                matching_json_out['name'])
+            self._arg_parser.cephfs_metadata_pool_name = str(
+                matching_json_out['metadata_pool'])
 
         if type(matching_json_out['data_pools']) == list:
             # if the user has already provided data-pool-name,
@@ -635,7 +640,7 @@ def create_cephCSIKeyring_RBDNode(self):
         entity = "client.csi-rbd-node"
         if cluster_name:
             entity = "client.csi-rbd-node-{}".format(cluster_name)
-        cmd_json={}
+        cmd_json = {}
         if self._arg_parser.restricted_auth_permission:
             if rbd_pool_name == "":
                 raise ExecutionFailureException(
@@ -729,7 +734,7 @@ def _gen_output_map(self):
             pools_to_validate.extend(rgw_pool_to_validate)
 
         for pool in pools_to_validate:
-            if not self.cluster.pool_exists(pool):
+            if not self.cluster.pool_exists(pool) and not self._arg_parser.dry_run:
                 raise ExecutionFailureException(
                     "The provided pool, '{}', does not exist".format(pool))
         self._excluded_keys.add('CLUSTER_NAME')
@@ -751,7 +756,8 @@ def _gen_output_map(self):
         self.out_map['CSI_CEPHFS_PROVISIONER_SECRET'] = ''
         # create CephFS node and provisioner keyring only when MDS exists
         if self.out_map['CEPHFS_FS_NAME'] and self.out_map['CEPHFS_POOL_NAME']:
-            self.out_map['CSI_CEPHFS_NODE_SECRET'] = self.create_cephCSIKeyring_cephFSNode()
+            self.out_map['CSI_CEPHFS_NODE_SECRET'] = self.create_cephCSIKeyring_cephFSNode(
+            )
             self.out_map['CSI_CEPHFS_PROVISIONER_SECRET'] = self.create_cephCSIKeyring_cephFSProvisioner()
         self.out_map['RGW_ENDPOINT'] = self._arg_parser.rgw_endpoint
         self.out_map['RGW_TLS_CERT'] = ''
@@ -775,6 +781,20 @@ def gen_shell_out(self):
         return shOut
 
     def gen_json_out(self):
+        if self._arg_parser.dry_run:
+            message = """
+The script will do some write operations like:
+
+1. The script will be fetching/creating Ceph CSI keyring for cephFS provisioner
+2. The script will be fetching/creating Ceph CSI keyring for cephFS node
+3. The script will be fetching/creating Ceph CSI keyring for RBD provisioner
+4. The script will be fetching/creating Ceph CSI keyring for RBD node
+5. The script will be fetching/creating key for rook external user
+6. The script will be fetching/creating ragdos admin user to get access key and secret key
+"""
+
+            return message
+
         self._gen_output_map()
         json_out = [
             {
@@ -1035,14 +1055,16 @@ def test_method_main_output(self):
 
     def test_method_create_cephCSIKeyring_cephFSProvisioner(self):
         csiKeyring = self.rjObj.create_cephCSIKeyring_cephFSProvisioner()
-        print("cephCSIKeyring without restricting it to a metadata pool. {}".format(csiKeyring))
+        print("cephCSIKeyring without restricting it to a metadata pool. {}".format(
+            csiKeyring))
         self.rjObj._arg_parser.restricted_auth_permission = True
         self.rjObj._arg_parser.cephfs_metadata_pool_name = "myfs-metadata"
         csiKeyring = self.rjObj.create_cephCSIKeyring_cephFSProvisioner()
         print("cephCSIKeyring for a specific metadata pool. {}".format(csiKeyring))
         self.rjObj._arg_parser.cluster_name = "openshift-storage"
         csiKeyring = self.rjObj.create_cephCSIKeyring_cephFSProvisioner()
-        print("cephCSIKeyring for a specific metadata pool and cluster. {}".format(csiKeyring))
+        print("cephCSIKeyring for a specific metadata pool and cluster. {}".format(
+            csiKeyring))
 
     def test_non_zero_return_and_error(self):
         self.rjObj.cluster.return_val = 1