Refactor consul_session to support authentication with tokens (#6755)

* Split into separate PR * Refactor test, add author to inactive maintainers * Add changelog fragment and correct requirements section on module documentation * Add changelog fragment and correct requirements section on module documentation * Update changelogs/fragments/6755-refactor-consul-session-to-use-requests-lib-instead-of-consul.yml Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Valerio Poggi <vrpoggigmail.com> Co-authored-by: Felix Fontein <felix@fontein.de>
2025-07-25 06:10:22 -07:00 · 2023-07-07 07:49:10 +02:00 · 2023-07-07 07:49:10 +02:00 · 242258eb53
commit 242258eb53
parent 53c1ed184d
6 changed files with 166 additions and 44 deletions
--- a/tests/integration/targets/consul/tasks/consul_session.yml
+++ b/tests/integration/targets/consul/tasks/consul_session.yml
@ -6,6 +6,7 @@
 - name: list sessions
  consul_session:
    state: list
+    token: "{{ consul_management_token }}"
  register: result

 - assert:
@ -17,6 +18,7 @@
  consul_session:
    state: present
    name: testsession
+    token: "{{ consul_management_token }}"
  register: result

 - assert:
@ -31,6 +33,7 @@
 - name: list sessions after creation
  consul_session:
    state: list
+    token: "{{ consul_management_token }}"
  register: result

 - set_fact:
@ -52,12 +55,13 @@
 - name: ensure session was created
  assert:
    that:
-      - test_session_found|default(False)
+      - test_session_found|default(false)

 - name: fetch info about a session
  consul_session:
    state: info
    id: '{{ session_id }}'
+    token: "{{ consul_management_token }}"
  register: result

 - assert:
@ -68,6 +72,7 @@
  consul_session:
    state: info
    name: test
+    token: "{{ consul_management_token }}"
  register: result
  ignore_errors: true

@ -80,6 +85,7 @@
    state: info
    id: '{{ session_id }}'
    scheme: non_existent
+    token: "{{ consul_management_token }}"
  register: result
  ignore_errors: true

@ -93,6 +99,7 @@
    id: '{{ session_id }}'
    port: 8501
    scheme: https
+    token: "{{ consul_management_token }}"
  register: result
  ignore_errors: true

@ -108,6 +115,7 @@
    id: '{{ session_id }}'
    port: 8501
    scheme: https
+    token: "{{ consul_management_token }}"
    validate_certs: false
  register: result

@ -122,6 +130,7 @@
    id: '{{ session_id }}'
    port: 8501
    scheme: https
+    token: "{{ consul_management_token }}"
  environment:
    REQUESTS_CA_BUNDLE: '{{ remote_dir }}/cert.pem'
  register: result
@ -134,6 +143,7 @@
  consul_session:
    state: absent
    id: '{{ session_id }}'
+    token: "{{ consul_management_token }}"
  register: result

 - assert:
@ -143,6 +153,7 @@
 - name: list sessions after deletion
  consul_session:
    state: list
+    token: "{{ consul_management_token }}"
  register: result

 - assert:
@ -169,6 +180,7 @@
    state: present
    name: session-with-ttl
    ttl: 180  # sec
+    token: "{{ consul_management_token }}"
  register: result

 - assert:
--- a/tests/integration/targets/consul/tasks/main.yml
+++ b/tests/integration/targets/consul/tasks/main.yml
@ -10,8 +10,8 @@

 - name: Install Consul and test
  vars:
-    consul_version: 1.5.0
-    consul_uri: https://s3.amazonaws.com/ansible-ci-files/test/integration/targets/consul/consul_{{ consul_version }}_{{ ansible_system | lower }}_{{ consul_arch }}.zip
+    consul_version: 1.13.2
+    consul_uri: https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_{{ ansible_system | lower }}_{{ consul_arch }}.zip
    consul_cmd: '{{ remote_tmp_dir }}/consul'
  block:
  - name: Install requests<2.20 (CentOS/RHEL 6)
@ -76,8 +76,15 @@
        dest: '{{ remote_tmp_dir }}/consul_config.hcl'
    - name: Start Consul (dev mode enabled)
      shell: nohup {{ consul_cmd }} agent -dev -config-file {{ remote_tmp_dir }}/consul_config.hcl </dev/null >/dev/null 2>&1 &
+    - name: Bootstrap ACL
+      command: '{{ consul_cmd }} acl bootstrap --format=json'
+      register: consul_bootstrap_result_string
+    - set_fact:
+        consul_management_token: '{{ consul_bootstrap_json_result["SecretID"] }}'
+      vars:
+        consul_bootstrap_json_result: '{{ consul_bootstrap_result_string.stdout | from_json }}'
    - name: Create some data
-      command: '{{ consul_cmd }} kv put data/value{{ item }} foo{{ item }}'
+      command: '{{ consul_cmd }} kv put -token={{consul_management_token}} data/value{{ item }} foo{{ item }}'
      loop:
      - 1
      - 2
--- a/tests/integration/targets/consul/templates/consul_config.hcl.j2
+++ b/tests/integration/targets/consul/templates/consul_config.hcl.j2
@ -12,3 +12,8 @@ ports {
 }
 key_file = "{{ remote_dir }}/privatekey.pem"
 cert_file = "{{ remote_dir }}/cert.pem"
+acl {
+  enabled        = true
+  default_policy = "deny"
+  down_policy    = "extend-cache"
+}