ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-22 12:50:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Add new consul modules and reuse code between them. (#7878)

Browse source 
Refactored consul modules and added new roles.
This commit is contained in:
Florian Apolloner 2024-01-27 10:22:44 +01:00 committed by GitHub
commit 29f9865497
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
17 changed files with 1508 additions and 568 deletions
Download patch file Download diff file Expand all files Collapse all files

187
plugins/modules/consul_policy.py
View file

@ -6,9 +6,10 @@
# SPDX-License-Identifier: GPL-3.0-or-later
from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = '''
DOCUMENTATION = """
module: consul_policy
short_description: Manipulate Consul policies
version_added: 7.2.0
@ -20,12 +21,17 @@ author:
- Håkon Lerring (@Hakon)
extends_documentation_fragment:
- community.general.consul
- community.general.consul.token
- community.general.attributes
attributes:
check_mode:
support: none
support: full
version_added: 8.3.0
diff_mode:
support: none
support: partial
version_added: 8.3.0
details:
- In check mode the diff will miss operational attributes.
options:
state:
description:
@ -36,7 +42,6 @@ options:
valid_datacenters:
description:
- Valid datacenters for the policy. All if list is empty.
default: []
type: list
elements: str
name:
@ -49,12 +54,11 @@ options:
description:
- Description of the policy.
type: str
default: ''
rules:
type: str
description:
- Rule document that should be associated with the current policy.
'''
"""
EXAMPLES = """
- name: Create a policy with rules
@ -95,8 +99,24 @@ EXAMPLES = """
"""
RETURN = """
policy:
description: The policy as returned by the consul HTTP API.
returned: always
type: dict
sample:
CreateIndex: 632
Description: Testing
Hash: rj5PeDHddHslkpW7Ij4OD6N4bbSXiecXFmiw2SYXg2A=
Name: foo-access
Rules: |-
key "foo" {
policy = "read"
}
key "private/foo" {
policy = "deny"
}
operation:
description: The operation performed on the policy.
description: The operation performed.
returned: changed
type: str
sample: update
@ -104,146 +124,39 @@ operation:
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.community.general.plugins.module_utils.consul import (
_ConsulModule, auth_argument_spec)
NAME_PARAMETER_NAME = "name"
DESCRIPTION_PARAMETER_NAME = "description"
RULES_PARAMETER_NAME = "rules"
VALID_DATACENTERS_PARAMETER_NAME = "valid_datacenters"
STATE_PARAMETER_NAME = "state"
PRESENT_STATE_VALUE = "present"
ABSENT_STATE_VALUE = "absent"
REMOVE_OPERATION = "remove"
UPDATE_OPERATION = "update"
CREATE_OPERATION = "create"
AUTH_ARGUMENTS_SPEC,
OPERATION_READ,
_ConsulModule,
)
_ARGUMENT_SPEC = {
NAME_PARAMETER_NAME: dict(required=True),
DESCRIPTION_PARAMETER_NAME: dict(required=False, type='str', default=''),
RULES_PARAMETER_NAME: dict(type='str'),
VALID_DATACENTERS_PARAMETER_NAME: dict(type='list', elements='str', default=[]),
STATE_PARAMETER_NAME: dict(default=PRESENT_STATE_VALUE, choices=[PRESENT_STATE_VALUE, ABSENT_STATE_VALUE])
"name": dict(required=True),
"description": dict(required=False, type="str"),
"rules": dict(type="str"),
"valid_datacenters": dict(type="list", elements="str"),
"state": dict(default="present", choices=["present", "absent"]),
}
_ARGUMENT_SPEC.update(auth_argument_spec())
_ARGUMENT_SPEC.update(AUTH_ARGUMENTS_SPEC)
def update_policy(policy, configuration, consul_module):
updated_policy = consul_module.put(('acl', 'policy', policy['ID']), data={
'Name': configuration.name, # should be equal at this point.
'Description': configuration.description,
'Rules': configuration.rules,
'Datacenters': configuration.valid_datacenters
})
class ConsulPolicyModule(_ConsulModule):
api_endpoint = "acl/policy"
result_key = "policy"
unique_identifier = "id"
changed = (
policy.get('Rules', "") != updated_policy.get('Rules', "") or
policy.get('Description', "") != updated_policy.get('Description', "") or
policy.get('Datacenters', []) != updated_policy.get('Datacenters', [])
)
return Output(changed=changed, operation=UPDATE_OPERATION, policy=updated_policy)
def create_policy(configuration, consul_module):
created_policy = consul_module.put('acl/policy', data={
'Name': configuration.name,
'Description': configuration.description,
'Rules': configuration.rules,
'Datacenters': configuration.valid_datacenters
})
return Output(changed=True, operation=CREATE_OPERATION, policy=created_policy)
def remove_policy(configuration, consul_module):
policies = get_policies(consul_module)
if configuration.name in policies:
policy_id = policies[configuration.name]['ID']
policy = get_policy(policy_id, consul_module)
consul_module.delete(('acl', 'policy', policy['ID']))
changed = True
else:
changed = False
return Output(changed=changed, operation=REMOVE_OPERATION)
def get_policies(consul_module):
policies = consul_module.get('acl/policies')
existing_policies_mapped_by_name = dict(
(policy['Name'], policy) for policy in policies if policy['Name'] is not None)
return existing_policies_mapped_by_name
def get_policy(id, consul_module):
return consul_module.get(('acl', 'policy', id))
def set_policy(configuration, consul_module):
policies = get_policies(consul_module)
if configuration.name in policies:
index_policy_object = policies[configuration.name]
policy_id = policies[configuration.name]['ID']
rest_policy_object = get_policy(policy_id, consul_module)
# merge dicts as some keys are only available in the partial policy
policy = index_policy_object.copy()
policy.update(rest_policy_object)
return update_policy(policy, configuration, consul_module)
else:
return create_policy(configuration, consul_module)
class Configuration:
"""
Configuration for this module.
"""
def __init__(self, name=None, description=None, rules=None, valid_datacenters=None, state=None):
self.name = name # type: str
self.description = description # type: str
self.rules = rules # type: str
self.valid_datacenters = valid_datacenters # type: str
self.state = state # type: str
class Output:
"""
Output of an action of this module.
"""
def __init__(self, changed=None, operation=None, policy=None):
self.changed = changed # type: bool
self.operation = operation # type: str
self.policy = policy # type: dict
def endpoint_url(self, operation, identifier=None):
if operation == OPERATION_READ:
return [self.api_endpoint, "name", self.params["name"]]
return super(ConsulPolicyModule, self).endpoint_url(operation, identifier)
def main():
"""
Main method.
"""
module = AnsibleModule(_ARGUMENT_SPEC, supports_check_mode=False)
consul_module = _ConsulModule(module)
configuration = Configuration(
name=module.params.get(NAME_PARAMETER_NAME),
description=module.params.get(DESCRIPTION_PARAMETER_NAME),
rules=module.params.get(RULES_PARAMETER_NAME),
valid_datacenters=module.params.get(VALID_DATACENTERS_PARAMETER_NAME),
state=module.params.get(STATE_PARAMETER_NAME),
module = AnsibleModule(
_ARGUMENT_SPEC,
supports_check_mode=True,
)
if configuration.state == PRESENT_STATE_VALUE:
output = set_policy(configuration, consul_module)
else:
output = remove_policy(configuration, consul_module)
return_values = dict(changed=output.changed, operation=output.operation, policy=output.policy)
module.exit_json(**return_values)
consul_module = ConsulPolicyModule(module)
consul_module.execute()
if __name__ == "__main__":