Refactor of consul modules (#7826)

* Extract common functionality. * Refactor duplicated code into module_utils. * Fixed ansible-test issues. * Address review comments. * Revert changes to consul_acl. It uses deprecated APIs disabled since Consul 1.11 (which is EOL), don't bother updating the module anymore. * Remove unused code. * Merge token into default doc fragment. * JSON all the way down. * extract validation tests into custom file and prep for requests removal. * Removed dependency on requests. * Initial test for consul_kv. * fixup license headers. * Revert changes to consul.py since it utilizes python-consul. * Disable the lookup test for now. * Fix python 2.7 support. * Address review comments. * Address review comments. * Addec changelog fragment. * Mark ConsulModule as private.
2025-07-22 04:40:22 -07:00 · 2024-01-21 18:29:29 +01:00 · 2024-01-21 18:29:29 +01:00 · 44679e71a2
commit 44679e71a2
parent cd77d67efb
10 changed files with 365 additions and 476 deletions
--- a/plugins/modules/consul_policy.py
+++ b/plugins/modules/consul_policy.py
@ -19,6 +19,7 @@ description:
 author:
  - Håkon Lerring (@Hakon)
 extends_documentation_fragment:
+  - community.general.consul
  - community.general.attributes
 attributes:
  check_mode:
@ -29,7 +30,6 @@ options:
  state:
    description:
      - Whether the policy should be present or absent.
-    required: false
    choices: ['present', 'absent']
    default: present
    type: str
@ -48,44 +48,12 @@ options:
  description:
    description:
      - Description of the policy.
-    required: false
    type: str
    default: ''
  rules:
    type: str
    description:
      - Rule document that should be associated with the current policy.
-    required: false
-  host:
-    description:
-      - Host of the consul agent, defaults to localhost.
-    required: false
-    default: localhost
-    type: str
-  port:
-    type: int
-    description:
-      - The port on which the consul agent is running.
-    required: false
-    default: 8500
-  scheme:
-    description:
-      - The protocol scheme on which the consul agent is running.
-    required: false
-    default: http
-    type: str
-  token:
-    description:
-      - A management token is required to manipulate the policies.
-    type: str
-  validate_certs:
-    type: bool
-    description:
-      - Whether to verify the TLS certificate of the consul agent or not.
-    required: false
-    default: true
-requirements:
-  - requests
 '''

 EXAMPLES = """
@ -135,22 +103,11 @@ operation:
 """

 from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.general.plugins.module_utils.consul import (
+    _ConsulModule, auth_argument_spec)

-try:
-    from requests.exceptions import ConnectionError
-    import requests
-    has_requests = True
-except ImportError:
-    has_requests = False
-
-
-TOKEN_PARAMETER_NAME = "token"
-HOST_PARAMETER_NAME = "host"
-SCHEME_PARAMETER_NAME = "scheme"
-VALIDATE_CERTS_PARAMETER_NAME = "validate_certs"
 NAME_PARAMETER_NAME = "name"
 DESCRIPTION_PARAMETER_NAME = "description"
-PORT_PARAMETER_NAME = "port"
 RULES_PARAMETER_NAME = "rules"
 VALID_DATACENTERS_PARAMETER_NAME = "valid_datacenters"
 STATE_PARAMETER_NAME = "state"
@ -166,50 +123,20 @@ CREATE_OPERATION = "create"
 _ARGUMENT_SPEC = {
    NAME_PARAMETER_NAME: dict(required=True),
    DESCRIPTION_PARAMETER_NAME: dict(required=False, type='str', default=''),
-    PORT_PARAMETER_NAME: dict(default=8500, type='int'),
    RULES_PARAMETER_NAME: dict(type='str'),
    VALID_DATACENTERS_PARAMETER_NAME: dict(type='list', elements='str', default=[]),
-    HOST_PARAMETER_NAME: dict(default='localhost'),
-    SCHEME_PARAMETER_NAME: dict(default='http'),
-    TOKEN_PARAMETER_NAME: dict(no_log=True),
-    VALIDATE_CERTS_PARAMETER_NAME: dict(type='bool', default=True),
-    STATE_PARAMETER_NAME: dict(default=PRESENT_STATE_VALUE, choices=[PRESENT_STATE_VALUE, ABSENT_STATE_VALUE]),
+    STATE_PARAMETER_NAME: dict(default=PRESENT_STATE_VALUE, choices=[PRESENT_STATE_VALUE, ABSENT_STATE_VALUE])
 }
+_ARGUMENT_SPEC.update(auth_argument_spec())


-def get_consul_url(configuration):
-    return '%s://%s:%s/v1' % (configuration.scheme,
-                              configuration.host, configuration.port)
-
-
-def get_auth_headers(configuration):
-    if configuration.token is None:
-        return {}
-    else:
-        return {'X-Consul-Token': configuration.token}
-
-
-class RequestError(Exception):
-    pass
-
-
-def handle_consul_response_error(response):
-    if 400 <= response.status_code < 600:
-        raise RequestError('%d %s' % (response.status_code, response.content))
-
-
-def update_policy(policy, configuration):
-    url = '%s/acl/policy/%s' % (get_consul_url(configuration), policy['ID'])
-    headers = get_auth_headers(configuration)
-    response = requests.put(url, headers=headers, json={
+def update_policy(policy, configuration, consul_module):
+    updated_policy = consul_module.put(('acl', 'policy', policy['ID']), data={
        'Name': configuration.name,  # should be equal at this point.
        'Description': configuration.description,
        'Rules': configuration.rules,
        'Datacenters': configuration.valid_datacenters
-    }, verify=configuration.validate_certs)
-    handle_consul_response_error(response)
-
-    updated_policy = response.json()
+    })

    changed = (
        policy.get('Rules', "") != updated_policy.get('Rules', "") or
@ -220,35 +147,24 @@ def update_policy(policy, configuration):
    return Output(changed=changed, operation=UPDATE_OPERATION, policy=updated_policy)


-def create_policy(configuration):
-    url = '%s/acl/policy' % get_consul_url(configuration)
-    headers = get_auth_headers(configuration)
-    response = requests.put(url, headers=headers, json={
+def create_policy(configuration, consul_module):
+    created_policy = consul_module.put('acl/policy', data={
        'Name': configuration.name,
        'Description': configuration.description,
        'Rules': configuration.rules,
        'Datacenters': configuration.valid_datacenters
-    }, verify=configuration.validate_certs)
-    handle_consul_response_error(response)
-
-    created_policy = response.json()
-
+    })
    return Output(changed=True, operation=CREATE_OPERATION, policy=created_policy)


-def remove_policy(configuration):
-    policies = get_policies(configuration)
+def remove_policy(configuration, consul_module):
+    policies = get_policies(consul_module)

    if configuration.name in policies:

        policy_id = policies[configuration.name]['ID']
-        policy = get_policy(policy_id, configuration)
-
-        url = '%s/acl/policy/%s' % (get_consul_url(configuration),
-                                    policy['ID'])
-        headers = get_auth_headers(configuration)
-        response = requests.delete(url, headers=headers, verify=configuration.validate_certs)
-        handle_consul_response_error(response)
+        policy = get_policy(policy_id, consul_module)
+        consul_module.delete(('acl', 'policy', policy['ID']))

        changed = True
    else:
@ -256,38 +172,30 @@ def remove_policy(configuration):
    return Output(changed=changed, operation=REMOVE_OPERATION)


-def get_policies(configuration):
-    url = '%s/acl/policies' % get_consul_url(configuration)
-    headers = get_auth_headers(configuration)
-    response = requests.get(url, headers=headers, verify=configuration.validate_certs)
-    handle_consul_response_error(response)
-    policies = response.json()
+def get_policies(consul_module):
+    policies = consul_module.get('acl/policies')
    existing_policies_mapped_by_name = dict(
        (policy['Name'], policy) for policy in policies if policy['Name'] is not None)
    return existing_policies_mapped_by_name


-def get_policy(id, configuration):
-    url = '%s/acl/policy/%s' % (get_consul_url(configuration), id)
-    headers = get_auth_headers(configuration)
-    response = requests.get(url, headers=headers, verify=configuration.validate_certs)
-    handle_consul_response_error(response)
-    return response.json()
+def get_policy(id, consul_module):
+    return consul_module.get(('acl', 'policy', id))


-def set_policy(configuration):
-    policies = get_policies(configuration)
+def set_policy(configuration, consul_module):
+    policies = get_policies(consul_module)

    if configuration.name in policies:
        index_policy_object = policies[configuration.name]
        policy_id = policies[configuration.name]['ID']
-        rest_policy_object = get_policy(policy_id, configuration)
+        rest_policy_object = get_policy(policy_id, consul_module)
        # merge dicts as some keys are only available in the partial policy
        policy = index_policy_object.copy()
        policy.update(rest_policy_object)
-        return update_policy(policy, configuration)
+        return update_policy(policy, configuration, consul_module)
    else:
-        return create_policy(configuration)
+        return create_policy(configuration, consul_module)


 class Configuration:
@ -295,15 +203,9 @@ class Configuration:
    Configuration for this module.
    """

-    def __init__(self, token=None, host=None, scheme=None, validate_certs=None, name=None, description=None, port=None,
-                 rules=None, valid_datacenters=None, state=None):
-        self.token = token                          # type: str
-        self.host = host                            # type: str
-        self.scheme = scheme                        # type: str
-        self.validate_certs = validate_certs        # type: bool
+    def __init__(self, name=None, description=None, rules=None, valid_datacenters=None, state=None):
        self.name = name                            # type: str
        self.description = description              # type: str
-        self.port = port                            # type: int
        self.rules = rules                          # type: str
        self.valid_datacenters = valid_datacenters  # type: str
        self.state = state                          # type: str
@ -320,50 +222,25 @@ class Output:
        self.policy = policy        # type: dict


-def check_dependencies():
-    """
-    Checks that the required dependencies have been imported.
-    :exception ImportError: if it is detected that any of the required dependencies have not been imported
-    """
-
-    if not has_requests:
-        raise ImportError(
-            "requests required for this module. See https://pypi.org/project/requests/")
-
-
 def main():
    """
    Main method.
    """
    module = AnsibleModule(_ARGUMENT_SPEC, supports_check_mode=False)
-
-    try:
-        check_dependencies()
-    except ImportError as e:
-        module.fail_json(msg=str(e))
+    consul_module = _ConsulModule(module)

    configuration = Configuration(
-        token=module.params.get(TOKEN_PARAMETER_NAME),
-        host=module.params.get(HOST_PARAMETER_NAME),
-        scheme=module.params.get(SCHEME_PARAMETER_NAME),
-        validate_certs=module.params.get(VALIDATE_CERTS_PARAMETER_NAME),
        name=module.params.get(NAME_PARAMETER_NAME),
        description=module.params.get(DESCRIPTION_PARAMETER_NAME),
-        port=module.params.get(PORT_PARAMETER_NAME),
        rules=module.params.get(RULES_PARAMETER_NAME),
        valid_datacenters=module.params.get(VALID_DATACENTERS_PARAMETER_NAME),
        state=module.params.get(STATE_PARAMETER_NAME),
    )

-    try:
-        if configuration.state == PRESENT_STATE_VALUE:
-            output = set_policy(configuration)
-        else:
-            output = remove_policy(configuration)
-    except ConnectionError as e:
-        module.fail_json(msg='Could not connect to consul agent at %s:%s, error was %s' % (
-            configuration.host, configuration.port, str(e)))
-        raise
+    if configuration.state == PRESENT_STATE_VALUE:
+        output = set_policy(configuration, consul_module)
+    else:
+        output = remove_policy(configuration, consul_module)

    return_values = dict(changed=output.changed, operation=output.operation, policy=output.policy)
    module.exit_json(**return_values)