Merge pull request #10237 from emonty/remove-auth-token

Remove auth token and port openstack module_utils changes to v2 tree

lib/ansible/module_utils/openstack.py

@@ -73,16 +73,19 @@ def openstack_find_nova_addresses(addresses, ext_tag, key_name=None):
 def openstack_full_argument_spec(**kwargs):
     spec = dict(
         cloud=dict(default=None),
-        auth_plugin=dict(default=None),
+        auth_type=dict(default=None),
         auth=dict(default=None),
-        auth_token=dict(default=None),
         region_name=dict(default=None),
         availability_zone=dict(default=None),
-        state=dict(default='present', choices=['absent', 'present']),
+        verify=dict(default=True, aliases=['validate_certs']),
+        cacert=dict(default=None),
+        cert=dict(default=None),
+        key=dict(default=None),
         wait=dict(default=True, type='bool'),
         timeout=dict(default=180, type='int'),
+        api_timeout=dict(default=None, type='int'),
         endpoint_type=dict(
-            default='publicURL', choices=['publicURL', 'internalURL']
+            default='public', choices=['public', 'internal', 'admin']
         )
     )
     spec.update(kwargs)
@@ -94,10 +97,6 @@ def openstack_module_kwargs(**kwargs):
         required_one_of=[
             ['cloud', 'auth'],
         ],
-        mutually_exclusive=[
-            ['auth', 'auth_token'],
-            ['auth_plugin', 'auth_token'],
-        ],
     )
     for key in ('mutually_exclusive', 'required_together', 'required_one_of'):
         if key in kwargs:

lib/ansible/utils/module_docs_fragments/openstack.py

@@ -34,17 +34,13 @@ options:
         this param will need to contain whatever parameters that auth plugin
         requires. This parameter is not needed if a named cloud is provided.
     required: false
-  auth_plugin:
+  auth_type:
     description:
       - Name of the auth plugin to use. If the cloud uses something other than
         password authentication, the name of the plugin should be indicated here
         and the contents of the I(auth) parameter should be updated accordingly.
     required: false
     default: password
-  auth_token:
-    description:
-      - An auth token obtained previously. If I(auth_token) is given,
-        I(auth) and I(auth_plugin) are not needed.
   region_name:
     description:
       - Name of the region.
@@ -53,11 +49,6 @@ options:
     description:
       - Name of the availability zone.
     required: false
-  state:
-    description:
-      - Should the resource be present or absent.
-    choices: [present, absent]
-    default: present
   wait:
     description:
       - Should ansible wait until the requested resource is complete.
@@ -69,12 +60,37 @@ options:
       - How long should ansible wait for the requested resource.
     required: false
     default: 180
+  api_timeout:
+    description:
+      - How long should the socket layer wait before timing out for API calls.
+        If this is omitted, nothing will be passed to the requests library.
+    required: false
+    default: None
+  validate_certs:
+    description:
+      - Whether or not SSL API requests should be verified.
+    required: false
+    default: True
+    aliases: ['verify']
+  cacert:
+    description:
+      - A path to a CA Cert bundle that can be used as part of verifying
+        SSL API requests.
+    required: false
+  cert:
+    description:
+      - A path to a client certificate to use as part of the SSL transaction
+    required: false
+  key:
+    description:
+      - A path to a client key to use as part of the SSL transaction
+    required: false
   endpoint_type:
     description:
       - Endpoint URL type to fetch from the service catalog.
-    choices: [publicURL, internalURL]
+    choices: [public, internal, admin]
     required: false
-    default: publicURL
+    default: public
 requirements:
   - shade
 notes:

v2/ansible/module_utils/openstack.py

@@ -30,6 +30,9 @@ import os
 
 
 def openstack_argument_spec():
+    # DEPRECATED: This argument spec is only used for the deprecated old
+    # OpenStack modules. It turns out that modern OpenStack auth is WAY
+    # more complex than this.
     # Consume standard OpenStack environment variables.
     # This is mainly only useful for ad-hoc command line operation as
     # in playbooks one would assume variables would be used appropriately
@@ -67,3 +70,39 @@ def openstack_find_nova_addresses(addresses, ext_tag, key_name=None):
                     ret.append(interface_spec['addr'])
     return ret
 
+def openstack_full_argument_spec(**kwargs):
+    spec = dict(
+        cloud=dict(default=None),
+        auth_type=dict(default=None),
+        auth=dict(default=None),
+        region_name=dict(default=None),
+        availability_zone=dict(default=None),
+        verify=dict(default=True, aliases=['validate_certs']),
+        cacert=dict(default=None),
+        cert=dict(default=None),
+        key=dict(default=None),
+        wait=dict(default=True, type='bool'),
+        timeout=dict(default=180, type='int'),
+        api_timeout=dict(default=None, type='int'),
+        endpoint_type=dict(
+            default='public', choices=['public', 'internal', 'admin']
+        )
+    )
+    spec.update(kwargs)
+    return spec
+
+
+def openstack_module_kwargs(**kwargs):
+    ret = dict(
+        required_one_of=[
+            ['cloud', 'auth'],
+        ],
+    )
+    for key in ('mutually_exclusive', 'required_together', 'required_one_of'):
+        if key in kwargs:
+            if key in ret:
+                ret[key].extend(kwargs[key])
+            else:
+                ret[key] = kwargs[key]
+
+    return ret