mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-24 13:50:22 -07:00
Initial commit
This commit is contained in:
commit
aebc1b03fd
4861 changed files with 812621 additions and 0 deletions
284
plugins/modules/source_control/bitbucket/bitbucket_access_key.py
Normal file
284
plugins/modules/source_control/bitbucket/bitbucket_access_key.py
Normal file
|
@ -0,0 +1,284 @@
|
|||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# Copyright: (c) 2019, Evgeniy Krysanov <evgeniy.krysanov@gmail.com>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {
|
||||
'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community',
|
||||
}
|
||||
|
||||
DOCUMENTATION = r'''
|
||||
---
|
||||
module: bitbucket_access_key
|
||||
short_description: Manages Bitbucket repository access keys
|
||||
description:
|
||||
- Manages Bitbucket repository access keys (also called deploy keys).
|
||||
author:
|
||||
- Evgeniy Krysanov (@catcombo)
|
||||
options:
|
||||
client_id:
|
||||
description:
|
||||
- The OAuth consumer key.
|
||||
- If not set the environment variable C(BITBUCKET_CLIENT_ID) will be used.
|
||||
type: str
|
||||
client_secret:
|
||||
description:
|
||||
- The OAuth consumer secret.
|
||||
- If not set the environment variable C(BITBUCKET_CLIENT_SECRET) will be used.
|
||||
type: str
|
||||
repository:
|
||||
description:
|
||||
- The repository name.
|
||||
type: str
|
||||
required: true
|
||||
username:
|
||||
description:
|
||||
- The repository owner.
|
||||
type: str
|
||||
required: true
|
||||
key:
|
||||
description:
|
||||
- The SSH public key.
|
||||
type: str
|
||||
label:
|
||||
description:
|
||||
- The key label.
|
||||
type: str
|
||||
required: true
|
||||
state:
|
||||
description:
|
||||
- Indicates desired state of the access key.
|
||||
type: str
|
||||
required: true
|
||||
choices: [ absent, present ]
|
||||
notes:
|
||||
- Bitbucket OAuth consumer key and secret can be obtained from Bitbucket profile -> Settings -> Access Management -> OAuth.
|
||||
- Bitbucket OAuth consumer should have permissions to read and administrate account repositories.
|
||||
- Check mode is supported.
|
||||
'''
|
||||
|
||||
EXAMPLES = r'''
|
||||
- name: Create access key
|
||||
bitbucket_access_key:
|
||||
repository: 'bitbucket-repo'
|
||||
username: bitbucket_username
|
||||
key: '{{lookup("file", "bitbucket.pub") }}'
|
||||
label: 'Bitbucket'
|
||||
state: present
|
||||
|
||||
- name: Delete access key
|
||||
bitbucket_access_key:
|
||||
repository: bitbucket-repo
|
||||
username: bitbucket_username
|
||||
label: Bitbucket
|
||||
state: absent
|
||||
'''
|
||||
|
||||
RETURN = r''' # '''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible_collections.community.general.plugins.module_utils.source_control.bitbucket import BitbucketHelper
|
||||
|
||||
error_messages = {
|
||||
'required_key': '`key` is required when the `state` is `present`',
|
||||
'required_permission': 'OAuth consumer `client_id` should have permissions to read and administrate the repository',
|
||||
'invalid_username_or_repo': 'Invalid `repository` or `username`',
|
||||
'invalid_key': 'Invalid SSH key or key is already in use',
|
||||
}
|
||||
|
||||
BITBUCKET_API_ENDPOINTS = {
|
||||
'deploy-key-list': '%s/2.0/repositories/{username}/{repo_slug}/deploy-keys/' % BitbucketHelper.BITBUCKET_API_URL,
|
||||
'deploy-key-detail': '%s/2.0/repositories/{username}/{repo_slug}/deploy-keys/{key_id}' % BitbucketHelper.BITBUCKET_API_URL,
|
||||
}
|
||||
|
||||
|
||||
def get_existing_deploy_key(module, bitbucket):
|
||||
"""
|
||||
Search for an existing deploy key on Bitbucket
|
||||
with the label specified in module param `label`
|
||||
|
||||
:param module: instance of the :class:`AnsibleModule`
|
||||
:param bitbucket: instance of the :class:`BitbucketHelper`
|
||||
:return: existing deploy key or None if not found
|
||||
:rtype: dict or None
|
||||
|
||||
Return example::
|
||||
|
||||
{
|
||||
"id": 123,
|
||||
"label": "mykey",
|
||||
"created_on": "2019-03-23T10:15:21.517377+00:00",
|
||||
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADA...AdkTg7HGqL3rlaDrEcWfL7Lu6TnhBdq5",
|
||||
"type": "deploy_key",
|
||||
"comment": "",
|
||||
"last_used": None,
|
||||
"repository": {
|
||||
"links": {
|
||||
"self": {
|
||||
"href": "https://api.bitbucket.org/2.0/repositories/mleu/test"
|
||||
},
|
||||
"html": {
|
||||
"href": "https://bitbucket.org/mleu/test"
|
||||
},
|
||||
"avatar": {
|
||||
"href": "..."
|
||||
}
|
||||
},
|
||||
"type": "repository",
|
||||
"name": "test",
|
||||
"full_name": "mleu/test",
|
||||
"uuid": "{85d08b4e-571d-44e9-a507-fa476535aa98}"
|
||||
},
|
||||
"links": {
|
||||
"self": {
|
||||
"href": "https://api.bitbucket.org/2.0/repositories/mleu/test/deploy-keys/123"
|
||||
}
|
||||
},
|
||||
}
|
||||
"""
|
||||
content = {
|
||||
'next': BITBUCKET_API_ENDPOINTS['deploy-key-list'].format(
|
||||
username=module.params['username'],
|
||||
repo_slug=module.params['repository'],
|
||||
)
|
||||
}
|
||||
|
||||
# Look through the all response pages in search of deploy key we need
|
||||
while 'next' in content:
|
||||
info, content = bitbucket.request(
|
||||
api_url=content['next'],
|
||||
method='GET',
|
||||
)
|
||||
|
||||
if info['status'] == 404:
|
||||
module.fail_json(msg=error_messages['invalid_username_or_repo'])
|
||||
|
||||
if info['status'] == 403:
|
||||
module.fail_json(msg=error_messages['required_permission'])
|
||||
|
||||
if info['status'] != 200:
|
||||
module.fail_json(msg='Failed to retrieve the list of deploy keys: {0}'.format(info))
|
||||
|
||||
res = next(iter(filter(lambda v: v['label'] == module.params['label'], content['values'])), None)
|
||||
|
||||
if res is not None:
|
||||
return res
|
||||
|
||||
return None
|
||||
|
||||
|
||||
def create_deploy_key(module, bitbucket):
|
||||
info, content = bitbucket.request(
|
||||
api_url=BITBUCKET_API_ENDPOINTS['deploy-key-list'].format(
|
||||
username=module.params['username'],
|
||||
repo_slug=module.params['repository'],
|
||||
),
|
||||
method='POST',
|
||||
data={
|
||||
'key': module.params['key'],
|
||||
'label': module.params['label'],
|
||||
},
|
||||
)
|
||||
|
||||
if info['status'] == 404:
|
||||
module.fail_json(msg=error_messages['invalid_username_or_repo'])
|
||||
|
||||
if info['status'] == 403:
|
||||
module.fail_json(msg=error_messages['required_permission'])
|
||||
|
||||
if info['status'] == 400:
|
||||
module.fail_json(msg=error_messages['invalid_key'])
|
||||
|
||||
if info['status'] != 200:
|
||||
module.fail_json(msg='Failed to create deploy key `{label}`: {info}'.format(
|
||||
label=module.params['label'],
|
||||
info=info,
|
||||
))
|
||||
|
||||
|
||||
def delete_deploy_key(module, bitbucket, key_id):
|
||||
info, content = bitbucket.request(
|
||||
api_url=BITBUCKET_API_ENDPOINTS['deploy-key-detail'].format(
|
||||
username=module.params['username'],
|
||||
repo_slug=module.params['repository'],
|
||||
key_id=key_id,
|
||||
),
|
||||
method='DELETE',
|
||||
)
|
||||
|
||||
if info['status'] == 404:
|
||||
module.fail_json(msg=error_messages['invalid_username_or_repo'])
|
||||
|
||||
if info['status'] == 403:
|
||||
module.fail_json(msg=error_messages['required_permission'])
|
||||
|
||||
if info['status'] != 204:
|
||||
module.fail_json(msg='Failed to delete deploy key `{label}`: {info}'.format(
|
||||
label=module.params['label'],
|
||||
info=info,
|
||||
))
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = BitbucketHelper.bitbucket_argument_spec()
|
||||
argument_spec.update(
|
||||
repository=dict(type='str', required=True),
|
||||
username=dict(type='str', required=True),
|
||||
key=dict(type='str'),
|
||||
label=dict(type='str', required=True),
|
||||
state=dict(type='str', choices=['present', 'absent'], required=True),
|
||||
)
|
||||
module = AnsibleModule(
|
||||
argument_spec=argument_spec,
|
||||
supports_check_mode=True,
|
||||
)
|
||||
|
||||
bitbucket = BitbucketHelper(module)
|
||||
|
||||
key = module.params['key']
|
||||
state = module.params['state']
|
||||
|
||||
# Check parameters
|
||||
if (key is None) and (state == 'present'):
|
||||
module.fail_json(msg=error_messages['required_key'])
|
||||
|
||||
# Retrieve access token for authorized API requests
|
||||
bitbucket.fetch_access_token()
|
||||
|
||||
# Retrieve existing deploy key (if any)
|
||||
existing_deploy_key = get_existing_deploy_key(module, bitbucket)
|
||||
changed = False
|
||||
|
||||
# Create new deploy key in case it doesn't exists
|
||||
if not existing_deploy_key and (state == 'present'):
|
||||
if not module.check_mode:
|
||||
create_deploy_key(module, bitbucket)
|
||||
changed = True
|
||||
|
||||
# Update deploy key if the old value does not match the new one
|
||||
elif existing_deploy_key and (state == 'present'):
|
||||
if not key.startswith(existing_deploy_key.get('key')):
|
||||
if not module.check_mode:
|
||||
# Bitbucket doesn't support update key for the same label,
|
||||
# so we need to delete the old one first
|
||||
delete_deploy_key(module, bitbucket, existing_deploy_key['id'])
|
||||
create_deploy_key(module, bitbucket)
|
||||
changed = True
|
||||
|
||||
# Delete deploy key
|
||||
elif existing_deploy_key and (state == 'absent'):
|
||||
if not module.check_mode:
|
||||
delete_deploy_key(module, bitbucket, existing_deploy_key['id'])
|
||||
changed = True
|
||||
|
||||
module.exit_json(changed=changed)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -0,0 +1,212 @@
|
|||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# Copyright: (c) 2019, Evgeniy Krysanov <evgeniy.krysanov@gmail.com>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {
|
||||
'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community',
|
||||
}
|
||||
|
||||
DOCUMENTATION = r'''
|
||||
---
|
||||
module: bitbucket_pipeline_key_pair
|
||||
short_description: Manages Bitbucket pipeline SSH key pair
|
||||
description:
|
||||
- Manages Bitbucket pipeline SSH key pair.
|
||||
author:
|
||||
- Evgeniy Krysanov (@catcombo)
|
||||
options:
|
||||
client_id:
|
||||
description:
|
||||
- OAuth consumer key.
|
||||
- If not set the environment variable C(BITBUCKET_CLIENT_ID) will be used.
|
||||
type: str
|
||||
client_secret:
|
||||
description:
|
||||
- OAuth consumer secret.
|
||||
- If not set the environment variable C(BITBUCKET_CLIENT_SECRET) will be used.
|
||||
type: str
|
||||
repository:
|
||||
description:
|
||||
- The repository name.
|
||||
type: str
|
||||
required: true
|
||||
username:
|
||||
description:
|
||||
- The repository owner.
|
||||
type: str
|
||||
required: true
|
||||
public_key:
|
||||
description:
|
||||
- The public key.
|
||||
type: str
|
||||
private_key:
|
||||
description:
|
||||
- The private key.
|
||||
type: str
|
||||
state:
|
||||
description:
|
||||
- Indicates desired state of the key pair.
|
||||
type: str
|
||||
required: true
|
||||
choices: [ absent, present ]
|
||||
notes:
|
||||
- Bitbucket OAuth consumer key and secret can be obtained from Bitbucket profile -> Settings -> Access Management -> OAuth.
|
||||
- Check mode is supported.
|
||||
'''
|
||||
|
||||
EXAMPLES = r'''
|
||||
- name: Create or update SSH key pair
|
||||
bitbucket_pipeline_key_pair:
|
||||
repository: 'bitbucket-repo'
|
||||
username: bitbucket_username
|
||||
public_key: '{{lookup("file", "bitbucket.pub") }}'
|
||||
private_key: '{{lookup("file", "bitbucket") }}'
|
||||
state: present
|
||||
|
||||
- name: Remove SSH key pair
|
||||
bitbucket_pipeline_key_pair:
|
||||
repository: bitbucket-repo
|
||||
username: bitbucket_username
|
||||
state: absent
|
||||
'''
|
||||
|
||||
RETURN = r''' # '''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible_collections.community.general.plugins.module_utils.source_control.bitbucket import BitbucketHelper
|
||||
|
||||
error_messages = {
|
||||
'invalid_params': 'Account, repository or SSH key pair was not found',
|
||||
'required_keys': '`public_key` and `private_key` are required when the `state` is `present`',
|
||||
}
|
||||
|
||||
BITBUCKET_API_ENDPOINTS = {
|
||||
'ssh-key-pair': '%s/2.0/repositories/{username}/{repo_slug}/pipelines_config/ssh/key_pair' % BitbucketHelper.BITBUCKET_API_URL,
|
||||
}
|
||||
|
||||
|
||||
def get_existing_ssh_key_pair(module, bitbucket):
|
||||
"""
|
||||
Retrieves an existing ssh key pair from repository
|
||||
specified in module param `repository`
|
||||
|
||||
:param module: instance of the :class:`AnsibleModule`
|
||||
:param bitbucket: instance of the :class:`BitbucketHelper`
|
||||
:return: existing key pair or None if not found
|
||||
:rtype: dict or None
|
||||
|
||||
Return example::
|
||||
|
||||
{
|
||||
"public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ...2E8HAeT",
|
||||
"type": "pipeline_ssh_key_pair"
|
||||
}
|
||||
"""
|
||||
api_url = BITBUCKET_API_ENDPOINTS['ssh-key-pair'].format(
|
||||
username=module.params['username'],
|
||||
repo_slug=module.params['repository'],
|
||||
)
|
||||
|
||||
info, content = bitbucket.request(
|
||||
api_url=api_url,
|
||||
method='GET',
|
||||
)
|
||||
|
||||
if info['status'] == 404:
|
||||
# Account, repository or SSH key pair was not found.
|
||||
return None
|
||||
|
||||
return content
|
||||
|
||||
|
||||
def update_ssh_key_pair(module, bitbucket):
|
||||
info, content = bitbucket.request(
|
||||
api_url=BITBUCKET_API_ENDPOINTS['ssh-key-pair'].format(
|
||||
username=module.params['username'],
|
||||
repo_slug=module.params['repository'],
|
||||
),
|
||||
method='PUT',
|
||||
data={
|
||||
'private_key': module.params['private_key'],
|
||||
'public_key': module.params['public_key'],
|
||||
},
|
||||
)
|
||||
|
||||
if info['status'] == 404:
|
||||
module.fail_json(msg=error_messages['invalid_params'])
|
||||
|
||||
if info['status'] != 200:
|
||||
module.fail_json(msg='Failed to create or update pipeline ssh key pair : {0}'.format(info))
|
||||
|
||||
|
||||
def delete_ssh_key_pair(module, bitbucket):
|
||||
info, content = bitbucket.request(
|
||||
api_url=BITBUCKET_API_ENDPOINTS['ssh-key-pair'].format(
|
||||
username=module.params['username'],
|
||||
repo_slug=module.params['repository'],
|
||||
),
|
||||
method='DELETE',
|
||||
)
|
||||
|
||||
if info['status'] == 404:
|
||||
module.fail_json(msg=error_messages['invalid_params'])
|
||||
|
||||
if info['status'] != 204:
|
||||
module.fail_json(msg='Failed to delete pipeline ssh key pair: {0}'.format(info))
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = BitbucketHelper.bitbucket_argument_spec()
|
||||
argument_spec.update(
|
||||
repository=dict(type='str', required=True),
|
||||
username=dict(type='str', required=True),
|
||||
public_key=dict(type='str'),
|
||||
private_key=dict(type='str', no_log=True),
|
||||
state=dict(type='str', choices=['present', 'absent'], required=True),
|
||||
)
|
||||
module = AnsibleModule(
|
||||
argument_spec=argument_spec,
|
||||
supports_check_mode=True,
|
||||
)
|
||||
|
||||
bitbucket = BitbucketHelper(module)
|
||||
|
||||
state = module.params['state']
|
||||
public_key = module.params['public_key']
|
||||
private_key = module.params['private_key']
|
||||
|
||||
# Check parameters
|
||||
if ((public_key is None) or (private_key is None)) and (state == 'present'):
|
||||
module.fail_json(msg=error_messages['required_keys'])
|
||||
|
||||
# Retrieve access token for authorized API requests
|
||||
bitbucket.fetch_access_token()
|
||||
|
||||
# Retrieve existing ssh key
|
||||
key_pair = get_existing_ssh_key_pair(module, bitbucket)
|
||||
changed = False
|
||||
|
||||
# Create or update key pair
|
||||
if (not key_pair or (key_pair.get('public_key') != public_key)) and (state == 'present'):
|
||||
if not module.check_mode:
|
||||
update_ssh_key_pair(module, bitbucket)
|
||||
changed = True
|
||||
|
||||
# Delete key pair
|
||||
elif key_pair and (state == 'absent'):
|
||||
if not module.check_mode:
|
||||
delete_ssh_key_pair(module, bitbucket)
|
||||
changed = True
|
||||
|
||||
module.exit_json(changed=changed)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -0,0 +1,309 @@
|
|||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# Copyright: (c) 2019, Evgeniy Krysanov <evgeniy.krysanov@gmail.com>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {
|
||||
'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community',
|
||||
}
|
||||
|
||||
DOCUMENTATION = r'''
|
||||
---
|
||||
module: bitbucket_pipeline_known_host
|
||||
short_description: Manages Bitbucket pipeline known hosts
|
||||
description:
|
||||
- Manages Bitbucket pipeline known hosts under the "SSH Keys" menu.
|
||||
- The host fingerprint will be retrieved automatically, but in case of an error, one can use I(key) field to specify it manually.
|
||||
author:
|
||||
- Evgeniy Krysanov (@catcombo)
|
||||
requirements:
|
||||
- paramiko
|
||||
options:
|
||||
client_id:
|
||||
description:
|
||||
- The OAuth consumer key.
|
||||
- If not set the environment variable C(BITBUCKET_CLIENT_ID) will be used.
|
||||
type: str
|
||||
client_secret:
|
||||
description:
|
||||
- The OAuth consumer secret.
|
||||
- If not set the environment variable C(BITBUCKET_CLIENT_SECRET) will be used.
|
||||
type: str
|
||||
repository:
|
||||
description:
|
||||
- The repository name.
|
||||
type: str
|
||||
required: true
|
||||
username:
|
||||
description:
|
||||
- The repository owner.
|
||||
type: str
|
||||
required: true
|
||||
name:
|
||||
description:
|
||||
- The FQDN of the known host.
|
||||
type: str
|
||||
required: true
|
||||
key:
|
||||
description:
|
||||
- The public key.
|
||||
type: str
|
||||
state:
|
||||
description:
|
||||
- Indicates desired state of the record.
|
||||
type: str
|
||||
required: true
|
||||
choices: [ absent, present ]
|
||||
notes:
|
||||
- Bitbucket OAuth consumer key and secret can be obtained from Bitbucket profile -> Settings -> Access Management -> OAuth.
|
||||
- Check mode is supported.
|
||||
'''
|
||||
|
||||
EXAMPLES = r'''
|
||||
- name: Create known hosts from the list
|
||||
bitbucket_pipeline_known_host:
|
||||
repository: 'bitbucket-repo'
|
||||
username: bitbucket_username
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- bitbucket.org
|
||||
- example.com
|
||||
|
||||
- name: Remove known host
|
||||
bitbucket_pipeline_known_host:
|
||||
repository: bitbucket-repo
|
||||
username: bitbucket_username
|
||||
name: bitbucket.org
|
||||
state: absent
|
||||
|
||||
- name: Specify public key file
|
||||
bitbucket_pipeline_known_host:
|
||||
repository: bitbucket-repo
|
||||
username: bitbucket_username
|
||||
name: bitbucket.org
|
||||
key: '{{lookup("file", "bitbucket.pub") }}'
|
||||
state: absent
|
||||
'''
|
||||
|
||||
RETURN = r''' # '''
|
||||
|
||||
import socket
|
||||
|
||||
try:
|
||||
import paramiko
|
||||
HAS_PARAMIKO = True
|
||||
except ImportError:
|
||||
HAS_PARAMIKO = False
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible_collections.community.general.plugins.module_utils.source_control.bitbucket import BitbucketHelper
|
||||
|
||||
error_messages = {
|
||||
'invalid_params': 'Account or repository was not found',
|
||||
'unknown_key_type': 'Public key type is unknown',
|
||||
}
|
||||
|
||||
BITBUCKET_API_ENDPOINTS = {
|
||||
'known-host-list': '%s/2.0/repositories/{username}/{repo_slug}/pipelines_config/ssh/known_hosts/' % BitbucketHelper.BITBUCKET_API_URL,
|
||||
'known-host-detail': '%s/2.0/repositories/{username}/{repo_slug}/pipelines_config/ssh/known_hosts/{known_host_uuid}' % BitbucketHelper.BITBUCKET_API_URL,
|
||||
}
|
||||
|
||||
|
||||
def get_existing_known_host(module, bitbucket):
|
||||
"""
|
||||
Search for a host in Bitbucket pipelines known hosts
|
||||
with the name specified in module param `name`
|
||||
|
||||
:param module: instance of the :class:`AnsibleModule`
|
||||
:param bitbucket: instance of the :class:`BitbucketHelper`
|
||||
:return: existing host or None if not found
|
||||
:rtype: dict or None
|
||||
|
||||
Return example::
|
||||
|
||||
{
|
||||
'type': 'pipeline_known_host',
|
||||
'uuid': '{21cc0590-bebe-4fae-8baf-03722704119a7}'
|
||||
'hostname': 'bitbucket.org',
|
||||
'public_key': {
|
||||
'type': 'pipeline_ssh_public_key',
|
||||
'md5_fingerprint': 'md5:97:8c:1b:f2:6f:14:6b:4b:3b:ec:aa:46:46:74:7c:40',
|
||||
'sha256_fingerprint': 'SHA256:zzXQOXSFBEiUtuE8AikoYKwbHaxvSc0ojez9YXaGp1A',
|
||||
'key_type': 'ssh-rsa',
|
||||
'key': 'AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kN...seeFVBoGqzHM9yXw=='
|
||||
},
|
||||
}
|
||||
"""
|
||||
content = {
|
||||
'next': BITBUCKET_API_ENDPOINTS['known-host-list'].format(
|
||||
username=module.params['username'],
|
||||
repo_slug=module.params['repository'],
|
||||
)
|
||||
}
|
||||
|
||||
# Look through all response pages in search of hostname we need
|
||||
while 'next' in content:
|
||||
info, content = bitbucket.request(
|
||||
api_url=content['next'],
|
||||
method='GET',
|
||||
)
|
||||
|
||||
if info['status'] == 404:
|
||||
module.fail_json(msg='Invalid `repository` or `username`.')
|
||||
|
||||
if info['status'] != 200:
|
||||
module.fail_json(msg='Failed to retrieve list of known hosts: {0}'.format(info))
|
||||
|
||||
host = next(filter(lambda v: v['hostname'] == module.params['name'], content['values']), None)
|
||||
|
||||
if host is not None:
|
||||
return host
|
||||
|
||||
return None
|
||||
|
||||
|
||||
def get_host_key(module, hostname):
|
||||
"""
|
||||
Fetches public key for specified host
|
||||
|
||||
:param module: instance of the :class:`AnsibleModule`
|
||||
:param hostname: host name
|
||||
:return: key type and key content
|
||||
:rtype: tuple
|
||||
|
||||
Return example::
|
||||
|
||||
(
|
||||
'ssh-rsa',
|
||||
'AAAAB3NzaC1yc2EAAAABIwAAA...SBne8+seeFVBoGqzHM9yXw==',
|
||||
)
|
||||
"""
|
||||
try:
|
||||
sock = socket.socket()
|
||||
sock.connect((hostname, 22))
|
||||
except socket.error:
|
||||
module.fail_json(msg='Error opening socket to {0}'.format(hostname))
|
||||
|
||||
try:
|
||||
trans = paramiko.transport.Transport(sock)
|
||||
trans.start_client()
|
||||
host_key = trans.get_remote_server_key()
|
||||
except paramiko.SSHException:
|
||||
module.fail_json(msg='SSH error on retrieving {0} server key'.format(hostname))
|
||||
|
||||
trans.close()
|
||||
sock.close()
|
||||
|
||||
key_type = host_key.get_name()
|
||||
key = host_key.get_base64()
|
||||
|
||||
return key_type, key
|
||||
|
||||
|
||||
def create_known_host(module, bitbucket):
|
||||
hostname = module.params['name']
|
||||
key_param = module.params['key']
|
||||
|
||||
if key_param is None:
|
||||
key_type, key = get_host_key(module, hostname)
|
||||
elif ' ' in key_param:
|
||||
key_type, key = key_param.split(' ', 1)
|
||||
else:
|
||||
module.fail_json(msg=error_messages['unknown_key_type'])
|
||||
|
||||
info, content = bitbucket.request(
|
||||
api_url=BITBUCKET_API_ENDPOINTS['known-host-list'].format(
|
||||
username=module.params['username'],
|
||||
repo_slug=module.params['repository'],
|
||||
),
|
||||
method='POST',
|
||||
data={
|
||||
'hostname': hostname,
|
||||
'public_key': {
|
||||
'key_type': key_type,
|
||||
'key': key,
|
||||
}
|
||||
},
|
||||
)
|
||||
|
||||
if info['status'] == 404:
|
||||
module.fail_json(msg=error_messages['invalid_params'])
|
||||
|
||||
if info['status'] != 201:
|
||||
module.fail_json(msg='Failed to create known host `{hostname}`: {info}'.format(
|
||||
hostname=module.params['hostname'],
|
||||
info=info,
|
||||
))
|
||||
|
||||
|
||||
def delete_known_host(module, bitbucket, known_host_uuid):
|
||||
info, content = bitbucket.request(
|
||||
api_url=BITBUCKET_API_ENDPOINTS['known-host-detail'].format(
|
||||
username=module.params['username'],
|
||||
repo_slug=module.params['repository'],
|
||||
known_host_uuid=known_host_uuid,
|
||||
),
|
||||
method='DELETE',
|
||||
)
|
||||
|
||||
if info['status'] == 404:
|
||||
module.fail_json(msg=error_messages['invalid_params'])
|
||||
|
||||
if info['status'] != 204:
|
||||
module.fail_json(msg='Failed to delete known host `{hostname}`: {info}'.format(
|
||||
hostname=module.params['name'],
|
||||
info=info,
|
||||
))
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = BitbucketHelper.bitbucket_argument_spec()
|
||||
argument_spec.update(
|
||||
repository=dict(type='str', required=True),
|
||||
username=dict(type='str', required=True),
|
||||
name=dict(type='str', required=True),
|
||||
key=dict(type='str'),
|
||||
state=dict(type='str', choices=['present', 'absent'], required=True),
|
||||
)
|
||||
module = AnsibleModule(
|
||||
argument_spec=argument_spec,
|
||||
supports_check_mode=True,
|
||||
)
|
||||
|
||||
if (module.params['key'] is None) and (not HAS_PARAMIKO):
|
||||
module.fail_json(msg='`paramiko` package not found, please install it.')
|
||||
|
||||
bitbucket = BitbucketHelper(module)
|
||||
|
||||
# Retrieve access token for authorized API requests
|
||||
bitbucket.fetch_access_token()
|
||||
|
||||
# Retrieve existing known host
|
||||
existing_host = get_existing_known_host(module, bitbucket)
|
||||
state = module.params['state']
|
||||
changed = False
|
||||
|
||||
# Create new host in case it doesn't exists
|
||||
if not existing_host and (state == 'present'):
|
||||
if not module.check_mode:
|
||||
create_known_host(module, bitbucket)
|
||||
changed = True
|
||||
|
||||
# Delete host
|
||||
elif existing_host and (state == 'absent'):
|
||||
if not module.check_mode:
|
||||
delete_known_host(module, bitbucket, existing_host['uuid'])
|
||||
changed = True
|
||||
|
||||
module.exit_json(changed=changed)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -0,0 +1,271 @@
|
|||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# Copyright: (c) 2019, Evgeniy Krysanov <evgeniy.krysanov@gmail.com>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
ANSIBLE_METADATA = {
|
||||
'metadata_version': '1.1',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community',
|
||||
}
|
||||
|
||||
DOCUMENTATION = r'''
|
||||
---
|
||||
module: bitbucket_pipeline_variable
|
||||
short_description: Manages Bitbucket pipeline variables
|
||||
description:
|
||||
- Manages Bitbucket pipeline variables.
|
||||
author:
|
||||
- Evgeniy Krysanov (@catcombo)
|
||||
options:
|
||||
client_id:
|
||||
description:
|
||||
- The OAuth consumer key.
|
||||
- If not set the environment variable C(BITBUCKET_CLIENT_ID) will be used.
|
||||
type: str
|
||||
client_secret:
|
||||
description:
|
||||
- The OAuth consumer secret.
|
||||
- If not set the environment variable C(BITBUCKET_CLIENT_SECRET) will be used.
|
||||
type: str
|
||||
repository:
|
||||
description:
|
||||
- The repository name.
|
||||
type: str
|
||||
required: true
|
||||
username:
|
||||
description:
|
||||
- The repository owner.
|
||||
type: str
|
||||
required: true
|
||||
name:
|
||||
description:
|
||||
- The pipeline variable name.
|
||||
type: str
|
||||
required: true
|
||||
value:
|
||||
description:
|
||||
- The pipeline variable value.
|
||||
type: str
|
||||
secured:
|
||||
description:
|
||||
- Whether to encrypt the variable value.
|
||||
type: bool
|
||||
default: no
|
||||
state:
|
||||
description:
|
||||
- Indicates desired state of the variable.
|
||||
type: str
|
||||
required: true
|
||||
choices: [ absent, present ]
|
||||
notes:
|
||||
- Bitbucket OAuth consumer key and secret can be obtained from Bitbucket profile -> Settings -> Access Management -> OAuth.
|
||||
- Check mode is supported.
|
||||
- For secured values return parameter C(changed) is always C(True).
|
||||
'''
|
||||
|
||||
EXAMPLES = r'''
|
||||
- name: Create or update pipeline variables from the list
|
||||
bitbucket_pipeline_variable:
|
||||
repository: 'bitbucket-repo'
|
||||
username: bitbucket_username
|
||||
name: '{{ item.name }}'
|
||||
value: '{{ item.value }}'
|
||||
secured: '{{ item.secured }}'
|
||||
state: present
|
||||
with_items:
|
||||
- { name: AWS_ACCESS_KEY, value: ABCD1234 }
|
||||
- { name: AWS_SECRET, value: qwe789poi123vbn0, secured: True }
|
||||
|
||||
- name: Remove pipeline variable
|
||||
bitbucket_pipeline_variable:
|
||||
repository: bitbucket-repo
|
||||
username: bitbucket_username
|
||||
name: AWS_ACCESS_KEY
|
||||
state: absent
|
||||
'''
|
||||
|
||||
RETURN = r''' # '''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible_collections.community.general.plugins.module_utils.source_control.bitbucket import BitbucketHelper
|
||||
|
||||
error_messages = {
|
||||
'required_value': '`value` is required when the `state` is `present`',
|
||||
}
|
||||
|
||||
BITBUCKET_API_ENDPOINTS = {
|
||||
'pipeline-variable-list': '%s/2.0/repositories/{username}/{repo_slug}/pipelines_config/variables/' % BitbucketHelper.BITBUCKET_API_URL,
|
||||
'pipeline-variable-detail': '%s/2.0/repositories/{username}/{repo_slug}/pipelines_config/variables/{variable_uuid}' % BitbucketHelper.BITBUCKET_API_URL,
|
||||
}
|
||||
|
||||
|
||||
def get_existing_pipeline_variable(module, bitbucket):
|
||||
"""
|
||||
Search for a pipeline variable
|
||||
|
||||
:param module: instance of the :class:`AnsibleModule`
|
||||
:param bitbucket: instance of the :class:`BitbucketHelper`
|
||||
:return: existing variable or None if not found
|
||||
:rtype: dict or None
|
||||
|
||||
Return example::
|
||||
|
||||
{
|
||||
'name': 'AWS_ACCESS_OBKEY_ID',
|
||||
'value': 'x7HU80-a2',
|
||||
'type': 'pipeline_variable',
|
||||
'secured': False,
|
||||
'uuid': '{9ddb0507-439a-495a-99f3-5464f15128127}'
|
||||
}
|
||||
|
||||
The `value` key in dict is absent in case of secured variable.
|
||||
"""
|
||||
content = {
|
||||
'next': BITBUCKET_API_ENDPOINTS['pipeline-variable-list'].format(
|
||||
username=module.params['username'],
|
||||
repo_slug=module.params['repository'],
|
||||
)
|
||||
}
|
||||
|
||||
# Look through the all response pages in search of variable we need
|
||||
while 'next' in content:
|
||||
info, content = bitbucket.request(
|
||||
api_url=content['next'],
|
||||
method='GET',
|
||||
)
|
||||
|
||||
if info['status'] == 404:
|
||||
module.fail_json(msg='Invalid `repository` or `username`.')
|
||||
|
||||
if info['status'] != 200:
|
||||
module.fail_json(msg='Failed to retrieve the list of pipeline variables: {0}'.format(info))
|
||||
|
||||
var = next(filter(lambda v: v['key'] == module.params['name'], content['values']), None)
|
||||
|
||||
if var is not None:
|
||||
var['name'] = var.pop('key')
|
||||
return var
|
||||
|
||||
return None
|
||||
|
||||
|
||||
def create_pipeline_variable(module, bitbucket):
|
||||
info, content = bitbucket.request(
|
||||
api_url=BITBUCKET_API_ENDPOINTS['pipeline-variable-list'].format(
|
||||
username=module.params['username'],
|
||||
repo_slug=module.params['repository'],
|
||||
),
|
||||
method='POST',
|
||||
data={
|
||||
'key': module.params['name'],
|
||||
'value': module.params['value'],
|
||||
'secured': module.params['secured'],
|
||||
},
|
||||
)
|
||||
|
||||
if info['status'] != 201:
|
||||
module.fail_json(msg='Failed to create pipeline variable `{name}`: {info}'.format(
|
||||
name=module.params['name'],
|
||||
info=info,
|
||||
))
|
||||
|
||||
|
||||
def update_pipeline_variable(module, bitbucket, variable_uuid):
|
||||
info, content = bitbucket.request(
|
||||
api_url=BITBUCKET_API_ENDPOINTS['pipeline-variable-detail'].format(
|
||||
username=module.params['username'],
|
||||
repo_slug=module.params['repository'],
|
||||
variable_uuid=variable_uuid,
|
||||
),
|
||||
method='PUT',
|
||||
data={
|
||||
'value': module.params['value'],
|
||||
'secured': module.params['secured'],
|
||||
},
|
||||
)
|
||||
|
||||
if info['status'] != 200:
|
||||
module.fail_json(msg='Failed to update pipeline variable `{name}`: {info}'.format(
|
||||
name=module.params['name'],
|
||||
info=info,
|
||||
))
|
||||
|
||||
|
||||
def delete_pipeline_variable(module, bitbucket, variable_uuid):
|
||||
info, content = bitbucket.request(
|
||||
api_url=BITBUCKET_API_ENDPOINTS['pipeline-variable-detail'].format(
|
||||
username=module.params['username'],
|
||||
repo_slug=module.params['repository'],
|
||||
variable_uuid=variable_uuid,
|
||||
),
|
||||
method='DELETE',
|
||||
)
|
||||
|
||||
if info['status'] != 204:
|
||||
module.fail_json(msg='Failed to delete pipeline variable `{name}`: {info}'.format(
|
||||
name=module.params['name'],
|
||||
info=info,
|
||||
))
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = BitbucketHelper.bitbucket_argument_spec()
|
||||
argument_spec.update(
|
||||
repository=dict(type='str', required=True),
|
||||
username=dict(type='str', required=True),
|
||||
name=dict(type='str', required=True),
|
||||
value=dict(type='str'),
|
||||
secured=dict(type='bool', default=False),
|
||||
state=dict(type='str', choices=['present', 'absent'], required=True),
|
||||
)
|
||||
module = AnsibleModule(
|
||||
argument_spec=argument_spec,
|
||||
supports_check_mode=True,
|
||||
)
|
||||
|
||||
bitbucket = BitbucketHelper(module)
|
||||
|
||||
value = module.params['value']
|
||||
state = module.params['state']
|
||||
secured = module.params['secured']
|
||||
|
||||
# Check parameters
|
||||
if (value is None) and (state == 'present'):
|
||||
module.fail_json(msg=error_messages['required_value'])
|
||||
|
||||
# Retrieve access token for authorized API requests
|
||||
bitbucket.fetch_access_token()
|
||||
|
||||
# Retrieve existing pipeline variable (if any)
|
||||
existing_variable = get_existing_pipeline_variable(module, bitbucket)
|
||||
changed = False
|
||||
|
||||
# Create new variable in case it doesn't exists
|
||||
if not existing_variable and (state == 'present'):
|
||||
if not module.check_mode:
|
||||
create_pipeline_variable(module, bitbucket)
|
||||
changed = True
|
||||
|
||||
# Update variable if it is secured or the old value does not match the new one
|
||||
elif existing_variable and (state == 'present'):
|
||||
if (existing_variable['secured'] != secured) or (existing_variable.get('value') != value):
|
||||
if not module.check_mode:
|
||||
update_pipeline_variable(module, bitbucket, existing_variable['uuid'])
|
||||
changed = True
|
||||
|
||||
# Delete variable
|
||||
elif existing_variable and (state == 'absent'):
|
||||
if not module.check_mode:
|
||||
delete_pipeline_variable(module, bitbucket, existing_variable['uuid'])
|
||||
changed = True
|
||||
|
||||
module.exit_json(changed=changed)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
Loading…
Add table
Add a link
Reference in a new issue