mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-25 13:34:01 -07:00 
			
		
		
		
	
		
			Some checks are pending
		
		
	
	EOL CI / EOL Sanity (Ⓐ2.17) (push) Waiting to run
				
			EOL CI / EOL Units (Ⓐ2.17+py3.10) (push) Waiting to run
				
			EOL CI / EOL Units (Ⓐ2.17+py3.12) (push) Waiting to run
				
			EOL CI / EOL Units (Ⓐ2.17+py3.7) (push) Waiting to run
				
			EOL CI / EOL I (Ⓐ2.17+alpine319+py:azp/posix/1/) (push) Waiting to run
				
			EOL CI / EOL I (Ⓐ2.17+alpine319+py:azp/posix/2/) (push) Waiting to run
				
			EOL CI / EOL I (Ⓐ2.17+alpine319+py:azp/posix/3/) (push) Waiting to run
				
			EOL CI / EOL I (Ⓐ2.17+fedora39+py:azp/posix/1/) (push) Waiting to run
				
			EOL CI / EOL I (Ⓐ2.17+fedora39+py:azp/posix/2/) (push) Waiting to run
				
			EOL CI / EOL I (Ⓐ2.17+fedora39+py:azp/posix/3/) (push) Waiting to run
				
			EOL CI / EOL I (Ⓐ2.17+ubuntu2004+py:azp/posix/1/) (push) Waiting to run
				
			EOL CI / EOL I (Ⓐ2.17+ubuntu2004+py:azp/posix/2/) (push) Waiting to run
				
			EOL CI / EOL I (Ⓐ2.17+ubuntu2004+py:azp/posix/3/) (push) Waiting to run
				
			nox / Run extra sanity tests (push) Waiting to run
				
			* use f-strings in module utils * Apply suggestions from code review Co-authored-by: Felix Fontein <felix@fontein.de> * remove unused imports --------- Co-authored-by: Felix Fontein <felix@fontein.de>
		
			
				
	
	
		
			290 lines
		
	
	
	
		
			12 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			290 lines
		
	
	
	
		
			12 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| # This code is part of Ansible, but is an independent component.
 | |
| # This particular file snippet, and this file snippet only, is BSD licensed.
 | |
| # Modules you write using this snippet, which is embedded dynamically by Ansible
 | |
| # still belong to the author of the module, and may assign their own license
 | |
| # to the complete work.
 | |
| #
 | |
| # Copyright (c) 2017-present Alibaba Group Holding Limited. He Guimin <heguimin36@163.com>
 | |
| #
 | |
| # Simplified BSD License (see LICENSES/BSD-2-Clause.txt or https://opensource.org/licenses/BSD-2-Clause)
 | |
| # SPDX-License-Identifier: BSD-2-Clause
 | |
| 
 | |
| from __future__ import annotations
 | |
| 
 | |
| import os
 | |
| import json
 | |
| import traceback
 | |
| from ansible.module_utils.basic import env_fallback
 | |
| 
 | |
| try:
 | |
|     import footmark
 | |
|     import footmark.ecs
 | |
|     import footmark.slb
 | |
|     import footmark.vpc
 | |
|     import footmark.rds
 | |
|     import footmark.ess
 | |
|     import footmark.sts
 | |
|     import footmark.dns
 | |
|     import footmark.ram
 | |
|     import footmark.market
 | |
| 
 | |
|     FOOTMARK_IMP_ERR = None
 | |
|     HAS_FOOTMARK = True
 | |
| except ImportError:
 | |
|     FOOTMARK_IMP_ERR = traceback.format_exc()
 | |
|     HAS_FOOTMARK = False
 | |
| 
 | |
| 
 | |
| class AnsibleACSError(Exception):
 | |
|     pass
 | |
| 
 | |
| 
 | |
| def acs_common_argument_spec():
 | |
|     return dict(
 | |
|         alicloud_access_key=dict(aliases=['access_key_id', 'access_key'], no_log=True,
 | |
|                                  fallback=(env_fallback, ['ALICLOUD_ACCESS_KEY', 'ALICLOUD_ACCESS_KEY_ID'])),
 | |
|         alicloud_secret_key=dict(aliases=['secret_access_key', 'secret_key'], no_log=True,
 | |
|                                  fallback=(env_fallback, ['ALICLOUD_SECRET_KEY', 'ALICLOUD_SECRET_ACCESS_KEY'])),
 | |
|         alicloud_security_token=dict(aliases=['security_token'], no_log=True,
 | |
|                                      fallback=(env_fallback, ['ALICLOUD_SECURITY_TOKEN'])),
 | |
|         ecs_role_name=dict(aliases=['role_name'], fallback=(env_fallback, ['ALICLOUD_ECS_ROLE_NAME']))
 | |
|     )
 | |
| 
 | |
| 
 | |
| def ecs_argument_spec():
 | |
|     spec = acs_common_argument_spec()
 | |
|     spec.update(
 | |
|         dict(
 | |
|             alicloud_region=dict(required=True, aliases=['region', 'region_id'],
 | |
|                                  fallback=(env_fallback, ['ALICLOUD_REGION', 'ALICLOUD_REGION_ID'])),
 | |
|             alicloud_assume_role_arn=dict(fallback=(env_fallback, ['ALICLOUD_ASSUME_ROLE_ARN']),
 | |
|                                           aliases=['assume_role_arn']),
 | |
|             alicloud_assume_role_session_name=dict(fallback=(env_fallback, ['ALICLOUD_ASSUME_ROLE_SESSION_NAME']),
 | |
|                                                    aliases=['assume_role_session_name']),
 | |
|             alicloud_assume_role_session_expiration=dict(type='int',
 | |
|                                                          fallback=(env_fallback,
 | |
|                                                                    ['ALICLOUD_ASSUME_ROLE_SESSION_EXPIRATION']),
 | |
|                                                          aliases=['assume_role_session_expiration']),
 | |
|             alicloud_assume_role=dict(type='dict', aliases=['assume_role']),
 | |
|             profile=dict(fallback=(env_fallback, ['ALICLOUD_PROFILE'])),
 | |
|             shared_credentials_file=dict(fallback=(env_fallback, ['ALICLOUD_SHARED_CREDENTIALS_FILE']))
 | |
|         )
 | |
|     )
 | |
|     return spec
 | |
| 
 | |
| 
 | |
| def get_acs_connection_info(params):
 | |
| 
 | |
|     ecs_params = dict(acs_access_key_id=params.get('alicloud_access_key'),
 | |
|                       acs_secret_access_key=params.get('alicloud_secret_key'),
 | |
|                       security_token=params.get('alicloud_security_token'),
 | |
|                       ecs_role_name=params.get('ecs_role_name'),
 | |
|                       user_agent='Ansible-Provider-Alicloud')
 | |
|     return ecs_params
 | |
| 
 | |
| 
 | |
| def connect_to_acs(acs_module, region, **params):
 | |
|     conn = acs_module.connect_to_region(region, **params)
 | |
|     if not conn:
 | |
|         if region not in [acs_module_region.id for acs_module_region in acs_module.regions()]:
 | |
|             raise AnsibleACSError(
 | |
|                 f"Region {region} does not seem to be available for acs module {acs_module.__name__}.")
 | |
|         else:
 | |
|             raise AnsibleACSError(
 | |
|                 f"Unknown problem connecting to region {region} for acs module {acs_module.__name__}.")
 | |
|     return conn
 | |
| 
 | |
| 
 | |
| def get_assume_role(params):
 | |
|     """ Return new params """
 | |
|     sts_params = get_acs_connection_info(params)
 | |
|     assume_role = {}
 | |
|     if params.get('assume_role'):
 | |
|         assume_role['alicloud_assume_role_arn'] = params['assume_role'].get('role_arn')
 | |
|         assume_role['alicloud_assume_role_session_name'] = params['assume_role'].get('session_name')
 | |
|         assume_role['alicloud_assume_role_session_expiration'] = params['assume_role'].get('session_expiration')
 | |
|         assume_role['alicloud_assume_role_policy'] = params['assume_role'].get('policy')
 | |
| 
 | |
|     assume_role_params = {
 | |
|         'role_arn': params.get('alicloud_assume_role_arn') if params.get('alicloud_assume_role_arn') else assume_role.get('alicloud_assume_role_arn'),
 | |
|         'role_session_name': params.get('alicloud_assume_role_session_name') if params.get('alicloud_assume_role_session_name')
 | |
|         else assume_role.get('alicloud_assume_role_session_name'),
 | |
|         'duration_seconds': params.get('alicloud_assume_role_session_expiration') if params.get('alicloud_assume_role_session_expiration')
 | |
|         else assume_role.get('alicloud_assume_role_session_expiration', 3600),
 | |
|         'policy': assume_role.get('alicloud_assume_role_policy', {})
 | |
|     }
 | |
| 
 | |
|     try:
 | |
|         sts = connect_to_acs(footmark.sts, params.get('alicloud_region'), **sts_params).assume_role(**assume_role_params).read()
 | |
|         sts_params['acs_access_key_id'], sts_params['acs_secret_access_key'], sts_params['security_token'] \
 | |
|             = sts['access_key_id'], sts['access_key_secret'], sts['security_token']
 | |
|     except AnsibleACSError as e:
 | |
|         params.fail_json(msg=str(e))
 | |
|     return sts_params
 | |
| 
 | |
| 
 | |
| def get_profile(params):
 | |
|     if not params['alicloud_access_key'] and not params['ecs_role_name'] and params['profile']:
 | |
|         path = params['shared_credentials_file'] if params['shared_credentials_file'] else f"{os.getenv('HOME')}/.aliyun/config.json"
 | |
|         auth = {}
 | |
|         with open(path, 'r') as f:
 | |
|             for pro in json.load(f)['profiles']:
 | |
|                 if params['profile'] == pro['name']:
 | |
|                     auth = pro
 | |
|         if auth:
 | |
|             if auth['mode'] == 'AK' and auth.get('access_key_id') and auth.get('access_key_secret'):
 | |
|                 params['alicloud_access_key'] = auth.get('access_key_id')
 | |
|                 params['alicloud_secret_key'] = auth.get('access_key_secret')
 | |
|                 params['alicloud_region'] = auth.get('region_id')
 | |
|                 params = get_acs_connection_info(params)
 | |
|             elif auth['mode'] == 'StsToken' and auth.get('access_key_id') and auth.get('access_key_secret') and auth.get('sts_token'):
 | |
|                 params['alicloud_access_key'] = auth.get('access_key_id')
 | |
|                 params['alicloud_secret_key'] = auth.get('access_key_secret')
 | |
|                 params['security_token'] = auth.get('sts_token')
 | |
|                 params['alicloud_region'] = auth.get('region_id')
 | |
|                 params = get_acs_connection_info(params)
 | |
|             elif auth['mode'] == 'EcsRamRole':
 | |
|                 params['ecs_role_name'] = auth.get('ram_role_name')
 | |
|                 params['alicloud_region'] = auth.get('region_id')
 | |
|                 params = get_acs_connection_info(params)
 | |
|             elif auth['mode'] == 'RamRoleArn' and auth.get('ram_role_arn'):
 | |
|                 params['alicloud_access_key'] = auth.get('access_key_id')
 | |
|                 params['alicloud_secret_key'] = auth.get('access_key_secret')
 | |
|                 params['security_token'] = auth.get('sts_token')
 | |
|                 params['ecs_role_name'] = auth.get('ram_role_name')
 | |
|                 params['alicloud_assume_role_arn'] = auth.get('ram_role_arn')
 | |
|                 params['alicloud_assume_role_session_name'] = auth.get('ram_session_name')
 | |
|                 params['alicloud_assume_role_session_expiration'] = auth.get('expired_seconds')
 | |
|                 params['alicloud_region'] = auth.get('region_id')
 | |
|                 params = get_assume_role(params)
 | |
|     elif params.get('alicloud_assume_role_arn') or params.get('assume_role'):
 | |
|         params = get_assume_role(params)
 | |
|     else:
 | |
|         params = get_acs_connection_info(params)
 | |
|     return params
 | |
| 
 | |
| 
 | |
| def ecs_connect(module):
 | |
|     """ Return an ecs connection"""
 | |
|     ecs_params = get_profile(module.params)
 | |
|     # If we have a region specified, connect to its endpoint.
 | |
|     region = module.params.get('alicloud_region')
 | |
|     if region:
 | |
|         try:
 | |
|             ecs = connect_to_acs(footmark.ecs, region, **ecs_params)
 | |
|         except AnsibleACSError as e:
 | |
|             module.fail_json(msg=str(e))
 | |
|     # Otherwise, no region so we fallback to the old connection method
 | |
|     return ecs
 | |
| 
 | |
| 
 | |
| def slb_connect(module):
 | |
|     """ Return an slb connection"""
 | |
|     slb_params = get_profile(module.params)
 | |
|     # If we have a region specified, connect to its endpoint.
 | |
|     region = module.params.get('alicloud_region')
 | |
|     if region:
 | |
|         try:
 | |
|             slb = connect_to_acs(footmark.slb, region, **slb_params)
 | |
|         except AnsibleACSError as e:
 | |
|             module.fail_json(msg=str(e))
 | |
|     # Otherwise, no region so we fallback to the old connection method
 | |
|     return slb
 | |
| 
 | |
| 
 | |
| def dns_connect(module):
 | |
|     """ Return an dns connection"""
 | |
|     dns_params = get_profile(module.params)
 | |
|     # If we have a region specified, connect to its endpoint.
 | |
|     region = module.params.get('alicloud_region')
 | |
|     if region:
 | |
|         try:
 | |
|             dns = connect_to_acs(footmark.dns, region, **dns_params)
 | |
|         except AnsibleACSError as e:
 | |
|             module.fail_json(msg=str(e))
 | |
|     # Otherwise, no region so we fallback to the old connection method
 | |
|     return dns
 | |
| 
 | |
| 
 | |
| def vpc_connect(module):
 | |
|     """ Return an vpc connection"""
 | |
|     vpc_params = get_profile(module.params)
 | |
|     # If we have a region specified, connect to its endpoint.
 | |
|     region = module.params.get('alicloud_region')
 | |
|     if region:
 | |
|         try:
 | |
|             vpc = connect_to_acs(footmark.vpc, region, **vpc_params)
 | |
|         except AnsibleACSError as e:
 | |
|             module.fail_json(msg=str(e))
 | |
|     # Otherwise, no region so we fallback to the old connection method
 | |
|     return vpc
 | |
| 
 | |
| 
 | |
| def rds_connect(module):
 | |
|     """ Return an rds connection"""
 | |
|     rds_params = get_profile(module.params)
 | |
|     # If we have a region specified, connect to its endpoint.
 | |
|     region = module.params.get('alicloud_region')
 | |
|     if region:
 | |
|         try:
 | |
|             rds = connect_to_acs(footmark.rds, region, **rds_params)
 | |
|         except AnsibleACSError as e:
 | |
|             module.fail_json(msg=str(e))
 | |
|     # Otherwise, no region so we fallback to the old connection method
 | |
|     return rds
 | |
| 
 | |
| 
 | |
| def ess_connect(module):
 | |
|     """ Return an ess connection"""
 | |
|     ess_params = get_profile(module.params)
 | |
|     # If we have a region specified, connect to its endpoint.
 | |
|     region = module.params.get('alicloud_region')
 | |
|     if region:
 | |
|         try:
 | |
|             ess = connect_to_acs(footmark.ess, region, **ess_params)
 | |
|         except AnsibleACSError as e:
 | |
|             module.fail_json(msg=str(e))
 | |
|     # Otherwise, no region so we fallback to the old connection method
 | |
|     return ess
 | |
| 
 | |
| 
 | |
| def sts_connect(module):
 | |
|     """ Return an sts connection"""
 | |
|     sts_params = get_profile(module.params)
 | |
|     # If we have a region specified, connect to its endpoint.
 | |
|     region = module.params.get('alicloud_region')
 | |
|     if region:
 | |
|         try:
 | |
|             sts = connect_to_acs(footmark.sts, region, **sts_params)
 | |
|         except AnsibleACSError as e:
 | |
|             module.fail_json(msg=str(e))
 | |
|     # Otherwise, no region so we fallback to the old connection method
 | |
|     return sts
 | |
| 
 | |
| 
 | |
| def ram_connect(module):
 | |
|     """ Return an ram connection"""
 | |
|     ram_params = get_profile(module.params)
 | |
|     # If we have a region specified, connect to its endpoint.
 | |
|     region = module.params.get('alicloud_region')
 | |
|     if region:
 | |
|         try:
 | |
|             ram = connect_to_acs(footmark.ram, region, **ram_params)
 | |
|         except AnsibleACSError as e:
 | |
|             module.fail_json(msg=str(e))
 | |
|     # Otherwise, no region so we fallback to the old connection method
 | |
|     return ram
 | |
| 
 | |
| 
 | |
| def market_connect(module):
 | |
|     """ Return an market connection"""
 | |
|     market_params = get_profile(module.params)
 | |
|     # If we have a region specified, connect to its endpoint.
 | |
|     region = module.params.get('alicloud_region')
 | |
|     if region:
 | |
|         try:
 | |
|             market = connect_to_acs(footmark.market, region, **market_params)
 | |
|         except AnsibleACSError as e:
 | |
|             module.fail_json(msg=str(e))
 | |
|     # Otherwise, no region so we fallback to the old connection method
 | |
|     return market
 |