-
Notifications
You must be signed in to change notification settings - Fork 1
/
troclapi.py
296 lines (248 loc) · 7.09 KB
/
troclapi.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import requests
import ansible
from ansible.module_utils.basic import AnsibleModule
from packaging import version
# Import json and yaml as custom names to avoid lib
# issues with Ansible
import json as lib_json
import yaml as lib_yaml
# Only required for Ansible >= 2.12, else we can pass
try:
from ansible.module_utils.common import json
from ansible.module_utils.common import yaml
except:
pass
DOCUMENTATION = '''
---
module: trolcapi
short_description: "Troclapi usage for Ansible"
description:
- "Ansible module to connect to troclapi. Please see api documentation for more informations https://claranet.pages.fr.clara.net/rmp/cs-webops-ga/puppet/tools/projects/troclapi/" # noqa: E501
author: Fe80
options:
token:
description: "admin troclapi token"
default: "{ 'credentials': secret, 'vautl_pass': '/etc/ansible/vault_pass.py', 'vault': False } secret variable is define on module script"
required: false
type: dict
url:
description: "troclapi url"
default: "https:// + NDD variable on module script"
required: false
type: str
action:
description: "trocla action"
choices:
- get
- create
- set
- reset
- delete
default: get
required: false
type: str
key:
description: "trocla key name"
default: None
required: true
type: str
format:
description: "trocla format key"
default: plain
required: false
type: str
render:
description: "render option for get value"
choices:
- certonly
- keyonly
default: None
required: false
type: str
options:
description: "trocla options, see api documentation for more information"
type: dict
required: false
default: {}
'''
EXAMPLES = '''
- name: Get trocla plain value for key toto
troclapi:
key: toto
register: toto_trocla
delegate_to: localhost
become: false
- name: Show toto key value
debug:
msg: toto_trocla.value
- name: Get trocla x509 cert value for key bob
troclapi:
key: bob
render: certonly
register: bob_trocla
delegate_to: localhost
become: false
- name: Show bob x509 cert value
debug:
msg: bob_trocla.value
- name: Set msql alice key
troclapi:
key: alice
format: mysql
value: secretPassword
register: alice_trocla
delegate_to: localhost
become: false
- name: Show alice mysql cert value
debug:
msg: alice_trocla.value
'''
_ansible_ver = float('.'.join(ansible.__version__.split('.')[:2]))
secret = '''$ANSIBLE_VAULT;1.1;AES256
62366137333364653764653438356264336464633930336533636432313562323464656565313732
3130323362356338396539303236356134376439643666650a356134623630366665303435306439
34636365303539626666373161343734666133336361666662363166373630383231313034303938
3031326133396536610a353163393336376638393233313166633738343435316364646532383336
35333164393530393265376339363634336536336663316336613365653737343233306662356238
66313561343164363339306634303164336465346339336332383032366364323430316462396630
33336435323233316139643630373561363238303262626663343236393465653863646439313961
30373630336465383535
'''
NDD = 'troclapi.fr.clara.net'
METHODS = {
'get': 'GET',
'create': 'POST',
'set': 'PUT',
'reset': 'PATCH',
'delete': 'DELETE',
'search': None,
}
def _make_secrets(secret):
from ansible.constants import DEFAULT_VAULT_ID_MATCH
from ansible.parsing.vault import VaultSecret
return [(DEFAULT_VAULT_ID_MATCH, VaultSecret(secret))]
def decrypt(data, script):
import imp
from ansible.parsing.vault import VaultLib
vault_pass = imp.load_source('vault_pass', script)
password = vault_pass.get_password()
vault = VaultLib(_make_secrets(password))
decrypted = vault.decrypt(data)
return lib_yaml.load(decrypted, Loader=lib_yaml.SafeLoader)
def login(auth, url):
if auth['vault']:
a = decrypt(auth['credentials'], auth['vault_pass'])
else:
a = auth['credentials']
# Login
login = requests.post('{0}/login'.format(url), json=a)
_login = login.json()
# Return login result
if login.status_code != 200 or _login['success'] is False:
return False, _login, login.cookies
else:
return True, _login, login.cookies
def search(url, cookie, key):
method = 'GET'
endpoint = '/v1/search/'
# Run API call
result = requests.request(
method,
url + endpoint + requests.utils.quote(key),
cookies=cookie,
)
if result.status_code == 200:
if result.json()['success']:
# If is not Ok
return True, False, result.json()
else:
return False, True, result.json()
else:
# If is Ok
return False, True, result.json()
def default(url, cookie, action, params):
method = METHODS[action]
# Check if render
if method == 'GET' and bool(params['render']):
render = '/' + params.pop('render')
else:
render = ''
data = {} if method == 'GET' else params.pop('options')
# Define v1 endpoint
endpoint = '/v1/key/{0}/{1}{2}'.format(
requests.utils.quote(params['key']),
params['format'],
render
)
result = requests.request(
method,
url + endpoint,
cookies=cookie,
json=data
)
if result.status_code != 200 or result.json()['success'] is False:
return False, True, result.json()
else:
return True, False, result.json()
def troclapi(params, cookie):
url = params['url']
action = params['action'].lower()
if action == 'search':
return search(url, cookie, params['key'])
else:
return default(url, cookie, action, params)
def main():
spec = {
'auth': {
'default': {
'credentials': secret,
'vault_pass': '/etc/ansible/vault_pass.py',
'vault': True
},
'type': 'dict',
},
'url': {
'default': 'https://' + NDD,
'type': 'str',
},
'action': {
'default': 'get',
'type': 'str',
'choices': METHODS.keys(),
},
'key': {
'default': None,
'type': 'str',
'required': True
},
'format': {
'default': 'plain',
'type': 'str',
},
'render': {
'default': None,
'type': 'str',
'choises': ['certonly', 'keyonly'],
},
'options': {
'default': None,
'type': 'dict',
},
}
module = AnsibleModule(argument_spec=spec)
l, e, cookie = login(module.params.pop('auth'), module.params['url'])
if not l:
module.fail_json(msg='Troclapi connexion failed, see metadata', meta=e)
change, error, result = troclapi(module.params, cookie)
if error:
module.fail_json(msg='Error, see metadata', meta=result)
else:
if 'value' in result:
_v = result['value']
else:
_v = result
module.exit_json(changed=change, value=_v)
if __name__ == '__main__':
main()