community.general/plugins/modules/consul_binding_rule.py

#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright (c) 2024, Florian Apolloner (@apollo13)
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later

from __future__ import absolute_import, division, print_function

__metaclass__ = type

DOCUMENTATION = """
module: consul_binding_rule
short_description: Manipulate Consul binding rules
version_added: 8.3.0
description:
 - Allows the addition, modification and deletion of binding rules in a consul
   cluster via the agent. For more details on using and configuring binding rules,
   see U(https://developer.hashicorp.com/consul/api-docs/acl/binding-rules).
author:
  - Florian Apolloner (@apollo13)
extends_documentation_fragment:
  - community.general.consul
  - community.general.consul.actiongroup_consul
  - community.general.consul.token
  - community.general.attributes
attributes:
  check_mode:
    support: full
  diff_mode:
    support: partial
    details:
      - In check mode the diff will miss operational attributes.
options:
  state:
    description:
      - Whether the binding rule should be present or absent.
    choices: ['present', 'absent']
    default: present
    type: str
  name:
    description:
      - Specifies a name for the binding rule.
      - 'Note: This is used to identify the binding rule. But since the API does not support a name, it is prefixed to the description.'
    type: str
    required: true
  description:
    description:
      - Free form human readable description of the binding rule.
    type: str
  auth_method:
    description:
      - The name of the auth method that this rule applies to.
    type: str
    required: true
  selector:
    description:
      - Specifies the expression used to match this rule against valid identities returned from an auth method validation.
      - If empty this binding rule matches all valid identities returned from the auth method.
    type: str
  bind_type:
    description:
      - Specifies the way the binding rule affects a token created at login.
    type: str
    choices: [service, node, role, templated-policy]
  bind_name:
    description:
      - The name to bind to a token at login-time.
      - What it binds to can be adjusted with different values of the O(bind_type) parameter.
    type: str
  bind_vars:
    description:
      - Specifies the templated policy variables when O(bind_type) is set to V(templated-policy).
    type: dict
"""

EXAMPLES = """
- name: Create a binding rule
  community.general.consul_binding_rule:
    name: my_name
    description: example rule
    auth_method: minikube
    bind_type: service
    bind_name: "{{ serviceaccount.name }}"
    token: "{{ consul_management_token }}"

- name: Remove a binding rule
  community.general.consul_binding_rule:
    name: my_name
    auth_method: minikube
    state: absent
"""

RETURN = """
binding_rule:
  description: The binding rule as returned by the consul HTTP API.
  returned: always
  type: dict
  sample:
    Description: "my_name: example rule"
    AuthMethod: minikube
    Selector: serviceaccount.namespace==default
    BindType: service
    BindName: "{{ serviceaccount.name }}"
    CreateIndex: 30
    ID: 59c8a237-e481-4239-9202-45f117950c5f
    ModifyIndex: 33
operation:
  description: The operation performed.
  returned: changed
  type: str
  sample: update
"""


from ansible.module_utils.basic import AnsibleModule
from ansible_collections.community.general.plugins.module_utils.consul import (
    AUTH_ARGUMENTS_SPEC,
    RequestError,
    _ConsulModule,
)


class ConsulBindingRuleModule(_ConsulModule):
    api_endpoint = "acl/binding-rule"
    result_key = "binding_rule"
    unique_identifiers = ["id"]

    def read_object(self):
        url = "acl/binding-rules?authmethod={0}".format(self.params["auth_method"])
        try:
            results = self.get(url)
            for result in results:
                if result.get("Description").startswith(
                    "{0}: ".format(self.params["name"])
                ):
                    return result
        except RequestError as e:
            if e.status == 404:
                return
            elif e.status == 403 and b"ACL not found" in e.response_data:
                return
            raise

    def module_to_obj(self, is_update):
        obj = super(ConsulBindingRuleModule, self).module_to_obj(is_update)
        del obj["Name"]
        return obj

    def prepare_object(self, existing, obj):
        final = super(ConsulBindingRuleModule, self).prepare_object(existing, obj)
        name = self.params["name"]
        description = final.pop("Description", "").split(": ", 1)[-1]
        final["Description"] = "{0}: {1}".format(name, description)
        return final


_ARGUMENT_SPEC = {
    "name": dict(type="str", required=True),
    "description": dict(type="str"),
    "auth_method": dict(type="str", required=True),
    "selector": dict(type="str"),
    "bind_type": dict(
        type="str", choices=["service", "node", "role", "templated-policy"]
    ),
    "bind_name": dict(type="str"),
    "bind_vars": dict(type="dict"),
    "state": dict(default="present", choices=["present", "absent"]),
}
_ARGUMENT_SPEC.update(AUTH_ARGUMENTS_SPEC)


def main():
    module = AnsibleModule(
        _ARGUMENT_SPEC,
        supports_check_mode=True,
    )
    consul_module = ConsulBindingRuleModule(module)
    consul_module.execute()


if __name__ == "__main__":
    main()
Add new consul modules and reuse code between them. (#7878) Refactored consul modules and added new roles. 2024-01-27 10:22:44 +01:00			`#!/usr/bin/python`
			`# -- coding: utf-8 --`
			`#`
			`# Copyright (c) 2024, Florian Apolloner (@apollo13)`
			`# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)`
			`# SPDX-License-Identifier: GPL-3.0-or-later`

			`from __future__ import absolute_import, division, print_function`

			`__metaclass__ = type`

			`DOCUMENTATION = """`
			`module: consul_binding_rule`
			`short_description: Manipulate Consul binding rules`
			`version_added: 8.3.0`
			`description:`
			`- Allows the addition, modification and deletion of binding rules in a consul`
			`cluster via the agent. For more details on using and configuring binding rules,`
			`see U(https://developer.hashicorp.com/consul/api-docs/acl/binding-rules).`
			`author:`
			`- Florian Apolloner (@apollo13)`
			`extends_documentation_fragment:`
			`- community.general.consul`
Consul action group (#7897) Added action group for new style consul modules. 2024-01-27 10:58:41 +01:00			`- community.general.consul.actiongroup_consul`
Add new consul modules and reuse code between them. (#7878) Refactored consul modules and added new roles. 2024-01-27 10:22:44 +01:00			`- community.general.consul.token`
			`- community.general.attributes`
			`attributes:`
			`check_mode:`
			`support: full`
			`diff_mode:`
			`support: partial`
			`details:`
			`- In check mode the diff will miss operational attributes.`
			`options:`
			`state:`
			`description:`
			`- Whether the binding rule should be present or absent.`
			`choices: ['present', 'absent']`
			`default: present`
			`type: str`
			`name:`
			`description:`
			`- Specifies a name for the binding rule.`
			`- 'Note: This is used to identify the binding rule. But since the API does not support a name, it is prefixed to the description.'`
			`type: str`
			`required: true`
			`description:`
			`description:`
			`- Free form human readable description of the binding rule.`
			`type: str`
			`auth_method:`
			`description:`
			`- The name of the auth method that this rule applies to.`
			`type: str`
			`required: true`
			`selector:`
			`description:`
			`- Specifies the expression used to match this rule against valid identities returned from an auth method validation.`
			`- If empty this binding rule matches all valid identities returned from the auth method.`
			`type: str`
			`bind_type:`
			`description:`
			`- Specifies the way the binding rule affects a token created at login.`
			`type: str`
			`choices: [service, node, role, templated-policy]`
			`bind_name:`
			`description:`
			`- The name to bind to a token at login-time.`
			`- What it binds to can be adjusted with different values of the O(bind_type) parameter.`
			`type: str`
			`bind_vars:`
			`description:`
			`- Specifies the templated policy variables when O(bind_type) is set to V(templated-policy).`
			`type: dict`
			`"""`

			`EXAMPLES = """`
			`- name: Create a binding rule`
			`community.general.consul_binding_rule:`
			`name: my_name`
			`description: example rule`
			`auth_method: minikube`
			`bind_type: service`
			`bind_name: "{{ serviceaccount.name }}"`
			`token: "{{ consul_management_token }}"`

			`- name: Remove a binding rule`
			`community.general.consul_binding_rule:`
			`name: my_name`
			`auth_method: minikube`
			`state: absent`
			`"""`

			`RETURN = """`
			`binding_rule:`
			`description: The binding rule as returned by the consul HTTP API.`
			`returned: always`
			`type: dict`
			`sample:`
			`Description: "my_name: example rule"`
			`AuthMethod: minikube`
			`Selector: serviceaccount.namespace==default`
			`BindType: service`
			`BindName: "{{ serviceaccount.name }}"`
			`CreateIndex: 30`
			`ID: 59c8a237-e481-4239-9202-45f117950c5f`
			`ModifyIndex: 33`
			`operation:`
			`description: The operation performed.`
			`returned: changed`
			`type: str`
			`sample: update`
			`"""`


			`from ansible.module_utils.basic import AnsibleModule`
			`from ansible_collections.community.general.plugins.module_utils.consul import (`
			`AUTH_ARGUMENTS_SPEC,`
			`RequestError,`
			`_ConsulModule,`
			`)`


			`class ConsulBindingRuleModule(_ConsulModule):`
			`api_endpoint = "acl/binding-rule"`
			`result_key = "binding_rule"`
[PR #7989/03966624 backport][stable-9] Consul implement agent service and check (#8513) Consul implement agent service and check (#7989) * Implement agent service and check (#7987) * implement update of service and check * update tests update documentation * update documentation * add consul_agent_check/service to action_groups check if unique_identifier of name is in params to get object add suggested improvements * update sanity * fix sanity issues update documentation * fix naming * fix naming check if response_data has data * fix sanity extra-docs * add as ignore maintainer in BOTMETA.yml update version_added to 8.4 * fix sanity * add to maintainers * Update plugins/modules/consul_agent_check.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/consul_agent_check.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/consul_agent_check.py Co-authored-by: Felix Fontein <felix@fontein.de> * update version_added * if create and update return no object as result we read the object again * get_first_appearing_identifier check the params for the given identifier and return it to simplify id vs name * add unique_identifiers as a new property and a method to decide which identifier should be used * fix sanity * add self to team consul remove params with no values add operational_attributes that inherited classes can set them get identifier value from object * fix sanity fix test * remove the possibility to add checks with consul_agent_check. check if service has changed * remove tests for idempotency check because for checks it is not possible * remove unique_identifier from consul.py change unique_identifier to unique_identifiers * get id from params * Revert "remove unique_identifier from consul.py" This reverts commit a4f0d0220dd23e95871914b152c25ff352097a2c. * update version to 8.5 * Revert "Revert "remove unique_identifier from consul.py"" This reverts commit d2c35cf04c8aaf5f0175d772f862a796e22e35d4. * update description update test * fix sanity tests * fix sanity tests * update documentation for agent_check * fix line length * add documentation * fix sanity * simplified check for Tcp Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com> * check duration with regex * fix * update documentation --------- Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com> (cherry picked from commit 03966624ba1e647238d8807a8da89615760d1068) Co-authored-by: Ilgmi <michael.ilg@mailbox.org> 2024-06-16 10:10:45 +02:00			`unique_identifiers = ["id"]`
Add new consul modules and reuse code between them. (#7878) Refactored consul modules and added new roles. 2024-01-27 10:22:44 +01:00
			`def read_object(self):`
			`url = "acl/binding-rules?authmethod={0}".format(self.params["auth_method"])`
			`try:`
			`results = self.get(url)`
			`for result in results:`
			`if result.get("Description").startswith(`
			`"{0}: ".format(self.params["name"])`
			`):`
			`return result`
			`except RequestError as e:`
			`if e.status == 404:`
			`return`
			`elif e.status == 403 and b"ACL not found" in e.response_data:`
			`return`
			`raise`

			`def module_to_obj(self, is_update):`
			`obj = super(ConsulBindingRuleModule, self).module_to_obj(is_update)`
			`del obj["Name"]`
			`return obj`

			`def prepare_object(self, existing, obj):`
			`final = super(ConsulBindingRuleModule, self).prepare_object(existing, obj)`
			`name = self.params["name"]`
			`description = final.pop("Description", "").split(": ", 1)[-1]`
			`final["Description"] = "{0}: {1}".format(name, description)`
			`return final`


			`_ARGUMENT_SPEC = {`
			`"name": dict(type="str", required=True),`
			`"description": dict(type="str"),`
			`"auth_method": dict(type="str", required=True),`
			`"selector": dict(type="str"),`
			`"bind_type": dict(`
			`type="str", choices=["service", "node", "role", "templated-policy"]`
			`),`
			`"bind_name": dict(type="str"),`
			`"bind_vars": dict(type="dict"),`
			`"state": dict(default="present", choices=["present", "absent"]),`
			`}`
			`_ARGUMENT_SPEC.update(AUTH_ARGUMENTS_SPEC)`


			`def main():`
			`module = AnsibleModule(`
			`_ARGUMENT_SPEC,`
			`supports_check_mode=True,`
			`)`
			`consul_module = ConsulBindingRuleModule(module)`
			`consul_module.execute()`


			`if __name__ == "__main__":`
			`main()`