1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

This standardizes the apt_key module some

* improves error handling and reporting
* uses run_command to reduce code
* fails quicker on errors as opposed to return codes and tracebacks
* can now also specify the key as data versus needing to wget it from a file
This commit is contained in:
Michael DeHaan 2013-01-28 15:41:46 -05:00
parent 0bfec51a04
commit 4d8f3b0924
2 changed files with 82 additions and 103 deletions

View file

@ -677,7 +677,7 @@ class AnsibleModule(object):
self.set_context_if_different(src, context, False) self.set_context_if_different(src, context, False)
os.rename(src, dest) os.rename(src, dest)
def run_command(self, args, check_rc=False, close_fds=False, executable=None): def run_command(self, args, check_rc=False, close_fds=False, executable=None, data=None):
''' '''
Execute a command, returns rc, stdout, and stderr. Execute a command, returns rc, stdout, and stderr.
args is the command to run args is the command to run
@ -700,12 +700,20 @@ class AnsibleModule(object):
self.fail_json(rc=257, cmd=args, msg=msg) self.fail_json(rc=257, cmd=args, msg=msg)
rc = 0 rc = 0
msg = None msg = None
st_in = None
if data:
st_in = subprocess.PIPE
try: try:
cmd = subprocess.Popen(args, cmd = subprocess.Popen(args,
executable=executable, executable=executable,
shell=shell, shell=shell,
close_fds=close_fds, close_fds=close_fds,
stdout=subprocess.PIPE, stderr=subprocess.PIPE) stdin=st_in,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
if data:
cmd.stdin.write(data)
cmd.stdin.write('\\n')
out, err = cmd.communicate() out, err = cmd.communicate()
rc = cmd.returncode rc = cmd.returncode
except (OSError, IOError), e: except (OSError, IOError), e:

View file

@ -22,7 +22,7 @@
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: apt_key module: apt_key
author: Jayson Vantuyl author: Jayson Vantuyl & others
version_added: 1.0 version_added: 1.0
short_description: Add or remove an apt key short_description: Add or remove an apt key
description: description:
@ -59,145 +59,116 @@ examples:
description: Remove a Apt specific signing key description: Remove a Apt specific signing key
''' '''
# FIXME: standardize into module_common
from urllib2 import urlopen, URLError from urllib2 import urlopen, URLError
from traceback import format_exc from traceback import format_exc
from subprocess import Popen, PIPE, call
from re import compile as re_compile from re import compile as re_compile
# FIXME: standardize into module_common
from distutils.spawn import find_executable from distutils.spawn import find_executable
from os import environ from os import environ
from sys import exc_info from sys import exc_info
import traceback
match_key = re_compile("^gpg:.*key ([0-9a-fA-F]+):.*$") match_key = re_compile("^gpg:.*key ([0-9a-fA-F]+):.*$")
REQUIRED_EXECUTABLES=['gpg', 'grep', 'apt-key'] REQUIRED_EXECUTABLES=['gpg', 'grep', 'apt-key']
def find_missing_binaries(): def check_missing_binaries(module):
return [missing for missing in REQUIRED_EXECUTABLES if not find_executable(missing)] missing = [e for e in REQUIRED_EXECUTABLES if not find_executable(e)]
if len(missing):
module.fail_json(msg="binaries are missing", names=all)
def all_keys(module):
(rc, out, err) = module.run_command("apt-key list")
results = []
lines = out.split('\n')
for line in lines:
if line.startswith("pub"):
tokens = line.split()
code = tokens[1]
(len_type, real_code) = code.split("/")
results.append(real_code)
return results
def get_key_ids(key_data): def key_present(module, key_id):
p = Popen("gpg --list-only --import -", shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE) (rc, out, err) = module.run_command("apt-key list | 2>&1 grep -q %s" % key_id)
(stdo, stde) = p.communicate(key_data) return rc == 0
if p.returncode > 0: def download_key(module, url):
raise Exception("error running GPG to retrieve keys") # FIXME: move get_url code to common, allow for in-memory D/L, support proxies
# and reuse here
output = stdo + stde
for line in output.split('\n'):
match = match_key.match(line)
if match:
yield match.group(1)
def key_present(key_id):
return call("apt-key list | 2>&1 grep -q %s" % key_id, shell=True) == 0
def download_key(url):
if url is None: if url is None:
raise Exception("Needed URL but none specified") module.fail_json(msg="needed a URL but was not specified")
connection = urlopen(url) try:
if connection is None: connection = urlopen(url)
raise Exception("error connecting to download key from %r" % url) if connection is None:
return connection.read() module.fail_json("error connecting to download key from url")
data = connection.read()
return data
except:
module.fail_json(msg="error getting key id from url", traceback=format_exc())
def add_key(key): def add_key(module, key):
p = Popen("apt-key add -", shell=True, stdin=PIPE, stdout=PIPE, stderr=PIPE) cmd = "apt-key add -"
(_, _) = p.communicate(key) (rc, out, err) = module.run_command(cmd, data=key, check_rc=True)
return True
return p.returncode == 0
def remove_key(key_id): def remove_key(key_id):
return call('apt-key del %s' % key_id, shell=True) == 0 # FIXME: use module.run_command, fail at point of error and don't discard useful stdin/stdout
cmd = 'apt-key del %s'
(rc, out, err) = module.run_command(cmd, check_rc=True)
def return_values(tb=False): return True
if tb:
return {'exception': format_exc()}
else:
return {}
def main(): def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=dict( argument_spec=dict(
id=dict(required=False, default=None), id=dict(required=False, default=None),
url=dict(required=False), url=dict(required=False),
data=dict(required=False),
key=dict(required=False),
state=dict(required=False, choices=['present', 'absent'], default='present') state=dict(required=False, choices=['present', 'absent'], default='present')
) ),
) )
expected_key_id = module.params['id'] key_id = module.params['id']
url = module.params['url'] url = module.params['url']
state = module.params['state'] data = module.params['data']
changed = False state = module.params['state']
changed = False
# FIXME: I think we have a common facility for this, if not, want
check_missing_binaries(module)
missing = find_missing_binaries() keys = all_keys(module)
if missing:
module.fail_json(msg="can't find needed binaries to run", missing=missing,
**return_values())
if state == 'present': if state == 'present':
if expected_key_id and key_present(expected_key_id): if key_id and key_id in keys:
# key is present, nothing to do module.exit_json(changed=False)
pass
else: else:
# download key if not data:
try: data = download_key(module, url)
key = download_key(url) if key_id and key_id in keys:
(key_id,) = tuple(get_key_ids(key)) # TODO: support multiple key ids? module.exit_json(changed=False)
except Exception:
module.fail_json(
msg="error getting key id from url",
**return_values(True)
)
# sanity check downloaded key
if expected_key_id and key_id != expected_key_id:
module.fail_json(
msg="expected key id %s, got key id %s" % (expected_key_id, key_id),
**return_values()
)
# actually add key
if key_present(key_id):
changed=False
elif add_key(key):
changed=True
else: else:
module.fail_json( add_key(module, data)
msg="failed to add key id %s" % key_id, changed=False
**return_values() keys2 = all_keys(module)
) if len(keys) != len(keys2):
changed=True
if key_id and not key_id in keys2:
module.fail_json(msg="key does not seem to have been added", id=key_id)
module.exit_json(changed=changed)
elif state == 'absent': elif state == 'absent':
# optionally download the key and get the id if not key_id:
if not expected_key_id: module.fail_json(msg="key is required")
try: if key_id in keys:
key = download_key(url)
(key_id,) = tuple(get_key_ids(key)) # TODO: support multiple key ids?
except Exception:
module.fail_json(
msg="error getting key id from url",
**return_values(True)
)
else:
key_id = expected_key_id
# actually remove key
if key_present(key_id):
if remove_key(key_id): if remove_key(key_id):
changed=True changed=True
else: else:
# FIXME: module.fail_json or exit-json immediately at point of failure
module.fail_json(msg="error removing key_id", **return_values(True)) module.fail_json(msg="error removing key_id", **return_values(True))
else:
module.fail_json(
msg="unexpected state: %s" % state,
**return_values()
)
module.exit_json(changed=changed, **return_values()) module.exit_json(changed=changed, **return_values())