Merge pull request #10237 from emonty/remove-auth-token

Remove auth token and port openstack module_utils changes to v2 tree
2024-09-14 20:13:21 +02:00 · 2015-04-01 12:20:59 -04:00 · 2015-04-01 12:20:59 -04:00 · 4dd233b0dd
commit 4dd233b0dd
parent b1ccb5989c 87c99b4675
3 changed files with 74 additions and 20 deletions
--- a/lib/ansible/module_utils/openstack.py
+++ b/lib/ansible/module_utils/openstack.py
@ -73,16 +73,19 @@ def openstack_find_nova_addresses(addresses, ext_tag, key_name=None):
 def openstack_full_argument_spec(**kwargs):
    spec = dict(
        cloud=dict(default=None),
-        auth_plugin=dict(default=None),
+        auth_type=dict(default=None),
        auth=dict(default=None),
-        auth_token=dict(default=None),
        region_name=dict(default=None),
        availability_zone=dict(default=None),
-        state=dict(default='present', choices=['absent', 'present']),
+        verify=dict(default=True, aliases=['validate_certs']),
+        cacert=dict(default=None),
+        cert=dict(default=None),
+        key=dict(default=None),
        wait=dict(default=True, type='bool'),
        timeout=dict(default=180, type='int'),
+        api_timeout=dict(default=None, type='int'),
        endpoint_type=dict(
-            default='publicURL', choices=['publicURL', 'internalURL']
+            default='public', choices=['public', 'internal', 'admin']
        )
    )
    spec.update(kwargs)
@ -94,10 +97,6 @@ def openstack_module_kwargs(**kwargs):
        required_one_of=[
            ['cloud', 'auth'],
        ],
-        mutually_exclusive=[
-            ['auth', 'auth_token'],
-            ['auth_plugin', 'auth_token'],
-        ],
    )
    for key in ('mutually_exclusive', 'required_together', 'required_one_of'):
        if key in kwargs:
--- a/lib/ansible/utils/module_docs_fragments/openstack.py
+++ b/lib/ansible/utils/module_docs_fragments/openstack.py
@ -34,17 +34,13 @@ options:
        this param will need to contain whatever parameters that auth plugin
        requires. This parameter is not needed if a named cloud is provided.
    required: false
-  auth_plugin:
+  auth_type:
    description:
      - Name of the auth plugin to use. If the cloud uses something other than
        password authentication, the name of the plugin should be indicated here
        and the contents of the I(auth) parameter should be updated accordingly.
    required: false
    default: password
-  auth_token:
-    description:
-      - An auth token obtained previously. If I(auth_token) is given,
-        I(auth) and I(auth_plugin) are not needed.
  region_name:
    description:
      - Name of the region.
@ -53,11 +49,6 @@ options:
    description:
      - Name of the availability zone.
    required: false
-  state:
-    description:
-      - Should the resource be present or absent.
-    choices: [present, absent]
-    default: present
  wait:
    description:
      - Should ansible wait until the requested resource is complete.
@ -69,12 +60,37 @@ options:
      - How long should ansible wait for the requested resource.
    required: false
    default: 180
+  api_timeout:
+    description:
+      - How long should the socket layer wait before timing out for API calls.
+        If this is omitted, nothing will be passed to the requests library.
+    required: false
+    default: None
+  validate_certs:
+    description:
+      - Whether or not SSL API requests should be verified.
+    required: false
+    default: True
+    aliases: ['verify']
+  cacert:
+    description:
+      - A path to a CA Cert bundle that can be used as part of verifying
+        SSL API requests.
+    required: false
+  cert:
+    description:
+      - A path to a client certificate to use as part of the SSL transaction
+    required: false
+  key:
+    description:
+      - A path to a client key to use as part of the SSL transaction
+    required: false
  endpoint_type:
    description:
      - Endpoint URL type to fetch from the service catalog.
-    choices: [publicURL, internalURL]
+    choices: [public, internal, admin]
    required: false
-    default: publicURL
+    default: public
 requirements:
  - shade
 notes:
--- a/v2/ansible/module_utils/openstack.py
+++ b/v2/ansible/module_utils/openstack.py
@ -30,6 +30,9 @@ import os


 def openstack_argument_spec():
+    # DEPRECATED: This argument spec is only used for the deprecated old
+    # OpenStack modules. It turns out that modern OpenStack auth is WAY
+    # more complex than this.
    # Consume standard OpenStack environment variables.
    # This is mainly only useful for ad-hoc command line operation as
    # in playbooks one would assume variables would be used appropriately
@ -67,3 +70,39 @@ def openstack_find_nova_addresses(addresses, ext_tag, key_name=None):
                    ret.append(interface_spec['addr'])
    return ret

+def openstack_full_argument_spec(**kwargs):
+    spec = dict(
+        cloud=dict(default=None),
+        auth_type=dict(default=None),
+        auth=dict(default=None),
+        region_name=dict(default=None),
+        availability_zone=dict(default=None),
+        verify=dict(default=True, aliases=['validate_certs']),
+        cacert=dict(default=None),
+        cert=dict(default=None),
+        key=dict(default=None),
+        wait=dict(default=True, type='bool'),
+        timeout=dict(default=180, type='int'),
+        api_timeout=dict(default=None, type='int'),
+        endpoint_type=dict(
+            default='public', choices=['public', 'internal', 'admin']
+        )
+    )
+    spec.update(kwargs)
+    return spec
+
+
+def openstack_module_kwargs(**kwargs):
+    ret = dict(
+        required_one_of=[
+            ['cloud', 'auth'],
+        ],
+    )
+    for key in ('mutually_exclusive', 'required_together', 'required_one_of'):
+        if key in kwargs:
+            if key in ret:
+                ret[key].extend(kwargs[key])
+            else:
+                ret[key] = kwargs[key]
+
+    return ret