#!/usr/bin/python # -*- coding: utf-8 -*- # Copyright: (c) 2019, Evgeniy Krysanov <evgeniy.krysanov@gmail.com> # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = r''' --- module: bitbucket_pipeline_key_pair short_description: Manages Bitbucket pipeline SSH key pair description: - Manages Bitbucket pipeline SSH key pair. author: - Evgeniy Krysanov (@catcombo) options: client_id: description: - OAuth consumer key. - If not set the environment variable C(BITBUCKET_CLIENT_ID) will be used. type: str client_secret: description: - OAuth consumer secret. - If not set the environment variable C(BITBUCKET_CLIENT_SECRET) will be used. type: str repository: description: - The repository name. type: str required: true username: description: - The repository owner. type: str required: true public_key: description: - The public key. type: str private_key: description: - The private key. type: str state: description: - Indicates desired state of the key pair. type: str required: true choices: [ absent, present ] notes: - Bitbucket OAuth consumer key and secret can be obtained from Bitbucket profile -> Settings -> Access Management -> OAuth. - Check mode is supported. ''' EXAMPLES = r''' - name: Create or update SSH key pair community.general.bitbucket_pipeline_key_pair: repository: 'bitbucket-repo' username: bitbucket_username public_key: '{{lookup("file", "bitbucket.pub") }}' private_key: '{{lookup("file", "bitbucket") }}' state: present - name: Remove SSH key pair community.general.bitbucket_pipeline_key_pair: repository: bitbucket-repo username: bitbucket_username state: absent ''' RETURN = r''' # ''' from ansible.module_utils.basic import AnsibleModule from ansible_collections.community.general.plugins.module_utils.source_control.bitbucket import BitbucketHelper error_messages = { 'invalid_params': 'Account, repository or SSH key pair was not found', 'required_keys': '`public_key` and `private_key` are required when the `state` is `present`', } BITBUCKET_API_ENDPOINTS = { 'ssh-key-pair': '%s/2.0/repositories/{username}/{repo_slug}/pipelines_config/ssh/key_pair' % BitbucketHelper.BITBUCKET_API_URL, } def get_existing_ssh_key_pair(module, bitbucket): """ Retrieves an existing ssh key pair from repository specified in module param `repository` :param module: instance of the :class:`AnsibleModule` :param bitbucket: instance of the :class:`BitbucketHelper` :return: existing key pair or None if not found :rtype: dict or None Return example:: { "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ...2E8HAeT", "type": "pipeline_ssh_key_pair" } """ api_url = BITBUCKET_API_ENDPOINTS['ssh-key-pair'].format( username=module.params['username'], repo_slug=module.params['repository'], ) info, content = bitbucket.request( api_url=api_url, method='GET', ) if info['status'] == 404: # Account, repository or SSH key pair was not found. return None return content def update_ssh_key_pair(module, bitbucket): info, content = bitbucket.request( api_url=BITBUCKET_API_ENDPOINTS['ssh-key-pair'].format( username=module.params['username'], repo_slug=module.params['repository'], ), method='PUT', data={ 'private_key': module.params['private_key'], 'public_key': module.params['public_key'], }, ) if info['status'] == 404: module.fail_json(msg=error_messages['invalid_params']) if info['status'] != 200: module.fail_json(msg='Failed to create or update pipeline ssh key pair : {0}'.format(info)) def delete_ssh_key_pair(module, bitbucket): info, content = bitbucket.request( api_url=BITBUCKET_API_ENDPOINTS['ssh-key-pair'].format( username=module.params['username'], repo_slug=module.params['repository'], ), method='DELETE', ) if info['status'] == 404: module.fail_json(msg=error_messages['invalid_params']) if info['status'] != 204: module.fail_json(msg='Failed to delete pipeline ssh key pair: {0}'.format(info)) def main(): argument_spec = BitbucketHelper.bitbucket_argument_spec() argument_spec.update( repository=dict(type='str', required=True), username=dict(type='str', required=True), public_key=dict(type='str'), private_key=dict(type='str', no_log=True), state=dict(type='str', choices=['present', 'absent'], required=True), ) module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=True, ) bitbucket = BitbucketHelper(module) state = module.params['state'] public_key = module.params['public_key'] private_key = module.params['private_key'] # Check parameters if ((public_key is None) or (private_key is None)) and (state == 'present'): module.fail_json(msg=error_messages['required_keys']) # Retrieve access token for authorized API requests bitbucket.fetch_access_token() # Retrieve existing ssh key key_pair = get_existing_ssh_key_pair(module, bitbucket) changed = False # Create or update key pair if (not key_pair or (key_pair.get('public_key') != public_key)) and (state == 'present'): if not module.check_mode: update_ssh_key_pair(module, bitbucket) changed = True # Delete key pair elif key_pair and (state == 'absent'): if not module.check_mode: delete_ssh_key_pair(module, bitbucket) changed = True module.exit_json(changed=changed) if __name__ == '__main__': main()