1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/plugins/modules/clustering/etcd3.py
Felix Fontein 53cf06bf46
Tidy up sanity checks (2021/Batch 3 - who's counting) (#1885) (#1911)
* fixed validation-modules for plugins/modules/packaging/language/pip_package_info.py

* fixed validation-modules for plugins/modules/packaging/language/maven_artifact.py

* fixed validation-modules for plugins/modules/packaging/language/bundler.py

* fixed validation-modules for plugins/modules/notification/pushbullet.py

* fixed validation-modules for plugins/modules/monitoring/sensu/sensu_handler.py

* fixed validation-modules for plugins/modules/monitoring/sensu/sensu_check.py

* fixed validation-modules for plugins/modules/monitoring/sensu/sensu_client.py

* fixed validation-modules for plugins/modules/monitoring/icinga2_host.py

* fixed validation-modules for plugins/modules/monitoring/datadog/datadog_monitor.py

* fixed validation-modules for plugins/modules/monitoring/datadog/datadog_event.py

* fixed validation-modules for plugins/modules/clustering/znode.py

* fixed validation-modules for plugins/modules/clustering/etcd3.py

* fixed validation-modules for plugins/modules/clustering/consul/consul_session.py

* fixed validation-modules for plugins/modules/clustering/consul/consul_kv.py

* fixed validation-modules for plugins/modules/clustering/consul/consul.py

* fixed validation-modules for plugins/modules/cloud/profitbricks/profitbricks.py

* fixed validation-modules for plugins/modules/cloud/profitbricks/profitbricks_volume.py

* fixed validation-modules for plugins/modules/cloud/packet/packet_sshkey.py

* fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_server.py

* fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_private_network.py

* fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py

* fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_load_balancer.py

* fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_firewall_policy.py

* fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_app.py

* fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_db.py

* fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_domain.py

* fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_mailbox.py

* fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_site.py

* fixed validation-modules for plugins/modules/remote_management/lxca/lxca_cmms.py

* fixed validation-modules for plugins/modules/remote_management/lxca/lxca_nodes.py

* missed one "elements" in sensu_handler

* Tidy up batch of sanity checks ignore lines

* missed lines in ignore-2.9.txt

* fixed validation-modules for plugins/modules/clustering/consul/consul_acl.py

* Update ignore-2.9.txt

Removed consul_acl.py from ignore-2.9.txt

* Apply suggestions from code review

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/modules/notification/pushbullet.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* added changelog fragment

* Update plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py

* Update changelogs/fragments/1885-sanity-check-fixes-batch3.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
(cherry picked from commit 76d9fe4ec6)

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
2021-02-26 11:23:29 +00:00

251 lines
8.3 KiB
Python

#!/usr/bin/python
#
# (c) 2018, Jean-Philippe Evrard <jean-philippe@evrard.me>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = '''
---
module: etcd3
short_description: "Set or delete key value pairs from an etcd3 cluster"
requirements:
- etcd3
description:
- Sets or deletes values in etcd3 cluster using its v3 api.
- Needs python etcd3 lib to work
options:
key:
type: str
description:
- the key where the information is stored in the cluster
required: true
value:
type: str
description:
- the information stored
required: true
host:
type: str
description:
- the IP address of the cluster
default: 'localhost'
port:
type: int
description:
- the port number used to connect to the cluster
default: 2379
state:
type: str
description:
- the state of the value for the key.
- can be present or absent
required: true
choices: [ present, absent ]
user:
type: str
description:
- The etcd user to authenticate with.
password:
type: str
description:
- The password to use for authentication.
- Required if I(user) is defined.
ca_cert:
type: path
description:
- The Certificate Authority to use to verify the etcd host.
- Required if I(client_cert) and I(client_key) are defined.
client_cert:
type: path
description:
- PEM formatted certificate chain file to be used for SSL client authentication.
- Required if I(client_key) is defined.
client_key:
type: path
description:
- PEM formatted file that contains your private key to be used for SSL client authentication.
- Required if I(client_cert) is defined.
timeout:
type: int
description:
- The socket level timeout in seconds.
author:
- Jean-Philippe Evrard (@evrardjp)
- Victor Fauth (@vfauth)
'''
EXAMPLES = """
- name: Store a value "bar" under the key "foo" for a cluster located "http://localhost:2379"
community.general.etcd3:
key: "foo"
value: "baz3"
host: "localhost"
port: 2379
state: "present"
- name: Authenticate using user/password combination with a timeout of 10 seconds
community.general.etcd3:
key: "foo"
value: "baz3"
state: "present"
user: "someone"
password: "password123"
timeout: 10
- name: Authenticate using TLS certificates
community.general.etcd3:
key: "foo"
value: "baz3"
state: "present"
ca_cert: "/etc/ssl/certs/CA_CERT.pem"
client_cert: "/etc/ssl/certs/cert.crt"
client_key: "/etc/ssl/private/key.pem"
"""
RETURN = '''
key:
description: The key that was queried
returned: always
type: str
old_value:
description: The previous value in the cluster
returned: always
type: str
'''
import traceback
from ansible.module_utils.basic import AnsibleModule, missing_required_lib
from ansible.module_utils._text import to_native
try:
import etcd3
HAS_ETCD = True
except ImportError:
ETCD_IMP_ERR = traceback.format_exc()
HAS_ETCD = False
def run_module():
# define the available arguments/parameters that a user can pass to
# the module
module_args = dict(
key=dict(type='str', required=True),
value=dict(type='str', required=True),
host=dict(type='str', default='localhost'),
port=dict(type='int', default=2379),
state=dict(type='str', required=True, choices=['present', 'absent']),
user=dict(type='str'),
password=dict(type='str', no_log=True),
ca_cert=dict(type='path'),
client_cert=dict(type='path'),
client_key=dict(type='path'),
timeout=dict(type='int'),
)
# seed the result dict in the object
# we primarily care about changed and state
# change is if this module effectively modified the target
# state will include any data that you want your module to pass back
# for consumption, for example, in a subsequent task
result = dict(
changed=False,
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=True,
required_together=[['client_cert', 'client_key'], ['user', 'password']],
)
# It is possible to set `ca_cert` to verify the server identity without
# setting `client_cert` or `client_key` to authenticate the client
# so required_together is enough
# Due to `required_together=[['client_cert', 'client_key']]`, checking the presence
# of either `client_cert` or `client_key` is enough
if module.params['ca_cert'] is None and module.params['client_cert'] is not None:
module.fail_json(msg="The 'ca_cert' parameter must be defined when 'client_cert' and 'client_key' are present.")
result['key'] = module.params.get('key')
module.params['cert_cert'] = module.params.pop('client_cert')
module.params['cert_key'] = module.params.pop('client_key')
if not HAS_ETCD:
module.fail_json(msg=missing_required_lib('etcd3'), exception=ETCD_IMP_ERR)
allowed_keys = ['host', 'port', 'ca_cert', 'cert_cert', 'cert_key',
'timeout', 'user', 'password']
# TODO(evrardjp): Move this back to a dict comprehension when python 2.7 is
# the minimum supported version
# client_params = {key: value for key, value in module.params.items() if key in allowed_keys}
client_params = dict()
for key, value in module.params.items():
if key in allowed_keys:
client_params[key] = value
try:
etcd = etcd3.client(**client_params)
except Exception as exp:
module.fail_json(msg='Cannot connect to etcd cluster: %s' % (to_native(exp)),
exception=traceback.format_exc())
try:
cluster_value = etcd.get(module.params['key'])
except Exception as exp:
module.fail_json(msg='Cannot reach data: %s' % (to_native(exp)),
exception=traceback.format_exc())
# Make the cluster_value[0] a string for string comparisons
result['old_value'] = to_native(cluster_value[0])
if module.params['state'] == 'absent':
if cluster_value[0] is not None:
if module.check_mode:
result['changed'] = True
else:
try:
etcd.delete(module.params['key'])
except Exception as exp:
module.fail_json(msg='Cannot delete %s: %s' % (module.params['key'], to_native(exp)),
exception=traceback.format_exc())
else:
result['changed'] = True
elif module.params['state'] == 'present':
if result['old_value'] != module.params['value']:
if module.check_mode:
result['changed'] = True
else:
try:
etcd.put(module.params['key'], module.params['value'])
except Exception as exp:
module.fail_json(msg='Cannot add or edit key %s: %s' % (module.params['key'], to_native(exp)),
exception=traceback.format_exc())
else:
result['changed'] = True
else:
module.fail_json(msg="State not recognized")
# manipulate or modify the state as needed (this is going to be the
# part where your module will do what it needs to do)
# during the execution of the module, if there is an exception or a
# conditional state that effectively causes a failure, run
# AnsibleModule.fail_json() to pass in the message and the result
# in the event of a successful module execution, you will want to
# simple AnsibleModule.exit_json(), passing the key/value results
module.exit_json(**result)
def main():
run_module()
if __name__ == '__main__':
main()