mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
0a904d60cd
Add new consul modules and reuse code between them. (#7878)
Refactored consul modules and added new roles.
(cherry picked from commit 29f9865497
)
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
108 lines
3.2 KiB
Python
108 lines
3.2 KiB
Python
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
#
|
|
# Copyright (c) 2024, Florian Apolloner (@apollo13)
|
|
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
from __future__ import absolute_import, division, print_function
|
|
|
|
__metaclass__ = type
|
|
|
|
DOCUMENTATION = """
|
|
module: consul_acl_bootstrap
|
|
short_description: Bootstrap ACLs in Consul
|
|
version_added: 8.3.0
|
|
description:
|
|
- Allows bootstrapping of ACLs in a Consul cluster, see
|
|
U(https://developer.hashicorp.com/consul/api-docs/acl#bootstrap-acls) for details.
|
|
author:
|
|
- Florian Apolloner (@apollo13)
|
|
extends_documentation_fragment:
|
|
- community.general.consul
|
|
- community.general.attributes
|
|
attributes:
|
|
check_mode:
|
|
support: none
|
|
diff_mode:
|
|
support: none
|
|
options:
|
|
state:
|
|
description:
|
|
- Whether the token should be present or absent.
|
|
choices: ['present', 'bootstrapped']
|
|
default: present
|
|
type: str
|
|
bootstrap_secret:
|
|
description:
|
|
- The secret to be used as secret ID for the initial token.
|
|
- Needs to be an UUID.
|
|
type: str
|
|
"""
|
|
|
|
EXAMPLES = """
|
|
- name: Bootstrap the ACL system
|
|
community.general.consul_acl_bootstrap:
|
|
bootstrap_secret: 22eaeed1-bdbd-4651-724e-42ae6c43e387
|
|
"""
|
|
|
|
RETURN = """
|
|
result:
|
|
description:
|
|
- The bootstrap result as returned by the consul HTTP API.
|
|
- "B(Note:) If O(bootstrap_secret) has been specified the C(SecretID) and
|
|
C(ID) will not contain the secret but C(VALUE_SPECIFIED_IN_NO_LOG_PARAMETER).
|
|
If you pass O(bootstrap_secret), make sure your playbook/role does not depend
|
|
on this return value!"
|
|
returned: changed
|
|
type: dict
|
|
sample:
|
|
AccessorID: 834a5881-10a9-a45b-f63c-490e28743557
|
|
CreateIndex: 25
|
|
CreateTime: '2024-01-21T20:26:27.114612038+01:00'
|
|
Description: Bootstrap Token (Global Management)
|
|
Hash: X2AgaFhnQGRhSSF/h0m6qpX1wj/HJWbyXcxkEM/5GrY=
|
|
ID: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
|
|
Local: false
|
|
ModifyIndex: 25
|
|
Policies:
|
|
- ID: 00000000-0000-0000-0000-000000000001
|
|
Name: global-management
|
|
SecretID: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
|
|
"""
|
|
|
|
from ansible.module_utils.basic import AnsibleModule
|
|
from ansible_collections.community.general.plugins.module_utils.consul import (
|
|
AUTH_ARGUMENTS_SPEC,
|
|
RequestError,
|
|
_ConsulModule,
|
|
)
|
|
|
|
_ARGUMENT_SPEC = {
|
|
"state": dict(type="str", choices=["present", "bootstrapped"], default="present"),
|
|
"bootstrap_secret": dict(type="str", no_log=True),
|
|
}
|
|
_ARGUMENT_SPEC.update(AUTH_ARGUMENTS_SPEC)
|
|
_ARGUMENT_SPEC.pop("token")
|
|
|
|
|
|
def main():
|
|
module = AnsibleModule(_ARGUMENT_SPEC)
|
|
consul_module = _ConsulModule(module)
|
|
|
|
data = {}
|
|
if "bootstrap_secret" in module.params:
|
|
data["BootstrapSecret"] = module.params["bootstrap_secret"]
|
|
|
|
try:
|
|
response = consul_module.put("acl/bootstrap", data=data)
|
|
except RequestError as e:
|
|
if e.status == 403 and b"ACL bootstrap no longer allowed" in e.response_data:
|
|
return module.exit_json(changed=False)
|
|
raise
|
|
else:
|
|
return module.exit_json(changed=True, result=response)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|