1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/plugins/modules/consul_acl_bootstrap.py
patchback[bot] 0a904d60cd
[PR #7878/29f98654 backport][stable-8] Add new consul modules and reuse code between them. (#7902)
Add new consul modules and reuse code between them. (#7878)

Refactored consul modules and added new roles.

(cherry picked from commit 29f9865497)

Co-authored-by: Florian Apolloner <florian@apolloner.eu>
2024-01-27 10:33:33 +01:00

108 lines
3.2 KiB
Python

#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright (c) 2024, Florian Apolloner (@apollo13)
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = """
module: consul_acl_bootstrap
short_description: Bootstrap ACLs in Consul
version_added: 8.3.0
description:
- Allows bootstrapping of ACLs in a Consul cluster, see
U(https://developer.hashicorp.com/consul/api-docs/acl#bootstrap-acls) for details.
author:
- Florian Apolloner (@apollo13)
extends_documentation_fragment:
- community.general.consul
- community.general.attributes
attributes:
check_mode:
support: none
diff_mode:
support: none
options:
state:
description:
- Whether the token should be present or absent.
choices: ['present', 'bootstrapped']
default: present
type: str
bootstrap_secret:
description:
- The secret to be used as secret ID for the initial token.
- Needs to be an UUID.
type: str
"""
EXAMPLES = """
- name: Bootstrap the ACL system
community.general.consul_acl_bootstrap:
bootstrap_secret: 22eaeed1-bdbd-4651-724e-42ae6c43e387
"""
RETURN = """
result:
description:
- The bootstrap result as returned by the consul HTTP API.
- "B(Note:) If O(bootstrap_secret) has been specified the C(SecretID) and
C(ID) will not contain the secret but C(VALUE_SPECIFIED_IN_NO_LOG_PARAMETER).
If you pass O(bootstrap_secret), make sure your playbook/role does not depend
on this return value!"
returned: changed
type: dict
sample:
AccessorID: 834a5881-10a9-a45b-f63c-490e28743557
CreateIndex: 25
CreateTime: '2024-01-21T20:26:27.114612038+01:00'
Description: Bootstrap Token (Global Management)
Hash: X2AgaFhnQGRhSSF/h0m6qpX1wj/HJWbyXcxkEM/5GrY=
ID: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
Local: false
ModifyIndex: 25
Policies:
- ID: 00000000-0000-0000-0000-000000000001
Name: global-management
SecretID: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
"""
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.community.general.plugins.module_utils.consul import (
AUTH_ARGUMENTS_SPEC,
RequestError,
_ConsulModule,
)
_ARGUMENT_SPEC = {
"state": dict(type="str", choices=["present", "bootstrapped"], default="present"),
"bootstrap_secret": dict(type="str", no_log=True),
}
_ARGUMENT_SPEC.update(AUTH_ARGUMENTS_SPEC)
_ARGUMENT_SPEC.pop("token")
def main():
module = AnsibleModule(_ARGUMENT_SPEC)
consul_module = _ConsulModule(module)
data = {}
if "bootstrap_secret" in module.params:
data["BootstrapSecret"] = module.params["bootstrap_secret"]
try:
response = consul_module.put("acl/bootstrap", data=data)
except RequestError as e:
if e.status == 403 and b"ACL bootstrap no longer allowed" in e.response_data:
return module.exit_json(changed=False)
raise
else:
return module.exit_json(changed=True, result=response)
if __name__ == "__main__":
main()