From 787ff00319c39d4ae20bb8fd49c87d964c0a2d09 Mon Sep 17 00:00:00 2001
From: Bombar Maxime <bombar@crans.org>
Date: Sun, 26 Apr 2020 17:54:18 +0200
Subject: [PATCH] [re2o_lookup] Use ansible configuration to override some
options.
---
ansible.cfg | 6 ++++++
lookup_plugins/re2oapi.py | 36 ++++++++++++++++++++++++++++++++----
2 files changed, 38 insertions(+), 4 deletions(-)
diff --git a/ansible.cfg b/ansible.cfg
index dfc04672..ec5d521e 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -39,3 +39,9 @@ retries = 3
# TO know what changed
always = yes
+[re2o]
+
+api_hostname = intranet.crans.org
+
+# Whether or not using vault_cranspasswords
+use_cpasswords = True
diff --git a/lookup_plugins/re2oapi.py b/lookup_plugins/re2oapi.py
index a8b64db6..b378d559 100644
--- a/lookup_plugins/re2oapi.py
+++ b/lookup_plugins/re2oapi.py
@@ -13,6 +13,7 @@ import requests
import stat
import json
import collections
+from configparser import ConfigParser
from ansible.module_utils._text import to_native
from ansible.plugins.lookup import LookupBase
@@ -21,6 +22,7 @@ from ansible.errors import (AnsibleError,
AnsibleLookupError,
)
from ansible.utils.display import Display
+from ansible.config.manager import ConfigManager
# Ansible Logger to stdout
display = Display()
@@ -317,14 +319,19 @@ class LookupModule(LookupBase):
If a term is not in the previous list, make a raw query to the API
with endpoint term.
+ It uses arguments api_hostname, api_username, api_password to connect
+ to the API. api_hostname can also be defined in ansible configuration file
+ (e.g. ansible.cfg) in section re2o. It overrides the values set when the
+ plugin is called.
+
Usage:
The following play will use the debug module to output
- all the zone names managed by Crans.
+ all the DNS zone names, querying the API hostname defined in configuration.
- hosts: sputnik.adm.crans.org
vars:
- dnszones: "{{ lookup('re2oapi', 'dnszones', api_hostname='intranet.crans.org') }}"
+ dnszones: "{{ lookup('re2oapi', 'dnszones') }}"
tasks:
- debug: var=dnszones
"""
@@ -343,12 +350,33 @@ class LookupModule(LookupBase):
:returns: A list of results to the specific queries.
"""
+ config_manager = ConfigManager()
+ config_file = config_manager.data.get_setting(name="CONFIG_FILE").value
+ config = ConfigParser()
+ config.read(config_file)
+
+ use_cpasswords = False
+
+ if config.has_section("re2o"):
+ display.vvv("Found section re2o in configuration file")
+ if config.has_option("re2o", "api_hostname"):
+ display.vvv("Found option api_hostname in config file")
+ api_hostname = config.get("re2o", "api_hostname")
+ display.vvv("Override api_hostname with {} from configuration"
+ .format(api_hostname))
+ if config.has_option("re2o", "use_cpasswords"):
+ display.vvv("Found option use_cpasswords in config file")
+ use_cpasswords = config.getboolean("re2o", "use_cpasswords")
+ display.vvv("Override api_hostname with {} from configuration"
+ .format(use_cpasswords))
+
if api_hostname is None:
raise AnsibleError(to_native(
'You must specify a hostname to contact re2oAPI'
))
- if api_username is None and api_password is None:
+ if api_username is None and api_password is None and use_cpasswords:
+ display.vvv("Use cpasswords vault to get API credentials.")
api_username = variables.get('vault_re2o_service_user')
api_password = variables.get('vault_re2o_service_password')
@@ -367,7 +395,7 @@ class LookupModule(LookupBase):
res = []
dterms = collections.deque(terms)
- machines_roles = None # TODO : Cache this.
+ machines_roles = None # TODO : Cache this.
display.vvv("Lookup terms are {}".format(terms))
while dterms:
term = dterms.popleft()
--
GitLab