7.0.0
This commit is contained in:
@@ -7,76 +7,32 @@ module: decort_jwt
|
||||
description: See L(Module Documentation,https://repository.basistech.ru/BASIS/decort-ansible/wiki/Home).
|
||||
'''
|
||||
|
||||
import requests
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.basic import env_fallback
|
||||
from ansible.module_utils.decort_utils import DecortController
|
||||
|
||||
|
||||
def decort_jwt_parameters():
|
||||
"""Build and return a dictionary of parameters expected by decort_jwt module in a form accepted
|
||||
by AnsibleModule utility class"""
|
||||
class DecortJWT(DecortController):
|
||||
def __init__(self):
|
||||
super().__init__(AnsibleModule(**self.amodule_init_args))
|
||||
|
||||
@property
|
||||
def amodule_init_args(self) -> dict:
|
||||
amodule_init_args = self.common_amodule_init_args
|
||||
amodule_argument_spec = amodule_init_args['argument_spec']
|
||||
del amodule_argument_spec['controller_url']
|
||||
del amodule_argument_spec['jwt']
|
||||
amodule_argument_spec['authenticator']['choices'].remove('jwt')
|
||||
|
||||
return amodule_init_args
|
||||
|
||||
def run(self):
|
||||
self.result['jwt'] = self.jwt
|
||||
self.amodule.exit_json(**self.result)
|
||||
|
||||
return dict(
|
||||
app_id=dict(type='str',
|
||||
required=True,
|
||||
fallback=(env_fallback, ['DECORT_APP_ID'])),
|
||||
app_secret=dict(type='str',
|
||||
required=True,
|
||||
fallback=(env_fallback, ['DECORT_APP_SECRET']),
|
||||
no_log=True),
|
||||
oauth2_url=dict(type='str',
|
||||
required=True,
|
||||
fallback=(env_fallback, ['DECORT_OAUTH2_URL'])),
|
||||
validity=dict(type='int',
|
||||
required=False,
|
||||
default=3600),
|
||||
verify_ssl=dict(type='bool', required=False, default=True),
|
||||
workflow_callback=dict(type='str', required=False),
|
||||
workflow_context=dict(type='str', required=False),
|
||||
)
|
||||
|
||||
def main():
|
||||
module_parameters = decort_jwt_parameters()
|
||||
DecortJWT().run()
|
||||
|
||||
amodule = AnsibleModule(argument_spec=module_parameters,
|
||||
supports_check_mode=True,)
|
||||
|
||||
result = {'failed': False, 'changed': False}
|
||||
|
||||
token_get_url = amodule.params['oauth2_url'] + "/v1/oauth/access_token"
|
||||
req_data = dict(grant_type="client_credentials",
|
||||
client_id=amodule.params['app_id'],
|
||||
client_secret=amodule.params['app_secret'],
|
||||
response_type="id_token",
|
||||
validity=amodule.params['validity'],)
|
||||
# TODO: Need standard code snippet to handle server timeouts gracefully
|
||||
# Consider a few retries before giving up or use requests.Session & requests.HTTPAdapter
|
||||
# see https://stackoverflow.com/questions/15431044/can-i-set-max-retries-for-requests-request
|
||||
|
||||
# catch requests.exceptions.ConnectionError to handle incorrect oauth2_url case
|
||||
try:
|
||||
token_get_resp = requests.post(token_get_url, data=req_data, verify=amodule.params['verify_ssl'])
|
||||
except requests.exceptions.ConnectionError as errco:
|
||||
result.update(failed=True)
|
||||
result['msg'] = "Failed to connect to {}: {}".format(token_get_url, errco)
|
||||
amodule.fail_json(**result)
|
||||
except requests.exceptions.Timeout as errti:
|
||||
result.update(failed=True)
|
||||
result['msg'] = "Timeout when trying to connect to {}: {}".format(token_get_url, errti)
|
||||
amodule.fail_json(**result)
|
||||
|
||||
# alternative -- if resp == requests.codes.ok
|
||||
if token_get_resp.status_code != 200:
|
||||
result.update(failed=True)
|
||||
result['msg'] = "Failed to obtain JWT access token from oauth2_url {} for app_id {}: {} {}".format(
|
||||
token_get_url, amodule.params['app_id'],
|
||||
token_get_resp.status_code, token_get_resp.reason)
|
||||
amodule.fail_json(**result)
|
||||
|
||||
# Common return values: https://docs.ansible.com/ansible/2.3/common_return_values.html
|
||||
result['jwt'] = token_get_resp.content.decode('utf8')
|
||||
amodule.exit_json(**result)
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
|
||||
Reference in New Issue
Block a user