Backport/2.7/42456 - Added SSL Support to consul_kv lookup plugin (#46466)
* Add ssl support to consul_kv lookup (#42456)
* implemented lookup_consul_kv
* added missing version_added for consul_url ini section
* added default value for ANSIBLE_CONSUL_CLIENT_CERT and added some more documentation
* removed trailing whitespaces
* fixed indention
* Fixes in Documentation
* removed trailing whitespace
* removed trailing whitespace
(cherry picked from commit bacbd4e9fc
)
* * added changelog fragment
This commit is contained in:
parent
2388126bdf
commit
2703be8368
2 changed files with 53 additions and 8 deletions
3
changelogs/fragments/42456-consul_kv-lookup.yaml
Normal file
3
changelogs/fragments/42456-consul_kv-lookup.yaml
Normal file
|
@ -0,0 +1,3 @@
|
|||
minor_changes:
|
||||
- added capability to set the scheme for the consul_kv lookup.
|
||||
- added optional certificate and certificate verification for consul_kv lookups
|
|
@ -2,12 +2,13 @@
|
|||
# (c) 2017 Ansible Project
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
|
||||
DOCUMENTATION = """
|
||||
lookup: consul_kv
|
||||
version_added: "1.9"
|
||||
short_description: Fetch metadata from a Consul key value store.
|
||||
short_description: Fetch metadata from a Consul key value store.
|
||||
description:
|
||||
- Lookup metadata for a playbook from the key value store in a Consul cluster.
|
||||
Values can be easily set in the kv store with simple rest commands
|
||||
|
@ -24,18 +25,51 @@ DOCUMENTATION = """
|
|||
description: If true, will retrieve all the values that have the given key as prefix.
|
||||
default: False
|
||||
index:
|
||||
description: If the key has a value with the specified index then this is returned allowing access to historical values.
|
||||
description:
|
||||
- If the key has a value with the specified index then this is returned allowing access to historical values.
|
||||
token:
|
||||
description: The acl token to allow access to restricted values.
|
||||
host:
|
||||
default: localhost
|
||||
description:
|
||||
- The target to connect to, must be a resolvable address.
|
||||
- The target to connect to, must be a resolvable address.
|
||||
Will be determined from C(ANSIBLE_CONSUL_URL) if that is set.
|
||||
- "C(ANSIBLE_CONSUL_URL) should look like this: C(https://my.consul.server:8500)"
|
||||
env:
|
||||
- name: ANSIBLE_CONSUL_URL
|
||||
ini:
|
||||
- section: lookup_consul
|
||||
key: host
|
||||
version_added: "2.8"
|
||||
port:
|
||||
description: The port of the target host to connect to.
|
||||
description:
|
||||
- The port of the target host to connect to.
|
||||
- If you use C(ANSIBLE_CONSUL_URL) this value will be used from there.
|
||||
default: 8500
|
||||
scheme:
|
||||
default: http
|
||||
description:
|
||||
- Whether to use http or https.
|
||||
- If you use C(ANSIBLE_CONSUL_URL) this value will be used from there.
|
||||
version_added: "2.8"
|
||||
validate_certs:
|
||||
default: True
|
||||
description: Whether to verify the ssl connection or not.
|
||||
env:
|
||||
- name: ANSIBLE_CONSUL_VALIDATE_CERTS
|
||||
ini:
|
||||
- section: lookup_consul
|
||||
key: validate_certs
|
||||
version_added: "2.8"
|
||||
client_cert:
|
||||
default: None
|
||||
description: The client cert to verify the ssl connection.
|
||||
env:
|
||||
- name: ANSIBLE_CONSUL_CLIENT_CERT
|
||||
ini:
|
||||
- section: lookup_consul
|
||||
key: client_cert
|
||||
version_added: "2.8"
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
|
@ -62,7 +96,6 @@ RETURN = """
|
|||
"""
|
||||
|
||||
import os
|
||||
import sys
|
||||
from ansible.module_utils.six.moves.urllib.parse import urlparse
|
||||
from ansible.errors import AnsibleError, AnsibleAssertionError
|
||||
from ansible.plugins.lookup import LookupBase
|
||||
|
@ -71,6 +104,7 @@ import json
|
|||
|
||||
try:
|
||||
import consul
|
||||
|
||||
HAS_CONSUL = True
|
||||
except ImportError as e:
|
||||
HAS_CONSUL = False
|
||||
|
@ -81,7 +115,8 @@ class LookupModule(LookupBase):
|
|||
def run(self, terms, variables=None, **kwargs):
|
||||
|
||||
if not HAS_CONSUL:
|
||||
raise AnsibleError('python-consul is required for consul_kv lookup. see https://python-consul.readthedocs.io/en/latest/#installation')
|
||||
raise AnsibleError(
|
||||
'python-consul is required for consul_kv lookup. see http://python-consul.readthedocs.org/en/latest/#installation')
|
||||
|
||||
values = []
|
||||
try:
|
||||
|
@ -89,12 +124,19 @@ class LookupModule(LookupBase):
|
|||
params = self.parse_params(term)
|
||||
try:
|
||||
url = os.environ['ANSIBLE_CONSUL_URL']
|
||||
validate_certs = os.environ['ANSIBLE_CONSUL_VALIDATE_CERTS'] or True
|
||||
client_cert = os.environ['ANSIBLE_CONSUL_CLIENT_CERT'] or None
|
||||
u = urlparse(url)
|
||||
consul_api = consul.Consul(host=u.hostname, port=u.port, scheme=u.scheme)
|
||||
consul_api = consul.Consul(host=u.hostname, port=u.port, scheme=u.scheme, verify=validate_certs,
|
||||
cert=client_cert)
|
||||
except KeyError:
|
||||
port = kwargs.get('port', '8500')
|
||||
host = kwargs.get('host', 'localhost')
|
||||
consul_api = consul.Consul(host=host, port=port)
|
||||
scheme = kwargs.get('scheme', 'http')
|
||||
validate_certs = kwargs.get('validate_certs', True)
|
||||
client_cert = kwargs.get('client_cert', None)
|
||||
consul_api = consul.Consul(host=host, port=port, scheme=scheme, verify=validate_certs,
|
||||
cert=client_cert)
|
||||
|
||||
results = consul_api.kv.get(params['key'],
|
||||
token=params['token'],
|
||||
|
|
Loading…
Reference in a new issue