From 4e4bdaad8d500c1c8168a8606e7284a65685367a Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Fri, 13 Feb 2015 10:40:50 -0500 Subject: [PATCH 1/7] Remove auth_token parameter It turns out that this can actually already be handled by the existing auth plugin framework and does not need its own parameter. Remove before it sees usage and causes confusion. --- lib/ansible/module_utils/openstack.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/ansible/module_utils/openstack.py b/lib/ansible/module_utils/openstack.py index 5c4503f94ce..90415cadabb 100644 --- a/lib/ansible/module_utils/openstack.py +++ b/lib/ansible/module_utils/openstack.py @@ -75,7 +75,6 @@ def openstack_full_argument_spec(**kwargs): cloud=dict(default=None), auth_plugin=dict(default=None), auth=dict(default=None), - auth_token=dict(default=None), region_name=dict(default=None), availability_zone=dict(default=None), state=dict(default='present', choices=['absent', 'present']), @@ -94,10 +93,6 @@ def openstack_module_kwargs(**kwargs): required_one_of=[ ['cloud', 'auth'], ], - mutually_exclusive=[ - ['auth', 'auth_token'], - ['auth_plugin', 'auth_token'], - ], ) for key in ('mutually_exclusive', 'required_together', 'required_one_of'): if key in kwargs: From d06a277b50503e8d142d12ec356a6e0383d22cd7 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Fri, 13 Feb 2015 10:41:58 -0500 Subject: [PATCH 2/7] Port openstack module_utils changes to v2 branch --- v2/ansible/module_utils/openstack.py | 35 ++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/v2/ansible/module_utils/openstack.py b/v2/ansible/module_utils/openstack.py index 64f95437143..90415cadabb 100644 --- a/v2/ansible/module_utils/openstack.py +++ b/v2/ansible/module_utils/openstack.py @@ -30,6 +30,9 @@ import os def openstack_argument_spec(): + # DEPRECATED: This argument spec is only used for the deprecated old + # OpenStack modules. It turns out that modern OpenStack auth is WAY + # more complex than this. # Consume standard OpenStack environment variables. # This is mainly only useful for ad-hoc command line operation as # in playbooks one would assume variables would be used appropriately @@ -67,3 +70,35 @@ def openstack_find_nova_addresses(addresses, ext_tag, key_name=None): ret.append(interface_spec['addr']) return ret +def openstack_full_argument_spec(**kwargs): + spec = dict( + cloud=dict(default=None), + auth_plugin=dict(default=None), + auth=dict(default=None), + region_name=dict(default=None), + availability_zone=dict(default=None), + state=dict(default='present', choices=['absent', 'present']), + wait=dict(default=True, type='bool'), + timeout=dict(default=180, type='int'), + endpoint_type=dict( + default='publicURL', choices=['publicURL', 'internalURL'] + ) + ) + spec.update(kwargs) + return spec + + +def openstack_module_kwargs(**kwargs): + ret = dict( + required_one_of=[ + ['cloud', 'auth'], + ], + ) + for key in ('mutually_exclusive', 'required_together', 'required_one_of'): + if key in kwargs: + if key in ret: + ret[key].extend(kwargs[key]) + else: + ret[key] = kwargs[key] + + return ret From 0b8773fc99bb3e8e1e10167c7a76a844a1263161 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Thu, 26 Feb 2015 11:35:29 -0500 Subject: [PATCH 3/7] Remove state from central argument list There is an old PR that shows a great use case for having a different set of states for the server module. Before the other modules start being in real use, pull this out so that we don't get ourselves into a pickle. --- lib/ansible/module_utils/openstack.py | 1 - lib/ansible/utils/module_docs_fragments/openstack.py | 5 ----- v2/ansible/module_utils/openstack.py | 1 - 3 files changed, 7 deletions(-) diff --git a/lib/ansible/module_utils/openstack.py b/lib/ansible/module_utils/openstack.py index 90415cadabb..6388fffbad2 100644 --- a/lib/ansible/module_utils/openstack.py +++ b/lib/ansible/module_utils/openstack.py @@ -77,7 +77,6 @@ def openstack_full_argument_spec(**kwargs): auth=dict(default=None), region_name=dict(default=None), availability_zone=dict(default=None), - state=dict(default='present', choices=['absent', 'present']), wait=dict(default=True, type='bool'), timeout=dict(default=180, type='int'), endpoint_type=dict( diff --git a/lib/ansible/utils/module_docs_fragments/openstack.py b/lib/ansible/utils/module_docs_fragments/openstack.py index d740bc719c3..cb8f2c1bfb8 100644 --- a/lib/ansible/utils/module_docs_fragments/openstack.py +++ b/lib/ansible/utils/module_docs_fragments/openstack.py @@ -53,11 +53,6 @@ options: description: - Name of the availability zone. required: false - state: - description: - - Should the resource be present or absent. - choices: [present, absent] - default: present wait: description: - Should ansible wait until the requested resource is complete. diff --git a/v2/ansible/module_utils/openstack.py b/v2/ansible/module_utils/openstack.py index 90415cadabb..6388fffbad2 100644 --- a/v2/ansible/module_utils/openstack.py +++ b/v2/ansible/module_utils/openstack.py @@ -77,7 +77,6 @@ def openstack_full_argument_spec(**kwargs): auth=dict(default=None), region_name=dict(default=None), availability_zone=dict(default=None), - state=dict(default='present', choices=['absent', 'present']), wait=dict(default=True, type='bool'), timeout=dict(default=180, type='int'), endpoint_type=dict( From 8027a8a0b50514a362abcddf1d4c78acf67bdfee Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Fri, 6 Mar 2015 18:11:12 -0500 Subject: [PATCH 4/7] Change to auth_type to match python-openstackclient --- lib/ansible/module_utils/openstack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ansible/module_utils/openstack.py b/lib/ansible/module_utils/openstack.py index 6388fffbad2..53e18cab0ca 100644 --- a/lib/ansible/module_utils/openstack.py +++ b/lib/ansible/module_utils/openstack.py @@ -73,7 +73,7 @@ def openstack_find_nova_addresses(addresses, ext_tag, key_name=None): def openstack_full_argument_spec(**kwargs): spec = dict( cloud=dict(default=None), - auth_plugin=dict(default=None), + auth_type=dict(default=None), auth=dict(default=None), region_name=dict(default=None), availability_zone=dict(default=None), From 8758ba08bdb07ef8fde669beef750303c455a237 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Fri, 6 Mar 2015 18:20:45 -0500 Subject: [PATCH 5/7] Update common OpenStack requests-related parameters Also, update docs related to earlier changes in this stack. --- lib/ansible/module_utils/openstack.py | 6 +++- .../utils/module_docs_fragments/openstack.py | 28 ++++++++++++++----- v2/ansible/module_utils/openstack.py | 8 ++++-- 3 files changed, 32 insertions(+), 10 deletions(-) diff --git a/lib/ansible/module_utils/openstack.py b/lib/ansible/module_utils/openstack.py index 53e18cab0ca..35b9026213e 100644 --- a/lib/ansible/module_utils/openstack.py +++ b/lib/ansible/module_utils/openstack.py @@ -77,10 +77,14 @@ def openstack_full_argument_spec(**kwargs): auth=dict(default=None), region_name=dict(default=None), availability_zone=dict(default=None), + verify=dict(default=True), + cacert=dict(default=None), + cert=dict(default=None), + key=dict(default=None), wait=dict(default=True, type='bool'), timeout=dict(default=180, type='int'), endpoint_type=dict( - default='publicURL', choices=['publicURL', 'internalURL'] + default='public', choices=['public', 'internal', 'admin'] ) ) spec.update(kwargs) diff --git a/lib/ansible/utils/module_docs_fragments/openstack.py b/lib/ansible/utils/module_docs_fragments/openstack.py index cb8f2c1bfb8..2979cb68d7b 100644 --- a/lib/ansible/utils/module_docs_fragments/openstack.py +++ b/lib/ansible/utils/module_docs_fragments/openstack.py @@ -34,17 +34,13 @@ options: this param will need to contain whatever parameters that auth plugin requires. This parameter is not needed if a named cloud is provided. required: false - auth_plugin: + auth_type: description: - Name of the auth plugin to use. If the cloud uses something other than password authentication, the name of the plugin should be indicated here and the contents of the I(auth) parameter should be updated accordingly. required: false default: password - auth_token: - description: - - An auth token obtained previously. If I(auth_token) is given, - I(auth) and I(auth_plugin) are not needed. region_name: description: - Name of the region. @@ -64,12 +60,30 @@ options: - How long should ansible wait for the requested resource. required: false default: 180 + verify: + description: + - Whether or not SSL API requests should be verified. + required: false + default: True + cacert: + description: + - A path to a CA Cert bundle that can be used as part of verifying + SSL API requests. + required: false + cert: + description: + - A path to a client certificate to use as part of the SSL transaction + required: false + key: + description: + - A path to a client key to use as part of the SSL transaction + required: false endpoint_type: description: - Endpoint URL type to fetch from the service catalog. - choices: [publicURL, internalURL] + choices: [public, internal, admin] required: false - default: publicURL + default: public requirements: - shade notes: diff --git a/v2/ansible/module_utils/openstack.py b/v2/ansible/module_utils/openstack.py index 6388fffbad2..35b9026213e 100644 --- a/v2/ansible/module_utils/openstack.py +++ b/v2/ansible/module_utils/openstack.py @@ -73,14 +73,18 @@ def openstack_find_nova_addresses(addresses, ext_tag, key_name=None): def openstack_full_argument_spec(**kwargs): spec = dict( cloud=dict(default=None), - auth_plugin=dict(default=None), + auth_type=dict(default=None), auth=dict(default=None), region_name=dict(default=None), availability_zone=dict(default=None), + verify=dict(default=True), + cacert=dict(default=None), + cert=dict(default=None), + key=dict(default=None), wait=dict(default=True, type='bool'), timeout=dict(default=180, type='int'), endpoint_type=dict( - default='publicURL', choices=['publicURL', 'internalURL'] + default='public', choices=['public', 'internal', 'admin'] ) ) spec.update(kwargs) From 90ca3865551b57482e1235d46f66449049e6f6c6 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Tue, 31 Mar 2015 20:29:06 -0400 Subject: [PATCH 6/7] Add api timeout now that shade spports it everywhere --- lib/ansible/module_utils/openstack.py | 1 + lib/ansible/utils/module_docs_fragments/openstack.py | 5 +++++ v2/ansible/module_utils/openstack.py | 1 + 3 files changed, 7 insertions(+) diff --git a/lib/ansible/module_utils/openstack.py b/lib/ansible/module_utils/openstack.py index 35b9026213e..9e4824a301d 100644 --- a/lib/ansible/module_utils/openstack.py +++ b/lib/ansible/module_utils/openstack.py @@ -83,6 +83,7 @@ def openstack_full_argument_spec(**kwargs): key=dict(default=None), wait=dict(default=True, type='bool'), timeout=dict(default=180, type='int'), + api_timeout=dict(default=None, type='int'), endpoint_type=dict( default='public', choices=['public', 'internal', 'admin'] ) diff --git a/lib/ansible/utils/module_docs_fragments/openstack.py b/lib/ansible/utils/module_docs_fragments/openstack.py index 2979cb68d7b..5643b4e6acc 100644 --- a/lib/ansible/utils/module_docs_fragments/openstack.py +++ b/lib/ansible/utils/module_docs_fragments/openstack.py @@ -60,6 +60,11 @@ options: - How long should ansible wait for the requested resource. required: false default: 180 + api_timeout: + description: + - How long should the socket layer wait before timing out for API calls. + If this is omitted, nothing will be passed to the requests library. + required: false verify: description: - Whether or not SSL API requests should be verified. diff --git a/v2/ansible/module_utils/openstack.py b/v2/ansible/module_utils/openstack.py index 35b9026213e..9e4824a301d 100644 --- a/v2/ansible/module_utils/openstack.py +++ b/v2/ansible/module_utils/openstack.py @@ -83,6 +83,7 @@ def openstack_full_argument_spec(**kwargs): key=dict(default=None), wait=dict(default=True, type='bool'), timeout=dict(default=180, type='int'), + api_timeout=dict(default=None, type='int'), endpoint_type=dict( default='public', choices=['public', 'internal', 'admin'] ) From 87c99b46758dcdca3ccb2daed72a85b7175036a8 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Wed, 1 Apr 2015 07:54:02 -0400 Subject: [PATCH 7/7] Align verify parameter with validate_certs The rest of ansible uses validate_certs, so make that the main documented parameter. However, leave verify as an alias since that's the passthrough value to the underlying libraries. --- lib/ansible/module_utils/openstack.py | 2 +- lib/ansible/utils/module_docs_fragments/openstack.py | 4 +++- v2/ansible/module_utils/openstack.py | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/ansible/module_utils/openstack.py b/lib/ansible/module_utils/openstack.py index 9e4824a301d..b58cc534287 100644 --- a/lib/ansible/module_utils/openstack.py +++ b/lib/ansible/module_utils/openstack.py @@ -77,7 +77,7 @@ def openstack_full_argument_spec(**kwargs): auth=dict(default=None), region_name=dict(default=None), availability_zone=dict(default=None), - verify=dict(default=True), + verify=dict(default=True, aliases=['validate_certs']), cacert=dict(default=None), cert=dict(default=None), key=dict(default=None), diff --git a/lib/ansible/utils/module_docs_fragments/openstack.py b/lib/ansible/utils/module_docs_fragments/openstack.py index 5643b4e6acc..519ad785b9b 100644 --- a/lib/ansible/utils/module_docs_fragments/openstack.py +++ b/lib/ansible/utils/module_docs_fragments/openstack.py @@ -65,11 +65,13 @@ options: - How long should the socket layer wait before timing out for API calls. If this is omitted, nothing will be passed to the requests library. required: false - verify: + default: None + validate_certs: description: - Whether or not SSL API requests should be verified. required: false default: True + aliases: ['verify'] cacert: description: - A path to a CA Cert bundle that can be used as part of verifying diff --git a/v2/ansible/module_utils/openstack.py b/v2/ansible/module_utils/openstack.py index 9e4824a301d..b58cc534287 100644 --- a/v2/ansible/module_utils/openstack.py +++ b/v2/ansible/module_utils/openstack.py @@ -77,7 +77,7 @@ def openstack_full_argument_spec(**kwargs): auth=dict(default=None), region_name=dict(default=None), availability_zone=dict(default=None), - verify=dict(default=True), + verify=dict(default=True, aliases=['validate_certs']), cacert=dict(default=None), cert=dict(default=None), key=dict(default=None),