Add ssl support to consul_kv lookup (#42456)
* implemented lookup_consul_kv * added missing version_added for consul_url ini section * added default value for ANSIBLE_CONSUL_CLIENT_CERT and added some more documentation * removed trailing whitespaces * fixed indention * Fixes in Documentation * removed trailing whitespace * removed trailing whitespace
This commit is contained in:
parent
0a55431d83
commit
bacbd4e9fc
1 changed files with 50 additions and 8 deletions
|
@ -2,12 +2,13 @@
|
||||||
# (c) 2017 Ansible Project
|
# (c) 2017 Ansible Project
|
||||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
from __future__ import (absolute_import, division, print_function)
|
from __future__ import (absolute_import, division, print_function)
|
||||||
|
|
||||||
__metaclass__ = type
|
__metaclass__ = type
|
||||||
|
|
||||||
DOCUMENTATION = """
|
DOCUMENTATION = """
|
||||||
lookup: consul_kv
|
lookup: consul_kv
|
||||||
version_added: "1.9"
|
version_added: "1.9"
|
||||||
short_description: Fetch metadata from a Consul key value store.
|
short_description: Fetch metadata from a Consul key value store.
|
||||||
description:
|
description:
|
||||||
- Lookup metadata for a playbook from the key value store in a Consul cluster.
|
- Lookup metadata for a playbook from the key value store in a Consul cluster.
|
||||||
Values can be easily set in the kv store with simple rest commands
|
Values can be easily set in the kv store with simple rest commands
|
||||||
|
@ -24,18 +25,51 @@ DOCUMENTATION = """
|
||||||
description: If true, will retrieve all the values that have the given key as prefix.
|
description: If true, will retrieve all the values that have the given key as prefix.
|
||||||
default: False
|
default: False
|
||||||
index:
|
index:
|
||||||
description: If the key has a value with the specified index then this is returned allowing access to historical values.
|
description:
|
||||||
|
- If the key has a value with the specified index then this is returned allowing access to historical values.
|
||||||
token:
|
token:
|
||||||
description: The acl token to allow access to restricted values.
|
description: The acl token to allow access to restricted values.
|
||||||
host:
|
host:
|
||||||
default: localhost
|
default: localhost
|
||||||
description:
|
description:
|
||||||
- The target to connect to, must be a resolvable address.
|
- The target to connect to, must be a resolvable address.
|
||||||
|
Will be determined from C(ANSIBLE_CONSUL_URL) if that is set.
|
||||||
|
- "C(ANSIBLE_CONSUL_URL) should look like this: C(https://my.consul.server:8500)"
|
||||||
env:
|
env:
|
||||||
- name: ANSIBLE_CONSUL_URL
|
- name: ANSIBLE_CONSUL_URL
|
||||||
|
ini:
|
||||||
|
- section: lookup_consul
|
||||||
|
key: host
|
||||||
|
version_added: "2.8"
|
||||||
port:
|
port:
|
||||||
description: The port of the target host to connect to.
|
description:
|
||||||
|
- The port of the target host to connect to.
|
||||||
|
- If you use C(ANSIBLE_CONSUL_URL) this value will be used from there.
|
||||||
default: 8500
|
default: 8500
|
||||||
|
scheme:
|
||||||
|
default: http
|
||||||
|
description:
|
||||||
|
- Whether to use http or https.
|
||||||
|
- If you use C(ANSIBLE_CONSUL_URL) this value will be used from there.
|
||||||
|
version_added: "2.8"
|
||||||
|
validate_certs:
|
||||||
|
default: True
|
||||||
|
description: Whether to verify the ssl connection or not.
|
||||||
|
env:
|
||||||
|
- name: ANSIBLE_CONSUL_VALIDATE_CERTS
|
||||||
|
ini:
|
||||||
|
- section: lookup_consul
|
||||||
|
key: validate_certs
|
||||||
|
version_added: "2.8"
|
||||||
|
client_cert:
|
||||||
|
default: None
|
||||||
|
description: The client cert to verify the ssl connection.
|
||||||
|
env:
|
||||||
|
- name: ANSIBLE_CONSUL_CLIENT_CERT
|
||||||
|
ini:
|
||||||
|
- section: lookup_consul
|
||||||
|
key: client_cert
|
||||||
|
version_added: "2.8"
|
||||||
"""
|
"""
|
||||||
|
|
||||||
EXAMPLES = """
|
EXAMPLES = """
|
||||||
|
@ -62,7 +96,6 @@ RETURN = """
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import os
|
import os
|
||||||
import sys
|
|
||||||
from ansible.module_utils.six.moves.urllib.parse import urlparse
|
from ansible.module_utils.six.moves.urllib.parse import urlparse
|
||||||
from ansible.errors import AnsibleError, AnsibleAssertionError
|
from ansible.errors import AnsibleError, AnsibleAssertionError
|
||||||
from ansible.plugins.lookup import LookupBase
|
from ansible.plugins.lookup import LookupBase
|
||||||
|
@ -71,6 +104,7 @@ import json
|
||||||
|
|
||||||
try:
|
try:
|
||||||
import consul
|
import consul
|
||||||
|
|
||||||
HAS_CONSUL = True
|
HAS_CONSUL = True
|
||||||
except ImportError as e:
|
except ImportError as e:
|
||||||
HAS_CONSUL = False
|
HAS_CONSUL = False
|
||||||
|
@ -81,7 +115,8 @@ class LookupModule(LookupBase):
|
||||||
def run(self, terms, variables=None, **kwargs):
|
def run(self, terms, variables=None, **kwargs):
|
||||||
|
|
||||||
if not HAS_CONSUL:
|
if not HAS_CONSUL:
|
||||||
raise AnsibleError('python-consul is required for consul_kv lookup. see https://python-consul.readthedocs.io/en/latest/#installation')
|
raise AnsibleError(
|
||||||
|
'python-consul is required for consul_kv lookup. see http://python-consul.readthedocs.org/en/latest/#installation')
|
||||||
|
|
||||||
values = []
|
values = []
|
||||||
try:
|
try:
|
||||||
|
@ -89,12 +124,19 @@ class LookupModule(LookupBase):
|
||||||
params = self.parse_params(term)
|
params = self.parse_params(term)
|
||||||
try:
|
try:
|
||||||
url = os.environ['ANSIBLE_CONSUL_URL']
|
url = os.environ['ANSIBLE_CONSUL_URL']
|
||||||
|
validate_certs = os.environ['ANSIBLE_CONSUL_VALIDATE_CERTS'] or True
|
||||||
|
client_cert = os.environ['ANSIBLE_CONSUL_CLIENT_CERT'] or None
|
||||||
u = urlparse(url)
|
u = urlparse(url)
|
||||||
consul_api = consul.Consul(host=u.hostname, port=u.port, scheme=u.scheme)
|
consul_api = consul.Consul(host=u.hostname, port=u.port, scheme=u.scheme, verify=validate_certs,
|
||||||
|
cert=client_cert)
|
||||||
except KeyError:
|
except KeyError:
|
||||||
port = kwargs.get('port', '8500')
|
port = kwargs.get('port', '8500')
|
||||||
host = kwargs.get('host', 'localhost')
|
host = kwargs.get('host', 'localhost')
|
||||||
consul_api = consul.Consul(host=host, port=port)
|
scheme = kwargs.get('scheme', 'http')
|
||||||
|
validate_certs = kwargs.get('validate_certs', True)
|
||||||
|
client_cert = kwargs.get('client_cert', None)
|
||||||
|
consul_api = consul.Consul(host=host, port=port, scheme=scheme, verify=validate_certs,
|
||||||
|
cert=client_cert)
|
||||||
|
|
||||||
results = consul_api.kv.get(params['key'],
|
results = consul_api.kv.get(params['key'],
|
||||||
token=params['token'],
|
token=params['token'],
|
||||||
|
|
Loading…
Reference in a new issue