Add ssl support to consul_kv lookup (#42456)

* implemented lookup_consul_kv
* added missing version_added for consul_url ini section
* added default value for ANSIBLE_CONSUL_CLIENT_CERT and added some more documentation
* removed trailing whitespaces
* fixed indention
* Fixes in Documentation
* removed trailing whitespace
* removed trailing whitespace
This commit is contained in:
Johannes Brunswicker 2018-10-02 17:01:03 +02:00 committed by Brian Coca
parent 0a55431d83
commit bacbd4e9fc

View file

@ -2,12 +2,13 @@
# (c) 2017 Ansible Project # (c) 2017 Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import (absolute_import, division, print_function) from __future__ import (absolute_import, division, print_function)
__metaclass__ = type __metaclass__ = type
DOCUMENTATION = """ DOCUMENTATION = """
lookup: consul_kv lookup: consul_kv
version_added: "1.9" version_added: "1.9"
short_description: Fetch metadata from a Consul key value store. short_description: Fetch metadata from a Consul key value store.
description: description:
- Lookup metadata for a playbook from the key value store in a Consul cluster. - Lookup metadata for a playbook from the key value store in a Consul cluster.
Values can be easily set in the kv store with simple rest commands Values can be easily set in the kv store with simple rest commands
@ -24,18 +25,51 @@ DOCUMENTATION = """
description: If true, will retrieve all the values that have the given key as prefix. description: If true, will retrieve all the values that have the given key as prefix.
default: False default: False
index: index:
description: If the key has a value with the specified index then this is returned allowing access to historical values. description:
- If the key has a value with the specified index then this is returned allowing access to historical values.
token: token:
description: The acl token to allow access to restricted values. description: The acl token to allow access to restricted values.
host: host:
default: localhost default: localhost
description: description:
- The target to connect to, must be a resolvable address. - The target to connect to, must be a resolvable address.
Will be determined from C(ANSIBLE_CONSUL_URL) if that is set.
- "C(ANSIBLE_CONSUL_URL) should look like this: C(https://my.consul.server:8500)"
env: env:
- name: ANSIBLE_CONSUL_URL - name: ANSIBLE_CONSUL_URL
ini:
- section: lookup_consul
key: host
version_added: "2.8"
port: port:
description: The port of the target host to connect to. description:
- The port of the target host to connect to.
- If you use C(ANSIBLE_CONSUL_URL) this value will be used from there.
default: 8500 default: 8500
scheme:
default: http
description:
- Whether to use http or https.
- If you use C(ANSIBLE_CONSUL_URL) this value will be used from there.
version_added: "2.8"
validate_certs:
default: True
description: Whether to verify the ssl connection or not.
env:
- name: ANSIBLE_CONSUL_VALIDATE_CERTS
ini:
- section: lookup_consul
key: validate_certs
version_added: "2.8"
client_cert:
default: None
description: The client cert to verify the ssl connection.
env:
- name: ANSIBLE_CONSUL_CLIENT_CERT
ini:
- section: lookup_consul
key: client_cert
version_added: "2.8"
""" """
EXAMPLES = """ EXAMPLES = """
@ -62,7 +96,6 @@ RETURN = """
""" """
import os import os
import sys
from ansible.module_utils.six.moves.urllib.parse import urlparse from ansible.module_utils.six.moves.urllib.parse import urlparse
from ansible.errors import AnsibleError, AnsibleAssertionError from ansible.errors import AnsibleError, AnsibleAssertionError
from ansible.plugins.lookup import LookupBase from ansible.plugins.lookup import LookupBase
@ -71,6 +104,7 @@ import json
try: try:
import consul import consul
HAS_CONSUL = True HAS_CONSUL = True
except ImportError as e: except ImportError as e:
HAS_CONSUL = False HAS_CONSUL = False
@ -81,7 +115,8 @@ class LookupModule(LookupBase):
def run(self, terms, variables=None, **kwargs): def run(self, terms, variables=None, **kwargs):
if not HAS_CONSUL: if not HAS_CONSUL:
raise AnsibleError('python-consul is required for consul_kv lookup. see https://python-consul.readthedocs.io/en/latest/#installation') raise AnsibleError(
'python-consul is required for consul_kv lookup. see http://python-consul.readthedocs.org/en/latest/#installation')
values = [] values = []
try: try:
@ -89,12 +124,19 @@ class LookupModule(LookupBase):
params = self.parse_params(term) params = self.parse_params(term)
try: try:
url = os.environ['ANSIBLE_CONSUL_URL'] url = os.environ['ANSIBLE_CONSUL_URL']
validate_certs = os.environ['ANSIBLE_CONSUL_VALIDATE_CERTS'] or True
client_cert = os.environ['ANSIBLE_CONSUL_CLIENT_CERT'] or None
u = urlparse(url) u = urlparse(url)
consul_api = consul.Consul(host=u.hostname, port=u.port, scheme=u.scheme) consul_api = consul.Consul(host=u.hostname, port=u.port, scheme=u.scheme, verify=validate_certs,
cert=client_cert)
except KeyError: except KeyError:
port = kwargs.get('port', '8500') port = kwargs.get('port', '8500')
host = kwargs.get('host', 'localhost') host = kwargs.get('host', 'localhost')
consul_api = consul.Consul(host=host, port=port) scheme = kwargs.get('scheme', 'http')
validate_certs = kwargs.get('validate_certs', True)
client_cert = kwargs.get('client_cert', None)
consul_api = consul.Consul(host=host, port=port, scheme=scheme, verify=validate_certs,
cert=client_cert)
results = consul_api.kv.get(params['key'], results = consul_api.kv.get(params['key'],
token=params['token'], token=params['token'],