#!/usr/bin/python # -*- coding: utf-8 -*- # (c) 2013, Romeo Theriault <romeot () hawaii.edu> # # This file is part of Ansible # # Ansible is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Ansible is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Ansible. If not, see <http://www.gnu.org/licenses/>. # # see examples/playbooks/uri.yml import shutil import tempfile import base64 import datetime try: import json except ImportError: import simplejson as json DOCUMENTATION = ''' --- module: uri short_description: Interacts with webservices description: - Interacts with HTTP and HTTPS web services and supports Digest, Basic and WSSE HTTP authentication mechanisms. version_added: "1.1" options: url: description: - HTTP or HTTPS URL in the form (http|https)://host.domain[:port]/path required: true default: null aliases: [] dest: description: - path of where to download the file to (if desired). If I(dest) is a directory, the basename of the file on the remote server will be used. required: false default: null user: description: - username for the module to use for Digest, Basic or WSSE authentication. required: false default: null password: description: - password for the module to use for Digest, Basic or WSSE authentication. required: false default: null body: description: - The body of the http request/response to the web service. required: false default: null method: description: - The HTTP method of the request or response. required: false choices: [ "GET", "POST", "PUT", "HEAD", "DELETE", "OPTIONS" ] default: "GET" return_content: description: - Whether or not to return the body of the request as a "content" key in the dictionary result. If the reported Content-type is "application/json", then the JSON is additionally loaded into a key called C(json) in the dictionary results. required: false choices: [ "yes", "no" ] default: "no" force_basic_auth: description: - httplib2, the library used by the uri module only sends authentication information when a webservice responds to an initial request with a 401 status. Since some basic auth services do not properly send a 401, logins will fail. This option forces the sending of the Basic authentication header upon initial request. required: false choices: [ "yes", "no" ] default: "no" follow_redirects: description: - Whether or not the URI module should follow all redirects. required: false choices: [ "yes", "no" ] default: "no" creates: description: - a filename, when it already exists, this step will not be run. required: false removes: description: - a filename, when it does not exist, this step will not be run. required: false status_code: description: - A valid, numeric, HTTP status code that signifies success of the request. required: false default: 200 timeout: description: - The socket level timeout in seconds required: false default: 30 HEADER_: description: - Any parameter starting with "HEADER_" is a sent with your request as a header. For example, HEADER_Content-Type="application/json" would send the header "Content-Type" along with your request with a value of "application/json". required: false default: null others: description: - all arguments accepted by the M(file) module also work here required: false # informational: requirements for nodes requirements: [ urlparse, httplib2 ] author: Romeo Theriault ''' EXAMPLES = ''' # Check that you can connect (GET) to a page and it returns a status 200 - uri: url=http://www.example.com # Check that a page returns a status 200 and fail if the word AWESOME is not in the page contents. - action: uri url=http://www.example.com return_content=yes register: webpage - action: fail when: 'AWESOME' not in "{{ webpage.content }}" # Create a JIRA issue. - action: > uri url=https://your.jira.example.com/rest/api/2/issue/ method=POST user=your_username password=your_pass body="{{ lookup('file','issue.json') }}" force_basic_auth=yes status_code=201 HEADER_Content-Type="application/json" - action: > uri url=https://your.form.based.auth.examle.com/index.php method=POST body="name=your_username&password=your_password&enter=Sign%20in" status_code=302 HEADER_Content-Type="application/x-www-form-urlencoded" register: login # Login to a form based webpage, then use the returned cookie to # access the app in later tasks. - action: uri url=https://your.form.based.auth.example.com/dashboard.php method=GET return_content=yes HEADER_Cookie="{{login.set_cookie}}" ''' HAS_HTTPLIB2 = True try: import httplib2 except ImportError: HAS_HTTPLIB2 = False HAS_URLPARSE = True try: import urlparse import socket except ImportError: HAS_URLPARSE = False def write_file(module, url, dest, content): # create a tempfile with some test content fd, tmpsrc = tempfile.mkstemp() f = open(tmpsrc, 'wb') try: f.write(content) except Exception, err: os.remove(tmpsrc) module.fail_json(msg="failed to create temporary content file: %s" % str(err)) f.close() md5sum_src = None md5sum_dest = None # raise an error if there is no tmpsrc file if not os.path.exists(tmpsrc): os.remove(tmpsrc) module.fail_json(msg="Source %s does not exist" % (tmpsrc)) if not os.access(tmpsrc, os.R_OK): os.remove(tmpsrc) module.fail_json( msg="Source %s not readable" % (tmpsrc)) md5sum_src = module.md5(tmpsrc) # check if there is no dest file if os.path.exists(dest): # raise an error if copy has no permission on dest if not os.access(dest, os.W_OK): os.remove(tmpsrc) module.fail_json( msg="Destination %s not writable" % (dest)) if not os.access(dest, os.R_OK): os.remove(tmpsrc) module.fail_json( msg="Destination %s not readable" % (dest)) md5sum_dest = module.md5(dest) else: if not os.access(os.path.dirname(dest), os.W_OK): os.remove(tmpsrc) module.fail_json( msg="Destination dir %s not writable" % (os.path.dirname(dest))) if md5sum_src != md5sum_dest: try: shutil.copyfile(tmpsrc, dest) except Exception, err: os.remove(tmpsrc) module.fail_json(msg="failed to copy %s to %s: %s" % (tmpsrc, dest, str(err))) os.remove(tmpsrc) def url_filename(url): fn = os.path.basename(urlparse.urlsplit(url)[2]) if fn == '': return 'index.html' return fn def uri(module, url, dest, user, password, body, method, headers, redirects, socket_timeout): # To debug #httplib2.debug = 4 # Create a Http object and set some default options. h = httplib2.Http(disable_ssl_certificate_validation=True, timeout=socket_timeout) h.follow_all_redirects = redirects h.forward_authorization_headers = True # If they have a username or password verify they have both, then add them to the request if user is not None and password is None: module.fail_json(msg="Both a username and password need to be set.") if password is not None and user is None: module.fail_json(msg="Both a username and password need to be set.") if user is not None and password is not None: h.add_credentials(user, password) # is dest is set and is a directory, let's check if we get redirected and # set the filename from that url redirected = False resp_redir = {} r = {} if dest is not None: dest = os.path.expanduser(dest) if os.path.isdir(dest): # first check if we are redirected to a file download h.follow_redirects=False # Try the request try: resp_redir, content_redir = h.request(url, method=method, body=body, headers=headers) # if we are redirected, update the url with the location header, # and update dest with the new url filename except: pass if resp_redir['status'] in ["301", "302", "303", "307"]: url = resp_redir['location'] redirected = True dest = os.path.join(dest, url_filename(url)) # if destination file already exist, only download if file newer if os.path.exists(dest): t = datetime.datetime.utcfromtimestamp(os.path.getmtime(dest)) tstamp = t.strftime('%a, %d %b %Y %H:%M:%S +0000') headers['If-Modified-Since'] = tstamp # do safe redirects now, including 307 h.follow_redirects=True # Make the request, or try to :) try: resp, content = h.request(url, method=method, body=body, headers=headers) r['redirected'] = redirected r.update(resp_redir) r.update(resp) return r, content, dest except httplib2.RedirectMissingLocation: module.fail_json(msg="A 3xx redirect response code was provided but no Location: header was provided to point to the new location.") except httplib2.RedirectLimit: module.fail_json(msg="The maximum number of redirections was reached without coming to a final URI.") except httplib2.ServerNotFoundError: module.fail_json(msg="Unable to resolve the host name given.") except httplib2.RelativeURIError: module.fail_json(msg="A relative, as opposed to an absolute URI, was passed in.") except httplib2.FailedToDecompressContent: module.fail_json(msg="The headers claimed that the content of the response was compressed but the decompression algorithm applied to the content failed.") except httplib2.UnimplementedDigestAuthOptionError: module.fail_json(msg="The server requested a type of Digest authentication that we are unfamiliar with.") except httplib2.UnimplementedHmacDigestAuthOptionError: module.fail_json(msg="The server requested a type of HMACDigest authentication that we are unfamiliar with.") except httplib2.UnimplementedHmacDigestAuthOptionError: module.fail_json(msg="The server requested a type of HMACDigest authentication that we are unfamiliar with.") except socket.error, e: module.fail_json(msg="Socket error: %s to %s" % (e, url)) def main(): module = AnsibleModule( argument_spec = dict( url = dict(required=True), dest = dict(required=False, default=None), user = dict(required=False, default=None), password = dict(required=False, default=None), body = dict(required=False, default=None), method = dict(required=False, default='GET', choices=['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'OPTIONS']), return_content = dict(required=False, default='no', type='bool'), force_basic_auth = dict(required=False, default='no', type='bool'), follow_redirects = dict(required=False, default='no', type='bool'), creates = dict(required=False, default=None), removes = dict(required=False, default=None), status_code = dict(required=False, default="200"), timeout = dict(required=False, default=30, type='int'), ), check_invalid_arguments=False, add_file_common_args=True ) if not HAS_HTTPLIB2: module.fail_json(msg="httplib2 is not installed") if not HAS_URLPARSE: module.fail_json(msg="urlparse is not installed") url = module.params['url'] user = module.params['user'] password = module.params['password'] body = module.params['body'] method = module.params['method'] dest = module.params['dest'] return_content = module.params['return_content'] force_basic_auth = module.params['force_basic_auth'] follow_redirects = module.params['follow_redirects'] creates = module.params['creates'] removes = module.params['removes'] status_code = module.params['status_code'] socket_timeout = module.params['timeout'] # Grab all the http headers. Need this hack since passing multi-values is currently a bit ugly. (e.g. headers='{"Content-Type":"application/json"}') dict_headers = {} for key, value in module.params.iteritems(): if key.startswith("HEADER_"): skey = key.replace("HEADER_", "") dict_headers[skey] = value if creates is not None: # do not run the command if the line contains creates=filename # and the filename already exists. This allows idempotence # of uri executions. creates = os.path.expanduser(creates) if os.path.exists(creates): module.exit_json(stdout="skipped, since %s exists" % creates, skipped=True, changed=False, stderr=False, rc=0) if removes is not None: # do not run the command if the line contains removes=filename # and the filename do not exists. This allows idempotence # of uri executions. v = os.path.expanduser(removes) if not os.path.exists(removes): module.exit_json(stdout="skipped, since %s does not exist" % removes, skipped=True, changed=False, stderr=False, rc=0) # httplib2 only sends authentication after the server asks for it with a 401. # Some 'basic auth' servies fail to send a 401 and require the authentication # up front. This creates the Basic authentication header and sends it immediately. if force_basic_auth: dict_headers["Authorization"] = "Basic {0}".format(base64.b64encode("{0}:{1}".format(user, password))) # Redirects if follow_redirects: redirects = True else: redirects = False # Make the request resp, content, dest = uri(module, url, dest, user, password, body, method, dict_headers, redirects, socket_timeout) # Write the file out if requested if dest is not None: if resp['status'] == "304": status_code = "304" changed = False else: write_file(module, url, dest, content) # allow file attribute changes changed = True module.params['path'] = dest file_args = module.load_file_common_arguments(module.params) file_args['path'] = dest changed = module.set_file_attributes_if_different(file_args, changed) resp['path'] = dest else: changed = False # Transmogrify the headers, replacing '-' with '_', since variables dont work with dashes. uresp = {} for key, value in resp.iteritems(): ukey = key.replace("-", "_") uresp[ukey] = value if 'content_type' in uresp: if uresp['content_type'].startswith('application/json'): try: js = json.loads(content) uresp['json'] = js except: pass if resp['status'] != status_code: module.fail_json(msg="Status code was not " + status_code, content=content, **uresp) elif return_content: module.exit_json(changed=changed, content=content, **uresp) else: module.exit_json(changed=changed, **uresp) # this is magic, see lib/ansible/module_common.py #<<INCLUDE_ANSIBLE_MODULE_COMMON>> main()