Refactor rancher1_api module
This rewrite enables to add easier more features supported by the rancher
API. The initial idea of a simple get and set through the JSON REST API
is not feasible. To achieve something with the API one may have to setup
more options on different URLs and in a particular order. For this reason
the module comes with the mechanism of "modes", which is a wrapper around
some feature in the rancher and which can require multiple steps to do.
Rancher1_api module could also support "raw" mode where the user will not
be limited by a few implemented modes in the module, but he can craft all
requests by hand - but due to the fact that such thing can be done easily
with just curl command and ansible shell module, there is no benefit in
doing so. Especially when rancher 1.6 is already obsoleted within the ONAP.
The useful value of this module is to give the user a simple means to set
something in the rancher and hide all the boilerplate from him via a mode.
- Original logic was rewritten to utilize the "mode" mechanism.
- New module structure is also easier to test outside of ansible.
Issue-ID: OOM-1681
Change-Id: I0e7932199df9ec1acd80af545060199867ad17fa
Signed-off-by: Petr Ospalý <p.ospaly@partner.samsung.com>
diff --git a/ansible/library/rancher1_api.py b/ansible/library/rancher1_api.py
index ce3df1b..006de9c 100644
--- a/ansible/library/rancher1_api.py
+++ b/ansible/library/rancher1_api.py
@@ -12,8 +12,16 @@
short_description: Client library for rancher API
description:
- This module modifies a rancher 1.6 using it's API (v1).
- - WIP, as of now it can only change a current value to a new one.
-
+ - It supports some rancher features by the virtue of a 'mode'.
+ - 'modes' hide from you some necessary cruft and expose you to the only
+ important and interestig variables wich must be set. The mode mechanism
+ makes this module more easy to use and you don't have to create an
+ unnecessary boilerplate for the API.
+ - Only a few modes are/will be implemented so far - as they are/will be
+ needed. In the future the 'raw' mode can be added to enable you to craft
+ your own API requests, but that would be on the same level of a user
+ experience as running curl commands, and because the rancher 1.6 is already
+ obsoleted by the project, it would be a wasted effort.
options:
rancher:
description:
@@ -23,29 +31,44 @@
required: true
aliases:
- server
- - rancher_url
+ - rancher_server
- rancher_api
- api
- - url
- category:
+ account_key:
description:
- - The path in JSON API without the last element.
+ - The public and secret part of the API key-pair separated by colon.
+ - You can find all your keys in web UI.
+ - For example:
+ B1716C4133D3825051CB:3P2eb3QhokFKYUiXRNZLxvGNSRYgh6LHjuMicCHQ
required: false
- default: settings
- aliases:
- - rancher_category
- - api_category
- option:
+ mode:
description:
- - The name of the settings option.
+ - A recognized mode how to deal with some concrete configuration task
+ in rancher API to ease the usage.
+ - The implemented modes so far are:
+ 'settings':
+ Many options under <api_server>/v1/settings API url and some can
+ be seen also under advanced options in the web UI.
+ 'access_control':
+ It setups user and password for the account (defaults to 'admin')
+ and it enables the local authentication - so the web UI and API
+ will require username/password (UI) or apikey (API).
required: true
aliases:
- - name
- - key
+ - rancher_mode
+ - api_mode
+ choices:
- settings
- value:
+ - access_control
+ data:
description:
- - A new value to replace the current one.
+ - Dictionary with key/value pairs. The actual names and meaning of pairs
+ depends on the used mode.
+ - 'settings' mode:
+ option: Option/path in JSON API (url).
+ value: A new value to replace the current one.
+ - 'access_control' mode:
+ None - not yet implemented - placeholder only.
required: true
timeout:
description:
@@ -54,6 +77,12 @@
default: 10.0
"""
+default_timeout = 10.0
+
+
+class ModeError(Exception):
+ pass
+
def _decorate_rancher_api_request(request_method):
@@ -76,7 +105,7 @@
@_decorate_rancher_api_request
-def get_rancher_api_value(url, headers=None, timeout=10.0,
+def get_rancher_api_value(url, headers=None, timeout=default_timeout,
username=None, password=None):
if username and password:
@@ -91,7 +120,7 @@
@_decorate_rancher_api_request
-def set_rancher_api_value(url, payload, headers=None, timeout=10.0,
+def set_rancher_api_value(url, payload, headers=None, timeout=default_timeout,
username=None, password=None):
if username and password:
@@ -107,44 +136,177 @@
data=json.dumps(payload))
-def create_rancher_api_payload(json_data, new_value):
+def create_rancher_api_url(server, mode, option):
+ request_url = server.strip('/') + '/v1/'
- payload = {}
+ if mode == 'raw':
+ request_url += option.strip('/')
+ elif mode == 'settings':
+ request_url += 'settings/' + option.strip('/')
+ elif mode == 'access_control':
+ request_url += option.strip('/')
- try:
- api_id = json_data['id']
- api_activeValue = json_data['activeValue']
- api_name = json_data['name']
- api_source = json_data['source']
- except Exception:
- raise ValueError
+ return request_url
- payload.update({"activeValue": api_activeValue,
- "id": api_id,
- "name": api_name,
- "source": api_source,
- "value": new_value})
- if api_activeValue != new_value:
- differs = True
- else:
+def get_keypair(keypair):
+ if keypair:
+ keypair = keypair.split(':')
+ if len(keypair) == 2:
+ return keypair[0], keypair[1]
+
+ return None, None
+
+
+def mode_settings(api_url, data=None, headers=None, timeout=default_timeout,
+ access_key=None, secret_key=None, dry_run=False):
+
+ def is_valid_rancher_api_option(json_data):
+
+ try:
+ api_activeValue = json_data['activeValue']
+ api_source = json_data['source']
+ except Exception:
+ return False
+
+ if api_activeValue is None and api_source is None:
+ return False
+
+ return True
+
+ def create_rancher_api_payload(json_data, new_value):
+
+ payload = {}
differs = False
- return differs, payload
+ try:
+ api_id = json_data['id']
+ api_activeValue = json_data['activeValue']
+ api_name = json_data['name']
+ api_source = json_data['source']
+ except Exception:
+ raise ValueError
+ payload.update({"activeValue": api_activeValue,
+ "id": api_id,
+ "name": api_name,
+ "source": api_source,
+ "value": new_value})
-def is_valid_rancher_api_option(json_data):
+ if api_activeValue != new_value:
+ differs = True
+ return differs, payload
+
+ # check if data contains all required fields
try:
- api_activeValue = json_data['activeValue']
- api_source = json_data['source']
- except Exception:
- return False
+ if not isinstance(data['option'], str) or data['option'] == '':
+ raise ModeError("ERROR: 'option' must contain a name of the \
+ option")
+ except KeyError:
+ raise ModeError("ERROR: Mode 'settings' requires the field: 'option': \
+ %s" % str(data))
+ try:
+ if not isinstance(data['value'], str) or data['value'] == '':
+ raise ModeError("ERROR: 'value' must contain a value")
+ except KeyError:
+ raise ModeError("ERROR: Mode 'settings' requires the field: 'value': \
+ %s" % str(data))
- if api_activeValue is None and api_source is None:
- return False
+ # assemble request URL
+ request_url = api_url + 'settings/' + data['option'].strip('/')
- return True
+ # API get current value
+ try:
+ json_response = get_rancher_api_value(request_url,
+ username=access_key,
+ password=secret_key,
+ headers=headers,
+ timeout=timeout)
+ except requests.HTTPError as e:
+ raise ModeError(str(e))
+ except requests.Timeout as e:
+ raise ModeError(str(e))
+
+ if not json_response:
+ raise ModeError('ERROR: BAD RESPONSE (GET) - no json value in the \
+ response')
+
+ if is_valid_rancher_api_option(json_response):
+ valid = True
+ try:
+ differs, payload = create_rancher_api_payload(json_response,
+ data['value'])
+ except ValueError:
+ raise ModeError('ERROR: INVALID JSON - missing json values in \
+ the response')
+ else:
+ valid = False
+
+ if valid and differs and dry_run:
+ # ansible dry-run mode
+ changed = True
+ elif valid and differs:
+ # API set new value
+ try:
+ json_response = set_rancher_api_value(request_url,
+ payload,
+ username=access_key,
+ password=secret_key,
+ headers=headers,
+ timeout=timeout)
+ except requests.HTTPError as e:
+ raise ModeError(str(e))
+ except requests.Timeout as e:
+ raise ModeError(str(e))
+
+ if not json_response:
+ raise ModeError('ERROR: BAD RESPONSE (PUT) - no json value in \
+ the response')
+ else:
+ changed = True
+ else:
+ changed = False
+
+ if changed:
+ msg = "Option '%s' is now set to the new value: %s" \
+ % (data['option'], data['value'])
+ else:
+ msg = "Option '%s' is unchanged." % (data['option'])
+
+ return changed, msg
+
+
+def mode_handler(server, rancher_mode, data=None, timeout=default_timeout,
+ account_key=None, dry_run=False):
+
+ changed = False
+ msg = 'UNKNOWN: UNAPPLICABLE MODE'
+
+ # check API key-pair
+ if account_key:
+ access_key, secret_key = get_keypair(account_key)
+ if not (access_key and secret_key):
+ raise ModeError('ERROR: INVALID API KEY-PAIR')
+
+ # all requests share these headers
+ http_headers = {'Content-Type': 'application/json',
+ 'Accept': 'application/json'}
+
+ # assemble API url
+ api_url = server.strip('/') + '/v1/'
+
+ if rancher_mode == 'settings':
+ changed, msg = mode_settings(api_url, data=data,
+ headers=http_headers,
+ timeout=timeout,
+ access_key=access_key,
+ secret_key=secret_key,
+ dry_run=dry_run)
+ elif rancher_mode == 'access_control':
+ msg = "SKIP: 'access_control' Not yet implemented"
+
+ return changed, msg
def main():
@@ -153,87 +315,33 @@
rancher=dict(type='str', required=True,
aliases=['server',
'rancher_api',
- 'rancher_url',
- 'api',
- 'url']),
- category=dict(type='str', default='settings',
- aliases=['rancher_category', 'api_category']),
- option=dict(type='str', required=True,
- aliases=['name', 'key', 'settings']),
- value=dict(type='str', required=True),
- timeout=dict(type='float', default=10.0),
+ 'rancher_server',
+ 'api']),
+ account_key=dict(type='str', required=False),
+ mode=dict(required=True,
+ choices=['settings', 'access_control'],
+ aliases=['api_mode']),
+ data=dict(type='dict', required=True),
+ timeout=dict(type='float', default=default_timeout),
),
supports_check_mode=True
)
- rancher_url = module.params['rancher'].strip('/')
- rancher_option = module.params['option'].strip('/')
- rancher_category = module.params['category']
- rancher_value = module.params['value']
+ rancher_server = module.params['rancher']
+ rancher_account_key = module.params['account_key']
+ rancher_mode = module.params['mode']
+ rancher_data = module.params['data']
rancher_timeout = module.params['timeout']
- # cattle_access_key = ''
- # cattle_secret_key = ''
- # Assemble API url
- request_url = rancher_url + '/v1/' + rancher_category + '/' \
- + rancher_option
-
- http_headers = {'Content-Type': 'application/json',
- 'Accept': 'application/json'}
-
- # API get current value
try:
- json_response = get_rancher_api_value(request_url,
- headers=http_headers,
- timeout=rancher_timeout)
- except requests.HTTPError as e:
+ changed, msg = mode_handler(rancher_server,
+ rancher_mode,
+ data=rancher_data,
+ account_key=rancher_account_key,
+ timeout=rancher_timeout,
+ dry_run=module.check_mode)
+ except ModeError as e:
module.fail_json(msg=str(e))
- except requests.Timeout as e:
- module.fail_json(msg=str(e))
-
- if not json_response:
- module.fail_json(msg='ERROR: BAD RESPONSE (GET) - no json value \
- in the response')
-
- if is_valid_rancher_api_option(json_response):
- valid = True
- try:
- differs, payload = create_rancher_api_payload(json_response,
- rancher_value)
- except ValueError:
- module.fail_json(msg='ERROR: INVALID JSON - missing json values \
- in the response')
- else:
- valid = False
-
- if valid and differs and module.check_mode:
- # ansible dry-run mode
- changed = True
- elif valid and differs:
- # API set new value
- try:
- json_response = set_rancher_api_value(request_url,
- payload,
- headers=http_headers,
- timeout=rancher_timeout)
- except requests.HTTPError as e:
- module.fail_json(msg=str(e))
- except requests.Timeout as e:
- module.fail_json(msg=str(e))
-
- if not json_response:
- module.fail_json(msg='ERROR: BAD RESPONSE (PUT) - no json value \
- in the response')
- else:
- changed = True
- else:
- changed = False
-
- if changed:
- msg = "Option '%s' is now set to the new value: %s" \
- % (rancher_option, rancher_value)
- else:
- msg = "Option '%s' is unchanged." % (rancher_option)
module.exit_json(changed=changed, msg=msg)
diff --git a/ansible/roles/rancher/tasks/rancher_server.yml b/ansible/roles/rancher/tasks/rancher_server.yml
index add7b3c..b71bf8d 100644
--- a/ansible/roles/rancher/tasks/rancher_server.yml
+++ b/ansible/roles/rancher/tasks/rancher_server.yml
@@ -45,20 +45,32 @@
- name: Main tables
rancher1_api:
server: "{{ rancher_server_url }}"
- option: main_tables.purge.after.seconds
- value: "{{ rancher.main_tables_purge_after_seconds }}"
+ account_key: "{{ key_public }}:{{ key_private }}"
+ mode: settings
+ data:
+ option: main_tables.purge.after.seconds
+ value: "{{ rancher.main_tables_purge_after_seconds }}"
- name: Events
rancher1_api:
server: "{{ rancher_server_url }}"
- option: events.purge.after.seconds
- value: "{{ rancher.events_purge_after_seconds }}"
+ account_key: "{{ key_public }}:{{ key_private }}"
+ mode: settings
+ data:
+ option: events.purge.after.seconds
+ value: "{{ rancher.events_purge_after_seconds }}"
- name: Service log
rancher1_api:
server: "{{ rancher_server_url }}"
- option: service_log.purge.after.seconds
- value: "{{ rancher.service_log_purge_after_seconds }}"
+ account_key: "{{ key_public }}:{{ key_private }}"
+ mode: settings
+ data:
+ option: service_log.purge.after.seconds
+ value: "{{ rancher.service_log_purge_after_seconds }}"
- name: Audit log
rancher1_api:
server: "{{ rancher_server_url }}"
- option: audit_log.purge.after.seconds
- value: "{{ rancher.audit_log_purge_after_seconds }}"
+ account_key: "{{ key_public }}:{{ key_private }}"
+ mode: settings
+ data:
+ option: audit_log.purge.after.seconds
+ value: "{{ rancher.audit_log_purge_after_seconds }}"