[re2o_lookup] Use ansible configuration to override some options.

2020-04-26 17:54:18 +02:00 · 2020-04-26 17:54:18 +02:00 · 787ff00319
parent 9b6f408aa4
commit 787ff00319
2 changed files with 38 additions and 4 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -39,3 +39,9 @@ retries = 3
 # TO know what changed
 always = yes

+[re2o]
+
+api_hostname = intranet.crans.org
+
+# Whether or not using vault_cranspasswords
+use_cpasswords = True
--- a/lookup_plugins/re2oapi.py
+++ b/lookup_plugins/re2oapi.py
@ -13,6 +13,7 @@ import requests
 import stat
 import json
 import collections
+from configparser import ConfigParser

 from ansible.module_utils._text import to_native
 from ansible.plugins.lookup import LookupBase
@ -21,6 +22,7 @@ from ansible.errors import (AnsibleError,
                            AnsibleLookupError,
                            )
 from ansible.utils.display import Display
+from ansible.config.manager import ConfigManager

 # Ansible Logger to stdout
 display = Display()
@ -317,14 +319,19 @@ class LookupModule(LookupBase):
    If a term is not in the previous list, make a raw query to the API
    with endpoint term.

+    It uses arguments api_hostname, api_username, api_password to connect
+    to the API. api_hostname can also be defined in ansible configuration file
+    (e.g. ansible.cfg) in section re2o. It overrides the values set when the
+    plugin is called.
+
    Usage:

    The following play will use the debug module to output
-    all the zone names managed by Crans.
+    all the DNS zone names, querying the API hostname defined in configuration.

    - hosts: sputnik.adm.crans.org
      vars:
-        dnszones: "{{ lookup('re2oapi', 'dnszones', api_hostname='intranet.crans.org') }}"
+        dnszones: "{{ lookup('re2oapi', 'dnszones') }}"
      tasks:
        - debug: var=dnszones
    """
@ -343,12 +350,33 @@ class LookupModule(LookupBase):
           :returns: A list of results to the specific queries.
        """

+        config_manager = ConfigManager()
+        config_file = config_manager.data.get_setting(name="CONFIG_FILE").value
+        config = ConfigParser()
+        config.read(config_file)
+
+        use_cpasswords = False
+
+        if config.has_section("re2o"):
+            display.vvv("Found section re2o in configuration file")
+            if config.has_option("re2o", "api_hostname"):
+                display.vvv("Found option api_hostname in config file")
+                api_hostname = config.get("re2o", "api_hostname")
+                display.vvv("Override api_hostname with {} from configuration"
+                            .format(api_hostname))
+            if config.has_option("re2o", "use_cpasswords"):
+                display.vvv("Found option use_cpasswords in config file")
+                use_cpasswords = config.getboolean("re2o", "use_cpasswords")
+                display.vvv("Override api_hostname with {} from configuration"
+                            .format(use_cpasswords))
+
        if api_hostname is None:
            raise AnsibleError(to_native(
                'You must specify a hostname to contact re2oAPI'
            ))

-        if api_username is None and api_password is None:
+        if api_username is None and api_password is None and use_cpasswords:
+            display.vvv("Use cpasswords vault to get API credentials.")
            api_username = variables.get('vault_re2o_service_user')
            api_password = variables.get('vault_re2o_service_password')

@ -367,7 +395,7 @@ class LookupModule(LookupBase):

        res = []
        dterms = collections.deque(terms)
-        machines_roles = None # TODO : Cache this.
+        machines_roles = None  # TODO : Cache this.
        display.vvv("Lookup terms are {}".format(terms))
        while dterms:
            term = dterms.popleft()