feat(consul): first working version of acl_bootstrap module

This commit is contained in:
Bertrand Lanson 2024-01-28 01:07:55 +01:00
parent 1fe5eeee85
commit 4edd097ee5
2 changed files with 43 additions and 21 deletions

View File

@ -35,6 +35,20 @@
ansible.builtin.include_role: ansible.builtin.include_role:
name: ednxzu.hashistack.hashicorp_consul name: ednxzu.hashistack.hashicorp_consul
- name: "Initialize consul cluster"
ednxzu.hashistack.consul_acl_bootstrap:
api_addr: "{{ hashi_consul_configuration['advertise_addr'] }}"
run_once: true
delegate_to: "{{ groups['consul_servers'] | first }}"
retries: 5
delay: 5
register: _consul_init_secret
until: not _consul_init_secret.failed
- name: "Print consul token"
ansible.builtin.debug:
msg: "{{ _consul_init_secret }}"
- name: "Vault" - name: "Vault"
when: when:
- enable_vault | bool - enable_vault | bool

View File

@ -1,6 +1,7 @@
#!/usr/bin/python #!/usr/bin/python
from __future__ import absolute_import, division, print_function from __future__ import absolute_import, division, print_function
from typing import Tuple
__metaclass__ = type __metaclass__ = type
@ -26,27 +27,38 @@ else:
HAS_REQUESTS = True HAS_REQUESTS = True
def bootstrap_acl(api_url): def bootstrap_acl(scheme: str, api_addr: str, port: int) -> Tuple[bool, dict]:
# Your ACL bootstrap logic goes here url = f"{scheme}://" + f"{api_addr}:{port}" + "/v1/acl/bootstrap"
# You can use the 'requests' library to make HTTP requests to the Consul API
# For example:
# response = requests.post(api_url + '/v1/acl/bootstrap')
# Check the response and handle it accordingly
# For demonstration purposes, we assume the ACL bootstrap is successful # Make a PUT request to bootstrap the cluster
return True response = requests.put(url)
# Check the HTTP status code and handle the response
if response.status_code == 200:
return True, {
"accessor_id": response.json()["AccessorID"],
"secret_id": response.json()["SecretID"],
}
elif response.status_code == 403:
return False, "Cluster has already been bootstrapped"
else:
response.raise_for_status() # Raise an exception for other status codes
def run_module(): def run_module():
module_args = dict( module_args = dict(
api_url=dict(type="str", required=True), api_addr=dict(type="str", required=True),
scheme=dict(type="str", required=False, default="http"),
port=dict(type="int", required=False, default=8500),
) )
result = dict(changed=False, state="") result = dict(changed=False, state="")
module = AnsibleModule(argument_spec=module_args, supports_check_mode=True) module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
api_url = module.params["api_url"] api_addr = module.params["api_addr"]
scheme = module.params["scheme"]
port = module.params["port"]
try: try:
if not HAS_REQUESTS: if not HAS_REQUESTS:
@ -57,21 +69,17 @@ def run_module():
) )
# Perform ACL Bootstrap # Perform ACL Bootstrap
acl_bootstrap_result = bootstrap_acl(api_url) acl_bootstrap_result, response_data = bootstrap_acl(
api_addr=api_addr, port=port
)
if acl_bootstrap_result: result["changed"] = acl_bootstrap_result
result["changed"] = True result["state"] = response_data
result["state"] = "ACL Bootstrap successful"
else:
result["changed"] = False
result["state"] = "ACL Bootstrap failed"
module.exit_json(**result) module.exit_json(**result)
except Exception as e: except requests.exceptions.RequestException as e:
module.fail_json( module.fail_json(msg="Error during ACL Bootstrap: {}".format(str(e)))
msg="An error occurred during ACL Bootstrap: {}".format(str(e))
)
def main(): def main():