hcp-ansible/plugins/modules/consul_acl_bootstrap.py

130 lines
3.4 KiB
Python

#!/usr/bin/python
from __future__ import absolute_import, division, print_function
from typing import Tuple
__metaclass__ = type
DOCUMENTATION = r"""
---
module: ednz_cloud.hashistack.consul_acl_bootstrap
short_description: Bootstraps ACL for a Consul cluster.
version_added: "0.1.0"
description:
- This module bootstraps ACL (Access Control List) for a Consul cluster. It performs the ACL bootstrap operation,
creating the initial tokens needed for secure communication within the cluster.
options:
api_addr:
description: The address of the Consul API.
required: true
type: str
scheme:
description: The URL scheme to use (http or https).
required: false
type: str
default: http
port:
description: The port on which the Consul API is running.
required: false
type: int
default: 8500
author:
- Bertrand Lanson (@ednz_cloud)
"""
EXAMPLES = r"""
# Example: Bootstrap ACL for a Consul cluster
- name: Bootstrap ACL for Consul cluster
ednz_cloud.hashistack.consul_acl_bootstrap:
api_addr: 127.0.0.1
scheme: http
port: 8500
"""
RETURN = r"""
state:
description: Information about the state of ACL bootstrap for the Consul cluster.
type: dict
returned: always
sample:
accessor_id: "uuuuuuuu-uuuu-iiii-dddd-111111111111",
secret_id: "uuuuuuuu-uuuu-iiii-dddd-222222222222"
"""
from ansible.module_utils.basic import AnsibleModule
import traceback
try:
import requests
except ImportError:
HAS_REQUESTS = False
REQUESTS_IMPORT_ERROR = traceback.format_exc()
else:
REQUESTS_IMPORT_ERROR = None
HAS_REQUESTS = True
def bootstrap_acl(scheme: str, api_addr: str, port: int) -> Tuple[bool, dict]:
url = f"{scheme}://" + f"{api_addr}:{port}" + "/v1/acl/bootstrap"
# Make a PUT request to bootstrap the cluster
response = requests.put(url)
# Check the HTTP status code and handle the response
if response.status_code == 200:
return True, {
"accessor_id": response.json()["AccessorID"],
"secret_id": response.json()["SecretID"],
}
elif response.status_code == 403:
return False, {"message": "Cluster has already been bootstrapped"}
else:
response.raise_for_status() # Raise an exception for other status codes
def run_module():
module_args = dict(
api_addr=dict(type="str", required=True),
scheme=dict(type="str", required=False, default="http"),
port=dict(type="int", required=False, default=8500),
)
result = dict(changed=False, state="")
module = AnsibleModule(argument_spec=module_args, supports_check_mode=False)
try:
if not HAS_REQUESTS:
module.fail_json(
msg="Requests library is required but not installed. {}".format(
REQUESTS_IMPORT_ERROR
)
)
acl_bootstrap_result, response_data = bootstrap_acl(
scheme=module.params["scheme"],
api_addr=module.params["api_addr"],
port=module.params["port"],
)
result["changed"] = acl_bootstrap_result
result["state"] = response_data
module.exit_json(**result)
except requests.exceptions.RequestException as e:
module.fail_json(msg="Error during ACL Bootstrap: {}".format(str(e)))
def main():
run_module()
if __name__ == "__main__":
main()