def main(): """Execute the Kong Certificate module.""" ansible_module = AnsibleModule(argument_spec=dict( kong_admin_uri=dict(required=True, type='str'), kong_admin_username=dict(required=False, type='str'), kong_admin_password=dict(required=False, type='str', no_log=True), snis=dict(required=True, type='list'), cert=dict(required=False, type='str'), key=dict(required=False, type='str', no_log=True), state=dict(required=False, default="present", choices=['present', 'absent'], type='str'), ), required_if=[('state', 'present', ['snis', 'cert', 'key'])], supports_check_mode=True) # Admin endpoint & auth url = ansible_module.params['kong_admin_uri'] auth_user = ansible_module.params['kong_admin_username'] auth_pass = ansible_module.params['kong_admin_password'] # Extract arguments state = ansible_module.params['state'] snis = ansible_module.params['snis'] cert = ansible_module.params['cert'] key = ansible_module.params['key'] if not snis: ansible_module.fail_json(msg="'snis' cannot be empty") # First SNI in the list to use in queries. sni = snis[0] data = {'snis': snis, 'cert': cert.strip(), 'key': key.strip()} # Create Kong client instance. k = KongCertificate(url, auth_user=auth_user, auth_pass=auth_pass) kong_status_check(k, ansible_module) kong_version_check(k, ansible_module) # Default return values. result = {} changed = False resp = '' # Ensure the Certificate is configured. if state == "present": # Look up the first SNI in the list. orig = k.certificate_get(sni) if orig is not None: # Determine whether to report 'modified' or 'created'. certdiff = dotdiff(orig, data) if certdiff: changed = True result['state'] = 'modified' else: # Insert a new Certificate, set changed. changed = True result['state'] = 'created' if not ansible_module.check_mode and changed: try: resp = k.certificate_apply(**data) except requests.HTTPError as e: ansible_module.fail_json( msg='Error applying Certificate: {}'.format(e)) # Ensure the certificate is deleted if state == "absent": orig = k.certificate_get(sni) if orig: changed = True result['state'] = 'deleted' if not ansible_module.check_mode and orig: try: resp = k.certificate_delete(sni) except requests.HTTPError as e: ansible_module.fail_json( msg='Error deleting Certificate: {}'.format(e)) result.update(changed=changed) # Pass through the API response if non-empty. if resp: result['response'] = resp ansible_module.exit_json(**result)
def main(): ansible_module = AnsibleModule( argument_spec=dict( kong_admin_uri=dict(required=True, type='str'), kong_admin_username=dict(required=False, type='str'), kong_admin_password=dict(required=False, type='str', no_log=True), name=dict(required=True, type='str'), api_name=dict(required=True, type='str'), consumer_name=dict(required=False, type='str', default=False), config=dict(required=False, type='dict', default=dict()), state=dict(required=False, default="present", choices=['present', 'absent'], type='str'), ), supports_check_mode=True ) # Initialize output dictionary result = {} # Admin endpoint & auth url = ansible_module.params['kong_admin_uri'] auth_user = ansible_module.params['kong_admin_username'] auth_pass = ansible_module.params['kong_admin_password'] # Extract arguments state = ansible_module.params['state'] name = ansible_module.params['name'] api_name = ansible_module.params['api_name'] consumer_name = ansible_module.params['consumer_name'] config = ansible_module.params['config'] # Convert consumer_name to bool if bool conversion evals to False if consumer_name == 'False': consumer_name = False # Create KongAPI client instance k = KongPlugin(url, auth_user=auth_user, auth_pass=auth_pass) # Contact Kong status endpoint kong_status_check(k, ansible_module) # Kong API version compatibility check kong_version_check(k, ansible_module, MIN_VERSION) # Default return values changed = False resp = '' # Check if the Plugin is already present pq = k.plugin_query(name, api_name=api_name, consumer_name=consumer_name) # ansible_module.fail_json(msg=pq) if len(pq) > 1: ansible_module.fail_json( msg='Got multiple results for Plugin query name: {}, api_name: {}, consumer_name: {}'. format(name, api_name, consumer_name)) # Ensure the Plugin is installed on Kong if state == "present": if pq: # Extract the remote Plugin object into orig orig = pq[0] # Diff the remote Plugin object against the target data if it already exists plugindiff = dotdiff(orig.get('config'), config) # Set changed flag if there's a diff if plugindiff: # Log modified state and diff result changed = True result['state'] = 'modified' result['diff'] = [dict(prepared=render_list(plugindiff))] else: # We're inserting a new Plugin, set changed changed = True result['state'] = 'created' result['diff'] = dict( before_header='<undefined>', before='<undefined>\n', after_header=name, after={ 'name': name, 'consumer_name': consumer_name, 'api_name': api_name, 'state': 'created', 'config': config } ) # Only make changes when Ansible is not run in check mode if not ansible_module.check_mode and changed: try: resp = k.plugin_apply(name=name, config=config, api_name=api_name, consumer_name=consumer_name) except requests.HTTPError as e: ansible_module.fail_json(msg='Plugin configuration rejected by Kong.', name=name, config=config, api_name=api_name, consumer_name=consumer_name, response=e.response._content) # Delete the Plugin if it exists if state == "absent" and pq: # Check if the API exists orig = pq[0] # Predict a change if the Plugin exists changed = True result['state'] = 'deleted' result['diff'] = dict( before_header=name, before=orig, after_header='<deleted>', after='\n' ) # Only make changes when Ansible is not run in check mode if not ansible_module.check_mode and orig: # Issue delete call to the Kong API try: resp = k.plugin_delete(name, api_name=api_name, consumer_name=consumer_name) except requests.HTTPError as e: app_err = "Error deleting Plugin." ansible_module.fail_json(msg=app_err, response=e.response._content) # Pass through the API response if non-empty if resp: result['response'] = resp # Prepare module output result.update( dict( changed=changed, ) ) ansible_module.exit_json(**result)
def main(): """Execute the Kong Consumer module.""" ansible_module = AnsibleModule(argument_spec=dict( kong_admin_uri=dict(required=True, type='str'), kong_admin_username=dict(required=False, type='str'), kong_admin_password=dict(required=False, type='str', no_log=True), username=dict(required=True, type='list'), custom_id=dict(required=False, type='str'), state=dict(required=False, default="present", choices=['present', 'absent'], type='str'), ), supports_check_mode=True) # Initialize output dictionary result = {} # Admin endpoint & auth url = ansible_module.params['kong_admin_uri'] auth_user = ansible_module.params['kong_admin_username'] auth_pass = ansible_module.params['kong_admin_password'] # Extract other arguments state = ansible_module.params['state'] users = ansible_module.params['username'] custom_id = ansible_module.params['custom_id'] if len(users) > 1 and custom_id: ansible_module.fail_json( msg="custom_id can only be given when managing a single Consumer") # Create Kong client instance k = KongConsumer(url, auth_user=auth_user, auth_pass=auth_pass) kong_status_check(k, ansible_module) kong_version_check(k, ansible_module) # Default return values changed = False resp = '' diff = [] if state == 'present': # Ensure the list of Consumers is created. for username in users: data = {'username': username} if custom_id: # Will only be present with a single user. data['custom_id'] = custom_id # Check if the Consumer exists. orig = k.consumer_get(username) if orig is None: # Insert a new Consumer. changed = True diff.append( dict(before_header='<undefined>', before='<undefined>\n', after_header=username, after=data)) else: # Patch an existing Consumer. consumer_diff = dotdiff(orig, data) if consumer_diff: # Log modified state and diff result. changed = True diff.append(dict(prepared=render_list(consumer_diff))) if not ansible_module.check_mode: try: resp = k.consumer_apply(**data) except requests.HTTPError as e: ansible_module.fail_json(msg=str(e)) if state == 'absent': # Ensure the list of Consumers is deleted. for username in users: orig = k.consumer_get(username) if orig: # Delete the Consumer. changed = True diff.append( dict(before_header=username, before=orig, after_header='<deleted>', after='\n')) if not ansible_module.check_mode and orig: try: resp = k.consumer_delete(username) except requests.HTTPError as e: ansible_module.fail_json( msg='Error deleting Consumer: {}'.format(e)) # Pass through the API response if non-empty if resp: result['response'] = resp # Pass through the diff result if diff: result['diff'] = diff # Prepare module output result.update(changed=changed) ansible_module.exit_json(**result)
def main(): ansible_module = AnsibleModule(argument_spec=dict( kong_admin_uri=dict(required=True, type='str'), kong_admin_username=dict(required=False, type='str'), kong_admin_password=dict(required=False, type='str', no_log=True), sni=dict(required=True, type='str'), cert=dict(required=False, type='str'), key=dict(required=False, type='str', no_log=True), state=dict(required=False, default="present", choices=['present', 'absent'], type='str'), ), required_if=[('state', 'present', ['sni', 'cert', 'key'])], supports_check_mode=True) # Initialize output dictionary result = {} # Admin endpoint & auth url = ansible_module.params['kong_admin_uri'] auth_user = ansible_module.params['kong_admin_username'] auth_pass = ansible_module.params['kong_admin_password'] # Extract arguments state = ansible_module.params['state'] sni = ansible_module.params['sni'] cert = ansible_module.params['cert'] key = ansible_module.params['key'] data = {'snis': [sni], 'cert': cert.strip(), 'key': key.strip()} # Create KongCertificate client instance k = KongCertificate(url, auth_user=auth_user, auth_pass=auth_pass) # Contact Kong status endpoint kong_status_check(k, ansible_module) # Kong API version compatibility check kong_version_check(k, ansible_module, MIN_VERSION) # Default return values changed = False resp = '' # Ensure the service is registered in Kong if state == "present": # Check if the service exists orig = k.certificate_get(sni) if orig is not None: # Diff the remote API object against the target data if it already exists certdiff = dotdiff(orig, data) # Set changed flag if there's a diff if certdiff: # Log modified state and diff result changed = True result['state'] = 'modified' result['diff'] = [dict(prepared=render_list(certdiff))] else: # We're inserting a new service, set changed changed = True result['state'] = 'created' result['diff'] = dict(before_header='<undefined>', before='<undefined>\n', after_header=sni, after='<hidden>') # Only make changes when Ansible is not run in check mode if not ansible_module.check_mode and changed: try: resp = k.certificate_apply(**data) except Exception as e: app_err = "Certfificate configuration rejected by Kong: '{}'. " \ "Please check configuration of the certificate you are trying to configure." ansible_module.fail_json(msg=app_err.format(e)) # Ensure the certificate is deleted if state == "absent": # Check if the certificate exists orig = k.certificate_get(sni) # Predict a change if the certfificate exists if orig: changed = True result['state'] = 'deleted' result['diff'] = dict(before_header=sni, before='<hidden>', after_header='<deleted>', after='\n') # Only make changes when Ansible is not run in check mode if not ansible_module.check_mode and orig: # Issue delete call to the Kong service try: resp = k.certificate_delete(name) except Exception as e: ansible_module.fail_json( msg='Error deleting certificate: {}'.format(e)) # Pass through the API response if non-empty if resp: result['response'] = resp # Prepare module output result.update(dict(changed=changed, )) ansible_module.exit_json(**result)
def main(): ansible_module = AnsibleModule( argument_spec=dict( kong_admin_uri=dict(required=True, type='str'), kong_admin_username=dict(required=False, type='str'), kong_admin_password=dict(required=False, type='str', no_log=True), service=dict(required=True, type='str'), name=dict(required=True, type='str'), protocols=dict(required=False, default=['http', 'https'], type='list'), hosts=dict(required=False, type='list'), paths=dict(required=False, default=[], type='list'), methods=dict(required=False, default=[], type='list'), strip_path=dict(required=False, default=True, type='bool'), preserve_host=dict(required=False, default=False, type='bool'), tags=dict(required=False, type='list'), state=dict(required=False, default="present", choices=['present', 'absent'], type='str'), ), required_if=[ ('state', 'present', ['service']), ('state', 'absent', ['service']), ], required_one_of=[ ('hosts', 'paths', 'methods') ], supports_check_mode=True ) # Initialize output dictionary result = {} # Emulates 'required_one_of' argument spec, as it cannot be made conditional if ansible_module.params['state'] == 'present' and \ ansible_module.params['protocols'] is None and \ ansible_module.params['methods'] is None and \ ansible_module.params['hosts'] is None and \ ansible_module.params['paths'] is None: ansible_module.fail_json(msg="At least one of protocols, methods, hosts or paths is required when state is 'present'") # Kong 0.14.x api_fields = [ 'name', 'protocols', 'methods', 'hosts', 'paths', 'strip_path', 'preserve_host', 'tags' ] # Extract api_fields from module parameters into separate dictionary data = params_fields_lookup(ansible_module, api_fields) # Admin endpoint & auth url = ansible_module.params['kong_admin_uri'] auth_user = ansible_module.params['kong_admin_username'] auth_pass = ansible_module.params['kong_admin_password'] # Extract other arguments service = ansible_module.params['service'] state = ansible_module.params['state'] name = ansible_module.params['name'] # Create KongRoute client instance k = KongRoute(url, auth_user=auth_user, auth_pass=auth_pass) # Contact Kong status endpoint kong_status_check(k, ansible_module) # Default return values changed = False resp = '' # Ensure the Route is registered in Kong if state == "present": orig = k.route_get(name) if orig is not None: # Diff the remote Route object against the target data if it already exists route_diff = dotdiff(orig, data) # Set changed flag if there's a diff if route_diff: data['route_id'] = orig['id'] # Log modified state and diff result changed = True result['state'] = 'modified' result['diff'] = [dict(prepared=render_list(route_diff))] else: # We're inserting a new Route, set changed data['route_id'] = None changed = True result['state'] = 'created' result['diff'] = dict( before_header='<undefined>', before='<undefined>\n', after_header=service, after=data ) # Only make changes when Ansible is not run in check mode if not ansible_module.check_mode and changed: try: resp = k.route_apply(service, **data) except Exception as e: err_msg = "Route configuration rejected by Kong: '{}'. " \ "Please check configuration of the API you are trying to configure." ansible_module.fail_json(msg=err_msg.format(e)) # Ensure the Route is deleted if state == "absent": # Check if the Route exists orig = k.route_get(name) # Predict a change if the API exists if orig: changed = True result['state'] = 'deleted' result['diff'] = dict( before_header=service, before=orig, after_header='<deleted>', after='\n' ) # Only make changes when Ansible is not run in check mode if not ansible_module.check_mode and orig: # Issue delete call to the Kong API try: resp = k.route_delete(orig['id']) except Exception as e: ansible_module.fail_json(msg='Error deleting Route: {}'.format(e)) # Pass through the API response if non-empty if resp: result['response'] = resp # Prepare module output result.update( dict( changed=changed, ) ) ansible_module.exit_json(**result)
def main(): """Execute the Kong Service module.""" ansible_module = AnsibleModule( argument_spec=dict( kong_admin_uri=dict(required=True, type='str'), kong_admin_username=dict(required=False, type='str'), kong_admin_password=dict(required=False, type='str', no_log=True), name=dict(required=True, type='str'), protocol=dict(required=False, default="http", choices=['http', 'https'], type='str'), host=dict(required=True, type='str'), port=dict(required=False, default=80, type='int'), path=dict(required=False, type='str'), retries=dict(required=False, default=5, type='int'), connect_timeout=dict(required=False, default=60000, type='int'), write_timeout=dict(required=False, default=60000, type='int'), read_timeout=dict(required=False, default=60000, type='int'), state=dict(required=False, default="present", choices=['present', 'absent'], type='str'), ), required_if=[ ('state', 'present', ['host', 'name']) ], supports_check_mode=True ) api_fields = [ 'name', 'protocol', 'host', 'port', 'path', 'retries', 'connect_timeout', 'write_timeout', 'read_timeout' ] # Extract api_fields from module parameters into separate dictionary data = params_fields_lookup(ansible_module, api_fields) # Admin endpoint & auth url = ansible_module.params['kong_admin_uri'] auth_user = ansible_module.params['kong_admin_username'] auth_pass = ansible_module.params['kong_admin_password'] # Extract other arguments state = ansible_module.params['state'] name = ansible_module.params['name'] # Create Kong client instance. k = KongService(url, auth_user=auth_user, auth_pass=auth_pass) kong_status_check(k, ansible_module) kong_version_check(k, ansible_module) # Default return values. result = {} changed = False resp = '' # Ensure the Service is configured. if state == "present": orig = k.service_get(name) if orig is not None: # Diff the existing object against the target data if it already exists. servicediff = dotdiff(orig, data) if servicediff: changed = True result['state'] = 'modified' result['diff'] = [dict(prepared=render_list(servicediff))] else: # Insert a new Service, set changed. changed = True result['state'] = 'created' result['diff'] = dict( before_header='<undefined>', before='<undefined>\n', after_header=name, after=data ) if not ansible_module.check_mode and changed: try: resp = k.service_apply(**data) except requests.HTTPError as e: ansible_module.fail_json( msg='Error applying Service: {}'.format(e)) # Ensure the Service is deleted. if state == "absent": orig = k.service_get(name) if orig: changed = True result['state'] = 'deleted' result['diff'] = dict( before_header=name, before=orig, after_header='<deleted>', after='\n' ) if not ansible_module.check_mode and orig: try: resp = k.service_delete(name) except requests.HTTPError as e: ansible_module.fail_json( msg='Error deleting Service: {}'.format(e)) # Prepare module output result.update(changed=changed) # Pass through the API response if non-empty if resp: result['response'] = resp ansible_module.exit_json(**result)
def main(): ansible_module = AnsibleModule(argument_spec=dict( kong_admin_uri=dict(required=True, type='str'), kong_admin_username=dict(required=False, type='str'), kong_admin_password=dict(required=False, type='str', no_log=True), name=dict(required=True, type='str'), upstream_url=dict(required=False, type='str'), hosts=dict(required=False, type='list'), uris=dict(required=False, type='list'), methods=dict(required=False, type='list'), strip_uri=dict(required=False, default=False, type='bool'), preserve_host=dict(required=False, default=False, type='bool'), state=dict(required=False, default="present", choices=['present', 'absent'], type='str'), ), required_if=[('state', 'present', ['upstream_url'])], supports_check_mode=True) # Initialize output dictionary result = {} # Emulates 'required_one_of' argument spec, as it cannot be made conditional if ansible_module.params['state'] == 'present' and \ ansible_module.params['hosts'] is None and \ ansible_module.params['uris'] is None and \ ansible_module.params['methods'] is None: ansible_module.fail_json( msg= "At least one of hosts, uris or methods is required when state is 'present'" ) # Kong 0.11.x api_fields = [ 'name', 'upstream_url', 'hosts', 'uris', 'methods', 'strip_uri', 'preserve_host', 'retries', 'upstream_connect_timeout', 'upstream_read_timeout', 'upstream_send_timeout', 'https_only', 'http_if_terminated' ] # Extract api_fields from module parameters into separate dictionary data = params_fields_lookup(ansible_module, api_fields) # Admin endpoint & auth url = ansible_module.params['kong_admin_uri'] auth_user = ansible_module.params['kong_admin_username'] auth_pass = ansible_module.params['kong_admin_password'] # Extract other arguments state = ansible_module.params['state'] name = ansible_module.params['name'] # Create KongAPI client instance k = KongAPI(url, auth_user=auth_user, auth_pass=auth_pass) # Contact Kong status endpoint kong_status_check(k, ansible_module) # Kong API version compatibility check kong_version_check(k, ansible_module, MIN_VERSION) # Default return values changed = False resp = '' # Ensure the API is registered in Kong if state == "present": # Check if the API exists orig = k.api_get(name) if orig is not None: # Diff the remote API object against the target data if it already exists apidiff = dotdiff(orig, data) # Set changed flag if there's a diff if apidiff: # Log modified state and diff result changed = True result['state'] = 'modified' result['diff'] = [dict(prepared=render_list(apidiff))] else: # We're inserting a new API, set changed changed = True result['state'] = 'created' result['diff'] = dict(before_header='<undefined>', before='<undefined>\n', after_header=name, after=data) # Only make changes when Ansible is not run in check mode if not ansible_module.check_mode and changed: try: resp = k.api_apply(**data) except Exception as e: app_err = "API configuration rejected by Kong: '{}'. " \ "Please check configuration of the API you are trying to configure." ansible_module.fail_json(msg=app_err.format(e.message)) # Ensure the API is deleted if state == "absent": # Check if the API exists orig = k.api_get(name) # Predict a change if the API exists if orig: changed = True result['state'] = 'deleted' result['diff'] = dict(before_header=name, before=orig, after_header='<deleted>', after='\n') # Only make changes when Ansible is not run in check mode if not ansible_module.check_mode and orig: # Issue delete call to the Kong API try: resp = k.api_delete(name) except Exception as e: ansible_module.fail_json( msg='Error deleting API: {}'.format(e.message)) # Pass through the API response if non-empty if resp: result['response'] = resp # Prepare module output result.update(dict(changed=changed, )) ansible_module.exit_json(**result)
def main(): """Execute the Kong Route module.""" ansible_module = AnsibleModule( argument_spec=dict( kong_admin_uri=dict(required=True, type='str'), kong_admin_username=dict(required=False, type='str'), kong_admin_password=dict(required=False, type='str', no_log=True), service=dict(required=True, type='str'), name=dict(required=False, type='str'), protocols=dict(required=False, default=['http', 'https'], choices=['http', 'https', 'tcp', 'tls'], type='list'), methods=dict(required=False, default=[], type='list'), hosts=dict(required=False, default=[], type='list'), paths=dict(required=False, default=[], type='list'), snis=dict(required=False, default=[], type='list'), sources=dict(required=False, default=[], type='list'), destinations=dict(required=False, default=[], type='list'), strip_path=dict(required=False, default=True, type='bool'), preserve_host=dict(required=False, default=False, type='bool'), state=dict(required=False, default="present", choices=['present', 'absent'], type='str'), ), supports_check_mode=True ) # Initialize output dictionary result = {} # Emulates 'required_one_of' argument spec, as it cannot be made conditional if ansible_module.params['state'] == 'present' and \ not ansible_module.params['protocols'] and \ not ansible_module.params['methods'] and \ not ansible_module.params['hosts'] and \ not ansible_module.params['paths'] and \ not ansible_module.params['snis'] and \ not ansible_module.params['sources'] and \ not ansible_module.params['destinations']: ansible_module.fail_json( msg="At least one of protocols, methods, hosts, paths, snis, " + "sources or destinations is required when state is 'present'") api_fields = [ 'protocols', 'hosts', 'paths', 'methods', 'snis', 'sources', 'destinations', 'strip_path', 'preserve_host' ] # Extract api_fields from module parameters into separate dictionary data = params_fields_lookup(ansible_module, api_fields) # Admin endpoint & auth url = ansible_module.params['kong_admin_uri'] auth_user = ansible_module.params['kong_admin_username'] auth_pass = ansible_module.params['kong_admin_password'] # Extract other arguments service = ansible_module.params['service'] name = ansible_module.params['name'] state = ansible_module.params['state'] # Create Kong client instance. k = KongRoute(url, auth_user=auth_user, auth_pass=auth_pass) kong_status_check(k, ansible_module) kong_version_check(k, ansible_module) # Default return values changed = False resp = '' orig = None if name: # Route name is given, only manage a named object. orig = k.route_get(name) # Pass 'name' parameter to route_apply data. data['name'] = name else: try: # Check if a Route with these parameters already exists # without including the route name. rq = k.route_query(service, protocols=data['protocols'], hosts=data['hosts'], paths=data['paths'], methods=data['methods'], snis=data['snis'], sources=data['sources'], destinations=data['destinations']) except requests.HTTPError as e: ansible_module.fail_json( msg="Error querying Route: '{}'".format(e)) if len(rq) > 1: ansible_module.fail_json( msg='Multiple results for Route query', results=rq) if rq: orig = rq[0] # Ensure the Route is configured. if state == "present": if orig: # Diff existing Route object against the target data if it already exists. routediff = dotdiff(orig, data) if routediff: changed = True result['state'] = 'modified' result['diff'] = [dict(prepared=render_list(routediff))] else: # Insert a new Route, set changed. changed = True result['state'] = 'created' result['diff'] = dict( before_header='<undefined>', before='<undefined>\n', after_header=service, after=data ) if not ansible_module.check_mode and changed: try: resp = k.route_apply(service, **data) except requests.HTTPError as e: ansible_module.fail_json( msg='Error applying Route: {}'.format(e)) # Ensure the Route is deleted. if state == "absent": # Predict a change if the API exists. if orig: changed = True result['state'] = 'deleted' result['diff'] = dict( before_header=service, before=orig, after_header='<deleted>', after='\n' ) if not ansible_module.check_mode: try: resp = k.route_delete(orig['id']) except requests.HTTPError as e: ansible_module.fail_json( msg='Error deleting Route: {}'.format(e)) # Prepare module output result.update(changed=changed) # Pass through the API response if non-empty if resp: result['response'] = resp ansible_module.exit_json(**result)
def main(): ansible_module = AnsibleModule(argument_spec=dict( kong_admin_uri=dict(required=True, type='str'), kong_admin_username=dict(required=False, type='str'), kong_admin_password=dict(required=False, type='str', no_log=True), username=dict(required=True, type='list'), tags=dict(required=False, type='list'), state=dict(required=False, default="present", choices=['present', 'absent'], type='str'), ), supports_check_mode=True) # We don't support custom_id, as its use is too limited in terms of querying # the Kong API. The custom_id is not a primary key, cannot be used as an index # in many operations, though it's marked as UNIQUE. # Initialize output dictionary result = {} # Admin endpoint & auth url = ansible_module.params['kong_admin_uri'] auth_user = ansible_module.params['kong_admin_username'] auth_pass = ansible_module.params['kong_admin_password'] # Extract other arguments state = ansible_module.params['state'] users = ansible_module.params['username'] tags = ansible_module.params['tags'] api_fields = ['name', 'tags'] # Extract api_fields from module parameters into separate dictionary data = params_fields_lookup(ansible_module, api_fields) # Create KongAPI client instance k = KongConsumer(url, auth_user=auth_user, auth_pass=auth_pass) # Contact Kong status endpoint kong_status_check(k, ansible_module) # Default return values changed = False resp = '' diff = [] # Ensure the Consumer(s) are registered in Kong if state == "present": for username in users: orig = k.consumer_get(username) if orig is not None: # Diff the remote Consumer object against the target data if it already exists consumer_diff = dotdiff(orig, data) resp = orig # Set changed flag if there's a diff if consumer_diff: data['username'] = orig['username'] # Log modified state and diff result changed = True result['state'] = 'modified' result['diff'] = [ dict(prepared=render_list(consumer_diff)) ] else: # We're inserting a new Consumer, set changed data['username'] = username changed = True result['state'] = 'created' result['diff'] = dict(before_header='<undefined>', before='<undefined>\n', after_header=username, after=data) # Only make changes when Ansible is not run in check mode if not ansible_module.check_mode and changed: try: resp = k.consumer_apply(**data) except Exception as e: err_msg = "Consumer configuration rejected by Kong: '{}'. " \ "Please check configuration of the API you are trying to configure." ansible_module.fail_json(msg=err_msg.format(e)) # Ensure the Consumer is deleted if state == "absent": for username in users: # Check if the Consumer exists orig = k.consumer_get(username) # Predict a change if the Consumer is present if orig: changed = True result['state'] = 'deleted' diff.append( dict(before_header=username, before=orig, after_header='<deleted>', after='\n')) # Only make changes when Ansible is not run in check mode if not ansible_module.check_mode and orig: # Issue delete call to the Kong API try: resp = k.consumer_delete(username) except Exception as e: ansible_module.fail_json( msg='Error deleting Consumer: {}'.format(e)) # Pass through the API response if non-empty if resp: result['response'] = resp # Pass through the diff result if diff: result['diff'] = diff # Prepare module output result.update(dict(changed=changed, )) ansible_module.exit_json(**result)
def main(): ansible_module = AnsibleModule( argument_spec=dict( kong_admin_uri=dict(required=True, type='str'), kong_admin_username=dict(required=False, type='str'), kong_admin_password=dict(required=False, type='str', no_log=True), name=dict(required=True, type='str'), protocol=dict(required=False, default="http", choices=['http', 'https'], type='str'), host=dict(required=True, type='str'), port=dict(required=False, default=80, type='int'), path=dict(required=False, type='str'), tags=dict(required=False, type='list'), retries=dict(required=False, default=5, type='int'), connect_timeout=dict(required=False, default=60000, type='int'), write_timeout=dict(required=False, default=60000, type='int'), read_timeout=dict(required=False, default=60000, type='int'), state=dict(required=False, default="present", choices=['present', 'absent'], type='str'), ), required_if=[ ('state', 'present', ['host', 'name']) ], supports_check_mode=True ) # Initialize output dictionary result = {} # Kong 0.14.x api_fields = [ 'name', 'protocol', 'host', 'port', 'path', 'retries', 'connect_timeout', 'write_timeout', 'read_timeout', 'tags' ] # Extract api_fields from module parameters into separate dictionary data = params_fields_lookup(ansible_module, api_fields) # Admin endpoint & auth url = ansible_module.params['kong_admin_uri'] auth_user = ansible_module.params['kong_admin_username'] auth_pass = ansible_module.params['kong_admin_password'] # Extract other arguments state = ansible_module.params['state'] name = ansible_module.params['name'] # Create KongService client instance k = KongService(url, auth_user=auth_user, auth_pass=auth_pass) # Contact Kong status endpoint kong_status_check(k, ansible_module) # Default return values changed = False resp = '' # Ensure the service is registered in Kong if state == "present": # Check if the service exists orig = k.service_get(name) if orig is not None: # Diff the remote API object against the target data if it already exists servicediff = dotdiff(orig, data) # Set changed flag if there's a diff if servicediff: # Log modified state and diff result changed = True result['state'] = 'modified' result['diff'] = [dict(prepared=render_list(servicediff))] else: # We're inserting a new service, set changed changed = True result['state'] = 'created' result['diff'] = dict( before_header='<undefined>', before='<undefined>\n', after_header=name, after=data ) # Only make changes when Ansible is not run in check mode if not ansible_module.check_mode and changed: try: resp = k.service_apply(**data) except Exception as e: app_err = "Service configuration rejected by Kong: '{}'. " \ "Please check configuration of the service you are trying to configure." ansible_module.fail_json(msg=app_err.format(e)) # Ensure the service is deleted if state == "absent": # Check if the service exists orig = k.service_get(name) # Predict a change if the service exists if orig: changed = True result['state'] = 'deleted' result['diff'] = dict( before_header=name, before=orig, after_header='<deleted>', after='\n' ) # Only make changes when Ansible is not run in check mode if not ansible_module.check_mode and orig: # Issue delete call to the Kong service try: resp = k.service_delete(name) except Exception as e: ansible_module.fail_json(msg='Error deleting service: {}'.format(e)) # Pass through the API response if non-empty if resp: result['response'] = resp # Prepare module output result.update( dict( changed=changed, ) ) ansible_module.exit_json(**result)
def main(): """Execute the Kong Consumer Credential module.""" ansible_module = AnsibleModule(argument_spec=dict( kong_admin_uri=dict(required=True, type='str'), kong_admin_username=dict(required=False, type='str'), kong_admin_password=dict(required=False, type='str', no_log=True), username=dict(required=True, type='str'), type=dict(required=True, type='str', choices=[ 'acls', 'basic-auth', 'hmac-auth', 'key-auth', 'jwt', 'oauth2' ]), config=dict(required=False, type='dict', default=dict()), state=dict(required=False, type='str', choices=['present', 'absent'], default='present'), ), supports_check_mode=True) # Initialize output dictionary result = {} # Admin endpoint & auth url = ansible_module.params['kong_admin_uri'] auth_user = ansible_module.params['kong_admin_username'] auth_pass = ansible_module.params['kong_admin_password'] # Extract arguments state = ansible_module.params['state'] username = ansible_module.params['username'] auth_type = ansible_module.params['type'] config = ansible_module.params['config'] # Create Kong client instance. k = KongConsumer(url, auth_user=auth_user, auth_pass=auth_pass) kong_status_check(k, ansible_module) kong_version_check(k, ansible_module) # Default return values changed = False resp = '' diff = [] try: # Check if the credential for the Consumer exists. cq = k.credential_query(username, auth_type, config=config) except ValueError as e: # Missing Consumer is not an error when state is 'absent'. if state == 'absent': ansible_module.exit_json(msg=str(e)) ansible_module.fail_json(msg=str(e)) except requests.HTTPError as e: ansible_module.fail_json( msg="Error querying credential: '{}'.".format(e)) if len(cq) > 1: ansible_module.fail_json(msg='Multiple results for credential query', results=cq) # Ensure the credential is configured. if state == 'present': if cq: if not ansible_module.check_mode: try: resp = k.credential_apply(username, auth_type, config=config) except requests.HTTPError as e: ansible_module.fail_json(msg=str(e)) orig = cq[0] # Diff the remote API object against the target data if it already exists. cred_diff = dotdiff(orig, resp) # Set changed flag if there's a diff if cred_diff: # Log modified state and diff result changed = True result['state'] = 'modified' result['diff'] = [dict(prepared=render_list(cred_diff))] # Credential does not exist, create it. else: changed = True result['state'] = 'created' # Append diff entry diff.append( dict(before_header='<undefined>', before='<undefined>\n', after_header='{}/{}'.format(username, auth_type), after=config)) # Only make changes when Ansible is not run in check mode if not ansible_module.check_mode: try: resp = k.credential_apply(username, auth_type, config=config) except requests.HTTPError as e: ansible_module.fail_json(msg=str(e)) # Ensure the Consumer is deleted if state == 'absent' and cq: # Get the first (and only) element of the query orig = cq[0] # Predict a successful delete if the Consumer Plugin is present changed = True result['state'] = 'deleted' diff.append( dict(before_header='{}/{}'.format(username, auth_type), before=orig, after_header='<deleted>', after='\n')) # Only make changes when Ansible is not run in check mode if not ansible_module.check_mode: # Issue delete call try: resp = k.credential_delete(consumer_idname=username, auth_type=auth_type, config=config) except requests.HTTPError as e: ansible_module.fail_json(msg=str(e)) # Pass through the API response if non-empty if resp: result['response'] = resp # Pass through the diff result if diff: result['diff'] = diff # Prepare module output result.update(changed=changed) ansible_module.exit_json(**result)
def main(): """Execute the Kong Plugin module.""" ansible_module = AnsibleModule(argument_spec=dict( kong_admin_uri=dict(required=True, type='str'), kong_admin_username=dict(required=False, type='str'), kong_admin_password=dict(required=False, type='str', no_log=True), name=dict(required=True, type='str'), service=dict(required=False, type='str'), route=dict(required=False, type='str'), consumer=dict(required=False, type='str'), config=dict(required=False, type='dict', default=dict()), state=dict(required=False, default="present", choices=['present', 'absent'], type='str'), ), supports_check_mode=True) # Admin endpoint & auth url = ansible_module.params['kong_admin_uri'] auth_user = ansible_module.params['kong_admin_username'] auth_pass = ansible_module.params['kong_admin_password'] # Extract arguments state = ansible_module.params['state'] name = ansible_module.params['name'] service = ansible_module.params['service'] route = ansible_module.params['route'] consumer = ansible_module.params['consumer'] config = ansible_module.params['config'] # Create KongAPI client instance k = KongPlugin(url, auth_user=auth_user, auth_pass=auth_pass) kong_status_check(k, ansible_module) kong_version_check(k, ansible_module) # Default return values changed = False resp = '' diff = {} result = {} try: pq = k.plugin_query(name=name, service_name=service, route_name=route, consumer_name=consumer) except requests.HTTPError as e: ansible_module.fail_json(msg="Error querying plugin: '{}'.".format(e)) if len(pq) > 1: ansible_module.fail_json(msg='Multiple results for Plugin query', results=pq, name=name, service=service, route=route, consumer=consumer) # Ensure the Plugin is configured. if state == "present": if pq: # Extract the remote Plugin object into orig orig = pq[0] # Diff the existing Plugin against the target data if it already exists. plugin_diff = dotdiff(orig.get('config'), config) if plugin_diff: # Log modified state and diff result. changed = True result['state'] = 'modified' diff = dict(prepared=render_list(plugin_diff)) else: # Configure a new Plugin. changed = True result['state'] = 'created' diff = dict(before_header='<undefined>', before='<undefined>\n', after_header=name, after={ 'name': name, 'service': service, 'route': route, 'consumer': consumer, 'config': config, 'state': 'created', }) if not ansible_module.check_mode and changed: try: resp = k.plugin_apply(name=name, config=config, service_name=service, route_name=route, consumer_name=consumer) except requests.HTTPError as e: ansible_module.fail_json(msg=str(e)) # Ensure the Plugin is deleted. if state == "absent" and pq: # Check if the API exists orig = pq[0] # Predict a change if the Plugin exists changed = True result['state'] = 'deleted' diff = dict(before_header=name, before=orig, after_header='<deleted>', after='\n') if not ansible_module.check_mode and orig: try: resp = k.plugin_delete(name, service_name=service, route_name=route, consumer_name=consumer) except requests.HTTPError as e: err_msg = "Error deleting Plugin." ansible_module.fail_json(msg=err_msg, response=e.response._content) # Prepare module output. result.update(changed=changed) if resp: result['response'] = resp if diff: result['diff'] = diff ansible_module.exit_json(**result)