示例#1
0
def template(basedir, varname, vars, lookup_fatal=True, depth=0, expand_lists=True, convert_bare=False, fail_on_undefined=False, filter_fatal=True):
    ''' templates a data structure by traversing it and substituting for other data structures '''
    from ansible import utils

    try:
        if convert_bare and isinstance(varname, basestring):
            first_part = varname.split(".")[0].split("[")[0]
            if first_part in vars and '{{' not in varname and '$' not in varname:
                varname = "{{%s}}" % varname
    
        if isinstance(varname, basestring):
            if '{{' in varname or '{%' in varname:
                varname = template_from_string(basedir, varname, vars, fail_on_undefined)

                if (varname.startswith("{") and not varname.startswith("{{")) or varname.startswith("["):
                    eval_results = utils.safe_eval(varname, locals=vars, include_exceptions=True)
                    if eval_results[1] is None:
                        varname = eval_results[0]

            return varname
    
        elif isinstance(varname, (list, tuple)):
            return [template(basedir, v, vars, lookup_fatal, depth, expand_lists, fail_on_undefined=fail_on_undefined) for v in varname]
        elif isinstance(varname, dict):
            d = {}
            for (k, v) in varname.iteritems():
                d[k] = template(basedir, v, vars, lookup_fatal, depth, expand_lists, fail_on_undefined=fail_on_undefined)
            return d
        else:
            return varname
    except errors.AnsibleFilterError:
        if filter_fatal:
            raise
        else:
            return varname
示例#2
0
def template(basedir, varname, templatevars, lookup_fatal=True, depth=0, expand_lists=True, convert_bare=False, fail_on_undefined=False, filter_fatal=True):
    ''' templates a data structure by traversing it and substituting for other data structures '''
    from ansible import utils
    try:
        if convert_bare and isinstance(varname, basestring):
            first_part = varname.split(".")[0].split("[")[0]
            if first_part in templatevars and '{{' not in varname and '$' not in varname:
                varname = "{{%s}}" % varname

        if isinstance(varname, basestring):
            if '{{' in varname or '{%' in varname:
                try:
                    varname = template_from_string(basedir, varname, templatevars, fail_on_undefined)
                except errors.AnsibleError, e:
                    raise errors.AnsibleError("Failed to template %s: %s" % (varname, str(e)))

                # template_from_string may return non strings for the case where the var is just
                # a reference to a single variable, so we should re_check before we do further evals
                if isinstance(varname, basestring):
                    if (varname.startswith("{") and not varname.startswith("{{")) or varname.startswith("["):
                        eval_results = utils.safe_eval(varname, locals=templatevars, include_exceptions=True)
                        if eval_results[1] is None:
                            varname = eval_results[0]

            return varname

        elif isinstance(varname, (list, tuple)):
            return [template(basedir, v, templatevars, lookup_fatal, depth, expand_lists, convert_bare, fail_on_undefined, filter_fatal) for v in varname]
    def run(self, conn, tmp, module_name, module_args, inject, complex_args=None, **kwargs):

        try:

            args = {}
            if complex_args:
                args.update(complex_args)
            args.update(parse_kv(module_args))

            envdict={}
            if self.runner.environment:
                env=template.template(self.runner.basedir, self.runner.environment, inject, convert_bare=True)
                env = utils.safe_eval(env)

            testQueue = args["queue_name"]
            region = args["region"]

            spec_file = path.expanduser("~/.nucleator/contrib/Bucketandq/orchestrator/specification.json")

            queue = self.initQueue(testQueue, region, env)
            self.main(self.addMessageToQueue, queue, spec_file)

            return ReturnData(conn=conn,
                comm_ok=True,
                result=dict(failed=False, changed=False, msg="Bucketandq Messages Created!"))

        except Exception, e:
            # deal with failure gracefully
            result = dict(failed=True, msg=type(e).__name__ + ": " + str(e))
            return ReturnData(conn=conn, comm_ok=False, result=result)
示例#4
0
def template(basedir, varname, templatevars, lookup_fatal=True, depth=0, expand_lists=True, convert_bare=False, fail_on_undefined=False, filter_fatal=True):
    ''' templates a data structure by traversing it and substituting for other data structures '''
    from ansible import utils
    try:
        if convert_bare and isinstance(varname, basestring):
            first_part = varname.split(".")[0].split("[")[0]
            if first_part in templatevars and '{{' not in varname and '$' not in varname:
                varname = "{{%s}}" % varname

        if isinstance(varname, basestring):
            if '{{' in varname or '{%' in varname:
                try:
                    varname = template_from_string(basedir, varname, templatevars, fail_on_undefined)
                except errors.AnsibleError, e:
                    raise errors.AnsibleError("Failed to template %s: %s" % (varname, str(e)))

                # template_from_string may return non strings for the case where the var is just
                # a reference to a single variable, so we should re_check before we do further evals
                if isinstance(varname, basestring):
                    if (varname.startswith("{") and not varname.startswith("{{")) or varname.startswith("["):
                        eval_results = utils.safe_eval(varname, locals=templatevars, include_exceptions=True)
                        if eval_results[1] is None:
                            varname = eval_results[0]

            return varname

        elif isinstance(varname, (list, tuple)):
            return [template(basedir, v, templatevars, lookup_fatal, depth, expand_lists, convert_bare, fail_on_undefined, filter_fatal) for v in varname]
示例#5
0
    def run(self, terms, inject=None, **kwargs):
        terms = safe_eval(terms)

        if not isinstance(terms, dict):
            print terms
            raise errors.AnsibleError("with_hash_items expects a dict")
        return [{"key": term[0], "value": term[1]} for term in terms.items()]
示例#6
0
def template(basedir, varname, templatevars, lookup_fatal=True, depth=0, expand_lists=True, convert_bare=False, fail_on_undefined=False, filter_fatal=True):
    ''' templates a data structure by traversing it and substituting for other data structures '''
    from ansible import utils

    try:
        if convert_bare and isinstance(varname, basestring):
            first_part = varname.split(".")[0].split("[")[0]
            if first_part in templatevars and '{{' not in varname and '$' not in varname:
                varname = "{{%s}}" % varname

        if isinstance(varname, basestring):
            if '{{' in varname or '{%' in varname:
                varname = template_from_string(basedir, varname, templatevars, fail_on_undefined)

                if (varname.startswith("{") and not varname.startswith("{{")) or varname.startswith("["):
                    eval_results = utils.safe_eval(varname, locals=templatevars, include_exceptions=True)
                    if eval_results[1] is None:
                        varname = eval_results[0]

            return varname

        elif isinstance(varname, (list, tuple)):
            return [template(basedir, v, templatevars, lookup_fatal, depth, expand_lists, convert_bare, fail_on_undefined, filter_fatal) for v in varname]
        elif isinstance(varname, dict):
            d = {}
            for (k, v) in varname.iteritems():
                d[k] = template(basedir, v, templatevars, lookup_fatal, depth, expand_lists, convert_bare, fail_on_undefined, filter_fatal)
            return d
        else:
            return varname
    except errors.AnsibleFilterError:
        if filter_fatal:
            raise
        else:
            return varname
 def _command_filter(self, command, arg, items, inject):
     """Return only the items for which filter is true"""
     if '{{' not in arg:
         arg = '{{%s}}' % arg
     for item in items:
         template_vars = dict(inject, item=item)
         decision = safe_eval(
             template(self.basedir, arg, template_vars),
             locals=template_vars)
         if decision:
             yield item
示例#8
0
    def _compute_environment_string(self, inject=None):
        ''' what environment variables to use when running the command? '''

        if not self.environment:
            return ""
        enviro = template.template(self.basedir, self.environment, inject, convert_bare=True)
        enviro = utils.safe_eval(enviro)
        if type(enviro) != dict:
            raise errors.AnsibleError("environment must be a dictionary, received %s" % enviro)
        result = ""
        for (k,v) in enviro.iteritems():
            result = "%s=%s %s" % (k, pipes.quote(str(v)), result)
        return result
示例#9
0
    def _compute_environment_string(self, inject=None):
        ''' what environment variables to use when running the command? '''

        if not self.environment:
            return ""
        enviro = template.template(self.basedir, self.environment, inject, convert_bare=True)
        enviro = utils.safe_eval(enviro)
        if type(enviro) != dict:
            raise errors.AnsibleError("environment must be a dictionary, received %s" % enviro)
        result = ""
        for (k,v) in enviro.iteritems():
            result = "%s=%s %s" % (k, pipes.quote(str(v)), result)
        return result
示例#10
0
def template(basedir, varname, vars, lookup_fatal=True, depth=0, expand_lists=True, convert_bare=False, fail_on_undefined=False, filter_fatal=True):
    ''' templates a data structure by traversing it and substituting for other data structures '''
    from ansible import utils

    try:
        if convert_bare and isinstance(varname, basestring):
            first_part = varname.split(".")[0].split("[")[0]
            if first_part in vars and '{{' not in varname and '$' not in varname:
                varname = "{{%s}}" % varname
    
        if isinstance(varname, basestring):
            if '{{' in varname or '{%' in varname:
                varname = template_from_string(basedir, varname, vars, fail_on_undefined)

                if (varname.startswith("{") and not varname.startswith("{{")) or varname.startswith("["):
                    eval_results = utils.safe_eval(varname, locals=vars, include_exceptions=True)
                    if eval_results[1] is None:
                        varname = eval_results[0]

            if not '$' in varname:
                return varname
    
            m = _legacy_varFind(basedir, varname, vars, lookup_fatal, depth, expand_lists)
            if not m:
                return varname
            if m['start'] == 0 and m['end'] == len(varname):
                if m['replacement'] is not None:
                    Flags.LEGACY_TEMPLATE_WARNING = True
                    return template(basedir, m['replacement'], vars, lookup_fatal, depth, expand_lists)
                else:
                    return varname
            else:
                Flags.LEGACY_TEMPLATE_WARNING = True
                return legacy_varReplace(basedir, varname, vars, lookup_fatal, depth, expand_lists)
    
        elif isinstance(varname, (list, tuple)):
            return [template(basedir, v, vars, lookup_fatal, depth, expand_lists, fail_on_undefined=fail_on_undefined) for v in varname]
        elif isinstance(varname, dict):
            d = {}
            for (k, v) in varname.iteritems():
                d[k] = template(basedir, v, vars, lookup_fatal, depth, expand_lists, fail_on_undefined=fail_on_undefined)
            return d
        else:
            return varname
    except errors.AnsibleFilterError:
        if filter_fatal:
            raise
        else:
            return varname
示例#11
0
    def run(self,
            conn,
            tmp,
            module_name,
            module_args,
            inject,
            complex_args=None,
            **kwargs):
        args = {}
        if complex_args:
            args.update(complex_args)

        # attempt to prevent confusing messages when the variable didn't interpolate
        module_args = module_args.replace("{{ ", "{{").replace(" }}", "}}")

        kv = utils.parse_kv(module_args)
        args.update(kv)

        if not 'msg' in args and not 'var' in args:
            args['msg'] = 'Hello world!'

        result = {}
        if 'msg' in args:
            if 'fail' in args and utils.boolean(args['fail']):
                result = dict(failed=True, msg=args['msg'])
            else:
                result = dict(msg=args['msg'])
        elif 'var' in args:
            results = utils.safe_eval(args['var'],
                                      inject,
                                      include_exceptions=True,
                                      template_call=True)
            intermediate = results[0]
            exception = results[1]
            if exception is not None:
                intermediate = "failed to evaluate: %s" % str(exception)
            result[args['var']] = intermediate

        # force flag to make debug output module always verbose
        result['verbose_always'] = True

        return ReturnData(conn=conn, result=result)
    def run(self, conn, tmp, module_name, module_args, inject, complex_args=None, **kwargs):

		try:

			args = {}
			if complex_args:
				args.update(complex_args)
			args.update(parse_kv(module_args))

			redshift_endpoint = args["redshift_endpoint"]
			cage = args["cage_name"]
			customer = args["customer_name"]

			envdict={}
			if self.runner.environment:
				env=template.template(self.runner.basedir, self.runner.environment, inject, convert_bare=True)
				env = utils.safe_eval(env)

			route53_conn = boto.connect_route53(aws_access_key_id=env.get("AWS_ACCESS_KEY_ID"), aws_secret_access_key=env.get("AWS_SECRET_ACCESS_KEY"), security_token=env.get("AWS_SECURITY_TOKEN"))
			domain_name = "%s.%s.47lining.com" % (cage, customer)
			zones = route53_conn.get_hosted_zone_by_name(domain_name)
			if not zones:
				domain_name = "%s.%s.com" % (cage, customer)
				zones = route53_conn.get_hosted_zone_by_name(domain_name)
			zone_id = zones["GetHostedZoneResponse"]["HostedZone"]["Id"]
			zone_id = zone_id[12:]

			recordset = ResourceRecordSets(route53_conn, zone_id)

			try:
				change = recordset.add_change("UPSERT", "redshift.%s." % domain_name, "CNAME")
				change.add_value(redshift_endpoint)
				recordset.commit()
			except Exception, e:
				print "e: ", e
				change = recordset.add_change("CREATE", "redshift.%s." % domain_name, "CNAME")
				change.add_value(redshift_endpoint)
				recordset.commit()
				
			return ReturnData(conn=conn,
                comm_ok=True,
                result=dict(failed=False, changed=False, msg="CNAME is created!"))
 def process(self, result, terms, index, current, inject):
     d = {i: current[i] for i in range(index)}
     if index == len(terms):
         result.append(d)
         return
     if type(terms[index]) in {str, unicode}:
         inject_ = {}
         inject_.update(inject)
         inject_['item'] = d
         items = safe_eval(template.template_from_string(self.basedir, terms[index], inject_, fail_on_undefined=True))
     else:
         items = terms[index]
     if type(items) == dict:
         for i in items:
             current[index] = {'key': i, 'value': items[i]}
             self.process(result, terms, index + 1, current, inject)
     else:
         for i in items:
             current[index] = i
             self.process(result, terms, index + 1, current, inject)
示例#14
0
    def _executor_internal(self, host, new_stdin):
        ''' executes any module one or more times '''

        host_variables = self.inventory.get_variables(host)
        host_connection = host_variables.get('ansible_connection', self.transport)
        if host_connection in [ 'paramiko', 'ssh', 'accelerate' ]:
            port = host_variables.get('ansible_ssh_port', self.remote_port)
            if port is None:
                port = C.DEFAULT_REMOTE_PORT
        else:
            # fireball, local, etc
            port = self.remote_port

        inject = {}
        inject = utils.combine_vars(inject, self.default_vars)
        inject = utils.combine_vars(inject, host_variables)
        inject = utils.combine_vars(inject, self.module_vars)
        inject = utils.combine_vars(inject, self.setup_cache[host])
        inject.setdefault('ansible_ssh_user', self.remote_user)
        inject['hostvars'] = HostVars(self.setup_cache, self.inventory)
        inject['group_names'] = host_variables.get('group_names', [])
        inject['groups']      = self.inventory.groups_list()
        inject['vars']        = self.module_vars
        inject['defaults']    = self.default_vars
        inject['environment'] = self.environment

        if self.inventory.basedir() is not None:
            inject['inventory_dir'] = self.inventory.basedir()

        if self.inventory.src() is not None:
            inject['inventory_file'] = self.inventory.src()

        # late processing of parameterized sudo_user
        if self.sudo_user is not None:
            self.sudo_user = template.template(self.basedir, self.sudo_user, inject)

        # allow with_foo to work in playbooks...
        items = None
        items_plugin = self.module_vars.get('items_lookup_plugin', None)

        if items_plugin is not None and items_plugin in utils.plugins.lookup_loader:

            basedir = self.basedir
            if '_original_file' in inject:
                basedir = os.path.dirname(inject['_original_file'])
                filesdir = os.path.join(basedir, '..', 'files')
                if os.path.exists(filesdir):
                    basedir = filesdir

            items_terms = self.module_vars.get('items_lookup_terms', '')
            items_terms = template.template(basedir, items_terms, inject)
            items = utils.plugins.lookup_loader.get(items_plugin, runner=self, basedir=basedir).run(items_terms, inject=inject)
            if type(items) != list:
                raise errors.AnsibleError("lookup plugins have to return a list: %r" % items)

            if len(items) and utils.is_list_of_strings(items) and self.module_name in [ 'apt', 'yum', 'pkgng' ]:
                # hack for apt, yum, and pkgng so that with_items maps back into a single module call
                inject['item'] = ",".join(items)
                items = None

        # logic to replace complex args if possible
        complex_args = self.complex_args

        # logic to decide how to run things depends on whether with_items is used
        if items is None:
            if isinstance(complex_args, basestring):
                complex_args = template.template(self.basedir, complex_args, inject, convert_bare=True)
                complex_args = utils.safe_eval(complex_args)
                if type(complex_args) != dict:
                    raise errors.AnsibleError("args must be a dictionary, received %s" % complex_args)
            return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args)
        elif len(items) > 0:

            # executing using with_items, so make multiple calls
            # TODO: refactor

            if self.background > 0:
                raise errors.AnsibleError("lookup plugins (with_*) cannot be used with async tasks")

            aggregrate = {}
            all_comm_ok = True
            all_changed = False
            all_failed = False
            results = []
            for x in items:
                inject['item'] = x

                # TODO: this idiom should be replaced with an up-conversion to a Jinja2 template evaluation
                if isinstance(self.complex_args, basestring):
                    complex_args = template.template(self.basedir, self.complex_args, inject, convert_bare=True)
                    complex_args = utils.safe_eval(complex_args)
                    if type(complex_args) != dict:
                        raise errors.AnsibleError("args must be a dictionary, received %s" % complex_args)
                result = self._executor_internal_inner(
                     host,
                     self.module_name,
                     self.module_args,
                     inject,
                     port,
                     complex_args=complex_args
                )
                results.append(result.result)
                if result.comm_ok == False:
                    all_comm_ok = False
                    all_failed = True
                    break
                for x in results:
                    if x.get('changed') == True:
                        all_changed = True
                    if (x.get('failed') == True) or (('rc' in x) and (x['rc'] != 0)):
                        all_failed = True
                        break
            msg = 'All items completed'
            if all_failed:
                msg = "One or more items failed."
            rd_result = dict(failed=all_failed, changed=all_changed, results=results, msg=msg)
            if not all_failed:
                del rd_result['failed']
            return ReturnData(host=host, comm_ok=all_comm_ok, result=rd_result)
        else:
            self.callbacks.on_skipped(host, None)
            return ReturnData(host=host, comm_ok=True, result=dict(changed=False, skipped=True))
    def run(self,
            conn,
            tmp,
            module_name,
            module_args,
            inject,
            complex_args=None,
            **kwargs):

        try:

            args = {}
            if complex_args:
                args.update(complex_args)
            args.update(parse_kv(module_args))

            account_number = args["account_number"]
            region = args["region"]
            cloudtrail_bucket = args["cloudtrail_bucket"]

            envdict = {}
            if self.runner.environment:
                env = template.template(self.runner.basedir,
                                        self.runner.environment,
                                        inject,
                                        convert_bare=True)
                env = utils.safe_eval(env)

            if region == "us-east-1":
                other_regions = [
                    "us-west-1", "us-west-2", "eu-west-1", "us-east-2"
                ]
            elif region == "us-east-2":
                other_regions = [
                    "us-east-1", "us-west-1", "us-west-2", "eu-west-1"
                ]
            elif region == "us-west-1":
                other_regions = [
                    "us-east-1", "us-east-2", "us-west-2", "eu-west-1"
                ]
            elif region == "us-west-2":
                other_regions = [
                    "us-east-1", "us-east-2", "us-west-1", "eu-west-1"
                ]
            elif region == "eu-west-1":
                other_regions = [
                    "us-east-1", "us-east-2", "us-west-1", "us-west-2"
                ]
            else:
                raise SystemExit(1)  # unsupported region

            for connect_region in other_regions:

                cloudtrail_name = "Cloudtrail-%s-%s" % (account_number,
                                                        connect_region)

                try:
                    connection = cloudtrail.connect_to_region(
                        connect_region,
                        aws_access_key_id=env.get("AWS_ACCESS_KEY_ID"),
                        aws_secret_access_key=env.get("AWS_SECRET_ACCESS_KEY"),
                        security_token=env.get("AWS_SECURITY_TOKEN"))
                except Exception, e:
                    raise Exception

                try:
                    result = connection.update_trail(
                        cloudtrail_name,
                        cloudtrail_bucket,
                        include_global_service_events=False)
                    result = connection.start_logging(cloudtrail_name)
                except Exception, e:
                    result = connection.create_trail(
                        cloudtrail_name,
                        cloudtrail_bucket,
                        include_global_service_events=False)
                    result = connection.start_logging(cloudtrail_name)
示例#16
0
    def _executor_internal(self, host, new_stdin):
        ''' executes any module one or more times '''

        host_variables = self.inventory.get_variables(host)
        host_connection = host_variables.get('ansible_connection', self.transport)
        if host_connection in [ 'paramiko', 'ssh', 'accelerate' ]:
            port = host_variables.get('ansible_ssh_port', self.remote_port)
            if port is None:
                port = C.DEFAULT_REMOTE_PORT
        else:
            # fireball, local, etc
            port = self.remote_port

        inject = {}
        inject = utils.combine_vars(inject, self.default_vars)
        inject = utils.combine_vars(inject, host_variables)
        inject = utils.combine_vars(inject, self.module_vars)
        inject = utils.combine_vars(inject, self.setup_cache[host])
        inject.setdefault('ansible_ssh_user', self.remote_user)
        inject['hostvars'] = HostVars(self.setup_cache, self.inventory)
        inject['group_names'] = host_variables.get('group_names', [])
        inject['groups']      = self.inventory.groups_list()
        inject['vars']        = self.module_vars
        inject['defaults']    = self.default_vars
        inject['environment'] = self.environment
        inject['playbook_dir'] = self.basedir

        if self.inventory.basedir() is not None:
            inject['inventory_dir'] = self.inventory.basedir()

        if self.inventory.src() is not None:
            inject['inventory_file'] = self.inventory.src()

        # allow with_foo to work in playbooks...
        items = None
        items_plugin = self.module_vars.get('items_lookup_plugin', None)

        if items_plugin is not None and items_plugin in utils.plugins.lookup_loader:

            basedir = self.basedir
            if '_original_file' in inject:
                basedir = os.path.dirname(inject['_original_file'])
                filesdir = os.path.join(basedir, '..', 'files')
                if os.path.exists(filesdir):
                    basedir = filesdir

            items_terms = self.module_vars.get('items_lookup_terms', '')
            items_terms = template.template(basedir, items_terms, inject)
            items = utils.plugins.lookup_loader.get(items_plugin, runner=self, basedir=basedir).run(items_terms, inject=inject)
            if type(items) != list:
                raise errors.AnsibleError("lookup plugins have to return a list: %r" % items)

            if len(items) and utils.is_list_of_strings(items) and self.module_name in [ 'apt', 'yum', 'pkgng' ]:
                # hack for apt, yum, and pkgng so that with_items maps back into a single module call
                use_these_items = []
                for x in items:
                    inject['item'] = x
                    if not self.conditional or utils.check_conditional(self.conditional, self.basedir, inject, fail_on_undefined=self.error_on_undefined_vars):
                        use_these_items.append(x)
                inject['item'] = ",".join(use_these_items)
                items = None

        # logic to replace complex args if possible
        complex_args = self.complex_args

        # logic to decide how to run things depends on whether with_items is used
        if items is None:
            if isinstance(complex_args, basestring):
                complex_args = template.template(self.basedir, complex_args, inject, convert_bare=True)
                complex_args = utils.safe_eval(complex_args)
                if type(complex_args) != dict:
                    raise errors.AnsibleError("args must be a dictionary, received %s" % complex_args)
            return self._executor_internal_inner(host, self.module_name, self.module_args, inject, port, complex_args=complex_args)
        elif len(items) > 0:

            # executing using with_items, so make multiple calls
            # TODO: refactor

            if self.background > 0:
                raise errors.AnsibleError("lookup plugins (with_*) cannot be used with async tasks")

            aggregrate = {}
            all_comm_ok = True
            all_changed = False
            all_failed = False
            results = []
            for x in items:
                inject['item'] = x

                # TODO: this idiom should be replaced with an up-conversion to a Jinja2 template evaluation
                if isinstance(self.complex_args, basestring):
                    complex_args = template.template(self.basedir, self.complex_args, inject, convert_bare=True)
                    complex_args = utils.safe_eval(complex_args)
                    if type(complex_args) != dict:
                        raise errors.AnsibleError("args must be a dictionary, received %s" % complex_args)
                result = self._executor_internal_inner(
                     host,
                     self.module_name,
                     self.module_args,
                     inject,
                     port,
                     complex_args=complex_args
                )
                results.append(result.result)
                if result.comm_ok == False:
                    all_comm_ok = False
                    all_failed = True
                    break
                for x in results:
                    if x.get('changed') == True:
                        all_changed = True
                    if (x.get('failed') == True) or ('failed_when_result' in x and [x['failed_when_result']] or [('rc' in x) and (x['rc'] != 0)])[0]:
                        all_failed = True
                        break
            msg = 'All items completed'
            if all_failed:
                msg = "One or more items failed."
            rd_result = dict(failed=all_failed, changed=all_changed, results=results, msg=msg)
            if not all_failed:
                del rd_result['failed']
            return ReturnData(host=host, comm_ok=all_comm_ok, result=rd_result)
        else:
            self.callbacks.on_skipped(host, None)
            return ReturnData(host=host, comm_ok=True, result=dict(changed=False, skipped=True))
示例#17
0
    def run(self,
            conn,
            tmp,
            module_name,
            module_args,
            inject,
            complex_args=None,
            **kwargs):
        try:
            args = {}
            if complex_args:
                args.update(complex_args)
            args.update(parse_kv(module_args))

            # get starting credentials
            # from environment:
            #   AWS_ACCESS_KEY_ID
            #   AWS_SECRET_ACCESS_KEY

            # use get started credentials to do the roles dance and obtain
            # temporary credentials in target account

            #target_role_name = 'init-test3-shoppertrak-NucleatorCageBuilder-1I5ZOAYRJLS8Z'

            data = {}
            data.update(inject)

            # TODO use nucleator facts instead
            source_role_name = data[
                'nucleator_builder_role_name']  # TODO - RHS var here could have names in better alignment with current conventions
            target_role_name = data[
                'cage_builder_role_name']  # TODO - RHS var here could have names in better alignment with current conventions

            print "Target Role Name: ", target_role_name
            print "Source Role Name: ", source_role_name

            source_account_id = data['source_account_number']
            target_account_id = data['target_account_number']

            print "Target Account Number: ", target_account_id
            print "Source Account Number: ", source_account_id

            try:
                envdict = {}
                if self.runner.environment:
                    env = template.template(self.runner.basedir,
                                            self.runner.environment,
                                            inject,
                                            convert_bare=True)
                    env = utils.safe_eval(env)

                aws_access_key_id = env.get("AWS_ACCESS_KEY_ID")
                aws_secret_access_key = env.get("AWS_SECRET_ACCESS_KEY")
                security_token = env.get("AWS_SECURITY_TOKEN")

                aws_access_key_id = aws_access_key_id if aws_access_key_id else None
                aws_secret_access_key = aws_secret_access_key if aws_secret_access_key else None
                security_token = security_token if security_token else None

                sts_connection = STSConnection(
                    aws_access_key_id=aws_access_key_id,
                    aws_secret_access_key=aws_secret_access_key,
                    security_token=security_token)
                source_role = sts_connection.assume_role(
                    role_arn='arn:aws:iam::{0}:role/{1}'.format(
                        source_account_id, source_role_name),
                    role_session_name='SourceRoleSession')
                vv("Successfully assumed {0} role in account {1}".format(
                    source_role_name, source_account_id))

            except Exception, e:
                result = dict(
                    failed=True,
                    msg=type(e).__name__ +
                    ": Failed to obtain temporary credentials for role " +
                    source_role_name + " in target account " +
                    source_account_id + ", message: '" + str(e))
                return ReturnData(conn=conn, comm_ok=False, result=result)

            try:
                sts_connection = STSConnection(
                    aws_access_key_id=source_role.credentials.access_key,
                    aws_secret_access_key=source_role.credentials.secret_key,
                    security_token=source_role.credentials.session_token)
                target_role = sts_connection.assume_role(
                    role_arn='arn:aws:iam::{0}:role/{1}'.format(
                        target_account_id, target_role_name),
                    role_session_name='TargetRoleSession')
                vv("Successfully assumed {0} role in account {1}".format(
                    target_role_name, target_account_id))

            except Exception, e:
                # deal with failure gracefully
                result = dict(
                    failed=True,
                    msg=type(e).__name__ +
                    ": Failed to obtain temporary credentials for role " +
                    target_role_name + " in target account " +
                    target_account_id + ", message: '" + str(e) +
                    " Security_Token: " +
                    source_role.credentials.session_token)
                return ReturnData(conn=conn, comm_ok=False, result=result)
示例#18
0
    def run(self,
            conn,
            tmp,
            module_name,
            module_args,
            inject,
            complex_args=None,
            **kwargs):

        try:

            args = {}
            if complex_args:
                args.update(complex_args)
            args.update(parse_kv(module_args))

            role_name = args["role_name"]
            account_number = args["account_number"]
            region = args["region"]
            logging_bucket = args["log_bucket"]

            envdict = {}
            if self.runner.environment:
                env = template.template(self.runner.basedir,
                                        self.runner.environment,
                                        inject,
                                        convert_bare=True)
                env = utils.safe_eval(env)

            bucketName = "config-bucket-%s-%s" % (account_number, region)
            snsName = "config-topic-%s-%s" % (account_number, region)

            s3_conn = s3.connect_to_region(
                region,
                aws_access_key_id=env.get("AWS_ACCESS_KEY_ID"),
                aws_secret_access_key=env.get("AWS_SECRET_ACCESS_KEY"),
                security_token=env.get("AWS_SECURITY_TOKEN"))

            try:
                bucket = s3_conn.get_bucket(bucketName)
            except Exception, e:
                if (region == "us-east-1"):
                    bucket1 = s3_conn.create_bucket(bucketName)
                    bucket2 = s3_conn.get_bucket(logging_bucket)
                    response = bucket1.enable_logging(bucket2, "ConfigBucket/")
                else:
                    bucket1 = s3_conn.create_bucket(bucketName,
                                                    location=region)
                    bucket2 = s3_conn.get_bucket(logging_bucket)
                    response = bucket1.enable_logging(bucket2, "ConfigBucket/")

            sns_conn = sns.connect_to_region(
                region,
                aws_access_key_id=env.get("AWS_ACCESS_KEY_ID"),
                aws_secret_access_key=env.get("AWS_SECRET_ACCESS_KEY"),
                security_token=env.get("AWS_SECURITY_TOKEN"))

            sns_conn.create_topic(snsName)

            snsARN = "arn:aws:sns:%s:%s:%s" % (region, account_number, snsName)

            connection = configservice.connect_to_region(
                region,
                aws_access_key_id=env.get("AWS_ACCESS_KEY_ID"),
                aws_secret_access_key=env.get("AWS_SECRET_ACCESS_KEY"),
                security_token=env.get("AWS_SECURITY_TOKEN"))

            response = connection.describe_configuration_recorders()

            if len(response["ConfigurationRecorders"]) is 0:
                recorder_name = "config-recorder-%s" % account_number
            else:
                for item in response["ConfigurationRecorders"]:
                    recorder_name = item["name"]

            response = connection.describe_delivery_channels()

            if len(response["DeliveryChannels"]) is 0:
                channel_name = "config-channel-%s" % account_number
            else:
                for item in response["DeliveryChannels"]:
                    channel_name = item["name"]

            ConfigurationRecorder = {
                'name': recorder_name,
                'roleARN':
                "arn:aws:iam::%s:role/%s" % (account_number, role_name)
            }

            ConfigurationChannel = {
                'name': channel_name,
                's3BucketName': bucketName,
                'snsTopicARN': snsARN
            }

            response = connection.put_configuration_recorder(
                ConfigurationRecorder)
            response = connection.put_delivery_channel(ConfigurationChannel)
            response = connection.start_configuration_recorder(recorder_name)

            return ReturnData(conn=conn,
                              comm_ok=True,
                              result=dict(failed=False,
                                          changed=False,
                                          msg="Config Service Created"))
示例#19
0
    def run(self,
            conn,
            tmp,
            module_name,
            module_args,
            inject,
            complex_args=None,
            **kwargs):

        try:

            args = {}
            if complex_args:
                args.update(complex_args)
            args.update(parse_kv(module_args))

            access_policies = {}

            role_name = args["role_name"]
            print "Role Name: ", role_name

            assume_role_trust_policy = json.dumps(args["trust_policy"])

            access_policies = args["access_policies"]

            envdict = {}
            if self.runner.environment:
                env = template.template(self.runner.basedir,
                                        self.runner.environment,
                                        inject,
                                        convert_bare=True)
                env = utils.safe_eval(env)

                sts_connection = STSConnection(
                    aws_access_key_id=env.get("AWS_ACCESS_KEY_ID"),
                    aws_secret_access_key=env.get("AWS_SECRET_ACCESS_KEY"),
                    security_token=env.get("AWS_SECURITY_TOKEN"))

            c = boto.connect_iam(
                aws_access_key_id=env.get("AWS_ACCESS_KEY_ID"),
                aws_secret_access_key=env.get("AWS_SECRET_ACCESS_KEY"),
                security_token=env.get("AWS_SECURITY_TOKEN"))

            #Look for the role
            try:
                role = c.get_role(role_name)

                #Make sure the trust policy exists
                try:
                    temp_trust_policy = urllib.unquote(
                        role["get_role_response"]["get_role_result"]["role"]
                        ["assume_role_policy_document"])

                    #Reorganize the json dict so it is in the same order of the yaml policy
                    temp_trust_policy = json.dumps(
                        json.loads(temp_trust_policy))

                    #Trust policy does not match, update it
                    if not assume_role_trust_policy == temp_trust_policy:
                        if not assume_role_trust_policy == "\"\"":
                            c.update_assume_role_policy(
                                role_name, assume_role_trust_policy)

                    #Make sure each new policy exists
                    for policies in access_policies:
                        try:

                            temp_policy = urllib.unquote(
                                c.get_role_policy(role_name,
                                                  policies["policy_name"])
                                ["get_role_policy_response"]
                                ["get_role_policy_result"]["policy_document"])

                            #Policy has same name but does not match, update it
                            if not temp_policy == json.dumps(
                                    policies["policy_document"]):
                                if not policies["policy_document"] == "\"\"":
                                    c.delete_role_policy(
                                        role_name, policies["policy_name"])
                                    c.put_role_policy(
                                        role_name, policies["policy_name"],
                                        json.dumps(
                                            policies["policy_document"]))

                        #Can't find policy, add it
                        except Exception, e:
                            try:
                                c.put_role_policy(
                                    role_name, policies["policy_name"],
                                    json.dumps(policies["policy_document"]))
                            except Exception, e:
                                # deal with failure gracefully
                                result = dict(failed=True,
                                              msg=type(e).__name__ + ": " +
                                              str(e))
                                return ReturnData(conn=conn,
                                                  comm_ok=False,
                                                  result=result)

                    #Returns true if the policy name exists
                    def checkIfPolicyExists(access_policies, temp_name):
                        for policy_name in access_policies:
                            if policy_name["policy_name"] == temp_name:
                                return True
                        return False

                    #Delete any policies that are not in the yaml
                    temp_policy_names = c.list_role_policies(role_name)
                    for temp_name in temp_policy_names[
                            "list_role_policies_response"][
                                "list_role_policies_result"]["policy_names"]:
                        exists = checkIfPolicyExists(access_policies,
                                                     temp_name)
                        if not exists:
                            c.delete_role_policy(role_name, temp_name)

                #Can't find trust policy, add it
                except Exception, e:
                    try:
                        c.update_assume_role_policy(role_name,
                                                    assume_role_trust_policy)
                    except Exception, e:
                        # deal with failure gracefully
                        result = dict(failed=True,
                                      msg=type(e).__name__ + ": " + str(e))
                        return ReturnData(conn=conn,
                                          comm_ok=False,
                                          result=result)