sa_8001/offline_kubespray
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ver2.24
offline_kubespray/collection/ansible/netcommon/plugins/connection/httpapi.py
정훈 변 3fd554eee9 collection 교체
2024-02-23 16:37:40 +09:00

387 lines
13 KiB
Python
Raw Permalink Blame History

# (c) 2018 Red Hat Inc.
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = """
author:
- Ansible Networking Team (@ansible-network)
name: httpapi
short_description: Use httpapi to run command on network appliances
description:
- This connection plugin provides a connection to remote devices over a HTTP(S)-based
api.
version_added: 1.0.0
extends_documentation_fragment:
- ansible.netcommon.connection_persistent
options:
host:
description:
- Specifies the remote device FQDN or IP address to establish the HTTP(S) connection
to.
default: inventory_hostname
type: string
vars:
- name: inventory_hostname
- name: ansible_host
port:
type: int
description:
- Specifies the port on the remote device that listens for connections when establishing
the HTTP(S) connection.
- When unspecified, will pick 80 or 443 based on the value of use_ssl.
ini:
- section: defaults
key: remote_port
env:
- name: ANSIBLE_REMOTE_PORT
vars:
- name: ansible_httpapi_port
network_os:
description:
- Configures the device platform network operating system. This value is used
to load the correct httpapi plugin to communicate with the remote device
type: string
vars:
- name: ansible_network_os
remote_user:
description:
- The username used to authenticate to the remote device when the API connection
is first established. If the remote_user is not specified, the connection will
use the username of the logged in user.
- Can be configured from the CLI via the C(--user) or C(-u) options.
type: string
ini:
- section: defaults
key: remote_user
env:
- name: ANSIBLE_REMOTE_USER
vars:
- name: ansible_user
password:
description:
- Configures the user password used to authenticate to the remote device when
needed for the device API.
type: string
vars:
- name: ansible_password
- name: ansible_httpapi_pass
- name: ansible_httpapi_password
session_key:
type: dict
description:
- Configures the session key to be used to authenticate to the remote device when
needed for the device API.
- This should contain a dictionary representing the key name and value for the
token.
- When specified, I(password) is ignored.
vars:
- name: ansible_httpapi_session_key
ca_path:
description:
- Path to CA cert bundle to use.
type: path
version_added: 5.2.0
vars:
- name: ansible_httpapi_ca_path
client_cert:
description:
- PEM formatted certificate chain file to be used for SSL client
authentication. This file can also include the key as well, and if the key
is included, I(client_key) is not required
version_added: 5.2.0
vars:
- name: ansible_httpapi_client_cert
client_key:
description:
- PEM formatted file that contains the private key to be used for SSL client
authentication. If I(client_cert) contains both the certificate and key,
this option is not required.
version_added: 5.2.0
vars:
- name: ansible_httpapi_client_key
http_agent:
description: User-Agent to use in the request.
version_added: 5.2.0
vars:
- name: ansible_httpapi_http_agent
use_ssl:
type: boolean
description:
- Whether to connect using SSL (HTTPS) or not (HTTP).
default: false
vars:
- name: ansible_httpapi_use_ssl
validate_certs:
type: boolean
description:
- Whether to validate SSL certificates
default: true
vars:
- name: ansible_httpapi_validate_certs
use_proxy:
type: boolean
description:
- Whether to use https_proxy for requests.
default: true
vars:
- name: ansible_httpapi_use_proxy
ciphers:
description:
- SSL/TLS Ciphers to use for requests
- 'When a list is provided, all ciphers are joined in order with C(:)'
- See the L(OpenSSL Cipher List Format,https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html#CIPHER-LIST-FORMAT)
for more details.
- The available ciphers is dependent on the Python and OpenSSL/LibreSSL versions.
- This option will have no effect on ansible-core<2.14 but a warning will be emitted.
version_added: 5.0.0
type: list
elements: string
vars:
- name: ansible_httpapi_ciphers
become:
type: boolean
description:
- The become option will instruct the CLI session to attempt privilege escalation
on platforms that support it. Normally this means transitioning from user mode
to C(enable) mode in the CLI session. If become is set to True and the remote
device does not support privilege escalation or the privilege has already been
elevated, then this option is silently ignored.
- Can be configured from the CLI via the C(--become) or C(-b) options.
default: false
ini:
- section: privilege_escalation
key: become
env:
- name: ANSIBLE_BECOME
vars:
- name: ansible_become
become_method:
description:
- This option allows the become method to be specified in for handling privilege
escalation. Typically the become_method value is set to C(enable) but could
be defined as other values.
default: sudo
type: string
ini:
- section: privilege_escalation
key: become_method
env:
- name: ANSIBLE_BECOME_METHOD
vars:
- name: ansible_become_method
platform_type:
description:
- Set type of platform.
type: string
env:
- name: ANSIBLE_PLATFORM_TYPE
vars:
- name: ansible_platform_type
"""
from io import BytesIO
from ansible.errors import AnsibleConnectionFailure
from ansible.module_utils._text import to_bytes
from ansible.module_utils.six import PY3
from ansible.module_utils.six.moves import cPickle
from ansible.module_utils.six.moves.urllib.error import HTTPError, URLError
from ansible.module_utils.urls import open_url
from ansible.playbook.play_context import PlayContext
from ansible.plugins.connection import ensure_connect
from ansible.plugins.loader import httpapi_loader
from ansible.release import __version__ as ANSIBLE_CORE_VERSION
from ansible_collections.ansible.netcommon.plugins.plugin_utils.connection_base import (
NetworkConnectionBase,
)
from ansible_collections.ansible.netcommon.plugins.plugin_utils.version import Version
class Connection(NetworkConnectionBase):
"""Network API connection"""
transport = "ansible.netcommon.httpapi"
has_pipelining = True
def __init__(self, play_context, new_stdin, *args, **kwargs):
super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs)
self._auth = None
if self._network_os:
self.load_platform_plugins(self._network_os)
def load_platform_plugins(self, platform_type=None):
platform_type = platform_type or self.get_option("platform_type")
if platform_type:
self.httpapi = httpapi_loader.get(platform_type, self)
if self.httpapi:
self._sub_plugin = {
"type": "httpapi",
"name": self.httpapi._load_name,
"obj": self.httpapi,
}
self.queue_message(
"vvvv",
"loaded API plugin %s from path %s for platform type %s"
% (
self.httpapi._load_name,
self.httpapi._original_path,
platform_type,
),
)
else:
raise AnsibleConnectionFailure(
"unable to load API plugin for platform type %s" % platform_type
)
else:
raise AnsibleConnectionFailure(
"Unable to automatically determine host platform type. Please "
"manually configure platform_type value for this host"
)
self.queue_message("log", "platform_type is set to %s" % platform_type)
@property
def _url(self):
protocol = "https" if self.get_option("use_ssl") else "http"
host = self.get_option("host")
port = self.get_option("port") or (443 if protocol == "https" else 80)
return "%s://%s:%s" % (protocol, host, port)
def update_play_context(self, pc_data):
"""Updates the play context information for the connection"""
pc_data = to_bytes(pc_data)
if PY3:
pc_data = cPickle.loads(pc_data, encoding="bytes")
else:
pc_data = cPickle.loads(pc_data)
play_context = PlayContext()
play_context.deserialize(pc_data)
self.queue_message("vvvv", "updating play_context for connection")
if self._play_context.become ^ play_context.become:
self.set_become(play_context)
if play_context.become is True:
self.queue_message("vvvv", "authorizing connection")
else:
self.queue_message("vvvv", "deauthorizing connection")
self._play_context = play_context
def _connect(self):
if not self.connected:
self.queue_message(
"vvv",
"ESTABLISH HTTP(S) CONNECTFOR USER: %s TO %s"
% (self._play_context.remote_user, self._url),
)
self.httpapi.set_become(self._play_context)
self._connected = True
if self.get_option("session_key"):
self._auth = self.get_option("session_key")
else:
self.httpapi.login(self.get_option("remote_user"), self.get_option("password"))
def close(self):
"""
Close the active session to the device
"""
# only close the connection if its connected.
if self._connected:
self.queue_message("vvvv", "closing http(s) connection to device")
self.logout()
super(Connection, self).close()
@ensure_connect
def send(self, path, data, retries=None, **kwargs):
"""
Sends the command to the device over api
"""
url_kwargs = dict(
headers={},
use_proxy=self.get_option("use_proxy"),
timeout=self.get_option("persistent_command_timeout"),
validate_certs=self.get_option("validate_certs"),
http_agent=self.get_option("http_agent"),
client_cert=self.get_option("client_cert"),
client_key=self.get_option("client_key"),
ca_path=self.get_option("ca_path"),
)
url_kwargs.update(kwargs)
ciphers = self.get_option("ciphers")
if ciphers:
if Version(ANSIBLE_CORE_VERSION) >= Version("2.14.0"):
# Only insert "ciphers" kwarg for ansible-core versions >= 2.14.0.
url_kwargs["ciphers"] = ciphers
else:
# Emit warning when "ansible_httpapi_ciphers" is set but not supported
self.queue_message(
"warning",
"'ansible_httpapi_ciphers' option is unavailable on ansible-core<2.14",
)
if self._auth:
# Avoid modifying passed-in headers
headers = dict(kwargs.get("headers", {}))
headers.update(self._auth)
url_kwargs["headers"] = headers
else:
url_kwargs["force_basic_auth"] = True
url_kwargs["url_username"] = self.get_option("remote_user")
url_kwargs["url_password"] = self.get_option("password")
try:
url = self._url + path
self._log_messages(
"send url '%s' with data '%s' and kwargs '%s'" % (url, data, url_kwargs)
)
response = open_url(url, data=data, **url_kwargs)
except HTTPError as exc:
is_handled = self.handle_httperror(exc)
if is_handled is True:
if retries is None:
# The default behavior, retry indefinitely until timeout.
return self.send(path, data, **kwargs)
if retries:
return self.send(path, data, retries=retries - 1, **kwargs)
raise
if is_handled is False:
raise
response = is_handled
except URLError as exc:
raise AnsibleConnectionFailure(
"Could not connect to {0}: {1}".format(self._url + path, exc.reason)
)
response_buffer = BytesIO()
resp_data = response.read()
self._log_messages("received response: '%s'" % resp_data)
response_buffer.write(resp_data)
# Try to assign a new auth token if one is given
self._auth = self.update_auth(response, response_buffer) or self._auth
response_buffer.seek(0)
return response, response_buffer
def transport_test(self, connect_timeout):
"""This method enables wait_for_connection to work.
The sole purpose of this method is to raise an exception if the API's URL
cannot be reached. As such, it does not do anything except attempt to
request the root URL with no error handling.
"""
open_url(self._url, timeout=connect_timeout)
Reference in New Issue View Git Blame Copy Permalink