diff --git a/roles/cobald/library/influx_token.py b/roles/cobald/library/influx_token.py index 9985a06..ff9f872 100755 --- a/roles/cobald/library/influx_token.py +++ b/roles/cobald/library/influx_token.py @@ -4,15 +4,16 @@ from ansible.module_utils.basic import AnsibleModule DOCUMENTATION = r''' --- -module: influx2_dashboard -short_description: create dashboard in influxdb2 -description: create dashboard in influxdb2 +module: influx2_token +short_description: generate token via influxdb2 api +description: generate token via influxdb2 api notes: - just works with influxdb version 2 - - does not create dashboard description - - does not update dashboards - - just creates a dashboard if it does not exist. - + - needs token to authenticate against API (use + `influx auth list --user my-user --hide-headers | cut -f 3` + - tokens may not be removed + - permissions can not be updated. a new token is created and the old + one is not removed. options: base: description: URL for path, e.g. `https://localhost:8086` @@ -22,13 +23,22 @@ options: description: influxdb2 organisation type: str required: True - token: + auth_token: description: influxdb2 authentication token type: str required: True - data: - description: exported dashboard json file - type: json + key: + description: some key used to identify token. This is put into + the tokens description + type: str + required: True + description: + description: textual description for token. key gets appended + type: str + required: False + permissions: + description: list of permissions, each dict(action, resource) + type: list required: True force: description: force creation even if dashboard already exists @@ -47,11 +57,19 @@ EXAMPLES = r''' delegate_to: ed-influxdb-2 - name: "create dashboard" - influx_dashboard: + influx_token: base: "http://localhost:8086" org: "my-org" - token: "{{influx_token_fetch.stdout_lines[0]}}" - data: "{{lookup('file', 'influxdb-dashboard-cobald.json')}}" + auth_token: "{{influx_token_fetch.stdout_lines[0]}}" + key: "foo123" + description: "token for foo key" + permissions: + - action: "write" + resource: + type: "buckets" + register: ed-influx-token + +- debug: msg="Token: {{ed-influx-token.token}}" ''' @@ -92,18 +110,17 @@ class Token: params={"orgID": self.org_id}, headers=self.h) ra.raise_for_status() - x = [i for i in ra.json()["authorizations"] - if self.marker in i["description"] - and i["orgID"] == self.org_id] update = None - for i in x: # FIXME: one loop + for i in ra.json()["authorizations"]: + if self.marker not in i["description"] \ + or i["orgID"] != self.org_id: + continue if self._match_perms(self.perms, i["permissions"]): + self.result_token = i if self.description == i["description"]: - self.result_token = i return False # everything matches -> no change needed else: - self.result_token = i update = {"auth_id": i["id"], "description": self.description} # TODO: may remove token because permissions do not match? @@ -112,7 +129,7 @@ class Token: else: self.result_token = None self.f = lambda: self._create({ - "orgID": self.org_id, # "permissions": self.perms, + "orgID": self.org_id, "description": self.description, "permissions": self.perms }) @@ -121,7 +138,7 @@ class Token: def run(self): if not self.f: self.check() - ra = self.f() + self.f() def _match_perms(self, pa, pb): a = pa.copy() @@ -182,7 +199,6 @@ if __name__ == "__main__": t = Token(module.params["base"], h, { "org_id": get_org_id(module.params["base"], module.params["org"], h), "key": module.params["key"], - # "perms": [{"action": "write", "resource": { "type": "buckets"}}], "perms": module.params["permissions"], "description": module.params["description"]})