token module improved

roles/cobald/library/influx_token.py

@@ -4,15 +4,16 @@ from ansible.module_utils.basic import AnsibleModule
 
 DOCUMENTATION = r'''
 ---
-module: influx2_dashboard
+module: influx2_token
-short_description: create dashboard in influxdb2
+short_description: generate token via influxdb2 api
-description: create dashboard in influxdb2
+description: generate token via influxdb2 api
 notes:
     - just works with influxdb version 2
-    - does not create dashboard description
+    - needs token to authenticate against API (use
-    - does not update dashboards
+      `influx auth list --user my-user --hide-headers | cut -f 3`
-    - just creates a dashboard if it does not exist.
+    - tokens may not be removed
-
+    - permissions can not be updated. a new token is created and the old
+      one is not removed.
 options:
     base:
         description: URL for path, e.g. `https://localhost:8086`
@@ -22,13 +23,22 @@ options:
         description: influxdb2 organisation
         type: str
         required: True
-    token:
+    auth_token:
         description: influxdb2 authentication token
         type: str
         required: True
-    data:
+    key:
-        description: exported dashboard json file
+        description: some key used to identify token. This is put into
-        type: json
+                     the tokens description
+        type: str
+        required: True
+    description:
+        description: textual description for token. key gets appended
+        type: str
+        required: False
+    permissions:
+        description: list of permissions, each dict(action, resource)
+        type: list
         required: True
     force:
         description: force creation even if dashboard already exists
@@ -47,11 +57,19 @@ EXAMPLES = r'''
   delegate_to: ed-influxdb-2
 
 - name: "create dashboard"
-  influx_dashboard:
+  influx_token:
     base: "http://localhost:8086"
     org: "my-org"
-    token: "{{influx_token_fetch.stdout_lines[0]}}"
+    auth_token: "{{influx_token_fetch.stdout_lines[0]}}"
-    data: "{{lookup('file', 'influxdb-dashboard-cobald.json')}}"
+    key: "foo123"
+    description: "token for foo key"
+    permissions:
+    - action: "write"
+      resource:
+        type: "buckets"
+  register: ed-influx-token
+
+- debug: msg="Token: {{ed-influx-token.token}}"
 '''
 
 
@@ -92,18 +110,17 @@ class Token:
                           params={"orgID": self.org_id},
                           headers=self.h)
         ra.raise_for_status()
-        x = [i for i in ra.json()["authorizations"]
-             if self.marker in i["description"]
-             and i["orgID"] == self.org_id]
 
         update = None
-        for i in x: # FIXME: one loop
+        for i in ra.json()["authorizations"]:
+            if self.marker not in i["description"] \
+                    or i["orgID"] != self.org_id:
+                continue
             if self._match_perms(self.perms, i["permissions"]):
-                if self.description == i["description"]:
                 self.result_token = i
+                if self.description == i["description"]:
                     return False  # everything matches -> no change needed
                 else:
-                    self.result_token = i
                     update = {"auth_id": i["id"],
                               "description": self.description}
             # TODO: may remove token because permissions do not match?
@@ -112,7 +129,7 @@ class Token:
         else:
             self.result_token = None
             self.f = lambda: self._create({
-                "orgID": self.org_id,  # "permissions": self.perms,
+                "orgID": self.org_id,
                 "description": self.description,
                 "permissions": self.perms
             })
@@ -121,7 +138,7 @@ class Token:
     def run(self):
         if not self.f:
             self.check()
-        ra = self.f()
+        self.f()
 
     def _match_perms(self, pa, pb):
         a = pa.copy()
@@ -182,7 +199,6 @@ if __name__ == "__main__":
     t = Token(module.params["base"], h, {
         "org_id": get_org_id(module.params["base"], module.params["org"], h),
         "key": module.params["key"],
-        # "perms": [{"action": "write", "resource": { "type": "buckets"}}],
         "perms": module.params["permissions"],
         "description": module.params["description"]})