mueller/cobald-testenv
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

token module improved

Browse Source
This commit is contained in:
Thorsten Müller
2021-05-25 11:18:22 +02:00
parent 38c117d6fa
commit c26e962898
1 changed files with 39 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
roles/cobald/library/influx_token.py
View File

@@ -4,15 +4,16 @@ from ansible.module_utils.basic import AnsibleModule
DOCUMENTATION = r'''
---
module: influx2_dashboard
short_description: create dashboard in influxdb2
description: create dashboard in influxdb2
module: influx2_token
short_description: generate token via influxdb2 api
description: generate token via influxdb2 api
notes:
- just works with influxdb version 2
- does not create dashboard description
- does not update dashboards
- just creates a dashboard if it does not exist.
- needs token to authenticate against API (use
`influx auth list --user my-user --hide-headers | cut -f 3`
- tokens may not be removed
- permissions can not be updated. a new token is created and the old
one is not removed.
options:
base:
description: URL for path, e.g. `https://localhost:8086`
@@ -22,13 +23,22 @@ options:
description: influxdb2 organisation
type: str
required: True
token:
auth_token:
description: influxdb2 authentication token
type: str
required: True
data:
description: exported dashboard json file
type: json
key:
description: some key used to identify token. This is put into
the tokens description
type: str
required: True
description:
description: textual description for token. key gets appended
type: str
required: False
permissions:
description: list of permissions, each dict(action, resource)
type: list
required: True
force:
description: force creation even if dashboard already exists
@@ -47,11 +57,19 @@ EXAMPLES = r'''
delegate_to: ed-influxdb-2
- name: "create dashboard"
influx_dashboard:
influx_token:
base: "http://localhost:8086"
org: "my-org"
token: "{{influx_token_fetch.stdout_lines[0]}}"
data: "{{lookup('file', 'influxdb-dashboard-cobald.json')}}"
auth_token: "{{influx_token_fetch.stdout_lines[0]}}"
key: "foo123"
description: "token for foo key"
permissions:
- action: "write"
resource:
type: "buckets"
register: ed-influx-token
- debug: msg="Token: {{ed-influx-token.token}}"
'''
@@ -92,18 +110,17 @@ class Token:
params={"orgID": self.org_id},
headers=self.h)
ra.raise_for_status()
x = [i for i in ra.json()["authorizations"]
if self.marker in i["description"]
and i["orgID"] == self.org_id]
update = None
for i in x: # FIXME: one loop
for i in ra.json()["authorizations"]:
if self.marker not in i["description"] \
or i["orgID"] != self.org_id:
continue
if self._match_perms(self.perms, i["permissions"]):
self.result_token = i
if self.description == i["description"]:
self.result_token = i
return False # everything matches -> no change needed
else:
self.result_token = i
update = {"auth_id": i["id"],
"description": self.description}
# TODO: may remove token because permissions do not match?
@@ -112,7 +129,7 @@ class Token:
else:
self.result_token = None
self.f = lambda: self._create({
"orgID": self.org_id, # "permissions": self.perms,
"orgID": self.org_id,
"description": self.description,
"permissions": self.perms
})
@@ -121,7 +138,7 @@ class Token:
def run(self):
if not self.f:
self.check()
ra = self.f()
self.f()
def _match_perms(self, pa, pb):
a = pa.copy()
@@ -182,7 +199,6 @@ if __name__ == "__main__":
t = Token(module.params["base"], h, {
"org_id": get_org_id(module.params["base"], module.params["org"], h),
"key": module.params["key"],
# "perms": [{"action": "write", "resource": { "type": "buckets"}}],
"perms": module.params["permissions"],
"description": module.params["description"]})