diff --git a/lib/ansible/module_utils/openstack.py b/lib/ansible/module_utils/openstack.py index 5c4503f94ce..b58cc534287 100644 --- a/lib/ansible/module_utils/openstack.py +++ b/lib/ansible/module_utils/openstack.py @@ -73,16 +73,19 @@ def openstack_find_nova_addresses(addresses, ext_tag, key_name=None): def openstack_full_argument_spec(**kwargs): spec = dict( cloud=dict(default=None), - auth_plugin=dict(default=None), + auth_type=dict(default=None), auth=dict(default=None), - auth_token=dict(default=None), region_name=dict(default=None), availability_zone=dict(default=None), - state=dict(default='present', choices=['absent', 'present']), + verify=dict(default=True, aliases=['validate_certs']), + cacert=dict(default=None), + cert=dict(default=None), + key=dict(default=None), wait=dict(default=True, type='bool'), timeout=dict(default=180, type='int'), + api_timeout=dict(default=None, type='int'), endpoint_type=dict( - default='publicURL', choices=['publicURL', 'internalURL'] + default='public', choices=['public', 'internal', 'admin'] ) ) spec.update(kwargs) @@ -94,10 +97,6 @@ def openstack_module_kwargs(**kwargs): required_one_of=[ ['cloud', 'auth'], ], - mutually_exclusive=[ - ['auth', 'auth_token'], - ['auth_plugin', 'auth_token'], - ], ) for key in ('mutually_exclusive', 'required_together', 'required_one_of'): if key in kwargs: diff --git a/lib/ansible/utils/module_docs_fragments/openstack.py b/lib/ansible/utils/module_docs_fragments/openstack.py index d740bc719c3..519ad785b9b 100644 --- a/lib/ansible/utils/module_docs_fragments/openstack.py +++ b/lib/ansible/utils/module_docs_fragments/openstack.py @@ -34,17 +34,13 @@ options: this param will need to contain whatever parameters that auth plugin requires. This parameter is not needed if a named cloud is provided. required: false - auth_plugin: + auth_type: description: - Name of the auth plugin to use. If the cloud uses something other than password authentication, the name of the plugin should be indicated here and the contents of the I(auth) parameter should be updated accordingly. required: false default: password - auth_token: - description: - - An auth token obtained previously. If I(auth_token) is given, - I(auth) and I(auth_plugin) are not needed. region_name: description: - Name of the region. @@ -53,11 +49,6 @@ options: description: - Name of the availability zone. required: false - state: - description: - - Should the resource be present or absent. - choices: [present, absent] - default: present wait: description: - Should ansible wait until the requested resource is complete. @@ -69,12 +60,37 @@ options: - How long should ansible wait for the requested resource. required: false default: 180 + api_timeout: + description: + - How long should the socket layer wait before timing out for API calls. + If this is omitted, nothing will be passed to the requests library. + required: false + default: None + validate_certs: + description: + - Whether or not SSL API requests should be verified. + required: false + default: True + aliases: ['verify'] + cacert: + description: + - A path to a CA Cert bundle that can be used as part of verifying + SSL API requests. + required: false + cert: + description: + - A path to a client certificate to use as part of the SSL transaction + required: false + key: + description: + - A path to a client key to use as part of the SSL transaction + required: false endpoint_type: description: - Endpoint URL type to fetch from the service catalog. - choices: [publicURL, internalURL] + choices: [public, internal, admin] required: false - default: publicURL + default: public requirements: - shade notes: diff --git a/v2/ansible/module_utils/openstack.py b/v2/ansible/module_utils/openstack.py index 64f95437143..b58cc534287 100644 --- a/v2/ansible/module_utils/openstack.py +++ b/v2/ansible/module_utils/openstack.py @@ -30,6 +30,9 @@ import os def openstack_argument_spec(): + # DEPRECATED: This argument spec is only used for the deprecated old + # OpenStack modules. It turns out that modern OpenStack auth is WAY + # more complex than this. # Consume standard OpenStack environment variables. # This is mainly only useful for ad-hoc command line operation as # in playbooks one would assume variables would be used appropriately @@ -67,3 +70,39 @@ def openstack_find_nova_addresses(addresses, ext_tag, key_name=None): ret.append(interface_spec['addr']) return ret +def openstack_full_argument_spec(**kwargs): + spec = dict( + cloud=dict(default=None), + auth_type=dict(default=None), + auth=dict(default=None), + region_name=dict(default=None), + availability_zone=dict(default=None), + verify=dict(default=True, aliases=['validate_certs']), + cacert=dict(default=None), + cert=dict(default=None), + key=dict(default=None), + wait=dict(default=True, type='bool'), + timeout=dict(default=180, type='int'), + api_timeout=dict(default=None, type='int'), + endpoint_type=dict( + default='public', choices=['public', 'internal', 'admin'] + ) + ) + spec.update(kwargs) + return spec + + +def openstack_module_kwargs(**kwargs): + ret = dict( + required_one_of=[ + ['cloud', 'auth'], + ], + ) + for key in ('mutually_exclusive', 'required_together', 'required_one_of'): + if key in kwargs: + if key in ret: + ret[key].extend(kwargs[key]) + else: + ret[key] = kwargs[key] + + return ret