ovirt_auth: support env variable passing (#34872)

oVirt modules support environment variables to be passed as authentication details for connection. But ovirt_auth doesn't support it. This patch add support for it.
7 years ago · 6648964afa
parent aae8f351a4
commit 6648964afa
1 changed files with 46 additions and 17 deletions
--- a/lib/ansible/modules/cloud/ovirt/ovirt_auth.py
+++ b/lib/ansible/modules/cloud/ovirt/ovirt_auth.py
@ -42,18 +42,26 @@ options:
        description:
            - "Specifies if a token should be created or revoked."
    username:
-        required: True
+        required: False
        description:
-            - "The name of the user. For example: I(admin@internal)."
+            - "The name of the user. For example: I(admin@internal)
+               Default value is set by I(OVIRT_USERNAME) environment variable."
    password:
-        required: True
+        required: False
+        description:
+            - "The password of the user. Default value is set by I(OVIRT_PASSWORD) environment variable."
+    token:
+        required: False
        description:
-            - "The password of the user."
+            - "SSO token to be used instead of login with username/password.
+               Default value is set by I(OVIRT_TOKEN) environment variable."
+        version_added: 2.5
    url:
-        required: True
+        required: False
        description:
            - "A string containing the base URL of the server.
-               For example: I(https://server.example.com/ovirt-engine/api)."
+               For example: I(https://server.example.com/ovirt-engine/api).
+               Default value is set by I(OVIRT_URL) environment variable."
    insecure:
        required: False
        description:
@ -64,7 +72,8 @@ options:
            - "A PEM file containing the trusted CA certificates. The
               certificate presented by the server will be verified using these CA
               certificates. If C(ca_file) parameter is not set, system wide
-               CA certificate store is used."
+               CA certificate store is used.
+               Default value is set by I(OVIRT_CAFILE) environment variable."
    timeout:
        required: False
        description:
@ -132,6 +141,19 @@ tasks:
        ovirt_auth:
          state: absent
          ovirt_auth: "{{ ovirt_auth }}"
+
+# When user will set following environment variables:
+#   OVIRT_URL = https://fqdn/ovirt-engine/api
+#   OVIRT_USERNAME = admin@internal
+#   OVIRT_PASSWORD = the_password
+# He can login the oVirt using environment variable instead of variables
+# in yaml file.
+# This is mainly usefull when using Ansible Tower or AWX, as it will work
+# for Red Hat Virtualization creadentials type.
+tasks:
+  - name: Obtain SSO token
+    ovirt_auth:
+      state: present
 '''

 RETURN = '''
@ -181,6 +203,7 @@ ovirt_auth:
            type: dict
 '''

+import os
 import traceback

 try:
@ -205,11 +228,11 @@ def main():
            kerberos=dict(required=False, type='bool', default=False),
            headers=dict(required=False, type='dict'),
            state=dict(default='present', choices=['present', 'absent']),
+            token=dict(default=None),
            ovirt_auth=dict(required=None, type='dict'),
        ),
        required_if=[
            ('state', 'absent', ['ovirt_auth']),
-            ('state', 'present', ['username', 'password', 'url']),
        ],
        supports_check_mode=True,
    )
@ -221,17 +244,23 @@ def main():
    elif state == 'absent':
        params = module.params['ovirt_auth']

+    url = params.get('url') or os.environ.get('OVIRT_URL')
+    username = params.get('username') or os.environ.get('OVIRT_USERNAME')
+    password = params.get('password') or os.environ.get('OVIRT_PASSWORD')
+    ca_file = params.get('ca_file') or os.environ.get('OVIRT_CAFILE')
+    insecure = params.get('insecure') or ca_file is None
+    token = params.get('token') or os.environ.get('OVIRT_TOKEN')
    connection = sdk.Connection(
-        url=params.get('url'),
-        username=params.get('username'),
-        password=params.get('password'),
-        ca_file=params.get('ca_file'),
-        insecure=params.get('insecure'),
+        url=url,
+        username=username,
+        password=password,
+        ca_file=ca_file,
+        insecure=insecure,
        timeout=params.get('timeout'),
        compress=params.get('compress'),
        kerberos=params.get('kerberos'),
        headers=params.get('headers'),
-        token=params.get('token'),
+        token=token,
    )
    try:
        token = connection.authenticate()
@ -240,9 +269,9 @@ def main():
            ansible_facts=dict(
                ovirt_auth=dict(
                    token=token,
-                    url=params.get('url'),
-                    ca_file=params.get('ca_file'),
-                    insecure=params.get('insecure'),
+                    url=url,
+                    ca_file=ca_file,
+                    insecure=insecure,
                    timeout=params.get('timeout'),
                    compress=params.get('compress'),
                    kerberos=params.get('kerberos'),