a-c-m
/
community.general
mirror of https://github.com/ansible-collections/community.general.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
community.general/lib/ansible/module_utils/gcp.py

388 lines
16 KiB
Python
Raw Normal View History

Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
# This code is part of Ansible, but is an independent component.
# This particular file snippet, and this file snippet only, is BSD licensed.
# Modules you write using this snippet, which is embedded dynamically by Ansible
# still belong to the author of the module, and may assign their own license
# to the complete work.
#
# Copyright (c), Franck Cuny <franck.cuny@gmail.com>, 2014
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
import json
import os
import traceback
from distutils.version import LooseVersion
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
# libcloud
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
try:
import libcloud
HAS_LIBCLOUD_BASE = True
except ImportError:
HAS_LIBCLOUD_BASE = False
[GCE] Google Cloud Pubsub Module (#19091) * Google Cloud Pubsub Module The Google Cloud Pubsub module allows the Ansible user to: * Create/Delete Topics * Create/Delete Subscriptions * Change subscription from pull to push (and configure endpoint) * Publish messages to a topic * Pull messages from a Subscription An accessory module, gcpubsub_facts, has been added to list topics and subscriptions. * Added docs for state field to DOCUMENTATION and RETURN blocks.
2017-01-26 21:16:52 +00:00
# google-auth
try:
import google.auth
from google.oauth2 import service_account
HAS_GOOGLE_AUTH = True
except ImportError as e:
HAS_GOOGLE_AUTH = False
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
# google-python-api
try:
[GCE] Google Cloud Pubsub Module (#19091) * Google Cloud Pubsub Module The Google Cloud Pubsub module allows the Ansible user to: * Create/Delete Topics * Create/Delete Subscriptions * Change subscription from pull to push (and configure endpoint) * Publish messages to a topic * Pull messages from a Subscription An accessory module, gcpubsub_facts, has been added to list topics and subscriptions. * Added docs for state field to DOCUMENTATION and RETURN blocks.
2017-01-26 21:16:52 +00:00
import google_auth_httplib2
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
from httplib2 import Http
from googleapiclient.http import set_user_agent
HAS_GOOGLE_API_LIB = True
except ImportError:
HAS_GOOGLE_API_LIB = False
# Ansible Display object for warnings
try:
from __main__ import display
except ImportError:
from ansible.utils.display import Display
display = Display()
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
def _get_gcp_ansible_credentials(module):
"""Helper to fetch creds from AnsibleModule object."""
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
service_account_email = module.params.get('service_account_email', None)
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
# Note: pem_file is discouraged and will be deprecated
credentials_file = module.params.get('pem_file', None) or module.params.get(
'credentials_file', None)
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
project_id = module.params.get('project_id', None)
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
return (service_account_email, credentials_file, project_id)
def _get_gcp_environ_var(var_name, default_value):
"""Wrapper around os.environ.get call."""
return os.environ.get(
var_name, default_value)
def _get_gcp_environment_credentials(service_account_email, credentials_file, project_id):
"""Helper to look in environment variables for credentials."""
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
# If any of the values are not given as parameters, check the appropriate
# environment variables.
if not service_account_email:
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
service_account_email = _get_gcp_environ_var('GCE_EMAIL', None)
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
if not credentials_file:
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
credentials_file = _get_gcp_environ_var(
'GCE_CREDENTIALS_FILE_PATH', None) or _get_gcp_environ_var(
'GOOGLE_APPLICATION_CREDENTIALS', None) or _get_gcp_environ_var(
'GCE_PEM_FILE_PATH', None)
if not project_id:
project_id = _get_gcp_environ_var('GCE_PROJECT', None) or _get_gcp_environ_var(
'GOOGLE_CLOUD_PROJECT', None)
return (service_account_email, credentials_file, project_id)
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
def _get_gcp_libcloud_credentials(service_account_email=None, credentials_file=None, project_id=None):
"""
Helper to look for libcloud secrets.py file.
Note: This has an 'additive' effect right now, filling in
vars not specified elsewhere, in order to keep legacy functionality.
This method of specifying credentials will be deprecated, otherwise
we'd look to make it more restrictive with an all-vars-or-nothing approach.
:param service_account: GCP service account email used to make requests
:type service_account: ``str`` or None
:param credentials_file: Path on disk to credentials file
:type credentials_file: ``str`` or None
:param project_id: GCP project ID.
:type project_id: ``str`` or None
:return: tuple of (service_account, credentials_file, project_id)
:rtype: ``tuple`` of ``str``
"""
if service_account_email is None or credentials_file is None:
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
try:
import secrets
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
display.deprecated(msg=("secrets file found at '%s'. This method of specifying "
"credentials is deprecated. Please use env vars or "
"Ansible YAML files instead" % (secrets.__file__)), version=2.5)
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
except ImportError:
secrets = None
if hasattr(secrets, 'GCE_PARAMS'):
if not service_account_email:
service_account_email = secrets.GCE_PARAMS[0]
if not credentials_file:
credentials_file = secrets.GCE_PARAMS[1]
keyword_params = getattr(secrets, 'GCE_KEYWORD_PARAMS', {})
if not project_id:
project_id = keyword_params.get('project', None)
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
return (service_account_email, credentials_file, project_id)
def _get_gcp_credentials(module, require_valid_json=True, check_libcloud=False):
"""
Obtain GCP credentials by trying various methods.
There are 3 ways to specify GCP credentials:
1. Specify via Ansible module parameters (recommended).
2. Specify via environment variables. Two sets of env vars are available:
a) GOOGLE_CLOUD_PROJECT, GOOGLE_CREDENTIALS_APPLICATION (preferred)
b) GCE_PROJECT, GCE_CREDENTIAL_FILE_PATH, GCE_EMAIL (legacy, not recommended; req'd if
using p12 key)
3. Specify via libcloud secrets.py file (deprecated).
There are 3 helper functions to assist in the above.
Regardless of method, the user also has the option of specifying a JSON
file or a p12 file as the credentials file. JSON is strongly recommended and
p12 will be removed in the future.
Additionally, flags may be set to require valid json and check the libcloud
version.
:param module: initialized Ansible module object
:type module: `class AnsibleModule`
:param require_valid_json: If true, require credentials to be valid JSON. Default is True.
:type require_valid_json: ``bool``
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
:params check_libcloud: If true, check the libcloud version available to see if
JSON creds are supported.
:type check_libcloud: ``bool``
:return: {'service_account_email': service_account_email,
'credentials_file': credentials_file,
'project_id': project_id}
:rtype: ``dict``
"""
(service_account_email,
credentials_file,
project_id) = _get_gcp_ansible_credentials(module)
# If any of the values are not given as parameters, check the appropriate
# environment variables.
(service_account_email,
credentials_file,
project_id) = _get_gcp_environment_credentials(service_account_email,
credentials_file, project_id)
# If we still don't have one or more of our credentials, attempt to
# get the remaining values from the libcloud secrets file.
(service_account_email,
credentials_file,
project_id) = _get_gcp_libcloud_credentials(service_account_email,
credentials_file, project_id)
if credentials_file is None or project_id is None or service_account_email is None:
if check_libcloud is True:
# TODO(supertom): this message is legacy and integration tests depend on it.
module.fail_json(msg='Missing GCE connection parameters in libcloud '
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
'secrets file.')
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
return None
else:
if credentials_file is None or project_id is None:
[GCE] Google Cloud Pubsub Module (#19091) * Google Cloud Pubsub Module The Google Cloud Pubsub module allows the Ansible user to: * Create/Delete Topics * Create/Delete Subscriptions * Change subscription from pull to push (and configure endpoint) * Publish messages to a topic * Pull messages from a Subscription An accessory module, gcpubsub_facts, has been added to list topics and subscriptions. * Added docs for state field to DOCUMENTATION and RETURN blocks.
2017-01-26 21:16:52 +00:00
module.fail_json(msg=('GCP connection error: unable to determine project (%s) or '
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
'credentials file (%s)' % (project_id, credentials_file)))
# ensure the credentials file is found and is in the proper format.
_validate_credentials_file(module, credentials_file,
require_valid_json=require_valid_json,
check_libcloud=check_libcloud)
return {'service_account_email': service_account_email,
'credentials_file': credentials_file,
'project_id': project_id}
def _validate_credentials_file(module, credentials_file, require_valid_json=True, check_libcloud=False):
"""
Check for valid credentials file.
Optionally check for JSON format and if libcloud supports JSON.
:param module: initialized Ansible module object
:type module: `class AnsibleModule`
:param credentials_file: path to file on disk
:type credentials_file: ``str``. Complete path to file on disk.
:param require_valid_json: If true, require credentials to be valid JSON. Default is True.
:type require_valid_json: ``bool``
:params check_libcloud: If true, check the libcloud version available to see if
JSON creds are supported.
:type check_libcloud: ``bool``
:returns: True
:rtype: ``bool``
"""
try:
# Try to read credentials as JSON
with open(credentials_file) as credentials:
json.loads(credentials.read())
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
# If the credentials are proper JSON and we do not have the minimum
# required libcloud version, bail out and return a descriptive error
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
if check_libcloud and LooseVersion(libcloud.__version__) < '0.17.0':
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
module.fail_json(msg='Using JSON credentials but libcloud minimum version not met. '
'Upgrade to libcloud>=0.17.0.')
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
return True
except IOError as e:
Allow the use of paths like ~/.project.json (#16064) * Allow the use of paths like ~/.project.json This makes it easy to manage credentials files outside of the repo (and/or user specific credentials). * Fix format string to log credentials_file.
2017-01-16 14:10:16 +00:00
module.fail_json(msg='GCP Credentials File %s not found.' % credentials_file, changed=False)
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
return False
except ValueError as e:
if require_valid_json:
Allow the use of paths like ~/.project.json (#16064) * Allow the use of paths like ~/.project.json This makes it easy to manage credentials files outside of the repo (and/or user specific credentials). * Fix format string to log credentials_file.
2017-01-16 14:10:16 +00:00
module.fail_json(msg='GCP Credentials File %s invalid. Must be valid JSON.' % credentials_file, changed=False)
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
else:
display.deprecated(msg=("Non-JSON credentials file provided. This format is deprecated. "
" Please generate a new JSON key from the Google Cloud console"),
version=2.5)
return True
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
def gcp_connect(module, provider, get_driver, user_agent_product, user_agent_version):
"""Return a Google libcloud driver connection."""
if not HAS_LIBCLOUD_BASE:
module.fail_json(msg='libcloud must be installed to use this module')
creds = _get_gcp_credentials(module,
require_valid_json=False,
check_libcloud=True)
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
try:
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
gcp = get_driver(provider)(creds['service_account_email'], creds['credentials_file'],
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
datacenter=module.params.get('zone', None),
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
project=creds['project_id'])
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
gcp.connection.user_agent_append("%s/%s" % (
user_agent_product, user_agent_version))
except (RuntimeError, ValueError) as e:
module.fail_json(msg=str(e), changed=False)
except Exception as e:
module.fail_json(msg=unexpected_error_msg(e), changed=False)
return gcp
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
def get_google_cloud_credentials(module, scopes=[]):
"""
Get credentials object for use with Google Cloud client.
To connect via libcloud, don't use this function, use gcp_connect instead. For
Google Python API Client, see get_google_api_auth for how to connect.
For more information on Google's client library options for Python, see:
U(https://cloud.google.com/apis/docs/client-libraries-explained#google_api_client_libraries)
Google Cloud example:
creds, params = get_google_cloud_credentials(module, scopes, user_agent_product, user_agent_version)
pubsub_client = pubsub.Client(project=params['project_id'], credentials=creds)
pubsub_client.user_agent = 'ansible-pubsub-0.1'
...
:param module: initialized Ansible module object
:type module: `class AnsibleModule`
:param scopes: list of scopes
:type module: ``list`` of URIs
:returns: A tuple containing (google authorized) credentials object and
params dict {'service_account_email': '...', 'credentials_file': '...', 'project_id': ...}
:rtype: ``tuple``
"""
[GCE] Google Cloud Pubsub Module (#19091) * Google Cloud Pubsub Module The Google Cloud Pubsub module allows the Ansible user to: * Create/Delete Topics * Create/Delete Subscriptions * Change subscription from pull to push (and configure endpoint) * Publish messages to a topic * Pull messages from a Subscription An accessory module, gcpubsub_facts, has been added to list topics and subscriptions. * Added docs for state field to DOCUMENTATION and RETURN blocks.
2017-01-26 21:16:52 +00:00
if not HAS_GOOGLE_AUTH:
module.fail_json(msg='Please install google-auth.')
conn_params = _get_gcp_credentials(module,
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
require_valid_json=True,
check_libcloud=False)
try:
[GCE] Google Cloud Pubsub Module (#19091) * Google Cloud Pubsub Module The Google Cloud Pubsub module allows the Ansible user to: * Create/Delete Topics * Create/Delete Subscriptions * Change subscription from pull to push (and configure endpoint) * Publish messages to a topic * Pull messages from a Subscription An accessory module, gcpubsub_facts, has been added to list topics and subscriptions. * Added docs for state field to DOCUMENTATION and RETURN blocks.
2017-01-26 21:16:52 +00:00
if conn_params['credentials_file']:
credentials = service_account.Credentials.from_service_account_file(
conn_params['credentials_file'])
if scopes:
credentials = credentials.with_scopes(scopes)
else:
credentials = google.auth.default(
scopes=scopes)[0]
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
[GCE] Google Cloud Pubsub Module (#19091) * Google Cloud Pubsub Module The Google Cloud Pubsub module allows the Ansible user to: * Create/Delete Topics * Create/Delete Subscriptions * Change subscription from pull to push (and configure endpoint) * Publish messages to a topic * Pull messages from a Subscription An accessory module, gcpubsub_facts, has been added to list topics and subscriptions. * Added docs for state field to DOCUMENTATION and RETURN blocks.
2017-01-26 21:16:52 +00:00
return (credentials, conn_params)
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
except Exception as e:
module.fail_json(msg=unexpected_error_msg(e), changed=False)
return (None, None)
def get_google_api_auth(module, scopes=[], user_agent_product='ansible-python-api', user_agent_version='NA'):
"""
Authentication for use with google-python-api-client.
[GCE] Google Cloud Pubsub Module (#19091) * Google Cloud Pubsub Module The Google Cloud Pubsub module allows the Ansible user to: * Create/Delete Topics * Create/Delete Subscriptions * Change subscription from pull to push (and configure endpoint) * Publish messages to a topic * Pull messages from a Subscription An accessory module, gcpubsub_facts, has been added to list topics and subscriptions. * Added docs for state field to DOCUMENTATION and RETURN blocks.
2017-01-26 21:16:52 +00:00
Function calls get_google_cloud_credentials, which attempts to assemble the credentials
from various locations. Next it attempts to authenticate with Google.
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
[GCE] Google Cloud Pubsub Module (#19091) * Google Cloud Pubsub Module The Google Cloud Pubsub module allows the Ansible user to: * Create/Delete Topics * Create/Delete Subscriptions * Change subscription from pull to push (and configure endpoint) * Publish messages to a topic * Pull messages from a Subscription An accessory module, gcpubsub_facts, has been added to list topics and subscriptions. * Added docs for state field to DOCUMENTATION and RETURN blocks.
2017-01-26 21:16:52 +00:00
This function returns an httplib2 (compatible) object that can be provided to the Google Python API client.
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
For libcloud, don't use this function, use gcp_connect instead. For Google Cloud, See
get_google_cloud_credentials for how to connect.
For more information on Google's client library options for Python, see:
U(https://cloud.google.com/apis/docs/client-libraries-explained#google_api_client_libraries)
Google API example:
[GCE] Google Cloud Pubsub Module (#19091) * Google Cloud Pubsub Module The Google Cloud Pubsub module allows the Ansible user to: * Create/Delete Topics * Create/Delete Subscriptions * Change subscription from pull to push (and configure endpoint) * Publish messages to a topic * Pull messages from a Subscription An accessory module, gcpubsub_facts, has been added to list topics and subscriptions. * Added docs for state field to DOCUMENTATION and RETURN blocks.
2017-01-26 21:16:52 +00:00
http_auth, conn_params = get_google_api_auth(module, scopes, user_agent_product, user_agent_version)
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
service = build('myservice', 'v1', http=http_auth)
...
:param module: initialized Ansible module object
:type module: `class AnsibleModule`
:param scopes: list of scopes
:type scopes: ``list`` of URIs
:param user_agent_product: User agent product. eg: 'ansible-python-api'
:type user_agent_product: ``str``
:param user_agent_version: Version string to append to product. eg: 'NA' or '0.1'
:type user_agent_version: ``str``
:returns: A tuple containing (google authorized) httplib2 request object and a
params dict {'service_account_email': '...', 'credentials_file': '...', 'project_id': ...}
:rtype: ``tuple``
"""
if not HAS_GOOGLE_API_LIB:
module.fail_json(msg="Please install google-api-python-client library")
# TODO(supertom): verify scopes
if not scopes:
scopes = ['https://www.googleapis.com/auth/cloud-platform']
try:
[GCE] Google Cloud Pubsub Module (#19091) * Google Cloud Pubsub Module The Google Cloud Pubsub module allows the Ansible user to: * Create/Delete Topics * Create/Delete Subscriptions * Change subscription from pull to push (and configure endpoint) * Publish messages to a topic * Pull messages from a Subscription An accessory module, gcpubsub_facts, has been added to list topics and subscriptions. * Added docs for state field to DOCUMENTATION and RETURN blocks.
2017-01-26 21:16:52 +00:00
(credentials, conn_params) = get_google_cloud_credentials(module, scopes)
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
http = set_user_agent(Http(), '%s-%s' % (user_agent_product, user_agent_version))
[GCE] Google Cloud Pubsub Module (#19091) * Google Cloud Pubsub Module The Google Cloud Pubsub module allows the Ansible user to: * Create/Delete Topics * Create/Delete Subscriptions * Change subscription from pull to push (and configure endpoint) * Publish messages to a topic * Pull messages from a Subscription An accessory module, gcpubsub_facts, has been added to list topics and subscriptions. * Added docs for state field to DOCUMENTATION and RETURN blocks.
2017-01-26 21:16:52 +00:00
http_auth = google_auth_httplib2.AuthorizedHttp(credentials, http=http)
Adding auth support for google-api-python-client and gcloud-python (#19090) Support for the Google API and GCloud-Python Clients have been added. The three libraries: * GCloud-Python: A new function, get_google_cloud_credentials, should be used. The credentials-object returned can be passed to any gcloud-python client. Using this client library requires in the installation of gcloud-python. This is preferred library for new modules. * Google API: A new function, gcp_api_auth, should be used to take advantage of services requiring this client. This client library should be used if the desired functionality is not available in GCloud-Python. Using this library requires the installation of google-api-python-client. * libcloud: Existing function, gcp_connect, should be used. The interface and return values have not changed and existing modules (such as gce, gce_pd and gce_net) should work without modification. Note that the credentials-fetching code has been refactored out of gcp_connect so that can be reused by all connection functions. To use this function, apache-libcloud must be installed. Import guards have been added and will only be trigger if a user tries to use a function that is missing dependencies. Credential-specifying mechanisms (i.e, ansible module params, env vars and libcloud secrets.py) have not changed. They have been refactored and unit tests have been added to allow for changes going forward. We are deprecating (and removing in a subsequent release) the ability to specify credentials via the libcloud secrets file. Also, we have deprecated (and also plan to remove in a subsequent release) the ability to use a p12 pem file for a key - the JSON format is strongly preferred. Deprecation warnings have been added for both of these issues (see the Ansible docs on how to disable deprecation warnings).
2016-12-29 17:33:52 +00:00
return (http_auth, conn_params)
except Exception as e:
module.fail_json(msg=unexpected_error_msg(e), changed=False)
return (None, None)
[GCE] Google Cloud Pubsub Module (#19091) * Google Cloud Pubsub Module The Google Cloud Pubsub module allows the Ansible user to: * Create/Delete Topics * Create/Delete Subscriptions * Change subscription from pull to push (and configure endpoint) * Publish messages to a topic * Pull messages from a Subscription An accessory module, gcpubsub_facts, has been added to list topics and subscriptions. * Added docs for state field to DOCUMENTATION and RETURN blocks.
2017-01-26 21:16:52 +00:00
def check_min_pkg_version(pkg_name, minimum_version):
"""Minimum required version is >= installed version."""
from pkg_resources import get_distribution
try:
installed_version = get_distribution(pkg_name).version
return LooseVersion(installed_version) >= minimum_version
except Exception as e:
return False
Refactored gce util module to support other GCP services (#15924) This is a refactoring of the existing GCE utility module to support other projects on Google Cloud Platform. The previous gce.py module was hard-coded specifically for GCE, and attempting to use it with other projects in GCP failed. See https://github.com/ansible/ansible/pull/15918#issuecomment-220165913 for more detail. This has also been an issue for others in the past, although they've handled it by simply duplicating some of the logic of gce.py in their own modules. - The existing gce.py module was renamed to gcp.py, and modified to remove any imports or other code that refers to libcloud.compute or GCE (the GCE_* params were retained for compatibility). I also renamed the gce_connect function to gcp_connect, and modified the function signature to make supplying a provider, driver, and agent information mandatory. - A new gce.py module was created to handle connectivity to GCE. It imports the appropriate libcloud.compute providers and drivers, and then passes them on to gcp_connect in gcp.py. The constants and function signatures are the same as the old gce.py, so compatibility with existing modules is retained. - A new gcdns.py module was created to support PR ansible/ansible-modules-extras#2252 for two new Google Cloud DNS modules, and to demonstrate support for a non-GCE Google Cloud service. It follows the same basic structure as the new gce.py module, but imports from libcloud.dns instead.
2016-07-28 16:54:39 +00:00
def unexpected_error_msg(error):
"""Create an error string based on passed in error."""
return 'Unexpected response: (%s). Detail: %s' % (str(error), traceback.format_exc(error))