-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #14 from wcm-io-devops/feature/custom-port-support
Allow custom ports and binding IP adresses, move main logic to action_plugins
- Loading branch information
Showing
8 changed files
with
290 additions
and
125 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -28,3 +28,4 @@ npm-debug.log | |
*.sublime-* | ||
*nbactions*.xml | ||
.temp/ | ||
*.pyc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,124 @@ | ||
#!/usr/bin/python | ||
# -*- coding: utf-8 -*- | ||
|
||
from __future__ import (absolute_import, division, print_function) | ||
|
||
__metaclass__ = type | ||
|
||
from ansible.plugins.action import ActionBase | ||
from ansible.errors import AnsibleOptionsError | ||
|
||
try: | ||
from __main__ import display | ||
except ImportError: | ||
from ansible.utils.display import Display | ||
|
||
display = Display() | ||
|
||
|
||
class ActionModule(ActionBase): | ||
TRANSFERS_FILES = False | ||
|
||
def __init__(self, task, connection, play_context, loader, templar, shared_loader_obj): | ||
super(ActionModule, self).__init__(task, connection, play_context, loader, templar, shared_loader_obj) | ||
self._task_vars = None | ||
|
||
def run(self, tmp=None, task_vars=None): | ||
if task_vars is None: | ||
task_vars = dict() | ||
|
||
result = super(ActionModule, self).run(tmp, task_vars) | ||
|
||
self._task_vars = task_vars | ||
|
||
try: | ||
# Get conga_facts based config (whole or tenant config) | ||
config = self._get_arg_or_var('conga_config') | ||
|
||
except AnsibleOptionsError as err: | ||
return self._fail_result(result, err.message) | ||
|
||
httpd_cfg = config.get("httpd", {}) | ||
ssl_cfg = httpd_cfg.get("ssl", {}) | ||
ssl_enforce = ssl_cfg.get("enforce", False) | ||
|
||
ssl_offloading_cfg = ssl_cfg.get("offloading", {}) | ||
ssl_offloading_enabled = ssl_offloading_cfg.get("enabled", False) | ||
|
||
# set defaults | ||
server_listen_address = httpd_cfg.get("serverListenAddressSsl", "127.0.0.1") | ||
server_listen_address_ssl = httpd_cfg.get("serverListenAddressSsl", "127.0.0.1") | ||
|
||
if server_listen_address == "*": | ||
server_listen_address = "127.0.0.1" | ||
|
||
if server_listen_address_ssl == "*": | ||
server_listen_address_ssl = "127.0.0.1" | ||
|
||
server_name = httpd_cfg.get("serverName", None) | ||
server_name_ssl = httpd_cfg.get("serverNameSsl", None) | ||
|
||
listen_port = httpd_cfg.get("serverPort", 80) | ||
listen_port_ssl = httpd_cfg.get("serverPortSsl", 443) | ||
|
||
initial_port = listen_port | ||
expected_port = listen_port | ||
|
||
response_test_headers = [] | ||
|
||
# when ssl is enforced and not offloaded we are expecting the ssl port | ||
if ssl_enforce and not ssl_offloading_enabled: | ||
expected_port = listen_port_ssl | ||
|
||
listen_port_suffix = "" if listen_port == 80 else ":{}".format(initial_port) | ||
listen_port_suffix_ssl = "" if listen_port_ssl == 443 else ":{}".format(expected_port) | ||
|
||
ssl_enforce_initial_url = "http://{}{}".format(server_name, listen_port_suffix) | ||
ssl_enforce_expected_url = "https://{}{}/".format(server_name_ssl, listen_port_suffix_ssl) | ||
|
||
response_test_initial_url = ssl_enforce_initial_url | ||
response_test_expected_url = response_test_initial_url + "/" | ||
|
||
if ssl_enforce: | ||
if ssl_offloading_enabled: | ||
# when ssl is offloaded we have to simulate a forwareded https request | ||
response_test_headers.append("X-Forwarded-Proto: https") | ||
else: | ||
# when ssl is not offloaded we are expecting an ssl upgrade | ||
response_test_expected_url = ssl_enforce_expected_url | ||
|
||
results = { | ||
# "config": config, | ||
"server_listen_address": server_listen_address, | ||
"server_listen_address_ssl": server_listen_address_ssl, | ||
"listen_port": listen_port, | ||
"listen_port_ssl": listen_port_ssl, | ||
"initial_port": initial_port, | ||
"expected_port": expected_port, | ||
"listen_port_suffix": listen_port_suffix, | ||
"listen_port_suffix_ssl": listen_port_suffix_ssl, | ||
"ssl_enforce_initial_url": ssl_enforce_initial_url, | ||
"ssl_enforce_expected_url": ssl_enforce_expected_url, | ||
"response_test_headers": response_test_headers, | ||
"response_test_initial_url": response_test_initial_url, | ||
"response_test_expected_url": response_test_expected_url | ||
} | ||
|
||
result["ansible_facts"] = { | ||
"conga_aemdst_config": results, | ||
} | ||
|
||
return result | ||
|
||
@staticmethod | ||
def _fail_result(result, message): | ||
result['failed'] = True | ||
result['msg'] = message | ||
return result | ||
|
||
def _get_arg_or_var(self, name, default=None, is_required=True): | ||
ret = self._task.args.get(name, self._task_vars.get(name, default)) | ||
if is_required and not ret: | ||
raise AnsibleOptionsError("parameter %s is required" % name) | ||
else: | ||
return ret |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
#!/usr/bin/python | ||
# -*- coding: utf-8 -*- | ||
|
||
from __future__ import (absolute_import, division, print_function) | ||
|
||
__metaclass__ = type | ||
|
||
from ansible.plugins.action import ActionBase | ||
from ansible.errors import AnsibleOptionsError | ||
|
||
try: | ||
from __main__ import display | ||
except ImportError: | ||
from ansible.utils.display import Display | ||
|
||
display = Display() | ||
|
||
|
||
class ActionModule(ActionBase): | ||
TRANSFERS_FILES = False | ||
|
||
def __init__(self, task, connection, play_context, loader, templar, shared_loader_obj): | ||
super(ActionModule, self).__init__(task, connection, play_context, loader, templar, shared_loader_obj) | ||
self._task_vars = None | ||
self._templar = templar | ||
|
||
def run(self, tmp=None, task_vars=None): | ||
if task_vars is None: | ||
task_vars = dict() | ||
|
||
result = super(ActionModule, self).run(tmp, task_vars) | ||
|
||
self._task_vars = task_vars | ||
|
||
try: | ||
# Get config values | ||
conga_aemdst_curl_url = self._get_arg_or_var('conga_aemdst_curl_url') | ||
conga_aemdst_curl_expected_http_code = self._get_arg_or_var('conga_aemdst_curl_expected_http_code') | ||
conga_aemdst_curl_follow_redirects_expected_http_code = self._get_arg_or_var('conga_aemdst_curl_follow_redirects_expected_http_code') | ||
conga_aemdst_curl_follow_redirects = self._get_arg_or_var('conga_aemdst_curl_follow_redirects') | ||
conga_aemdst_curl_allow_insecure = self._get_arg_or_var('conga_aemdst_curl_allow_insecure') | ||
conga_aemdst_curl_noproxy = self._get_arg_or_var('conga_aemdst_curl_noproxy') | ||
conga_aemdst_curl_resolve = self._get_arg_or_var('conga_aemdst_curl_resolve', [], False) | ||
conga_aemdst_curl_headers = self._get_arg_or_var('conga_aemdst_curl_headers', [], False) | ||
conga_aemdst_curl_timeout = self._get_arg_or_var('conga_aemdst_curl_timeout') | ||
conga_aemdst_curl_connect_timeout = self._get_arg_or_var('conga_aemdst_curl_connect_timeout') | ||
|
||
except AnsibleOptionsError as err: | ||
return self._fail_result(result, err.message) | ||
|
||
# set defaults | ||
curl_cmdline_args = [ | ||
'--max-time {}'.format(conga_aemdst_curl_timeout), | ||
'--connect-timeout {}'.format(conga_aemdst_curl_connect_timeout), | ||
] | ||
write_out_arg = "%{redirect_url}\n%{http_code}" | ||
expected_http_code = conga_aemdst_curl_expected_http_code | ||
|
||
if conga_aemdst_curl_allow_insecure: | ||
curl_cmdline_args.append('--insecure') | ||
|
||
for resolve in conga_aemdst_curl_resolve: | ||
host = resolve.get("host") | ||
port = resolve.get("port") | ||
address = resolve.get("address") | ||
curl_cmdline_args.append("--resolve '{}:{}:{}'".format(host, port, address)) | ||
|
||
if conga_aemdst_curl_follow_redirects: | ||
curl_cmdline_args.append('--location') | ||
write_out_arg = "%{url_effective}\n%{http_code}" | ||
expected_http_code = conga_aemdst_curl_follow_redirects_expected_http_code | ||
|
||
if conga_aemdst_curl_noproxy: | ||
curl_cmdline_args.append('--noproxy "*"') | ||
|
||
for header in conga_aemdst_curl_headers: | ||
curl_cmdline_args.append('--header "{}"'.format(header)) | ||
|
||
curl_base_command = "curl {}".format(" ".join(curl_cmdline_args)) | ||
curl_internal_command = '{} --write-out "{}" --output /dev/null --silent {}'.format(curl_base_command, | ||
write_out_arg, | ||
conga_aemdst_curl_url) | ||
curl_debug_command = "{} {}".format(curl_base_command, conga_aemdst_curl_url) | ||
|
||
results = { | ||
"curl_base_command": curl_base_command, | ||
"curl_internal_command": curl_internal_command, | ||
"curl_debug_command": curl_debug_command, | ||
"expected_http_code": expected_http_code, | ||
} | ||
|
||
result["ansible_facts"] = { | ||
"conga_aemdst_curl_cmdline": results, | ||
} | ||
|
||
return result | ||
|
||
@staticmethod | ||
def _fail_result(result, message): | ||
result['failed'] = True | ||
result['msg'] = message | ||
return result | ||
|
||
def _get_arg_or_var(self, name, default=None, is_required=True): | ||
ret = self._task.args.get(name, self._task_vars.get(name, default)) | ||
ret = self._templar.template(ret) | ||
if is_required and ret is None: | ||
raise AnsibleOptionsError("parameter %s is required" % name) | ||
else: | ||
return ret |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.