From 93daacd75dd917fb274ed78ea2ab271019cd1f1f Mon Sep 17 00:00:00 2001 From: sen Date: Fri, 17 Dec 2021 18:30:12 +0100 Subject: [PATCH] add api_verify variable --- .gitignore | 3 +++ plugins/doc_fragments/api.py | 6 ++++++ plugins/module_utils/base.py | 9 ++++++--- plugins/modules/harbor_config.py | 9 +++++++-- plugins/modules/harbor_garbage_collection.py | 6 ++++-- plugins/modules/harbor_project.py | 19 +++++++++++++------ plugins/modules/harbor_project_member.py | 10 +++++++--- plugins/modules/harbor_registry.py | 13 +++++++++---- plugins/modules/harbor_scan_all_schedule.py | 6 ++++-- 9 files changed, 59 insertions(+), 22 deletions(-) diff --git a/.gitignore b/.gitignore index 740c811..5600590 100644 --- a/.gitignore +++ b/.gitignore @@ -130,3 +130,6 @@ dmypy.json # Pyre type checker .pyre/ + +.vscode +ansible.cfg diff --git a/plugins/doc_fragments/api.py b/plugins/doc_fragments/api.py index 039de20..7f5f1fd 100644 --- a/plugins/doc_fragments/api.py +++ b/plugins/doc_fragments/api.py @@ -15,4 +15,10 @@ class ModuleDocFragment(object): - Password of user with admin privileges required: true type: str + api_verify: + description: + - Verify SSL Certificate for API Call + default: true + required: false + type: bool ''' diff --git a/plugins/module_utils/base.py b/plugins/module_utils/base.py index 6eb9392..961962f 100644 --- a/plugins/module_utils/base.py +++ b/plugins/module_utils/base.py @@ -8,17 +8,20 @@ class HarborBaseModule(object): COMMON_ARG_SPEC = dict( api_url=dict(type='str', required=True), api_username=dict(type='str', required=True), - api_password=dict(type='str', required=True, no_log=True) + api_password=dict(type='str', required=True, no_log=True), + api_verify=dict(type='bool', required=False, default=True) ) def __init__(self): self.api_url = self.module.params['api_url'] self.auth=(self.module.params['api_username'],self.module.params['api_password']) + self.api_verify=self.module.params['api_verify'] def getProjectByName(self, name): r = requests.get( f"{self.api_url}/projects?name={name}", - auth=self.auth + auth=self.auth, + verify=self.api_verify ) try: @@ -53,4 +56,4 @@ def requestParse(self, request): f"HTTP status code: {request.status_code}\n" \ f"Body: {request.text}" - return message \ No newline at end of file + return message diff --git a/plugins/modules/harbor_config.py b/plugins/modules/harbor_config.py index e8c8030..032f35e 100644 --- a/plugins/modules/harbor_config.py +++ b/plugins/modules/harbor_config.py @@ -52,7 +52,8 @@ def __init__(self): # Get existing configuration before_request = requests.get( self.api_url+'/configurations', - auth=self.auth + auth=self.auth, + verify=self.api_verify ) before = before_request.json() result['configuration'] = before.copy() @@ -61,6 +62,10 @@ def __init__(self): desired_configuration = self.module.params['configuration'] if desired_configuration: after_calculated = before.copy() + + # Ignore passwords as it isn't returned with API + del desired_configuration["ldap_search_password"] + for configuration in list(desired_configuration): if not configuration == "oidc_client_secret": # Check if configuration option is available @@ -102,7 +107,7 @@ def __init__(self): set_request = requests.put( self.api_url+'/configurations', auth=self.auth, - json=desired_configuration, + json=desired_configuration ) if set_request.status_code == 200: pass diff --git a/plugins/modules/harbor_garbage_collection.py b/plugins/modules/harbor_garbage_collection.py index d322ad5..1ffac7e 100644 --- a/plugins/modules/harbor_garbage_collection.py +++ b/plugins/modules/harbor_garbage_collection.py @@ -31,7 +31,8 @@ class HarborGarbageCollectionModule(HarborBaseModule): def getGarbageCollection(self): gc_request = requests.get( f"{self.api_url}/system/gc/schedule", - auth=self.auth + auth=self.auth, + verify=self.api_verify ) if(gc_request.status_code == 200 and gc_request.headers["content-length"] == "0"): return {} @@ -51,7 +52,8 @@ def putGarbageCollection(self, payload): put_gc_request = requests.put( f"{self.api_url}/system/gc/schedule", auth=self.auth, - json=payload + json=payload, + verify=self.api_verify ) if not put_gc_request.status_code == 200: self.module.fail_json(msg=self.requestParse(put_gc_request)) diff --git a/plugins/modules/harbor_project.py b/plugins/modules/harbor_project.py index cd3fc66..2e577ed 100644 --- a/plugins/modules/harbor_project.py +++ b/plugins/modules/harbor_project.py @@ -72,7 +72,8 @@ def __init__(self): if self.module.params['quota_gb'] is not None: quota_request = requests.get( f"{self.api_url}/quotas?reference_id={existing_project['project_id']}", - auth=self.auth + auth=self.auth, + verify=self.api_verify ) quota = quota_request.json()[0] actual_quota_size = quota['hard']['storage'] @@ -85,7 +86,8 @@ def __init__(self): 'hard': { 'storage': desired_quota_size } - } + }, + verify=self.api_verify ) if quota_put_request.status_code == 200: self.result['changed'] = True @@ -126,6 +128,7 @@ def __init__(self): json={ "metadata": project_desired_metadata }, + verify=self.api_verify ) if not set_request.status_code == 200: @@ -133,7 +136,8 @@ def __init__(self): after_request =requests.get( f'{self.api_url}/projects/{existing_project["project_id"]}', - auth=self.auth + auth=self.auth, + verify=self.api_verify ) after = after_request.json() self.result['project'] = copy.deepcopy(after) @@ -156,7 +160,8 @@ def __init__(self): if self.module.params['cache_registry'] is not None: registry_request = requests.get( f"{self.api_url}/registries?q=name%3D{self.module.params['cache_registry']}", - auth=self.auth + auth=self.auth, + verify=self.api_verify ) try: @@ -167,7 +172,8 @@ def __init__(self): create_project_request = requests.post( self.api_url+'/projects', auth=self.auth, - json=data + json=data, + verify=self.api_verify ) if not create_project_request.status_code == 201: @@ -175,7 +181,8 @@ def __init__(self): after_request = requests.get( f"{self.api_url}/projects?page=1&page_size=1&name={self.module.params['name'] }", - auth=self.auth + auth=self.auth, + verify=self.api_verify ) self.result['project'] = copy.deepcopy(after_request.json()) self.result['changed'] = True diff --git a/plugins/modules/harbor_project_member.py b/plugins/modules/harbor_project_member.py index 7b54b51..91b755c 100644 --- a/plugins/modules/harbor_project_member.py +++ b/plugins/modules/harbor_project_member.py @@ -74,7 +74,8 @@ def getMemberName(self): def listProjectMembers(self, project_id): member_list_request = requests.get( f"{self.api_url}/projects/{project_id}/members", - auth=self.auth + auth=self.auth, + verify=self.api_verify ) member_list = member_list_request.json() self.result['member_list'] = member_list @@ -163,7 +164,8 @@ def __init__(self): f"{self.api_url}/projects/{project_id}/members/{member['id']}", json={ "role_id": self.role_id - } + }, + verify=self.api_verify ) if not put_project_member_request.status_code == 200: self.module.fail_json(msg=self.requestParse(put_project_member_request)) @@ -182,6 +184,7 @@ def __init__(self): if not self.module.check_mode: delete_project_member_request = requests.delete( f"{self.api_url}/projects/{project_id}/members/{member['id']}", + verify=self.api_verify ) if not delete_project_member_request.status_code == 200: self.module.fail_json(msg=self.requestParse(delete_project_member_request)) @@ -211,7 +214,8 @@ def __init__(self): create_project_member_request = requests.post( f"{self.api_url}/projects/{project_id}/members", auth=self.auth, - json=create_payload + json=create_payload, + verify=self.api_verify ) if not create_project_member_request.status_code == 201: diff --git a/plugins/modules/harbor_registry.py b/plugins/modules/harbor_registry.py index 5e65393..13995f4 100644 --- a/plugins/modules/harbor_registry.py +++ b/plugins/modules/harbor_registry.py @@ -64,7 +64,8 @@ def __init__(self): existing_registry_request = requests.get( f"{self.api_url}/registries?q=name%3D{self.module.params['name']}", - auth=self.auth + auth=self.auth, + verify=self.api_verify ) existing_registry = existing_registry_request.json() @@ -119,6 +120,7 @@ def __init__(self): f'{self.api_url}/registries/{existing_registry["id"]}', auth=self.auth, json=desired_registry, + verify=self.api_verify ) if not set_request.status_code == 200: @@ -126,7 +128,8 @@ def __init__(self): after_request =requests.get( f'{self.api_url}/registries/{existing_registry["id"]}', - auth=self.auth + auth=self.auth, + verify=self.api_verify ) after = after_request.json() after['credential'].pop("access_secret", None) @@ -144,14 +147,16 @@ def __init__(self): create_project_request = requests.post( self.api_url+'/registries', auth=self.auth, - json=desired_registry + json=desired_registry, + verify=self.api_verify ) if not create_project_request.status_code == 201: self.module.fail_json(msg=self.requestParse(create_project_request)) after_request =requests.get( f"{self.api_url}/registries?q=name%3D{self.module.params['name']}", - auth=self.auth + auth=self.auth, + verify=self.api_verify ) self.result['registry'] = copy.deepcopy(after_request.json()) diff --git a/plugins/modules/harbor_scan_all_schedule.py b/plugins/modules/harbor_scan_all_schedule.py index 8f47d54..51c6612 100644 --- a/plugins/modules/harbor_scan_all_schedule.py +++ b/plugins/modules/harbor_scan_all_schedule.py @@ -31,7 +31,8 @@ class HarborScanAllScheduleModule(HarborBaseModule): def getSchedule(self): schedule_request = requests.get( f"{self.api_url}/system/scanAll/schedule", - auth=self.auth + auth=self.auth, + verify=self.api_verify ) if(schedule_request.status_code == 200 and schedule_request.headers["content-length"] == "0"): @@ -47,7 +48,8 @@ def putSchedule(self, payload): put_schedule_request = requests.put( f"{self.api_url}/system/scanAll/schedule", auth=self.auth, - json=payload + json=payload, + verify=self.api_verify ) if not put_schedule_request.status_code == 200: self.module.fail_json(msg=self.requestParse(put_schedule_request))