Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doc correction
Thanks @mlabarre. To the current maintainers, @emonty, @Shrews, @juliakreger, @j2sol, @rcarrillocruz please review according to guidelines (http://docs.ansible.com/ansible/developing_modules.html#module-checklist) and comment with text 'shipit', 'needs_revision' or 'close_me' as appropriate. [This message brought to you by your friendly Ansibull-bot.] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not blocking this, as I haven't read through the rest, but I'd rather get questions answered before spending more time reading the code.
@@ -0,0 +1,334 @@ | |||
#!/usr/bin/python | |||
|
|||
# Copyright (c) 2016 Helicom |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we get a contact information on this, in case of future relicensing requests?
- for V2 version, only public_url, internal_url and admin_url | ||
can be specified (not interface, neither url). | ||
- for V3 version, only interface AND url can be specified | ||
(no public_url, internal_url and admin_url). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it not possible to just take in URL and interface as module arguments, and then internally or through shade decide how to represent the data to the API? The input to the module shouldn't change. The admin still has to provide a URL and some indication of what type of URL it is. I don't think the arguments to the ansible module should change depending on API version.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct j2sol, this should be using ansibles mutually exclusive options. The options can be either public_url, admin_url, internal_url OR interface and url. Both of these types work with either v2.0 or v3. There is no version dependency on making them work.
Hello
|
Format is better below: Yesterday I've post a request for the same module having the following signature
Module refused because I test the API version in code and this kind would be executed by Shade. For admin it was transparent. |
I believe @SamYaple objected to the code inside the module that was doing v2/v3 detection and logic. He was not objecting to the module input signature, but I'll let him confirm this. |
- for V2 version, only public_url, internal_url and admin_url | ||
can be specified (not interface, neither url). | ||
- for V3 version, only interface AND url can be specified | ||
(no public_url, internal_url and admin_url). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct j2sol, this should be using ansibles mutually exclusive options. The options can be either public_url, admin_url, internal_url OR interface and url. Both of these types work with either v2.0 or v3. There is no version dependency on making them work.
required: true | ||
interface: | ||
description: | ||
- Endpoint type (ie 'public', 'internal', 'admin') (v3 format). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
all references to "v3 format" or "v2 format" should be removed
''' | ||
|
||
RETURN = ''' | ||
# |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
commenting so its not lost, im sure you are just waiting, but this should be filled out before merge
|
||
def main(): | ||
|
||
global cloud, module |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please do not use globals
module = AnsibleModule(argument_spec, | ||
supports_check_mode=True, | ||
**module_kwargs) | ||
# role grant/revoke API introduced in 1.11.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this comment is not accurate, specifically it should be that update was added in 1.11.0 and v3 support was fully implemented. But i dont think the comment is needed at all
interface = module.params.get('interface', None) | ||
url = module.params.get('url', None) | ||
region = module.params.get('region', None) | ||
enabled = "True" == module.params.get('enabled', True) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the bool type if set correctly will prevent the need to do this
current_endpoint = get_endpoint(service_id, interface) | ||
|
||
if current_endpoint is None and state == 'absent': | ||
module.exit_json(changed=False) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See the functions named '_system_state_change' and '_needs_update' in the other ansible shade modules and how those are structured. Please implement that here (rather than in the main() function)
else: | ||
# No update possible in V2.0. So we must delete | ||
# and recreate. | ||
cloud.delete_endpoint(current_endpoint.id) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This prevents the module from being idempotent. We cannot do this. Since this is a module that could only be used by cloud operators it is expected they should know if they are using v2.0 and v3, and the appropriate capabilities. Therefore, if shade returns and error letting them know the cloud doesnt support this feature, it should be passed to the user.
if changed: | ||
if state == "present": | ||
if current_endpoint is None: | ||
cloud.create_endpoint(service_id, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
due to the way shade works, it is safe to pass interface, url, public_url, admin_url, and internal_url for each request, as long as they are set to None. That just means the logic for mutually_exclusive bits must be handled appropriately in the ansible module and then we can safely pass them all through.
if current_endpoint is None: | ||
changed = True | ||
else: | ||
if url and (enabled is not None |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this logic is not correct since you can pass interface+url to a v2.0 endpoint through shade (shade handles that on the backed). Therefore it is not safe to assume just because the url is set this will be a v2.0 endpoint like you appear to be
ok |
Deletes are done with the endpoint id for a reason. You must supply an id to shade to delete an endpoint. v2 create with the *_url variables returns a list with a single endpoint v2 delete is the same as v3, the difference in the ansible module would be it would delete 3 endpoints on v3 and only a single endpoint on v2. As with all the other modules, if an endpoint search reveals multiple matches, we must abort and tell the user to fix that. |
"v2 delete is the same as v3, the difference in the ansible module would be it would delete 3 endpoints on v3 and only a single endpoint on v2." Absolutely no. in V3 if when you supply an interface with state = "absent" you would delete only this interface, not the endpoint. And you have not necessary 3 endpoints in V3. |
The return value from shade being normalized for v2.0 and v3 endpoints will be happening, though that doesn't directly influence the flow of this module. When you specify v2.0 interface+url and set state to absent, then absolutely it will work the same for v2 and v3. With v2.0, a single endpoint has public, admin, and internal_url. But it doesn't have a hard requirement on having all of those set (infact, the only requirement is having public_url set in v2.0). Therefore there will not be a valid match and no change will occur on v2.0 endpoint. All of this logic is currently baked into shade. It would simply be a matter of properly searching in the ansible module. Remember, the only way to delete is to pass an endpoint id. Searching will be the responsibility of the module. I have been unfortunately busy in the past few weeks so I have no submitted this PR myself, but if you would like me to submit a PR for this module to show you the logic I can. |
As I said before the creation of the endpoint is not a problem (shade Lorsque les arguments publicurl, etc. sont fournis (totalement ou When publicurl arguments, etc. are provided (all or part thereof) : Now suppose a E1 endpoint created in v3: and E2 endpoint created in v2:
test 1.1
test 1.2
test 1.3
test 1.4
test 1.5
test 1.6
2.1 test
2.2 test
2.3 test
test 2.4
test 2.5
test 2.6
With the good responses, module would be ok. Le 22/09/2016 à 22:47, Sam Yaple a écrit :
|
Keystone v2.0 endpoints cannot be updated. So if a playbook is run that tries to update v2.0 endpoints, it should fail. I don't agree with deleting and recreating the endpoints for v2.0 (nor do we do that in other modules with a similar problem). In your v2.0 examples, you have several where because it returns a single endpoint, you use it outright, but you should not be. If the endpoint doesn't match what you have, then you should not be using it. In this case, you should be ensuring that the public + admin + internal url all match what the ansible module was given. In the case of passing interface + url to v2.0 api, there is only one time that that will ever match with ansible, and that is when passing the public interface option since the public interface is required for v2.0. It should not be matching internal or admin url individually. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with @SamYaple in his reviews.
|
||
DOCUMENTATION = ''' | ||
--- | ||
module: os_api_endpoint |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
os_keystone_endpoint
This repository has been locked. All new issues and pull requests should be filed in https://github.com/ansible/ansible Please read through the repomerge page in the dev guide. The guide contains links to tools which automatically move your issue or pull request to the ansible/ansible repo. |
1 similar comment
This repository has been locked. All new issues and pull requests should be filed in https://github.com/ansible/ansible Please read through the repomerge page in the dev guide. The guide contains links to tools which automatically move your issue or pull request to the ansible/ansible repo. |
ISSUE TYPE
COMPONENT NAME
os_keystone_endpointANSIBLE VERSION
SUMMARY
Create / modify and delete endpoints