By default, the priority will be given to Local Variables than Environment Variables.
+
+If "API_TOKEN" is passed in the user variable the password variable will be interpreted as API Access Token and OAuth 2.0 based authentication is used instead of user credentials. This is useful if an external identity provider is configured for the authentication with vCloud Director.
+
VCD Ansible Modules provide sort of a unanimous response across all operations. The response shall contain atleast following properties,
diff --git a/module_utils/vcd.py b/module_utils/vcd.py index 2b0a208..af4972a 100644 --- a/module_utils/vcd.py +++ b/module_utils/vcd.py @@ -7,6 +7,7 @@ from ansible.module_utils.basic import AnsibleModule, env_fallback from pyvcloud.vcd.client import BasicLoginCredentials from requests.packages import urllib3 +from requests import post urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) @@ -43,7 +44,15 @@ def login(self): api_version=api_version, verify_ssl_certs=verify_ssl_certs) - self.client.set_credentials(BasicLoginCredentials(user, org, password)) + if user == 'API_TOKEN': + oAuthResponse = post( + 'https://{}/oauth/tenant/{}/token'.format(host, org), + data={'grant_type': 'refresh_token', 'refresh_token': password}, + ).json() + access_token = oAuthResponse['access_token'] + self.client.rehydrate_from_token(access_token, True) + else: + self.client.set_credentials(BasicLoginCredentials(user, org, password)) except Exception as error: self.fail_json(msg='Login failed for user {} to org {}'.format(user, org))