Skip to content
This repository has been archived by the owner on Mar 6, 2024. It is now read-only.

Add authentication via API token #226

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add authentication via API token #226

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions docs/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,9 @@ The end user can set login variables for specific module(s) as local variables.
<p>
By default, the priority will be given to <b>Local Variables</b> than <b>Environment Variables.</b>
</p>
<p>
If "API_TOKEN" is passed in the <code>user</code> variable the <code>password</code> variable will be interpreted as <a href=https://docs.vmware.com/en/VMware-Cloud-Director/10.4/VMware-Cloud-Director-Tenant-Portal-Guide/GUID-A1B3B2FA-7B2C-4EE1-9D1B-188BE703EEDE.html>API Access Token</a> and OAuth 2.0 based authentication is used instead of user credentials. This is useful if an <a href=https://docs.vmware.com/en/VMware-Cloud-Director/10.4/VMware-Cloud-Director-Service-Provider-Admin-Portal-Guide/GUID-3326986B-931C-4FDE-AF47-D5A863191072.html>external identity provider</a> is configured for the authentication with vCloud Director.
</p>
<li>
<h3>Response</h3>
<p>VCD Ansible Modules provide sort of a unanimous response across all operations. The response shall contain atleast following properties,</p>
Expand Down
11 changes: 10 additions & 1 deletion module_utils/vcd.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
from ansible.module_utils.basic import AnsibleModule, env_fallback
from pyvcloud.vcd.client import BasicLoginCredentials
from requests.packages import urllib3
from requests import post

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

Expand Down Expand Up @@ -43,7 +44,15 @@ def login(self):
api_version=api_version,
verify_ssl_certs=verify_ssl_certs)

self.client.set_credentials(BasicLoginCredentials(user, org, password))
if user == 'API_TOKEN':
oAuthResponse = post(
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

might want to pass verify=verify_ssl_certs as option to post() so that in case someone says verify_ssl_certs: False in their tasks it would do as it is supposed to

'https://{}/oauth/tenant/{}/token'.format(host, org),
data={'grant_type': 'refresh_token', 'refresh_token': password},
).json()
access_token = oAuthResponse['access_token']
self.client.rehydrate_from_token(access_token, True)
else:
self.client.set_credentials(BasicLoginCredentials(user, org, password))

except Exception as error:
self.fail_json(msg='Login failed for user {} to org {}'.format(user, org))
Expand Down