Update to horizon2.4 (#10)

Compatibility with Horizon 2.4 --------- Co-authored-by: AdrienDucourthial <[email protected]> Co-authored-by: Antonin <[email protected]> Co-authored-by: Soufiane Bouarfa <[email protected]> Co-authored-by: KT0 <[email protected]>
evertrust · Jul 25, 2023 · 2cf981b · 2cf981b
1 parent 2703578
commit 2cf981b
Show file tree

Hide file tree

Showing 32 changed files with 2,038 additions and 566 deletions.
diff --git a/.github/workflows/build_doc.yaml b/.github/workflows/build_doc.yaml
@@ -24,19 +24,25 @@ jobs:
       run: ansible-galaxy collection install .
 
     - name: Build ansible docs with antsibull-doc
-      run: antsibull-docs collection --use-current --squash-hierarchy --dest-dir=docs/ evertrust.horizon
+      run: antsibull-docs sphinx-init --use-current --squash-hierarchy --dest-dir=docs/ --project "Horizon Ansible" --copyright "2023, Evertrust" --title "Horizon Ansible Documentation" evertrust.horizon
+
+    - name: Install requirements
+      run: pip install -r ./docs/requirements.txt
+
+    - name: Add custom script to reformat doc
+      run: sed -i 's/\(sphinx-build.*\)/python reformat.py || python3 reformat.py\n\1/' docs/build.sh
+
+    - name: Build with sphinx
+      run: ./docs/build.sh
 
-    - name: Build with Sphinx
-      run: sphinx-build docs/ docs/html
-
     - name: Configure Pages
       uses: actions/configure-pages@v3
-      
+
     - name: Upload artifact
       uses: actions/upload-pages-artifact@v1
       with:
         # Upload entire repository
-        path: ./docs/html
+        path: ./docs/build/html
 
   # Deployment job
   deploy:

diff --git a/README.md b/README.md
@@ -10,9 +10,10 @@ This collection requires Python 3.6 or greater. It offers compatibility with the
 
 | Collection version | Horizon version |
 |--------------------|-----------------|
-| 1.2.0              | 2.2.0+          |
-| 1.1.0              | 2.2.0+          |
-| 1.0.1              | 2.0.0+          |
+| 1.3.0              | 2.2.0+          |
+| 1.2.0              | 2.2.0 - 2.3.x   |
+| 1.1.0              | 2.2.0 - 2.3.x   |
+| 1.0.1              | 2.0.0 - 2.3.x   |
 
 
 ### Ansible Galaxy

diff --git a/docs/reformat.py b/docs/reformat.py
@@ -0,0 +1,21 @@
+import os
+import re
+
+# Adding captions in index file
+with open('rst/index.rst', 'r') as file:
+    content = file.read()
+content = re.sub(r':hidden:\n.*\n( +)horizon_', r':hidden:\n\g<1>:caption: Module:\n\n\g<1>horizon_', content, 1)
+content = re.sub(r':hidden:\n.*\n( +)horizon_', r':hidden:\n\g<1>:caption: Inventory:\n\n\g<1>horizon_', content, 1)
+content = re.sub(r':hidden:\n.*\n( +)horizon_', r':hidden:\n\g<1>:caption: Lookup:\n\n\g<1>horizon_', content, 1)
+with open('rst/index.rst', 'w') as file:
+    file.write(content)
+
+# Removing signature from titles
+for file_name in os.listdir("rst"):
+    if file_name.startswith("horizon_") :
+        # Must remove signature title
+        with open('rst/' + file_name, 'r') as file:
+            content = file.read()
+        content = re.sub(r'(\.\. Title)\n.*\n.*?-- (.*?)', r'\g<1>\n\n\g<2>', content, 1)
+        with open('rst/' + file_name, 'w') as file:
+            file.write(content)
diff --git a/galaxy.yml b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: evertrust
 name: horizon
-version: 1.2.0
+version: 1.3.0
 readme: README.md
 authors:
 - EverTrust R&D (@Evertrust)

diff --git a/meta/runtime.yml b/meta/runtime.yml
@@ -4,6 +4,7 @@ action_groups:
   horizon:
     - horizon_enroll
     - horizon_recover
+    - horizon_renew
     - horizon_revoke
     - horizon_update
     - horizon_feed

diff --git a/plugins/action/horizon_enroll.py b/plugins/action/horizon_enroll.py
@@ -6,16 +6,17 @@
 
 __metaclass__ = type
 
-from ansible.errors import AnsibleAction
+from ansible.errors import AnsibleError
 from ansible_collections.evertrust.horizon.plugins.module_utils.horizon_action import HorizonAction
 from ansible_collections.evertrust.horizon.plugins.module_utils.horizon_crypto import HorizonCrypto
+from ansible_collections.evertrust.horizon.plugins.module_utils.horizon_errors import HorizonError
 
 
 class ActionModule(HorizonAction):
     TRANSFERS_FILES = True
 
     def _args(self):
-        return ['mode', 'password', 'key_type', 'csr', 'profile', 'subject', 'sans', 'labels', 'metadata', 'owner', 'team']
+        return ['mode', 'password', 'key_type', 'csr', 'profile', 'subject', 'sans', 'labels', 'metadata', 'owner', 'team', 'contact_email']
 
     def run(self, tmp=None, task_vars=None):
         result = super(ActionModule, self).run(tmp, task_vars)
@@ -24,15 +25,22 @@ def run(self, tmp=None, task_vars=None):
             client = self._get_client()
             content = self._get_content()
             should_generate_csr = content["mode"] == "decentralized" and content['csr'] is None
-            generated_key = None
+
+            if content["subject"] == None:
+                raise AnsibleError("The subject parameter is mandatory.")
 
             # Generate a key pair and CSR if none was provided
             if should_generate_csr:
-                private_key, public_key = HorizonCrypto.generate_key_pair(content['key_type'])
-                csr = HorizonCrypto.generate_pckcs10(subject=content['subject'], private_key=private_key)
-                content['csr'] = csr
+                if content["key_type"] != None:
+                    try:
+                        private_key, public_key = HorizonCrypto.generate_key_pair(content['key_type'])
+                        csr = HorizonCrypto.generate_pckcs10(subject=content['subject'], private_key=private_key)
+                        content['csr'] = csr
+                    except Exception as e:
+                        raise AnsibleError(e)
+                else:
+                    raise AnsibleError("When using the decentralized mode, either a csr or the key_type is mandatory.")
 
-            result = {}
             response = client.enroll(**content)
 
             if "certificate" in response:
@@ -50,7 +58,7 @@ def run(self, tmp=None, task_vars=None):
                 result["key"] = HorizonCrypto.get_key_from_p12(response["pkcs12"]["value"],
                                                                response["password"]["value"])
 
-        except AnsibleAction as e:
-            result.update(e.result)
+        except HorizonError as e:
+            raise AnsibleError(e.full_message)
 
         return result
diff --git a/plugins/action/horizon_feed.py b/plugins/action/horizon_feed.py
@@ -22,7 +22,9 @@ def run(self, tmp=None, task_vars=None):
         try:
             client = self._get_client()
             content = self._get_content()
-            result['response'] = client.feed(**content)
+            response = client.feed(**content)
+
+            result['response'] = response
 
         except AnsibleAction as e:
             result.update(e.result)

diff --git a/plugins/action/horizon_recover.py b/plugins/action/horizon_recover.py
@@ -7,9 +7,10 @@
 
 __metaclass__ = type
 
-from ansible.errors import AnsibleAction
+from ansible.errors import AnsibleError
 from ansible_collections.evertrust.horizon.plugins.module_utils.horizon_action import HorizonAction
 from ansible_collections.evertrust.horizon.plugins.module_utils.horizon_crypto import HorizonCrypto
+from ansible_collections.evertrust.horizon.plugins.module_utils.horizon_errors import HorizonError
 
 
 class ActionModule(HorizonAction):
@@ -25,18 +26,18 @@ def run(self, tmp=None, task_vars=None):
             client = self._get_client()
             content = self._get_content()
             response = client.recover(**content)
-            chain = client.chain(response["certificate"]["certificate"])
-            my_dict = {
-                "chain": chain,
-                "certificate": response["certificate"],
-                "p12_password": response["password"]["value"]
-            }
+
+            if "certificate" in response:
+                result["certificate"] = response["certificate"]
+                result["chain"] = client.chain(response["certificate"]["certificate"])
 
             if "pkcs12" in response:
-                my_dict["p12"] = response["pkcs12"]["value"]
-                my_dict["key"] = HorizonCrypto.get_key_from_p12(response["pkcs12"]["value"], response["password"]["value"])
+                result["p12"] = response["pkcs12"]["value"]
+                result["p12_password"] = response["password"]["value"]
+                result["key"] = HorizonCrypto.get_key_from_p12(response["pkcs12"]["value"], response["password"]["value"])
 
-            return my_dict
 
-        except AnsibleAction as e:
-            result.update(e.result)
+        except HorizonError as e:
+            raise AnsibleError(e.full_message)
+
+        return result
diff --git a/plugins/action/horizon_renew.py b/plugins/action/horizon_renew.py
@@ -0,0 +1,42 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Standard base includes and define this as a metaclass of type
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+from ansible.errors import AnsibleError
+from ansible_collections.evertrust.horizon.plugins.module_utils.horizon_action import HorizonAction
+from ansible_collections.evertrust.horizon.plugins.module_utils.horizon_crypto import HorizonCrypto
+from ansible_collections.evertrust.horizon.plugins.module_utils.horizon_errors import HorizonError
+
+
+class ActionModule(HorizonAction):
+    TRANSFERS_FILES = True
+
+    def _args(self):
+        return ['certificate_id', 'certificate_pem', 'password']
+
+    def run(self, tmp=None, task_vars=None):
+        result = super(ActionModule, self).run(tmp, task_vars)
+
+        try: 
+            client = self._get_client()
+            content = self._get_content()
+            response = client.renew(**content)
+
+            if "certificate" in response:
+                result["certificate"] = response["certificate"]
+                result["chain"] = client.chain(result["certificate"]["certificate"])
+
+            if "pkcs12" in response.keys():
+                result["p12"] = response["pkcs12"]["value"]
+                result["p12_password"] = response["password"]["value"]
+                result["key"] = HorizonCrypto.get_key_from_p12(response["pkcs12"]["value"],
+                                                               response["password"]["value"])
+
+        except HorizonError as e:
+            raise AnsibleError(e.full_message)
+
+        return result
diff --git a/plugins/action/horizon_revoke.py b/plugins/action/horizon_revoke.py
@@ -6,6 +6,7 @@
 
 __metaclass__ = type
 
+from ansible.errors import AnsibleError
 from ansible_collections.evertrust.horizon.plugins.module_utils.horizon_action import HorizonAction
 from ansible_collections.evertrust.horizon.plugins.module_utils.horizon_errors import HorizonError
 
@@ -23,11 +24,16 @@ def run(self, tmp=None, task_vars=None):
             client = self._get_client()
             content = self._get_content()
             skip_already_revoked = bool(content.pop("skip_already_revoked"))
-            result = client.revoke(**content)
+            response = client.revoke(**content)
+
+            if "certificate" in response:
+                result["certificate"] = response["certificate"]
+                result["chain"] = client.chain(result["certificate"]["certificate"])
+
         except HorizonError as e:
             if e.code == 'WEBRA-REVOKE-005' and skip_already_revoked:
                 pass
             else:
-                raise e
+                raise AnsibleError(e.full_message)
 
         return result
diff --git a/plugins/action/horizon_update.py b/plugins/action/horizon_update.py
@@ -7,23 +7,30 @@
 __metaclass__ = type
 
 
-from ansible.errors import AnsibleAction
+from ansible.errors import AnsibleError
 from ansible_collections.evertrust.horizon.plugins.module_utils.horizon_action import HorizonAction
+from ansible_collections.evertrust.horizon.plugins.module_utils.horizon_errors import HorizonError
+
 
 class ActionModule(HorizonAction):
     TRANSFERS_FILES = True
 
     def _args(self):
-        return ["labels", "certificate_pem", "metadata", "owner", "team"]
+        return ["labels", "certificate_pem", "metadata", "owner", "team", "contact_email"]
 
     def run(self, tmp=None, task_vars=None):
         result = super(ActionModule, self).run(tmp, task_vars)
 
         try:
             client = self._get_client()
             content = self._get_content()
-            result = client.update(**content)
-        except AnsibleAction as e:
-            result.update(e.result)
+            response = client.update(**content)
+
+            if "certificate" in response:
+                result["certificate"] = response["certificate"]
+                result["chain"] = client.chain(result["certificate"]["certificate"])
+
+        except HorizonError as e:
+            raise AnsibleError(e.full_message)
 
         return result