diff --git a/changelogs/fragments/lookups.yml b/changelogs/fragments/lookups.yml new file mode 100644 index 000000000..1c8d0172f --- /dev/null +++ b/changelogs/fragments/lookups.yml @@ -0,0 +1,9 @@ +minor_changes: + - Lookup modules - Enable usage of ini files, environment and inventory variables + to configure basic settings for the lookup plugins, like e.g., the server_url or site + alongside the authentication options. Refer to the module documentation for details. + +known_issues: + - Lookup modules - When using inventory variables to configure e.g., the server_url, + it is not possible to assign other variables to these variables. + This is a limitation of Ansble itself. diff --git a/plugins/lookup/bakery.py b/plugins/lookup/bakery.py index 0346e3122..6308bb351 100644 --- a/plugins/lookup/bakery.py +++ b/plugins/lookup/bakery.py @@ -79,11 +79,13 @@ If you need to use different permissions, you must change the command or run Ansible as another user. - Alternatively, you can use a shell/command task that runs against localhost and registers the result. - The directory of the play is used as the current working directory. + - It is B(NOT) possible to assign other variables to the variables mentioned in the C(vars) section! + This is a limitation of Ansible itself. """ EXAMPLES = """ - name: "Show bakery status" - debug: + ansible.builtin.debug: msg: "Bakery status is {{ bakery }}" vars: bakery: "{{ lookup('checkmk.general.bakery', @@ -93,6 +95,17 @@ automation_user=automation_user, automation_secret=automation_secret )}}" + +- name: "Use variables outside the module call." + ansible.builtin.debug: + msg: "Bakery status is {{ bakery }}" + vars: + ansible_lookup_checkmk_server_url: "{{ checkmk_var_server_url }}" + ansible_lookup_checkmk_site: "{{ outer_item.site }}" + ansible_lookup_checkmk_automation_user: "{{ checkmk_var_automation_user }}" + ansible_lookup_checkmk_automation_secret: "{{ checkmk_var_automation_secret }}" + ansible_lookup_checkmk_validate_certs: false + bakery: "{{ lookup('checkmk.general.bakery') }}" """ RETURN = """ diff --git a/plugins/lookup/folder.py b/plugins/lookup/folder.py index 56a204ca2..a2b5db1cd 100644 --- a/plugins/lookup/folder.py +++ b/plugins/lookup/folder.py @@ -83,6 +83,8 @@ If you need to use different permissions, you must change the command or run Ansible as another user. - Alternatively, you can use a shell/command task that runs against localhost and registers the result. - The directory of the play is used as the current working directory. + - It is B(NOT) possible to assign other variables to the variables mentioned in the C(vars) section! + This is a limitation of Ansible itself. """ EXAMPLES = """ @@ -100,6 +102,17 @@ validate_certs=False ) }}" + +- name: "Use variables outside the module call." + ansible.builtin.debug: + msg: "Attributes of folder /network: {{ attributes }}" + vars: + ansible_lookup_checkmk_server_url: "{{ checkmk_var_server_url }}" + ansible_lookup_checkmk_site: "{{ outer_item.site }}" + ansible_lookup_checkmk_automation_user: "{{ checkmk_var_automation_user }}" + ansible_lookup_checkmk_automation_secret: "{{ checkmk_var_automation_secret }}" + ansible_lookup_checkmk_validate_certs: false + attributes: "{{ lookup('checkmk.general.folder', '~tests') }}" """ RETURN = """ diff --git a/plugins/lookup/folders.py b/plugins/lookup/folders.py index 8a3a9708a..4a18d7aaf 100644 --- a/plugins/lookup/folders.py +++ b/plugins/lookup/folders.py @@ -96,6 +96,8 @@ If you need to use different permissions, you must change the command or run Ansible as another user. - Alternatively, you can use a shell/command task that runs against localhost and registers the result. - The directory of the play is used as the current working directory. + - It is B(NOT) possible to assign other variables to the variables mentioned in the C(vars) section! + This is a limitation of Ansible itself. """ EXAMPLES = """ @@ -136,6 +138,24 @@ loop: "{{ looping|subelements('members.hosts.value') }}" loop_control: label: "{{ item.0.id }}" + +- name: "Use variables outside the module call." + ansible.builtin.debug: + msg: "Folder tree: {{ item.id }}" + vars: + ansible_lookup_checkmk_server_url: "{{ checkmk_var_server_url }}" + ansible_lookup_checkmk_site: "{{ outer_item.site }}" + ansible_lookup_checkmk_automation_user: "{{ checkmk_var_automation_user }}" + ansible_lookup_checkmk_automation_secret: "{{ checkmk_var_automation_secret }}" + ansible_lookup_checkmk_validate_certs: false + loop: "{{ + lookup('checkmk.general.folders', + '~', + show_hosts=False, + recursive=True, + ) }}" + loop_control: + label: "{{ item.id }}" """ RETURN = """ diff --git a/plugins/lookup/host.py b/plugins/lookup/host.py index a4145221d..af9a191fc 100644 --- a/plugins/lookup/host.py +++ b/plugins/lookup/host.py @@ -89,6 +89,8 @@ If you need to use different permissions, you must change the command or run Ansible as another user. - Alternatively, you can use a shell/command task that runs against localhost and registers the result. - The directory of the play is used as the current working directory. + - It is B(NOT) possible to assign other variables to the variables mentioned in the C(vars) section! + This is a limitation of Ansible itself. """ EXAMPLES = """ @@ -107,6 +109,17 @@ validate_certs=False ) }}" + +- name: "Use variables outside the module call." + ansible.builtin.debug: + msg: "Attributes of host example: {{ attributes }}" + vars: + ansible_lookup_checkmk_server_url: "{{ checkmk_var_server_url }}" + ansible_lookup_checkmk_site: "{{ outer_item.site }}" + ansible_lookup_checkmk_automation_user: "{{ checkmk_var_automation_user }}" + ansible_lookup_checkmk_automation_secret: "{{ checkmk_var_automation_secret }}" + ansible_lookup_checkmk_validate_certs: false + attributes: "{{ lookup('checkmk.general.host', 'example.com', effective_attributes=True) }}" """ RETURN = """ diff --git a/plugins/lookup/hosts.py b/plugins/lookup/hosts.py index 79f2e744e..50756e84a 100644 --- a/plugins/lookup/hosts.py +++ b/plugins/lookup/hosts.py @@ -86,6 +86,8 @@ If you need to use different permissions, you must change the command or run Ansible as another user. - Alternatively, you can use a shell/command task that runs against localhost and registers the result. - The directory of the play is used as the current working directory. + - It is B(NOT) possible to assign other variables to the variables mentioned in the C(vars) section! + This is a limitation of Ansible itself. """ EXAMPLES = """ @@ -104,6 +106,20 @@ }}" loop_control: label: "{{ item.id }}" + +- name: "Use variables outside the module call." + ansible.builtin.debug: + msg: "Host: {{ item.id }} in folder {{ item.extensions.folder }}, IP: {{ item.extensions.effective_attributes.ipaddress }}" + vars: + ansible_lookup_checkmk_server_url: "{{ checkmk_var_server_url }}" + ansible_lookup_checkmk_site: "{{ outer_item.site }}" + ansible_lookup_checkmk_automation_user: "{{ checkmk_var_automation_user }}" + ansible_lookup_checkmk_automation_secret: "{{ checkmk_var_automation_secret }}" + ansible_lookup_checkmk_validate_certs: false + loop: "{{ + lookup('checkmk.general.hosts', effective_attributes=True) }}" + loop_control: + label: "{{ item.id }}" """ RETURN = """ diff --git a/plugins/lookup/rule.py b/plugins/lookup/rule.py index 441b3ac71..105f39034 100644 --- a/plugins/lookup/rule.py +++ b/plugins/lookup/rule.py @@ -83,6 +83,8 @@ If you need to use different permissions, you must change the command or run Ansible as another user. - Alternatively, you can use a shell/command task that runs against localhost and registers the result. - The directory of the play is used as the current working directory. + - It is B(NOT) possible to assign other variables to the variables mentioned in the C(vars) section! + This is a limitation of Ansible itself. """ EXAMPLES = """ @@ -100,6 +102,17 @@ validate_certs=False ) }}" + +- name: "Use variables outside the module call." + ansible.builtin.debug: + msg: "Rule: {{ extensions }}" + vars: + ansible_lookup_checkmk_server_url: "{{ checkmk_var_server_url }}" + ansible_lookup_checkmk_site: "{{ outer_item.site }}" + ansible_lookup_checkmk_automation_user: "{{ checkmk_var_automation_user }}" + ansible_lookup_checkmk_automation_secret: "{{ checkmk_var_automation_secret }}" + ansible_lookup_checkmk_validate_certs: false + attributes: "{{ lookup('checkmk.general.rule', rule_id='a9285bc1-dcaf-45e0-a3ba-ad398ef06a49') }}" """ RETURN = """ diff --git a/plugins/lookup/rules.py b/plugins/lookup/rules.py index a9b954f8c..c36349ea7 100644 --- a/plugins/lookup/rules.py +++ b/plugins/lookup/rules.py @@ -93,6 +93,8 @@ If you need to use different permissions, you must change the command or run Ansible as another user. - Alternatively, you can use a shell/command task that runs against localhost and registers the result. - The directory of the play is used as the current working directory. + - It is B(NOT) possible to assign other variables to the variables mentioned in the C(vars) section! + This is a limitation of Ansible itself. """ EXAMPLES = """ @@ -129,6 +131,20 @@ }}" loop_control: label: "{{ item.id }}" + +- name: "Use variables outside the module call." + ansible.builtin.debug: + msg: "Rule: {{ item.extensions }}" + vars: + ansible_lookup_checkmk_server_url: "{{ checkmk_var_server_url }}" + ansible_lookup_checkmk_site: "{{ outer_item.site }}" + ansible_lookup_checkmk_automation_user: "{{ checkmk_var_automation_user }}" + ansible_lookup_checkmk_automation_secret: "{{ checkmk_var_automation_secret }}" + ansible_lookup_checkmk_validate_certs: false + loop: "{{ + lookup('checkmk.general.rules', ruleset='host_groups') }}" + loop_control: + label: "{{ item.id }}" """ RETURN = """ diff --git a/plugins/lookup/ruleset.py b/plugins/lookup/ruleset.py index d25d1cb05..790fd7db9 100644 --- a/plugins/lookup/ruleset.py +++ b/plugins/lookup/ruleset.py @@ -83,6 +83,8 @@ If you need to use different permissions, you must change the command or run Ansible as another user. - Alternatively, you can use a shell/command task that runs against localhost and registers the result. - The directory of the play is used as the current working directory. + - It is B(NOT) possible to assign other variables to the variables mentioned in the C(vars) section! + This is a limitation of Ansible itself. """ EXAMPLES = """ @@ -100,6 +102,17 @@ validate_certs=False ) }}" + +- name: "Use variables outside the module call." + ansible.builtin.debug: + msg: "Ruleset: {{ extensions }}" + vars: + ansible_lookup_checkmk_server_url: "{{ checkmk_var_server_url }}" + ansible_lookup_checkmk_site: "{{ outer_item.site }}" + ansible_lookup_checkmk_automation_user: "{{ checkmk_var_automation_user }}" + ansible_lookup_checkmk_automation_secret: "{{ checkmk_var_automation_secret }}" + ansible_lookup_checkmk_validate_certs: false + extensions: "{{ lookup('checkmk.general.ruleset', ruleset='host_groups') }}" """ RETURN = """ diff --git a/plugins/lookup/rulesets.py b/plugins/lookup/rulesets.py index 349920375..10acc985d 100644 --- a/plugins/lookup/rulesets.py +++ b/plugins/lookup/rulesets.py @@ -102,6 +102,8 @@ If you need to use different permissions, you must change the command or run Ansible as another user. - Alternatively, you can use a shell/command task that runs against localhost and registers the result. - The directory of the play is used as the current working directory. + - It is B(NOT) possible to assign other variables to the variables mentioned in the C(vars) section! + This is a limitation of Ansible itself. """ EXAMPLES = """ @@ -139,6 +141,20 @@ }}" loop_control: label: "{{ item.0.id }}" + +- name: "Use variables outside the module call." + ansible.builtin.debug: + msg: "Ruleset {{ item.extension.name }} is deprecated." + vars: + ansible_lookup_checkmk_server_url: "{{ checkmk_var_server_url }}" + ansible_lookup_checkmk_site: "{{ outer_item.site }}" + ansible_lookup_checkmk_automation_user: "{{ checkmk_var_automation_user }}" + ansible_lookup_checkmk_automation_secret: "{{ checkmk_var_automation_secret }}" + ansible_lookup_checkmk_validate_certs: false + loop: "{{ + lookup('checkmk.general.rulesets', regex='', rulesets_deprecated=True, rulesets_used=True) }}" + loop_control: + label: "{{ item.0.id }}" """ RETURN = """ diff --git a/plugins/lookup/version.py b/plugins/lookup/version.py index 5a87f4ded..389876af2 100644 --- a/plugins/lookup/version.py +++ b/plugins/lookup/version.py @@ -79,6 +79,8 @@ If you need to use different permissions, you must change the command or run Ansible as another user. - Alternatively, you can use a shell/command task that runs against localhost and registers the result. - The directory of the play is used as the current working directory. + - It is B(NOT) possible to assign other variables to the variables mentioned in the C(vars) section! + This is a limitation of Ansible itself. """ EXAMPLES = """ @@ -92,6 +94,17 @@ automation_user=my_user, automation_secret=my_secret )}}" + +- name: "Use variables outside the module call." + ansible.builtin.debug: + msg: "Server version is {{ version }}" + vars: + ansible_lookup_checkmk_server_url: "{{ checkmk_var_server_url }}" + ansible_lookup_checkmk_site: "{{ outer_item.site }}" + ansible_lookup_checkmk_automation_user: "{{ checkmk_var_automation_user }}" + ansible_lookup_checkmk_automation_secret: "{{ checkmk_var_automation_secret }}" + ansible_lookup_checkmk_validate_certs: false + attributes: "{{ lookup('checkmk.general.version') }}" """ RETURN = """ diff --git a/tests/integration/files/includes/vars/global.yml b/tests/integration/files/includes/vars/global.yml index 57f8bb073..f243be9f5 100644 --- a/tests/integration/files/includes/vars/global.yml +++ b/tests/integration/files/includes/vars/global.yml @@ -15,3 +15,13 @@ checkmk_server_edition_mapping: cee: enterprise cce: cloud cme: managed + + +# This is a very hacky workaround, as it is not possible to assign variables +# to other variables when using them in lookup modules. +ansible_lookup_checkmk_server_url: "http://127.0.0.1" +ansible_lookup_checkmk_site: "stable_cee" # This is especially hacky. + # All integration tests were adapted to run the specific task only on this site. +ansible_lookup_checkmk_automation_user: "cmkadmin" +ansible_lookup_checkmk_automation_secret: "Sup3rSec4et!" +ansible_lookup_checkmk_validate_certs: false diff --git a/tests/integration/targets/lookup_bakery/tasks/test.yml b/tests/integration/targets/lookup_bakery/tasks/test.yml index b594758f0..a24572023 100644 --- a/tests/integration/targets/lookup_bakery/tasks/test.yml +++ b/tests/integration/targets/lookup_bakery/tasks/test.yml @@ -20,3 +20,15 @@ ("'initialized' in looked_up_bakery.msg") or ("'stopped' in looked_up_bakery.msg") or ("'exception' in looked_up_bakery.msg") + +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Use variables outside the module call." + ansible.builtin.assert: + that: ("'finished' in bakery.msg") or + ("'running' in bakery.msg") or + ("'initialized' in bakery.msg") or + ("'stopped' in bakery.msg") or + ("'exception' in bakery.msg") + vars: + bakery: "{{ lookup('checkmk.general.bakery') }}" + delegate_to: localhost + when: outer_item.edition == "stable_cee" diff --git a/tests/integration/targets/lookup_folder/tasks/test.yml b/tests/integration/targets/lookup_folder/tasks/test.yml index 647dc014d..11522c352 100644 --- a/tests/integration/targets/lookup_folder/tasks/test.yml +++ b/tests/integration/targets/lookup_folder/tasks/test.yml @@ -57,3 +57,12 @@ }}" delegate_to: localhost run_once: true # noqa run-once[task] + +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Use variables outside the module call." + ansible.builtin.assert: + that: "extensions.attributes.tag_criticality == checkmk_folder.criticality" + vars: + extensions: "{{ lookup('checkmk.general.folder', checkmk_folder.path) }}" + delegate_to: localhost + run_once: true # noqa run-once[task] + when: outer_item.edition == "stable_cee" diff --git a/tests/integration/targets/lookup_folders/tasks/test.yml b/tests/integration/targets/lookup_folders/tasks/test.yml index befebd766..f7109c8bc 100644 --- a/tests/integration/targets/lookup_folders/tasks/test.yml +++ b/tests/integration/targets/lookup_folders/tasks/test.yml @@ -14,7 +14,7 @@ run_once: true # noqa run-once[task] loop: "{{ checkmk_var_folders }}" -- name: "Get all folders." +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Get all folders." ansible.builtin.debug: var: folders vars: @@ -30,7 +30,7 @@ delegate_to: localhost run_once: true # noqa run-once[task] -- name: "Get list of all folders." +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Get list of all folders." ansible.builtin.debug: msg: "Criticality of {{ item.id }} is {{ item.extensions.attributes.tag_criticality | default('N/A') }}" loop: "{{ lookup('checkmk.general.folders', @@ -47,7 +47,7 @@ loop_control: label: "{{ item.id }}" -- name: "Verify number of folders." +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Verify number of folders." ansible.builtin.assert: # The looked up list contains the main folder, as well. that: "( 1 + checkmk_var_folders|length ) == folders|length" @@ -63,3 +63,13 @@ }}" delegate_to: localhost run_once: true # noqa run-once[task] + +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Use variables outside the module call." + ansible.builtin.assert: + # The looked up list contains the main folder, as well. + that: "( 1 + checkmk_var_folders|length ) == folders|length" + vars: + folders: "{{ lookup('checkmk.general.folders', '/', recursive=True) }}" + delegate_to: localhost + run_once: true # noqa run-once[task] + when: outer_item.edition == "stable_cee" diff --git a/tests/integration/targets/lookup_host/tasks/test.yml b/tests/integration/targets/lookup_host/tasks/test.yml index 281d673a0..c5f98fb5f 100644 --- a/tests/integration/targets/lookup_host/tasks/test.yml +++ b/tests/integration/targets/lookup_host/tasks/test.yml @@ -44,3 +44,12 @@ }}" delegate_to: localhost run_once: true # noqa run-once[task] + +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Use variables outside the module call." + ansible.builtin.assert: + that: "checkmk_host.alias == extensions.attributes.alias" + vars: + extensions: "{{ lookup('checkmk.general.host', checkmk_host.name) }}" + delegate_to: localhost + run_once: true # noqa run-once[task] + when: outer_item.edition == "stable_cee" diff --git a/tests/integration/targets/lookup_hosts/tasks/test.yml b/tests/integration/targets/lookup_hosts/tasks/test.yml index 3e04d6b30..8642c7ad3 100644 --- a/tests/integration/targets/lookup_hosts/tasks/test.yml +++ b/tests/integration/targets/lookup_hosts/tasks/test.yml @@ -44,3 +44,12 @@ }}" delegate_to: localhost run_once: true # noqa run-once[task] + +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Use variables outside the module call." + ansible.builtin.assert: + that: "checkmk_hosts|length == hosts|length" + vars: + folders: "{{ lookup('checkmk.general.hosts') }}" + delegate_to: localhost + run_once: true # noqa run-once[task] + when: outer_item.edition == "stable_cee" diff --git a/tests/integration/targets/lookup_rules/tasks/test.yml b/tests/integration/targets/lookup_rules/tasks/test.yml index 9e1c17799..3baedaff3 100644 --- a/tests/integration/targets/lookup_rules/tasks/test.yml +++ b/tests/integration/targets/lookup_rules/tasks/test.yml @@ -94,3 +94,24 @@ delegate_to: localhost run_once: true # noqa run-once[task] loop: "{{ cpu_load_ruleset.rules }}" + +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Use variables outside the module call: rule." + ansible.builtin.debug: + var: "rule" + vars: + rule: "{{ lookup('checkmk.general.rule', rule_id=item.id) }}" + delegate_to: localhost + run_once: true # noqa run-once[task] + loop: "{{ cpu_load_ruleset.rules }}" + when: outer_item.edition == "stable_cee" + +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Use variables outside the module call: rules." + ansible.builtin.assert: + # Check the number of rules + that: rules|length == 1 + vars: + rules: "{{ lookup('checkmk.general.rules', ruleset=item, commebt_regex='Ansible managed') }}" + delegate_to: localhost + run_once: true # noqa run-once[task] + loop: "{{ checkmk_rulesets }}" + when: outer_item.edition == "stable_cee" diff --git a/tests/integration/targets/lookup_rulesets/tasks/test.yml b/tests/integration/targets/lookup_rulesets/tasks/test.yml index 8f7482982..4055ea615 100644 --- a/tests/integration/targets/lookup_rulesets/tasks/test.yml +++ b/tests/integration/targets/lookup_rulesets/tasks/test.yml @@ -80,3 +80,23 @@ delegate_to: localhost run_once: true # noqa run-once[task] loop: "{{ checkmk_ruleset_regexes }}" + +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Use variables outside the module call: ruleset." + ansible.builtin.assert: + # For each rule that we created, check, if the number of rules in its ruleset is 1. + that: "ruleset.number_of_rules == 1" + vars: + ruleset: "{{ lookup('checkmk.general.ruleset', ruleset=item) }}" + delegate_to: localhost + run_once: true # noqa run-once[task] + loop: "{{ checkmk_ruleset_regexes }}" + when: outer_item.edition == "stable_cee" + +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Use variables outside the module call: rulesets." + ansible.builtin.debug: + var: rulesets + vars: + rulesets: "{{ lookup('checkmk.general.rulesets', regex='file', rulesets_used=False, rulesets_deprecated=False) }}" + delegate_to: localhost + run_once: true # noqa run-once[task] + when: outer_item.edition == "stable_cee" diff --git a/tests/integration/targets/lookup_version/tasks/test.yml b/tests/integration/targets/lookup_version/tasks/test.yml index e4409f64c..49dfb9ae7 100644 --- a/tests/integration/targets/lookup_version/tasks/test.yml +++ b/tests/integration/targets/lookup_version/tasks/test.yml @@ -16,3 +16,12 @@ - name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Verify Checkmk version." ansible.builtin.assert: that: "outer_item.version in looked_up_version.msg" + +- name: "{{ outer_item.version }} - {{ outer_item.edition | upper }} - Use variables outside the module call." + ansible.builtin.assert: + that: "outer_item.version in looked_up_version.msg" + vars: + version: "{{ lookup('checkmk.general.version') }}" + delegate_to: localhost + register: looked_up_version + when: outer_item.edition == "stable_cee"