Feat(cv_facts_v3): raise errors when svcaccount/user is not authorized

[noredistribution]

Change Summary

Added error raises for cv_facts_v3 to raise a proper error when a user is not authorized

Related Issue(s)

Fixes #675

Component(s) name

arista.cvp.cv_facts_v3

Proposed changes

How to test

Generate a service account token that has No Access to inventory or other features:

- name: Test CV Facts
  hosts: CVP #cv_server
  connection: local
  tasks:
  - name: gather cvp facts
    arista.cvp.cv_facts_v3:
      facts:
      - devices
      #- tasks
      #- images
      #- containers
      - configlets
      #verbose: short
    register: facts
  - name: print facts
    debug:
      msg: "{{facts}}"

should result in

ansible-playbook get_cv_facts.yaml -i ../inventory.yaml

PLAY [Test CV Facts] **********************************************************************************************************

TASK [gather cvp facts] *******************************************************************************************************
fatal: [cv_server]: FAILED! => changed=false
  msg: |-
    GET: https://10.83.12.79:443/web/inventory/devices?provisioned=True : Request Error: Forbidden - 403 Forbidden

PLAY RECAP ********************************************************************************************************************
cv_server                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

another test is to create a service account token that expires in a few seconds, and then run the playbook with it, the result will be something like:

TASK [gather cvp facts] *******************************************************************************************************************************************************************************************************************************************************
fatal: [cv_server]: FAILED! => changed=false
  msg: |2-

    10.83.12.79: Authenticate: https://10.83.12.79:443/api/v1/rest: Request Error: Unauthorized

Checklist

User Checklist

• N/A

Repository Checklist

• [x ] My code has been rebased from devel before I start
• [ x] I have read the CONTRIBUTING document.
• My change requires a change to the documentation and documentation have been updated accordingly. (check the box if not applicable)
• I have updated molecule CI testing accordingly. (check the box if not applicable)

[chetryan]

I think we need to be raising the Exceptions higher up that stack as Authentication/Authorization issues are a subset of possible reasons why CvpApiError could be raised.

[noredistribution]

moved it to draft and holding off on this for now as looks like we could just use /api/v1/rest/ and fix this on cvprac side only

[chetryan]

maybe we should only capture CvpApiError here, since that's the one we are raising, and want to present just the msg. For other Excpetions we might still want the full trace and those would be unexpected. Happy to hear what others think.

[noredistribution]

as discussed offline with CvpApiError ansible will throw the entire python traceback:

    Traceback (most recent call last):
      File "/Users/tamas/.ansible/tmp/ansible-local-931202vqrfpkn/ansible-tmp-1697208253.829348-93185-191262445100178/AnsiballZ_cv_facts_v3.py", line 107, in <module>
        _ansiballz_main()
      File "/Users/tamas/.ansible/tmp/ansible-local-931202vqrfpkn/ansible-tmp-1697208253.829348-93185-191262445100178/AnsiballZ_cv_facts_v3.py", line 99, in _ansiballz_main
        invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
      File "/Users/tamas/.ansible/tmp/ansible-local-931202vqrfpkn/ansible-tmp-1697208253.829348-93185-191262445100178/AnsiballZ_cv_facts_v3.py", line 47, in invoke_module
        runpy.run_module(mod_name='ansible_collections.arista.cvp.plugins.modules.cv_facts_v3', init_globals=dict(_module_fqn='ansible_collections.arista.cvp.plugins.modules.cv_facts_v3', _modlib_path=modlib_path),
      File "<frozen runpy>", line 226, in run_module
      File "<frozen runpy>", line 98, in _run_module_code
      File "<frozen runpy>", line 88, in _run_code
      File "/var/folders/xj/58jh5s5x05n4d_hcd_ybhgmr0000gq/T/ansible_arista.cvp.cv_facts_v3_payload_qsyiw987/ansible_arista.cvp.cv_facts_v3_payload.zip/ansible_collections/arista/cvp/plugins/modules/cv_facts_v3.py", line 200, in <module>
      File "/var/folders/xj/58jh5s5x05n4d_hcd_ybhgmr0000gq/T/ansible_arista.cvp.cv_facts_v3_payload_qsyiw987/ansible_arista.cvp.cv_facts_v3_payload.zip/ansible_collections/arista/cvp/plugins/modules/cv_facts_v3.py", line 188, in main
      File "/var/folders/xj/58jh5s5x05n4d_hcd_ybhgmr0000gq/T/ansible_arista.cvp.cv_facts_v3_payload_qsyiw987/ansible_arista.cvp.cv_facts_v3_payload.zip/ansible_collections/arista/cvp/plugins/module_utils/facts_tools.py", line 378, in facts
      File "/var/folders/xj/58jh5s5x05n4d_hcd_ybhgmr0000gq/T/ansible_arista.cvp.cv_facts_v3_payload_qsyiw987/ansible_arista.cvp.cv_facts_v3_payload.zip/ansible_collections/arista/cvp/plugins/module_utils/facts_tools.py", line 592, in __fact_devices
      File "/Users/tamas/go/src/github.com/chetryan/cvprac/cvprac/cvp_api.py", line 598, in get_inventory
        data = self.clnt.get('/inventory/devices?provisioned=%s' % provisioned,
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/Users/tamas/go/src/github.com/chetryan/cvprac/cvprac/cvp_client.py", line 905, in get
        return self._make_request('GET', url, timeout)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/Users/tamas/go/src/github.com/chetryan/cvprac/cvprac/cvp_client.py", line 656, in _make_request
        response = self._send_request(req_type, full_url, timeout,
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/Users/tamas/go/src/github.com/chetryan/cvprac/cvprac/cvp_client.py", line 832, in _send_request
        self._is_good_response(response, '%s: %s ' %
      File "/Users/tamas/go/src/github.com/chetryan/cvprac/cvprac/cvp_client.py", line 443, in _is_good_response
        raise CvpRequestError(msg)
    cvprac.cvp_client_errors.CvpRequestError: GET: https://10.83.12.79:443/web/inventory/devices?provisioned=True : Request Error: Forbidden - 403 Forbidden
  module_stdout: ''
  msg: |-
    MODULE FAILURE
    See stdout/stderr for the exact error

vs

TASK [gather cvp facts] *******************************************************************************************************
fatal: [cv_server]: FAILED! => changed=false
  msg: |-
    GET: https://10.83.12.79:443/web/inventory/devices?provisioned=True : Request Error: Forbidden - 403 Forbidden

[chetryan]

Good point. What about using CvpClientError ? I agree that all cvprac error should be handled and reported using fail_json.

[noredistribution]

yea that worked!

[chetryan]

LGTM

[sugetha24]

@noredistribution and @chetryan, can we make these changes in all of the other modules as well?

[chetryan]

@noredistribution and @chetryan, can we make these changes in all of the other modules as well?

I think the logic could be extended to other modules. Should that be in this PR or in another one?