Feat(cv_facts_v3): raise errors when svcaccount/user is not authorized #677
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
module: cv_facts_v3
module_utils: cv_client
chetryan
requested changes
Oct 12, 2023
ansible_collections/arista/cvp/plugins/module_utils/facts_tools.py
Outdated
Show resolved
Hide resolved
|
moved it to draft and holding off on this for now as looks like we could just use |
chetryan
reviewed
Oct 13, 2023
| try: | ||
| facts = facts_collector.facts(scope=ansible_module.params['facts'], regex_filter=ansible_module.params['regexp_filter'], | ||
| verbose=ansible_module.params['verbose']) | ||
| except Exception as e: |
There was a problem hiding this comment.
maybe we should only capture CvpApiError here, since that's the one we are raising, and want to present just the msg. For other Excpetions we might still want the full trace and those would be unexpected. Happy to hear what others think.
There was a problem hiding this comment.
as discussed offline with CvpApiError ansible will throw the entire python traceback:
Traceback (most recent call last):
File "/Users/tamas/.ansible/tmp/ansible-local-931202vqrfpkn/ansible-tmp-1697208253.829348-93185-191262445100178/AnsiballZ_cv_facts_v3.py", line 107, in <module>
_ansiballz_main()
File "/Users/tamas/.ansible/tmp/ansible-local-931202vqrfpkn/ansible-tmp-1697208253.829348-93185-191262445100178/AnsiballZ_cv_facts_v3.py", line 99, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File "/Users/tamas/.ansible/tmp/ansible-local-931202vqrfpkn/ansible-tmp-1697208253.829348-93185-191262445100178/AnsiballZ_cv_facts_v3.py", line 47, in invoke_module
runpy.run_module(mod_name='ansible_collections.arista.cvp.plugins.modules.cv_facts_v3', init_globals=dict(_module_fqn='ansible_collections.arista.cvp.plugins.modules.cv_facts_v3', _modlib_path=modlib_path),
File "<frozen runpy>", line 226, in run_module
File "<frozen runpy>", line 98, in _run_module_code
File "<frozen runpy>", line 88, in _run_code
File "/var/folders/xj/58jh5s5x05n4d_hcd_ybhgmr0000gq/T/ansible_arista.cvp.cv_facts_v3_payload_qsyiw987/ansible_arista.cvp.cv_facts_v3_payload.zip/ansible_collections/arista/cvp/plugins/modules/cv_facts_v3.py", line 200, in <module>
File "/var/folders/xj/58jh5s5x05n4d_hcd_ybhgmr0000gq/T/ansible_arista.cvp.cv_facts_v3_payload_qsyiw987/ansible_arista.cvp.cv_facts_v3_payload.zip/ansible_collections/arista/cvp/plugins/modules/cv_facts_v3.py", line 188, in main
File "/var/folders/xj/58jh5s5x05n4d_hcd_ybhgmr0000gq/T/ansible_arista.cvp.cv_facts_v3_payload_qsyiw987/ansible_arista.cvp.cv_facts_v3_payload.zip/ansible_collections/arista/cvp/plugins/module_utils/facts_tools.py", line 378, in facts
File "/var/folders/xj/58jh5s5x05n4d_hcd_ybhgmr0000gq/T/ansible_arista.cvp.cv_facts_v3_payload_qsyiw987/ansible_arista.cvp.cv_facts_v3_payload.zip/ansible_collections/arista/cvp/plugins/module_utils/facts_tools.py", line 592, in __fact_devices
File "/Users/tamas/go/src/github.com/chetryan/cvprac/cvprac/cvp_api.py", line 598, in get_inventory
data = self.clnt.get('/inventory/devices?provisioned=%s' % provisioned,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/tamas/go/src/github.com/chetryan/cvprac/cvprac/cvp_client.py", line 905, in get
return self._make_request('GET', url, timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/tamas/go/src/github.com/chetryan/cvprac/cvprac/cvp_client.py", line 656, in _make_request
response = self._send_request(req_type, full_url, timeout,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/tamas/go/src/github.com/chetryan/cvprac/cvprac/cvp_client.py", line 832, in _send_request
self._is_good_response(response, '%s: %s ' %
File "/Users/tamas/go/src/github.com/chetryan/cvprac/cvprac/cvp_client.py", line 443, in _is_good_response
raise CvpRequestError(msg)
cvprac.cvp_client_errors.CvpRequestError: GET: https://10.83.12.79:443/web/inventory/devices?provisioned=True : Request Error: Forbidden - 403 Forbidden
module_stdout: ''
msg: |-
MODULE FAILURE
See stdout/stderr for the exact error
vs
TASK [gather cvp facts] *******************************************************************************************************
fatal: [cv_server]: FAILED! => changed=false
msg: |-
GET: https://10.83.12.79:443/web/inventory/devices?provisioned=True : Request Error: Forbidden - 403 Forbidden
There was a problem hiding this comment.
Good point. What about using CvpClientError ? I agree that all cvprac error should be handled and reported using fail_json.
There was a problem hiding this comment.
yea that worked!
noredistribution
changed the title
sugetha24
force-pushed
the
issue675
branch
2 times, most recently
from
6df740f to
bd38309
Compare
|
@noredistribution and @chetryan, can we make these changes in all of the other modules as well? |
I think the logic could be extended to other modules. Should that be in this PR or in another one? |
github-actions
bot
added
module: cv_device_v3
sugetha24
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Change Summary
Added error raises for cv_facts_v3 to raise a proper error when a user is not authorized
Related Issue(s)
Fixes #675
Component(s) name
arista.cvp.cv_facts_v3Proposed changes
How to test
Generate a service account token that has No Access to inventory or other features:
should result in
another test is to create a service account token that expires in a few seconds, and then run the playbook with it, the result will be something like:
Checklist
User Checklist
Repository Checklist