From 22bd5db2e5d00e9d036f7ce1ae78c39c8f14a322 Mon Sep 17 00:00:00 2001 From: lbroudoux Date: Thu, 30 Aug 2018 18:15:58 +0200 Subject: [PATCH] Adding support for adding CORS policy on APICast gateway --- defaults/main.yml | 3 +++ tasks/api-calls/update_policies.yml | 23 +++++++++++++++++++++++ tasks/main.yml | 3 +++ tasks/steps/policies.yml | 13 +++++++++++++ templates/api-calls/update_policies.j2 | 7 +++++++ templates/existing_policies.j2 | 5 +++++ templates/wanted_policies.j2 | 5 +++++ vars/main.yml | 11 +++++++++++ 8 files changed, 70 insertions(+) create mode 100644 tasks/api-calls/update_policies.yml create mode 100644 tasks/steps/policies.yml create mode 100644 templates/api-calls/update_policies.j2 create mode 100644 templates/existing_policies.j2 create mode 100644 templates/wanted_policies.j2 diff --git a/defaults/main.yml b/defaults/main.yml index dfc4560..3d82ac8 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -23,6 +23,9 @@ threescale_cicd_local_bin_path: '{{ playbook_dir }}/bin' # Enable the OpenAPI Specification validation threescale_cicd_validate_openapi: yes +# APIcast policies +threescale_cicd_apicast_policies_cors: no + # APIcast public base URLs threescale_cicd_apicast_sandbox_endpoint: '{{ lookup(''template'', ''openapi/apicast_sandbox_endpoint.j2'') }}' threescale_cicd_apicast_production_endpoint: '{{ lookup(''template'', ''openapi/apicast_production_endpoint.j2'') }}' diff --git a/tasks/api-calls/update_policies.yml b/tasks/api-calls/update_policies.yml new file mode 100644 index 0000000..cc5fb76 --- /dev/null +++ b/tasks/api-calls/update_policies.yml @@ -0,0 +1,23 @@ +--- + +- debug: + var: threescale_cicd_policies_to_update + verbosity: 1 + +- debug: + var: threescale_cicd_update_policies_payload + verbosity: 1 + +- name: Update the policies chain + uri: + url: https://{{ inventory_hostname }}/admin/api/services/{{ threescale_cicd_api_service_id }}/proxy/policies.json + validate_certs: no + method: PUT + body: '{{ threescale_cicd_update_policies_payload }}' + status_code: 200 + register: threescale_cicd_tmpresponse + changed_when: 'threescale_cicd_tmpresponse.status == 200' + +- name: Wait for a couple seconds + pause: + seconds: '{{ threescale_cicd_throttling }}' diff --git a/tasks/main.yml b/tasks/main.yml index f0528ca..232be36 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -28,6 +28,9 @@ # Update the proxy - import_tasks: steps/proxy.yml +# Create or update policies +- import_tasks: steps/policies.yml + # Create or update application plans - import_tasks: steps/application_plans.yml diff --git a/tasks/steps/policies.yml b/tasks/steps/policies.yml new file mode 100644 index 0000000..0baead2 --- /dev/null +++ b/tasks/steps/policies.yml @@ -0,0 +1,13 @@ +--- + +- name: Retrieve existing policies from the 3scale Admin Portal + uri: + url: "https://{{ inventory_hostname }}/admin/api/services/{{ threescale_cicd_api_service_id }}/proxy/policies.json?access_token={{ threescale_cicd_access_token|urlencode }}" + validate_certs: no + register: threescale_cicd_tmpresponse + +- set_fact: + threescale_cicd_existing_policies_details: '{{ threescale_cicd_tmpresponse.json|json_query(''policies_config[]'') }}' + +- include_tasks: "api-calls/update_policies.yml" + with_items: '{{ threescale_cicd_policies_to_update }}' diff --git a/templates/api-calls/update_policies.j2 b/templates/api-calls/update_policies.j2 new file mode 100644 index 0000000..758f10d --- /dev/null +++ b/templates/api-calls/update_policies.j2 @@ -0,0 +1,7 @@ +{% + set payload = [ + 'access_token=' ~ threescale_cicd_access_token|urlencode, + 'policies_config=' ~ threescale_cicd_policies_to_update|to_json|urlencode + ] +%} +{{ payload|join("&") }} diff --git a/templates/existing_policies.j2 b/templates/existing_policies.j2 new file mode 100644 index 0000000..54344a7 --- /dev/null +++ b/templates/existing_policies.j2 @@ -0,0 +1,5 @@ +{% set policies = [] %} +{% for value in threescale_cicd_existing_policies_details %} +{% do policies.append( value ) %} +{% endfor %} +{{ policies }} diff --git a/templates/wanted_policies.j2 b/templates/wanted_policies.j2 new file mode 100644 index 0000000..0124aa0 --- /dev/null +++ b/templates/wanted_policies.j2 @@ -0,0 +1,5 @@ +{% set policies = [] %} +{% if threescale_cicd_apicast_policies_cors %} +{% do policies.append( {"name": "cors", "version": "builtin", "configuration": {"allow_credentials": true}, "enabled": true} ) %} +{% endif %} +{{ policies }} diff --git a/vars/main.yml b/vars/main.yml index ca38c7b..e92300d 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -67,6 +67,16 @@ threescale_cicd_mapping_rules_to_delete: '{{ threescale_cicd_existing_mapping_ru # update the items that we want and we have threescale_cicd_mapping_rules_to_update: '{{ threescale_cicd_existing_mapping_rules.keys()|intersect(threescale_cicd_wanted_mapping_rules.keys()) }}' +## +## Policies computation +## +## what we want +threescale_cicd_wanted_policies: '{{ lookup(''template'', ''wanted_policies.j2'') }}' +## what we have +threescale_cicd_existing_policies: '{{ lookup(''template'', ''existing_policies.j2'') }}' +# update the items that we want and we have +threescale_cicd_policies_to_update: '{{ threescale_cicd_existing_policies|union(threescale_cicd_wanted_policies) }}' + ## ## 3scale API Payload definition ## @@ -77,6 +87,7 @@ threescale_cicd_update_method_payload: '{{ lookup(''template'', ''api-calls/upda threescale_cicd_create_method_payload: '{{ lookup(''template'', ''api-calls/create_method.j2'') }}' threescale_cicd_update_mapping_rule_payload: '{{ lookup(''template'', ''api-calls/update_mapping_rule.j2'') }}' threescale_cicd_create_mapping_rule_payload: '{{ lookup(''template'', ''api-calls/create_mapping_rule.j2'') }}' +threescale_cicd_update_policies_payload: '{{ lookup(''template'', ''api-calls/update_policies.j2'') }}' threescale_cicd_update_application_plan_payload: '{{ lookup(''template'', ''api-calls/update_application_plan.j2'') }}' threescale_cicd_create_application_plan_payload: '{{ lookup(''template'', ''api-calls/create_application_plan.j2'') }}' threescale_cicd_find_application_payload: '{{ lookup(''template'', ''api-calls/find_application.j2'') }}'