search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
814 stars 1.49k forks source link

Gandi DNS module silently fails when using bearer tokens #7639

Closed marcanpilami closed 4 months ago

marcanpilami commented 9 months ago

Summary

When I try to create a new DNS entry in an existing domain with the gandi module, it fails silently when using a bearer token instead of an API key only.

    - name: Answer challenge
      community.general.gandi_livedns:
        domain: "{{ domain }}"
        type: TXT
        record: "meuh"
        values: "test"
        ttl: 3600
        api_key: "{{ dns_gandi_key }}"
        state: present

Error message is simply (in debug mode:

fatal: [localhost]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "api_key": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "domain": "domain.com",
            "record": "meuh",
            "state": "present",
            "ttl": 3600,
            "type": "TXT",
            "values": [
                "test"
            ]
        }
    },
    "msg": "API Error : "
}

We should expect the task to work, or to fail with an explicit message.

Issue Type

Bug Report

Component Name

community.general.gandi_livedns

Ansible Version

ansible [core 2.15.6]
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/dist-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

Community.general Version

Collection        Version
----------------- -------
community.general 7.5.1

Configuration

N/A

OS / Environment

Debian 11, running on localhost for this task.

Steps to Reproduce

See above. Do not forget to use a bearer token and not an API key.

Expected Results

We should expect the task to work, or to fail with an explicit message.

Actual Results

Failure.

It seems that at https://github.com/ansible-collections/community.general/blob/1b9d437be8d085b714f2c38208b30401e7dcf2d9/plugins/module_utils/gandi_livedns_api.py#L53 the module hard codes the type of key. However this type of key is deprecated. Also, no error message is provided in this case.

Code of Conduct

ansibullbot commented 9 months ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 9 months ago

cc @gthiemonge click here for bot help

bmm-alc commented 9 months ago

It fails the same way also when the ApiKey is no more valid

Adding the apikey is deprecated so the module is going to be useless shortly

mthynell commented 7 months ago

Module works fine by replacing Apikey with Bearer on gandi_livedns.py line 53 and put your PAT into api_key -parameter. The correct fix could be replacing api_key parameter with pat but then you loose backward compatibility.

53c53
<         headers = {'Authorization': 'Apikey {0}'.format(self.api_key),
---
>         headers = {'Authorization': 'Bearer {0}'.format(self.api_key),
felixfontein commented 7 months ago

Making the key type configurable should solve the problem in a backwards-compatible way.