Feat(cv_facts_v3): raise errors when svcaccount/user is not authorized

noredistribution commented 9 months ago

Change Summary

Added error raises for cv_facts_v3 to raise a proper error when a user is not authorized

Related Issue(s)

Fixes #675

Component(s) name

arista.cvp.cv_facts_v3

Proposed changes

How to test

Generate a service account token that has No Access to inventory or other features:

- name: Test CV Facts
  hosts: CVP #cv_server
  connection: local
  tasks:
  - name: gather cvp facts
    arista.cvp.cv_facts_v3:
      facts:
      - devices
      #- tasks
      #- images
      #- containers
      - configlets
      #verbose: short
    register: facts
  - name: print facts
    debug:
      msg: "{{facts}}"

should result in

ansible-playbook get_cv_facts.yaml -i ../inventory.yaml

PLAY [Test CV Facts] **********************************************************************************************************

TASK [gather cvp facts] *******************************************************************************************************
fatal: [cv_server]: FAILED! => changed=false
  msg: |-
    GET: https://10.83.12.79:443/web/inventory/devices?provisioned=True : Request Error: Forbidden - 403 Forbidden

PLAY RECAP ********************************************************************************************************************
cv_server                  : ok=0    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

another test is to create a service account token that expires in a few seconds, and then run the playbook with it, the result will be something like:

TASK [gather cvp facts] *******************************************************************************************************************************************************************************************************************************************************
fatal: [cv_server]: FAILED! => changed=false
  msg: |2-

    10.83.12.79: Authenticate: https://10.83.12.79:443/api/v1/rest: Request Error: Unauthorized

Checklist

User Checklist

N/A

Repository Checklist

[x ] My code has been rebased from devel before I start
[ x] I have read the CONTRIBUTING document.
[ ] My change requires a change to the documentation and documentation have been updated accordingly. (check the box if not applicable)
[ ] I have updated molecule CI testing accordingly. (check the box if not applicable)

noredistribution commented 9 months ago

moved it to draft and holding off on this for now as looks like we could just use /api/v1/rest/ and fix this on cvprac side only

sugetha24 commented 8 months ago

@noredistribution and @chetryan, can we make these changes in all of the other modules as well?

chetryan commented 8 months ago

@noredistribution and @chetryan, can we make these changes in all of the other modules as well?

I think the logic could be extended to other modules. Should that be in this PR or in another one?

aristanetworks / ansible-cvp