From 6cf3c7beb63f5b37e1f856844ab5994d155cac93 Mon Sep 17 00:00:00 2001
From: Dmitry Tantsur <dtantsur@protonmail.com>
Date: Wed, 25 Aug 2021 15:51:25 +0200
Subject: [PATCH] os_ironic_node_info: fix TLS and potentially other issues

The current implementation does not respect ca_cert and potentially
other parameters that are commonly used in OpenStack modules.
This change makes it use the existing utilities from the collection.

Change-Id: I865142d1679bbc9459a460e0d7351e5c6158e5b8
---
 playbooks/library/os_ironic_node_info.py      | 46 +++++--------------
 .../os_ironic_node_info-49a608c3453cf18d.yaml |  6 +++
 tox.ini                                       |  3 +-
 3 files changed, 19 insertions(+), 36 deletions(-)
 create mode 100644 releasenotes/notes/os_ironic_node_info-49a608c3453cf18d.yaml

diff --git a/playbooks/library/os_ironic_node_info.py b/playbooks/library/os_ironic_node_info.py
index d73c1ae55..19add3927 100644
--- a/playbooks/library/os_ironic_node_info.py
+++ b/playbooks/library/os_ironic_node_info.py
@@ -1,6 +1,4 @@
 #!/usr/bin/env python
-# coding: utf-8 -*-
-
 # (c) 2015, Hewlett-Packard Development Company, L.P.
 #
 # This module is free software: you can redistribute it and/or modify
@@ -16,6 +14,14 @@
 # You should have received a copy of the GNU General Public License
 # along with this software.  If not, see <http://www.gnu.org/licenses/>.
 
+from ansible_collections.openstack.cloud.plugins.module_utils.ironic import (
+    IronicModule,
+    ironic_argument_spec,
+)
+from ansible_collections.openstack.cloud.plugins.module_utils.openstack import (  # noqa: E501
+    openstack_module_kwargs,
+    openstack_cloud_from_module
+)
 try:
     import openstack
     HAS_SDK = True
@@ -76,16 +82,14 @@ def _choose_id_value(module):
 
 
 def main():
-    argument_spec = openstack_full_argument_spec(  # noqa: F405
-        auth_type=dict(required=False),
+    argument_spec = ironic_argument_spec(  # noqa: F405
         uuid=dict(required=False),
         name=dict(required=False),
         mac=dict(required=False),
-        ironic_url=dict(required=False),
         skip_items=dict(required=False, type='list'),
     )
     module_kwargs = openstack_module_kwargs()  # noqa: F405
-    module = AnsibleModule(argument_spec, **module_kwargs)  # noqa: F405
+    module = IronicModule(argument_spec, **module_kwargs)
     compat = module._name == 'os_ironic_facts'
     if compat:
         module.deprecate('Using os_ironic_node_info via os_ironic_facts is '
@@ -94,33 +98,8 @@ def main():
     if not HAS_SDK:
         module.fail_json(msg='openstacksdk is required for this module')
 
-    if (module.params['ironic_url'] and
-            module.params['auth_type'] in [None, 'None', 'none']):
-        module.params['auth'] = dict(
-            endpoint=module.params['ironic_url']
-        )
-
-    # NOTE(dtantsur): the following part is copied more or less verbatim from
-    # ansible-collections-openstack.
-    cloud_config = module.params.pop('cloud', None)
     try:
-        if isinstance(cloud_config, dict):
-            fail_message = (
-                "A cloud config dict was provided to the cloud parameter"
-                " but also a value was provided for {param}. If a cloud"
-                " config dict is provided, {param} should be"
-                " excluded.")
-            for param in ('auth', 'auth_type'):
-                if module.params[param] is not None:
-                    module.fail_json(msg=fail_message.format(param=param))
-            cloud = openstack.connect(**cloud_config)
-        else:
-            cloud = openstack.connect(
-                cloud=cloud_config,
-                auth_type=module.params['auth_type'],
-                auth=module.params['auth'],
-            )
-
+        sdk, cloud = openstack_cloud_from_module(module)
         if module.params['name'] or module.params['uuid']:
             server = cloud.get_machine(_choose_id_value(module))
         elif module.params['mac']:
@@ -172,7 +151,4 @@ def main():
         module.fail_json(msg=e.message)
 
 
-# this is magic, see lib/ansible/module_common.py
-from ansible.module_utils.basic import *  # noqa: E402
-from ansible.module_utils.openstack import *  # noqa: E402
 main()
diff --git a/releasenotes/notes/os_ironic_node_info-49a608c3453cf18d.yaml b/releasenotes/notes/os_ironic_node_info-49a608c3453cf18d.yaml
new file mode 100644
index 000000000..8e3583094
--- /dev/null
+++ b/releasenotes/notes/os_ironic_node_info-49a608c3453cf18d.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes support for TLS ``ca_cert`` and other current authentication
+    parameters in the ``os_ironic_node_info`` module. The implementation uses
+    utilities from the OpenStack Ansible collection.
diff --git a/tox.ini b/tox.ini
index 027ec981c..27ade6987 100644
--- a/tox.ini
+++ b/tox.ini
@@ -67,7 +67,8 @@ commands = oslo_debug_helper -t bifrost/tests {posargs}
 
 [flake8]
 show-source = True
-ignore = F403,H102,H303,W504
+# [H301] one import per line (commonly violated in ansible modules)
+ignore = F403,H102,H301,H303,W504
 # [H106] Don't put vim configuration in source files.
 enable-extensions=H106
 exclude=.venv,.git,.tox,dist,doc,*lib/python*,*egg,build,os_ironic.py,os_ironic_node.py,os_ironic_inspect.py,os_keystone_service.py