Skip to content

Utilities collection#

The Utilities collection contains modules that can be used to perform common tasks when working with the Nokia EDA platform. These tasks currently include authentication helpers such as retrieving the API client secret from Keycloak and getting the authentication token.

Examples#

Fetching client secret#

The client secret authenticates the API client against the authorization server (Keycloak is used as the authorization server in Nokia EDA). Different methods of fetching the client secret are provided in the API documentation. Here we provide an example how the get_client_secret module can be used to fetch the client secret.

- name: Get client secret from keycloak
  hosts: all
  gather_facts: false
  tasks:
    - name: Get client secret
      nokia.eda_utils_v1.get_client_secret:
        base_url: "{{ eda_api_url }}"
        # all other parameters are at their default values:
        # client_id: eda
        # keycloak_url: /core/httpproxy/v1/keycloak/
        # keycloak_username: admin
        # keycloak_password: admin
        # keycloak_admin_realm: master
        # keycloak_client_id: admin-cli
        # keycloak_eda_realm: eda
      register: client_secret

    - name: print var
      ansible.builtin.debug:
        var: client_secret.result

ok: [localhost] => 
    client_secret.result:
    -   clientId: eda
        id: 1e234d94-ab8a-4e36-8448-cd9da325cbfd
        name: EDA authentication client (non-UI)
        secret: k9NeZZK4LT6hHypzgy3djteFITEkUUaR

Getting authentication token#

As all collections that interact with the Nokia EDA API server require authentication, a module for obtaining an authentication token is also provided for user' convenience.

- name: Get authentication token
  hosts: all
  gather_facts: false
  tasks:
    - name: Get auth token
      nokia.eda_utils_v1.get_token:
        base_url: "{{ eda_api_url }}"
        client_secret: "{{client_secret}}"
        username: admin
        password: "{{eda_password}}"
        # all other parameters are at their default values:
        # client_id: eda
        # keycloak_url: /core/httpproxy/v1/keycloak/
        # keycloak_username: admin
        # keycloak_password: admin
        # keycloak_admin_realm: master
        # keycloak_client_id: admin-cli
        # keycloak_eda_realm: eda
      register: auth_token

    - name: print var
      ansible.builtin.debug:
        var: auth_token.result

Note

If you omit the client_secret parameter, the provider will try to fetch the secret by authenticating with the Keycloak service using keycloak authentication parameters that are set to their default values. While this might be tempting to use, this method is not recommended and should not be used in production.

The fetched authentication token must be provided to the other modules that require authentication:

    - name: Get interface
      nokia.eda_interfaces_v1alpha1.interface:
        base_url: "{{ eda_api_url }}"
        auth_token: "Bearer {{ auth_token.result.access_token }}"
        namespace: eda
        name: leaf1-ethernet-1-1
        state: query
      register: response

ok: [localhost] => 
    auth_token.result:
        access_token: eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJrZHBqeHZkMURxQUtEMnRreFI5NmxmM1ZUVWwzdnpCS0V5bVRuZXpiRGhFIn0.eyJleHAiOjE3NTYwMjIzOTcsImlhdCI6MTc1NjAyMjA5NywianRpIjoiYmE5ZWQ5YzgtMDhlNS00NTNjLWFhODUtZTcwNGIwYjU0ZTk4IiwiaXNzIjoiaHR0cHM6Ly9kZXZib3gubmV0ZGV2b3BzLm1lOjk0NDMvY29yZS9odHRwcHJveHkvdjEva2V5Y2xvYWsvcmVhbG1zL2VkYSIsInN1YiI6ImYyYTc1MDM1LTU2YTUtNGJhMC1iZTliLTUzZTEzNTEyNTliZSIsInR5cCI6IkJlYXJlciIsImF6cCI6ImVkYSIsInNpZCI6ImUyYWMwOWYwLWU3OWMtNDI1Yi05MDc1LWYzNzdjMzM1ZWQ2YyIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiLyoiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImVkYXJvbGVfc3lzdGVtLWFkbWluaXN0cmF0b3IiLCJhZG1pbiJdfSwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibmFtZSI6IkVEQSBhZG1pbiB1c2VyIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJnaXZlbl9uYW1lIjoiRURBIiwiZmFtaWx5X25hbWUiOiJhZG1pbiB1c2VyIn0.XFHPjcvNJRD9g2jDNeVWfe3vGf7i1G3mC7gi6UeebrBN0Nzksgz191HE-Ac2579bNCwACRm7-6romE-MzuxfynkzEFUXpNxPMxx0GGgDK6l_9RIQiJRFhptFu-RPQI0wg1ps229FvYjw19fvP5pcDhiOPeB0XthwdmjDq3G35JHFg-o2CNXT9rp0nC05_wLklYfYh5s5RehXxjcPhVcacCA3klQTEHHOUM7zOXyHazGiZ1puhr83DGB3mxgCp4PJd4g31BO_7rTrbC3rWKLcyHs6J8eBM-cUnrJ6I8IPUx8BVYbKaslHOFEQ7W8CMtAqhrWICKrd5A3zzjEN9vj5Hw
        expires_in: 300
        not-before-policy: 0
        refresh_expires_in: 1800
        refresh_token: eyJhbGciOiJIUzUxMiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJkNTNmNDE1YS0wMmQwLTRkMTktYTAxZi02ZTZiYjMyNGExZjQifQ.eyJleHAiOjE3NTYwMjM4OTcsImlhdCI6MTc1NjAyMjA5NywianRpIjoiMGM5ODliMWMtZTZhYy00OTAyLWI2MjYtMTRiYjQzMzkzNjM3IiwiaXNzIjoiaHR0cHM6Ly9kZXZib3gubmV0ZGV2b3BzLm1lOjk0NDMvY29yZS9odHRwcHJveHkvdjEva2V5Y2xvYWsvcmVhbG1zL2VkYSIsImF1ZCI6Imh0dHBzOi8vZGV2Ym94Lm5ldGRldm9wcy5tZTo5NDQzL2NvcmUvaHR0cHByb3h5L3YxL2tleWNsb2FrL3JlYWxtcy9lZGEiLCJzdWIiOiJmMmE3NTAzNS01NmE1LTRiYTAtYmU5Yi01M2UxMzUxMjU5YmUiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoiZWRhIiwic2lkIjoiZTJhYzA5ZjAtZTc5Yy00MjViLTkwNzUtZjM3N2MzMzVlZDZjIiwic2NvcGUiOiJvcGVuaWQgcm9sZXMgd2ViLW9yaWdpbnMgYWNyIGJhc2ljIHByb2ZpbGUgZW1haWwifQ.ajJmLzdzd4ykO1EiEZB5BB8FZcVQc4IssNYlvTC53ToU9QgNGRW-E5OIwwWcBAV4srTEgkHnUh2uGxm7RtE34A
        scope: openid profile email
        session_state: e2ac09f0-e79c-425b-9075-f377c335ed6c
        token_type: Bearer

Changelog v1#

0.1.0#

Initial Beta release.