diff --git a/lib/ansible/plugins/connection/httpapi.py b/lib/ansible/plugins/connection/httpapi.py index c44b5577fa90b4..ed13aa0e13912b 100644 --- a/lib/ansible/plugins/connection/httpapi.py +++ b/lib/ansible/plugins/connection/httpapi.py @@ -144,7 +144,7 @@ from ansible.module_utils._text import to_bytes from ansible.module_utils.six import PY3 from ansible.module_utils.six.moves import cPickle -from ansible.module_utils.six.moves.urllib.error import URLError +from ansible.module_utils.six.moves.urllib.error import HTTPError from ansible.module_utils.urls import open_url from ansible.playbook.play_context import PlayContext from ansible.plugins.loader import cliconf_loader, httpapi_loader @@ -222,30 +222,43 @@ def _connect(self): self._connected = True + def close(self): + ''' + Close the active session to the device + ''' + # only close the connection if its connected. + if self._connected: + display.vvvv("closing http(s) connection to device", host=self._play_context.remote_addr) + self.logout() + + super(Connection, self).close() + def send(self, path, data, **kwargs): ''' Sends the command to the device over api ''' url_kwargs = dict( timeout=self.get_option('timeout'), validate_certs=self.get_option('validate_certs'), + headers={}, ) url_kwargs.update(kwargs) if self._auth: - url_kwargs['headers']['Cookie'] = self._auth + url_kwargs['headers'].update(self._auth) else: url_kwargs['url_username'] = self.get_option('remote_user') url_kwargs['url_password'] = self.get_option('password') try: response = open_url(self._url + path, data=data, **url_kwargs) - except URLError as exc: - if exc.reason == 'Unauthorized' and self._auth: + except HTTPError as exc: + if exc.code == 401 and self._auth: # Stored auth appears to be invalid, clear and retry self._auth = None self.login(self.get_option('remote_user'), self.get_option('password')) return self.send(path, data, **kwargs) raise AnsibleConnectionFailure('Could not connect to {0}: {1}'.format(self._url, exc.reason)) - self._auth = response.info().get('Set-Cookie') + # Try to assign a new auth token if one is given + self._auth = self.update_auth(response) or self._auth return response diff --git a/lib/ansible/plugins/httpapi/__init__.py b/lib/ansible/plugins/httpapi/__init__.py index d678b9bbbf8120..e1794e2554fc5e 100644 --- a/lib/ansible/plugins/httpapi/__init__.py +++ b/lib/ansible/plugins/httpapi/__init__.py @@ -28,6 +28,27 @@ def login(self, username, password): """ pass + def logout(self): + """ Call to implement session logout. + + Method to clear session gracefully e.g. tokens granted in login + need to be revoked. + """ + pass + + def update_auth(self, response): + """Return per-request auth token. + + The response should be a dictionary that can be plugged into the + headers of a request. The default implementation uses cookie data. + If no authentication data is found, return None + """ + cookie = response.info().get('Set-Cookie') + if cookie: + return {'Cookie': cookie} + + return None + @abstractmethod def send_request(self, data, **message_kwargs): """Prepares and sends request(s) to device."""