使用带有Ansible的Barracuda REST API - 令牌身份验证不起作用

时间:2017-01-16 22:37:24

标签: rest api curl ansible

我正在尝试使用REST API by Barracuda ADC and/or WAF,虽然它在我使用cURL时起作用(来自文档):

请求:

$ curl
-X POST \
-H "Content-Type:application/json" \
-d '{"username": "admin", "password": "admin"}' \ http://10.11.19.104:8000/restapi/v2/login

回应:

  

{ “标记”: “eyJldCI6IjEzODAyMzE3NTciLCJwYXNzd29yZCI6ImY3NzY2ZTFmNTgwMzgyNmE1YTAzZWZlMzcy \ nYzgzOTMyIiwidXNlciI6ImFkbWluIn0 = \ n” 个}

然后我们应该使用该令牌在API上执行命令,例如:

$ curl
-X GET \
-H "Content-Type:application/json" \ 
-u 'eyJldCI6IjEzODAyMzE3NTciLCJwYXNzd29yZCI6ImY3NzY2ZTFmNTgwMzgyNmE1YTAzZWZlMzcy\nYzgzOTMyIiwidXNlciI6ImFkbWluIn0=\n': \
http://10.11.19.104:8000/restapi/v2/virtual_service_groups

它会给我一个回复列表(在这种情况下)我的虚拟服务组,它可以与cURL一起使用。

现在,当我尝试使用ansible执行相同的操作时,验证的第一步成功(我甚至可以使用cURL生成的令牌并接受它),但是第二步运行命令生成的令牌总是给我401错误(凭证无效):

- name: login into the load balancer
  uri:
    url: "{{ barracuda_url }}/login"
    method: POST
    body_format: json
    body:
      username: "{{ barracuda_user }}"
      password: "{{ barracuda_pass }}"
    headers:
      Content-Type: application/json
    return_content: yes
    force_basic_auth: yes
  register: login
  tags: login, debug

- debug: msg="{{ login.json.token }}"
  tags: debug

- name: get
  uri:
    url: "{{ barracuda_url }}/virtual_service_groups"
    method: GET
    body_format: json
    user: "{{ login.json.token }}:"
    headers:
      Content-Type: application/json
    return_content: yes
    force_basic_auth: yes
  register: response

我的剧本输出:

TASK [loadbalancer : login into the load balancer] *****************************
ok: [localhost]

TASK [loadbalancer : debug] ****************************************************
ok: [localhost] => {
    "msg": "eyJldCI9IjE0ODQ2MDcxNTAiXCJwYXNzd29yZCI6IjRmM2TlYWMwN2ExNmUxYWFhNGEwNTU5NTMw\nZGQ3ZmM3IiwiaXNlciI6IndpYSJ9\n"
}

TASK [loadbalancer : get] ******************************************************
fatal: [localhost]: FAILED! => {"changed": false, "connection": "close", "content": "{\"error\":{\"msg\":\"Please log in to get valid token\",\"status\":401,\"type\":\"Invalid Credentials\"}}", "content_type": "application/json; charset=utf8", "date": "Mon, 16 Jan 2017 22:32:30 GMT", "failed": true, "json": {"error": {"msg": "Please log in to get valid token", "status": 401, "type": "Invalid Credentials"}}, "msg": "Status code was not [200]: HTTP Error 401: ", "redirected": false, "server": "BarracudaHTTP 4.0", "status": 401, "transfer_encoding": "chunked", "url": "http://10.11.19.104:8000/restapi/v2/virtual_service_groups"}

1 个答案:

答案 0 :(得分:0)

"{{ login.json.token }}:"参数中的user中删除冒号。使用:

user: "{{ login.json.token }}"

冒号不是用户名的一部分,而是curl语法(在您的示例中用于避免交互式密码提示):

-u, --user <user:password>
    [ ]
    If you simply specify the user name, curl will prompt for a password.
相关问题
最新问题