API call using Ansible uri module

5
votes

I am trying to use the Ansible uri module to communicate with DeployHQ's API.

Here is the example DeployHQ's documentation that I am trying to use from Ansible:

curl -H "Content-type: application/json" \
-H "Accept: application/json" \
--user [email protected]:my-api-key \
-d '{"deployment":{ "parent_identifier":"7563d091-ca73-588e-cfe2- e4936f190145", \
  "start_revision" : "e84b5937f1132932dd56026db26a76f406555c19", \
  "end_revision" : "e84b5937f1132932dd56026db26a76f406555c19", \
  "mode" : "queue", \
  "copy_config_files" : 1, \
  "email_notify" : 1 \
}}' http://test.deployhq.com/projects/project/deployments/

This is how I am sending it via Ansible:

- uri:
    url: https://cepr.deployhq.com/projects/cepr-live/servers
    user: [email protected]:secret_api_key
    body_format: json
    method: GET
    headers:
      Content-Type: application/json
      Accept: application/json
    deployment:
      parent_identifier: id
      start_revision: my_start_rev
      end_revision: my_end_rev
      mode: queue
      copy_config_files: 1
      email_notify: 1
    return_content: yes

The issue is that I am getting a 403 response back (access denied), so it is something to do with passing them the --user parameters. I have no issue at all sending the cURL request from the cli, so the user creds passed in --user are correct. DeployHQ can see from their logs that the json request looks correct but it not authenticated (obviously they cannot view the headers for security reasons).

It must be simple but I have spent all afternoon and tried many combinations of user: (including and user: and password: for the api key) - in the body: and out of the body: (as above). DeployHQ support say they use basic http_auth and so I have tried these combinations with the parameter: 

force_basic_auth: yes

I have also tried passing the --user in the url. No luck at all.

Has anyone else done this?!

SOLVED...

- uri:
    url: https://cepr.deployhq.com/projects/cepr-live/servers
    user: [email protected]
    password: secret_api_key
    force_basic_auth: yes
    ....

All on the same level.. Many thanks for comments making me go back to to password field.

2
curlansiblecredentials
Did you try with user and password options, instead of appending the secret key in user? The documentation for ansible uri plugin lists user as only the username, so I assume you need both.user
Done it - and it was so simple in the end, it must have been one of the combinations I did not try, You do need the user: and password: elements, but you also need the the 'force_basic_auth: yes' straight afterwards....ChumKui

2 Answers

3
votes

According to the ansible uri documentation, there is also a password field. It also looks like user is supposed to be only the username. Did you try something like:

- uri:
    url: https://cepr.deployhq.com/projects/cepr-live/servers
    user: [email protected]
    password: secret_api_key
    body_format: json
    method: GET
    headers:
      Content-Type: application/json
      Accept: application/json
    deployment:
      parent_identifier: id
      start_revision: my_start_rev
      end_revision: my_end_rev
      mode: queue
      copy_config_files: 1
      email_notify: 1
    return_content: yes
0
votes

Set force_basic_auth:

- name: call an api
  vars:
    cust_id: "123"
  uri:
    url: "url"
    url_username: "username"
    url_password: "password"
    force_basic_auth: yes
    method: PUT
    headers:
      xyz: true
    body_format: json
    body: "{{ cust_id }}"