ovirt: get default auth/connection params from environment vars (#19385)

* cloud: ovirt: add possibility specify auth params in env vars

* module_utils: ovirt: fix pep8 issues

4 files changed, 42 insertions, 15 deletions

diff --git a/lib/ansible/module_utils/ovirt.py b/lib/ansible/module_utils/ovirt.py
index 7449c64d42..e044b878f2 100644
--- a/lib/ansible/module_utils/ovirt.py
+++ b/lib/ansible/module_utils/ovirt.py
@@ -19,6 +19,7 @@
 #
 
 import inspect
+import os
 import time
 
 from abc import ABCMeta, abstractmethod
@@ -28,7 +29,6 @@ from enum import Enum
 
 try:
     import ovirtsdk4 as sdk
-    import ovirtsdk4.types as otypes
     import ovirtsdk4.version as sdk_version
     HAS_SDK = LooseVersion(sdk_version.VERSION) >= LooseVersion('4.0.0')
 except ImportError:
@@ -126,6 +126,7 @@ def create_connection(auth):
         kerberos=auth.get('kerberos', None),
     )
 
+
 def convert_to_bytes(param):
     """
     This method convert units to bytes, which follow IEC standard.
@@ -209,7 +210,7 @@ def search_by_attributes(service, **kwargs):
     else:
         res = [
             e for e in service.list() if len([
-                 k for k, v in kwargs.items() if getattr(e, k, None) == v
+                k for k, v in kwargs.items() if getattr(e, k, None) == v
             ]) == len(kwargs)
         ]
 
@@ -279,6 +280,32 @@ def wait(
             time.sleep(float(poll_interval))
 
 
+def __get_auth_dict():
+    OVIRT_URL = os.environ.get('OVIRT_URL')
+    OVIRT_USERNAME = os.environ.get('OVIRT_USERNAME')
+    OVIRT_PASSWORD = os.environ.get('OVIRT_PASSWORD')
+    OVIRT_TOKEN = os.environ.get('OVIRT_TOKEN')
+    OVIRT_CAFILE = os.environ.get('OVIRT_CAFILE')
+    OVIRT_INSECURE = OVIRT_CAFILE is None
+
+    env_vars = None
+    if OVIRT_URL and ((OVIRT_USERNAME and OVIRT_PASSWORD) or OVIRT_TOKEN):
+        env_vars = {
+            'url': OVIRT_URL,
+            'username': OVIRT_USERNAME,
+            'password': OVIRT_PASSWORD,
+            'insecure': OVIRT_INSECURE,
+            'token': OVIRT_TOKEN,
+            'ca_file': OVIRT_CAFILE,
+        }
+    if env_vars is not None:
+        auth = dict(default=env_vars, type='dict')
+    else:
+        auth = dict(required=True, type='dict')
+
+    return auth
+
+
 def ovirt_facts_full_argument_spec(**kwargs):
     """
     Extend parameters of facts module with parameters which are common to all
@@ -288,7 +315,7 @@ def ovirt_facts_full_argument_spec(**kwargs):
     :return: extended dictionary with common parameters
     """
     spec = dict(
-        auth=dict(required=True, type='dict'),
+        auth=__get_auth_dict(),
         fetch_nested=dict(default=False, type='bool'),
         nested_attributes=dict(type='list'),
     )
@@ -304,7 +331,7 @@ def ovirt_full_argument_spec(**kwargs):
     :return: extended dictionary with common parameters
     """
     spec = dict(
-        auth=dict(required=True, type='dict'),
+        auth=__get_auth_dict(),
         timeout=dict(default=180, type='int'),
         wait=dict(default=True, type='bool'),
         poll_interval=dict(default=3, type='int'),
diff --git a/lib/ansible/modules/cloud/ovirt/ovirt_vms.py b/lib/ansible/modules/cloud/ovirt/ovirt_vms.py
index 59da64e195..fe2a765e03 100644
--- a/lib/ansible/modules/cloud/ovirt/ovirt_vms.py
+++ b/lib/ansible/modules/cloud/ovirt/ovirt_vms.py
@@ -719,7 +719,7 @@ def control_state(vm, vms_service, module):
         vm.status == otypes.VmStatus.UNKNOWN
     ):
         # Invalid states:
-        module.fail_json("Not possible to control VM, if it's in '{}' status".format(vm.status))
+        module.fail_json(msg="Not possible to control VM, if it's in '{}' status".format(vm.status))
     elif vm.status == otypes.VmStatus.POWERING_DOWN:
         if (force and state == 'stopped') or state == 'absent':
             vm_service.stop()
diff --git a/lib/ansible/utils/module_docs_fragments/ovirt.py b/lib/ansible/utils/module_docs_fragments/ovirt.py
index 37af795d83..d469ef83c1 100644
--- a/lib/ansible/utils/module_docs_fragments/ovirt.py
+++ b/lib/ansible/utils/module_docs_fragments/ovirt.py
@@ -41,17 +41,17 @@ options:
         required: True
         description:
             - "Dictionary with values needed to create HTTP/HTTPS connection to oVirt:"
-            - "C(username)[I(required)] - The name of the user, something like `I(admin@internal)`."
-            - "C(password)[I(required)] - The password of the user."
+            - "C(username)[I(required)] - The name of the user, something like `I(admin@internal)`. Default value is set by I(OVIRT_USERNAME) environment variable."
+            - "C(password)[I(required)] - The password of the user. Default value is set by I(OVIRT_PASSWORD) environment variable."
             - "C(url)[I(required)] - A string containing the base URL of the server, usually
-            something like `I(https://server.example.com/ovirt-engine/api)`."
-            - "C(token) - Token to be used instead of login with username/password."
+            something like `I(https://server.example.com/ovirt-engine/api)`. Default value is set by I(OVIRT_URL) environment variable."
+            - "C(token) - Token to be used instead of login with username/password. Default value is set by I(OVIRT_TOKEN) environment variable."
             - "C(insecure) - A boolean flag that indicates if the server TLS
             certificate and host name should be checked."
             - "C(ca_file) - A PEM file containing the trusted CA certificates. The
             certificate presented by the server will be verified using these CA
             certificates. If `C(ca_file)` parameter is not set, system wide
-            CA certificate store is used."
+            CA certificate store is used. Default value is set by I(OVIRT_CAFILE) environment variable."
             - "C(kerberos) - A boolean flag indicating if Kerberos authentication
             should be used instead of the default basic authentication."
     timeout:
diff --git a/lib/ansible/utils/module_docs_fragments/ovirt_facts.py b/lib/ansible/utils/module_docs_fragments/ovirt_facts.py
index 571ae6ca20..6fc690589d 100644
--- a/lib/ansible/utils/module_docs_fragments/ovirt_facts.py
+++ b/lib/ansible/utils/module_docs_fragments/ovirt_facts.py
@@ -38,17 +38,17 @@ options:
         required: True
         description:
             - "Dictionary with values needed to create HTTP/HTTPS connection to oVirt:"
-            - "C(username)[I(required)] - The name of the user, something like `I(admin@internal)`."
-            - "C(password)[I(required)] - The password of the user."
+            - "C(username)[I(required)] - The name of the user, something like `I(admin@internal)`. Default value is set by I(OVIRT_USERNAME) environment variable."
+            - "C(password)[I(required)] - The password of the user. Default value is set by I(OVIRT_PASSWORD) environment variable."
             - "C(url)[I(required)] - A string containing the base URL of the server, usually
-            something like `I(https://server.example.com/ovirt-engine/api)`."
-            - "C(token) - Token to be used instead of login with username/password."
+            something like `I(https://server.example.com/ovirt-engine/api)`. Default value is set by I(OVIRT_URL) environment variable."
+            - "C(token) - Token to be used instead of login with username/password. Default value is set by I(OVIRT_TOKEN) environment variable."
             - "C(insecure) - A boolean flag that indicates if the server TLS
             certificate and host name should be checked."
             - "C(ca_file) - A PEM file containing the trusted CA certificates. The
             certificate presented by the server will be verified using these CA
             certificates. If `C(ca_file)` parameter is not set, system wide
-            CA certificate store is used."
+            CA certificate store is used. Default value is set by I(OVIRT_CAFILE) environment variable."
             - "C(kerberos) - A boolean flag indicating if Kerberos authentication
             should be used instead of the default basic authentication."
 requirements: