cyberark · Pooja-Gangwar · Jan 7, 2023 · Jan 7, 2023
@@ -34,7 +34,7 @@ jobs:
           - stable-2.10
           - stable-2.11
           - stable-2.12
-          - devel
+          # - devel
         python:
           - 3.9
     runs-on: ubuntu-latest

@@ -102,6 +102,7 @@
 from ansible.module_utils.urls import open_url
 from ansible.utils.display import Display
 import ssl
+from pathlib import Path
 
 display = Display()
 
@@ -176,9 +177,18 @@ def _fetch_conjur_token(conjur_url, account, username, api_key, validate_certs,
                         validate_certs=validate_certs,
                         ca_path=cert_file)
     code = response.getcode()
-    if code != 200:
-        raise AnsibleError('Failed to authenticate as \'{0}\' (got {1} response)'
+    if response.getcode() == 200:
+        display.vvvv('Conjur token was successfully retrieved and authorized with {0} code and {1} username '.format(code, username))
+        return response.read()
+    if response.getcode() == 401:
+        raise AnsibleError('Conjur request has invalid authorization credentials as {0} and {1} response'.format(code, username))
+    if response.getcode() == 403:
+        raise AnsibleError('The controlling host\'s Conjur identity does not have authorization as \'{0}\' (got {1} response)'
                            .format(username, code))
+    if response.getcode() == 404:
+        raise AnsibleError('The token does not exist with {0} response '.format(code))
+    if response.getcode() == 500:
+        raise AnsibleError('Internal Server Error with {0} response'.format(code))
 
     return response.read()
 
@@ -212,15 +222,6 @@ def decorator(*args, **kwargs):
     return parameters_wrapper
 
 
-@retry(retries=5, retry_interval=10)
-def _repeat_open_url(url, headers=None, method=None, validate_certs=True, ca_path=None):
-    return open_url(url,
-                    headers=headers,
-                    method=method,
-                    validate_certs=validate_certs,
-                    ca_path=ca_path)
-
-
 # Retrieve Conjur variable using the temporary token
 def _fetch_conjur_variable(conjur_variable, token, conjur_url, account, validate_certs, cert_file):
     token = b64encode(token)
@@ -250,6 +251,24 @@ def _fetch_conjur_variable(conjur_variable, token, conjur_url, account, validate
     return {}
 
 
+@retry(retries=5, retry_interval=10)
+def _open_url(conjur_url, api_key=None, method=None, validate_certs=True, cert_file=None):
+    return open_url(conjur_url,
+                    data=api_key,
+                    method=method,
+                    validate_certs=validate_certs,
+                    ca_path=cert_file)
+
+
+@retry(retries=5, retry_interval=10)
+def _repeat_open_url(url, headers=None, method=None, validate_certs=True, ca_path=None):
+    return open_url(url,
+                    headers=headers,
+                    method=method,
+                    validate_certs=validate_certs,
+                    ca_path=ca_path)
+
+
 def _default_tmp_path():
     if os.access("/dev/shm", os.W_OK):
         return "/dev/shm"

@@ -51,6 +51,34 @@ def test_fetch_conjur_token(self, mock_open_url):
                                          ca_path="cert_file")
         self.assertEquals("response body", result)
 
+    @patch('ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable.open_url')
+    def test_fetch_conjur_token_401(self, mock_open_url):
+        mock_response = MagicMock()
+        mock_response.getcode.return_value == 401
+        mock_response.read.return_value = "Conjur request has invalid authorization credentials"
+        mock_open_url.return_value = mock_response
+        result = _fetch_conjur_token("url", "account", "username1", "api_key", True, "cert_file")
+        mock_open_url.assert_called_with("url/authn/account/username1/authenticate",
+                                         data="api_key",
+                                         method="POST",
+                                         validate_certs=True,
+                                         ca_path="cert_file")
+        self.assertEquals("Conjur request has invalid authorization credentials", result)
+
+    @patch('ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable.open_url')
+    def test_fetch_conjur_token_500(self, mock_open_url):
+        mock_response = MagicMock()
+        mock_response.getcode.return_value == 500
+        mock_response.read.return_value = "Internal Server Error"
+        mock_open_url.return_value = mock_response
+        result = _fetch_conjur_token("url", "account", "username1", "api_key", True, "cert_file")
+        mock_open_url.assert_called_with("url/authn/account/username1/authenticate",
+                                         data="api_key",
+                                         method="POST",
+                                         validate_certs=True,
+                                         ca_path="cert_file")
+        self.assertEquals("Internal Server Error", result)
+
     @patch('ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable._repeat_open_url')
     def test_fetch_conjur_variable(self, mock_repeat_open_url):
         mock_response = MagicMock()
@@ -69,7 +97,7 @@ def test_fetch_conjur_variable(self, mock_repeat_open_url):
     @patch('ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable._fetch_conjur_token')
     @patch('ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable._merge_dictionaries')
     def test_run(self, mock_merge_dictionaries, mock_fetch_conjur_token, mock_fetch_conjur_variable):
-        mock_fetch_conjur_token.return_value = "token"
+        mock_fetch_conjur_token.return_value = b'token'
         mock_fetch_conjur_variable.return_value = ["conjur_variable"]
         mock_merge_dictionaries.side_effect = [
             {'account': 'fakeaccount', 'appliance_url': 'https://conjur-fake', 'cert_file': './conjurfake.pem'},
@@ -86,7 +114,7 @@ def test_run(self, mock_merge_dictionaries, mock_fetch_conjur_token, mock_fetch_
     @patch('ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable._fetch_conjur_token')
     @patch('ansible_collections.cyberark.conjur.plugins.lookup.conjur_variable._merge_dictionaries')
     def test_retrieve_to_file(self, mock_merge_dictionaries, mock_fetch_conjur_token, mock_fetch_conjur_variable):
-        mock_fetch_conjur_token.return_value = "token"
+        mock_fetch_conjur_token.return_value = b'token'
         mock_fetch_conjur_variable.return_value = ["conjur_variable"]
         mock_merge_dictionaries.side_effect = [
             {'account': 'fakeaccount', 'appliance_url': 'https://conjur-fake', 'cert_file': './conjurfake.pem'},