Implement basic Hetzner API support for storagebox and storagebox_info (#166)

* Rename unit tests for legacy API.

* Implement basic Hetzner API support for storagebox_info.

* Add changelog fragment.

* Implement basic Hetzner API support for storagebox.

* Adjust imports.

* Do not count not used code path for coverage.

* Update docs.

Author: felixfontein

antsibull-nox.toml

@@ -45,6 +45,20 @@ pattern = "^.*$"
 exclusions = []
 doc_fragment = "community.hrobot.attributes.actiongroup_robot"
 
+[[sessions.extra_checks.action_groups_config]]
+name = "api"
+pattern = "^storagebox.*$"
+exclusions = [
+    "storagebox_set_password",
+    "storagebox_snapshot_info",
+    "storagebox_snapshot_plan_info",
+    "storagebox_snapshot_plan",
+    "storagebox_snapshot",
+    "storagebox_subaccount_info",
+    "storagebox_subaccount",
+]
+doc_fragment = "community.hrobot.attributes.actiongroup_api"
+
 [sessions.build_import_check]
 run_galaxy_importer = true
 

changelogs/fragments/166-storagebox.yml

@@ -0,0 +1,11 @@
+known_issues:
+  - "storagebox* modules - the Hetzner Robot API for storage boxes is
+     `deprecated and will be sunset on July 30, 2025 <https://docs.hetzner.cloud/changelog#2025-06-25-new-api-for-storage-boxes>`__.
+     The modules are currently not compatible with the new API. We will try to adjust them until then,
+     but usage and return values might change slightly due to differences in the APIs.
+
+     For the new API, an API token needs to be registered and provided as ``hetzner_token``
+     (https://github.com/ansible-collections/community.hrobot/pull/166)."
+minor_changes:
+  - "storagebox - support the new Hetzner API (https://github.com/ansible-collections/community.hrobot/pull/166)."
+  - "storagebox_info - support the new Hetzner API (https://github.com/ansible-collections/community.hrobot/pull/166)."

meta/runtime.yml

@@ -28,3 +28,6 @@ action_groups:
     - storagebox_subaccount
     - storagebox_subaccount_info
     - v_switch
+  api:
+    - storagebox
+    - storagebox_info

plugins/doc_fragments/api.py

@@ -0,0 +1,49 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2025 Felix Fontein <[email protected]>
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+class ModuleDocFragment(object):
+
+    # Standard files documentation fragment
+    DOCUMENTATION = r"""
+options:
+  hetzner_token:
+    description:
+      - The API token for the Robot web-service user.
+    type: str
+    required: true
+  rate_limit_retry_timeout:
+    description:
+      - Timeout (in seconds) for waiting when rate limit exceeded errors are returned.
+      - Set to V(0) to not retry.
+      - Set to a negative value like V(-1) to retry forever.
+    type: int
+    default: -1
+"""
+
+    # Only for transition period
+    _ROBOT_COMPAT_SHIM = r"""
+options:
+  hetzner_token:
+    description:
+      - The API token for the Robot web-service user.
+      - One of O(hetzner_token) and O(hetzner_user) must be specified.
+    required: false
+  hetzner_user:
+    description:
+      - The username for the Robot web-service user.
+      - One of O(hetzner_token) and O(hetzner_user) must be specified.
+      - If O(hetzner_user) is specified, O(hetzner_password) must also be specified, and O(hetzner_token) must not be specified.
+    required: false
+  hetzner_password:
+    description:
+      - The password for the Robot web-service user.
+      - If O(hetzner_password) is specified, O(hetzner_user) must also be specified, and O(hetzner_token) must not be specified.
+    required: false
+"""

plugins/doc_fragments/attributes.py

@@ -58,6 +58,28 @@ class ModuleDocFragment(object):
       - community.hrobot.robot
 '''
 
+    ACTIONGROUP_API = r'''
+options: {}
+attributes:
+  action_group:
+    description: Use C(group/community.hrobot.api) in C(module_defaults) to set defaults for this module.
+    support: full
+    membership:
+      - community.hrobot.api
+'''
+
+    # Only for transition period
+    _ACTIONGROUP_ROBOT_AND_API = r'''
+options: {}
+attributes:
+  action_group:
+    description: Use C(group/community.hrobot.robot) or C(group/community.hrobot.api) in C(module_defaults) to set defaults for this module.
+    support: full
+    membership:
+      - community.hrobot.api
+      - community.hrobot.robot
+'''
+
     CONN = r"""
 options: {}
 attributes:

plugins/doc_fragments/robot.py

@@ -14,11 +14,13 @@ class ModuleDocFragment(object):
     DOCUMENTATION = r"""
 options:
   hetzner_user:
-    description: The username for the Robot web-service user.
+    description:
+      - The username for the Robot web-service user.
     type: str
     required: true
   hetzner_password:
-    description: The password for the Robot web-service user.
+    description:
+      - The password for the Robot web-service user.
     type: str
     required: true
   rate_limit_retry_timeout:

plugins/inventory/robot.py

@@ -99,9 +99,11 @@
 
 from ansible_collections.community.library_inventory_filtering_v1.plugins.plugin_utils.inventory_filter import parse_filters, filter_host
 
+from ansible_collections.community.hrobot.plugins.module_utils.common import (
+    PluginException,
+)
 from ansible_collections.community.hrobot.plugins.module_utils.robot import (
     BASE_URL,
-    PluginException,
     plugin_open_url_json,
 )
 from ansible_collections.community.hrobot.plugins.plugin_utils.unsafe import make_unsafe

plugins/module_utils/api.py

@@ -0,0 +1,250 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2025 Felix Fontein <[email protected]>
+# Simplified BSD License (see LICENSES/BSD-2-Clause.txt or https://opensource.org/licenses/BSD-2-Clause)
+# SPDX-License-Identifier: BSD-2-Clause
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+
+from ansible.module_utils.six import PY3
+from ansible.module_utils.six.moves.urllib.parse import urlencode
+from ansible.module_utils.urls import fetch_url
+
+import time
+
+from ansible_collections.community.hrobot.plugins.module_utils.common import (  # pylint: disable=unused-import
+    CheckDoneTimeoutException,
+)
+
+
+API_DEFAULT_ARGUMENT_SPEC = dict(
+    hetzner_token=dict(type='str', required=True, no_log=True),
+    rate_limit_retry_timeout=dict(type='int', default=-1),
+)
+
+_API_DEFAULT_ARGUMENT_SPEC_COMPAT = dict(
+    hetzner_token=dict(type='str', required=False, no_log=True),
+)
+
+# The API endpoint is fixed.
+API_BASE_URL = "https://api.hetzner.com"
+
+
+_RATE_LIMITING_ERROR = 'rate_limit_exceeded'
+_RATE_LIMITING_START_DELAY = 5
+
+
+def format_api_error_msg(error, rate_limit_timeout=None):
+    # Reference: https://docs.hetzner.cloud/reference/hetzner#errors
+    msg = 'Request failed: [{0}] {1}'.format(
+        error['code'],
+        error['message'],
+    )
+    if error.get('details'):
+        msg += ". Details: {0}".format(error['details'])
+    return msg
+
+
+def raw_api_fetch_url_json(
+    module,
+    url,
+    method='GET',
+    timeout=10,
+    data=None,
+    headers=None,
+    accept_errors=None,
+    # allow_empty_result=False,
+    # allowed_empty_result_status_codes=(),
+    rate_limit_timeout=None,
+):
+    '''
+    Make general request to Hetzner's API.
+    Does not handle rate limiting especially.
+    '''
+    actual_headers = {
+        "Authorization": "Bearer {0}".format(module.params['hetzner_token']),
+    }
+    if headers:
+        actual_headers.update(headers)
+    accept_errors = accept_errors or ()
+
+    resp, info = fetch_url(module, url, method=method, timeout=timeout, data=data, headers=actual_headers)
+    try:
+        # In Python 2, reading from a closed response yields a TypeError.
+        # In Python 3, read() simply returns ''
+        if PY3 and resp.closed:
+            raise TypeError
+        content = resp.read()
+    except (AttributeError, TypeError):
+        content = info.pop('body', None)
+
+    if not content:
+        # if allow_empty_result and info.get('status') in allowed_empty_result_status_codes:
+        #     return None, info, None
+        module.fail_json(
+            msg='Cannot retrieve content from {0} {1}, HTTP status code {2} ({3})'.format(
+                method, url, info.get('status'), info.get('msg')
+            )
+        )
+
+    try:
+        result = module.from_json(content.decode('utf8'))
+        if 'error' in result:
+            if result['error']['code'] in accept_errors:
+                return result, info, result['error']['code']
+            module.fail_json(
+                msg=format_api_error_msg(result['error'], rate_limit_timeout=rate_limit_timeout),
+                error=result['error'],
+            )
+        return result, info, None
+    except ValueError:
+        module.fail_json(msg='Cannot decode content retrieved from {0}'.format(url))
+
+
+def _handle_rate_limit(accept_errors, check_done_timeout, call):
+    original_accept_errors, accept_errors = accept_errors, accept_errors or ()
+    check_done_delay = _RATE_LIMITING_START_DELAY
+    if _RATE_LIMITING_ERROR in accept_errors or check_done_timeout == 0:
+        return call(original_accept_errors, None)
+    accept_errors = [_RATE_LIMITING_ERROR] + list(accept_errors)
+
+    start_time = time.time()
+    first = True
+    timeout = False
+    while True:
+        if first:
+            elapsed = 0
+            first = False
+        else:
+            elapsed = (time.time() - start_time)
+            if check_done_timeout > 0:
+                left_time = check_done_timeout - elapsed
+                wait = max(min(check_done_delay, left_time), 0)
+                timeout = left_time <= check_done_delay
+            else:
+                wait = check_done_delay
+            time.sleep(wait)
+        result, info, error = call(
+            original_accept_errors if timeout else accept_errors,
+            elapsed,
+        )
+        if error != _RATE_LIMITING_ERROR:
+            return result, info, error
+        # TODO: is there a hint how much time we should wait?
+        # If yes, adjust check_done_delay accordingly!
+
+
+def api_fetch_url_json(
+    module,
+    url,
+    method='GET',
+    timeout=10,
+    data=None,
+    headers=None,
+    accept_errors=None,
+    # allow_empty_result=False,
+    # allowed_empty_result_status_codes=(),
+):
+    '''
+    Make general request to Hetzner's API.
+    '''
+    def call(accept_errors_, rate_limit_timeout):
+        return raw_api_fetch_url_json(
+            module,
+            url,
+            method=method,
+            timeout=timeout,
+            data=data,
+            headers=headers,
+            accept_errors=accept_errors_,
+            # allow_empty_result=allow_empty_result,
+            # allowed_empty_result_status_codes=allowed_empty_result_status_codes,
+            rate_limit_timeout=rate_limit_timeout,
+        )
+
+    return _handle_rate_limit(
+        accept_errors,
+        module.params['rate_limit_retry_timeout'],
+        call,
+    )
+
+
+def deterministic_urlencode(data, **kwargs):
+    """
+    Same as urlencode(), but the keys are sorted lexicographically.
+    """
+    result = []
+    for key, value in sorted(data.items()):
+        result.append(urlencode({key: value}, **kwargs))
+    return '&'.join(result)
+
+
+def api_fetch_url_json_list(
+    module,
+    url,
+    data_key,
+    method='GET',
+    timeout=10,
+    headers=None,
+    page_size=100,
+):
+    '''
+    Completely request a paginated list from Hetzner's API.
+    '''
+    page = 1
+    last_page = None
+    result_list = []
+    while page is not None and (last_page is None or last_page >= page):
+        page_url = '{0}{1}{2}'.format(url, '&' if '?' in url else '?', deterministic_urlencode({"page": str(page), "per_page": page_size}))
+        result, dummy, dummy2 = api_fetch_url_json(
+            module,
+            page_url,
+            method=method,
+            timeout=timeout,
+            headers=headers,
+        )
+        if isinstance(result.get(data_key), list):
+            result_list += result[data_key]
+        if isinstance(result.get("meta"), dict) and isinstance(result["meta"].get("pagination"), dict):
+            pagination = result["meta"]["pagination"]
+            if isinstance(pagination.get("last_page"), int):
+                last_page = pagination["last_page"]
+            if isinstance(pagination.get("next_page"), int):
+                page = pagination["next_page"]
+            else:
+                page += 1
+        elif not result.get(data_key):
+            break
+        else:
+            page += 1
+    return result_list
+
+
+def api_fetch_url_json_with_retries(module, url, check_done_callback, check_done_delay=10, check_done_timeout=180, skip_first=False, **kwargs):
+    '''
+    Make general request to Hetzner's API, with retries until a condition is satisfied.
+
+    The condition is tested by calling ``check_done_callback(result, error)``. If it is not satisfied,
+    it will be retried with delays ``check_done_delay`` (in seconds) until a total timeout of
+    ``check_done_timeout`` (in seconds) since the time the first request is started is reached.
+
+    If ``skip_first`` is specified, will assume that a first call has already been made and will
+    directly start with waiting.
+    '''
+    start_time = time.time()
+    if not skip_first:  # pragma: no cover
+        raise AssertionError("Code path not yet available")  # pragma: no cover
+        # result, error = api_fetch_url_json(module, url, **kwargs)
+        # if check_done_callback(result, error):
+        #     return result, error
+    while True:
+        elapsed = (time.time() - start_time)
+        left_time = check_done_timeout - elapsed
+        time.sleep(max(min(check_done_delay, left_time), 0))
+        result, info, error = api_fetch_url_json(module, url, **kwargs)
+        if check_done_callback(result, info, error):
+            return result, info, error
+        if left_time < check_done_delay:
+            raise CheckDoneTimeoutException(result, error)