Add support for users/sites to tenants (#50924)

* Add support for users/sites to tenants * Better work-around
2019-01-15 11:49:54 +01:00 · 2019-01-15 11:49:54 +01:00 · 27f4a1f927
commit 27f4a1f927
parent 077d6a63c1
2 changed files with 70 additions and 4 deletions
--- a/lib/ansible/module_utils/network/aci/msc.py
+++ b/lib/ansible/module_utils/network/aci/msc.py
@ -31,11 +31,17 @@

 from copy import deepcopy
 from ansible.module_utils.basic import AnsibleModule, json
+from ansible.module_utils.six import PY3
 from ansible.module_utils.six.moves.urllib.parse import urlencode, urljoin
 from ansible.module_utils.urls import fetch_url
 from ansible.module_utils._text import to_native, to_bytes


+if PY3:
+    def cmp(a, b):
+        return (a > b) - (a < b)
+
+
 def issubset(subset, superset):
    ''' Recurse through nested dictionary and compare entries '''

@ -52,6 +58,10 @@ def issubset(subset, superset):
        return False

    for key, value in subset.items():
+        # Ignore empty values
+        if value is None:
+            return True
+
        # Item from subset is missing from superset
        if key not in superset:
            return False
@ -65,8 +75,14 @@ def issubset(subset, superset):
            if not issubset(superset[key], value):
                return False
        elif isinstance(value, list):
+            try:
+                # NOTE: Fails for lists of dicts
                if not set(value) <= set(superset[key]):
                    return False
+            except TypeError:
+                # Fall back to exact comparison for lists of dicts
+                if not cmp(value, superset[key]):
+                    return False
        elif isinstance(value, set):
            if not value <= superset[key]:
                return False
@ -268,6 +284,36 @@ class MSCModule(object):
            ids.append(dict(roleId=r['id']))
        return ids

+    def lookup_sites(self, sites):
+        ''' Look up sites and return their ids '''
+        if sites is None:
+            return sites
+
+        ids = []
+        for site in sites:
+            s = self.get_obj('sites', name=site)
+            if not s:
+                self.module.fail_json(msg="Site '%s' is not valid." % site)
+            if 'id' not in s:
+                self.module.fail_json(msg="Site lookup failed for '%s': %s" % (site, s))
+            ids.append(dict(siteId=s['id'], securityDomains=[]))
+        return ids
+
+    def lookup_users(self, users):
+        ''' Look up users and return their ids '''
+        if users is None:
+            return users
+
+        ids = []
+        for user in users:
+            u = self.get_obj('users', username=user)
+            if not u:
+                self.module.fail_json(msg="User '%s' is not valid." % user)
+            if 'id' not in u:
+                self.module.fail_json(msg="User lookup failed for '%s': %s" % (user, u))
+            ids.append(dict(userId=u['id']))
+        return ids
+
    def create_label(self, label, label_type):
        ''' Create a new label '''
        return self.request('labels', method='POST', data=dict(displayName=label, type=label_type))
--- a/lib/ansible/modules/network/aci/msc_tenant.py
+++ b/lib/ansible/modules/network/aci/msc_tenant.py
@ -40,6 +40,16 @@ options:
    description:
    - The description for this tenant.
    type: str
+  users:
+    description:
+    - A list of allowed users for this tenant.
+    - Using this property will replace any existing allowed users.
+    type: list
+  sites:
+    description:
+    - A list of allowed sites for this tenant.
+    - Using this property will replace any existing allowed sites.
+    type: list
  state:
    description:
    - Use C(present) or C(absent) for adding or removing.
@ -106,6 +116,8 @@ def main():
        display_name=dict(type='str'),
        tenant=dict(type='str', required=False, aliases=['name', 'tenant_name']),
        tenant_id=dict(type='str', required=False),
+        users=dict(type='list'),
+        sites=dict(type='list'),
        state=dict(type='str', default='present', choices=['absent', 'present', 'query']),
    )

@ -126,6 +138,10 @@ def main():

    msc = MSCModule(module)

+    # Convert sites and users
+    sites = msc.lookup_sites(module.params['sites'])
+    users = msc.lookup_users(module.params['users'])
+
    path = 'tenants'

    # Query for existing object(s)
@ -166,8 +182,8 @@ def main():
            id=tenant_id,
            name=tenant,
            displayName=display_name,
-            siteAssociations=[],
-            userAssociations=[dict(userId="0000ffff0000000000000020")],
+            siteAssociations=sites,
+            userAssociations=users,
        )

        msc.sanitize(payload, collate=True)
@ -176,6 +192,10 @@ def main():
        if msc.sent.get('displayName') is None:
            msc.sent['displayName'] = tenant

+        # Ensure tenant has at least admin user
+        if msc.sent.get('userAssociations') is None:
+            msc.sent['userAssociations'] = [dict(userId="0000ffff0000000000000020")]
+
        if msc.existing:
            if not issubset(msc.sent, msc.existing):
                if module.check_mode: