cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

VMware: new module: vmware_local_role_facts (#44553)

Browse source 
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This commit is contained in:
Abhijeet Kasurde 2018-08-24 10:00:40 +05:30 committed by GitHub
parent c2d16b754d
commit 33f5b1aa0f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 199 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

128
lib/ansible/modules/cloud/vmware/vmware_local_role_facts.py Normal file
View file

@ -0,0 +1,128 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright: (c) 2018, Abhijeet Kasurde <akasurde@redhat.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {
'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'
}
DOCUMENTATION = '''
---
module: vmware_local_role_facts
short_description: Gather facts about local roles on an ESXi host
description:
- This module can be used to gather facts about local role facts on an ESXi host
version_added: 2.7
author:
- Abhijeet Kasurde (@Akasurde)
notes:
- Tested on ESXi 6.5
- Be sure that the ESXi user used for login, has the appropriate rights to view roles
requirements:
- "python >= 2.6"
- PyVmomi
extends_documentation_fragment: vmware.documentation
'''
EXAMPLES = '''
- name: Gather facts about local role from an ESXi
vmware_local_role_facts:
hostname: '{{ esxi_hostname }}'
username: '{{ esxi_username }}'
password: '{{ esxi_password }}'
register: fact_details
delegate_to: localhost
- name: Get Admin privileges
set_fact:
admin_priv: "{{ fact_details.local_role_facts['Admin']['privileges'] }}"
- debug:
msg: "{{ admin_priv }}"
'''
RETURN = r'''
local_role_facts:
description: Facts about role present on ESXi host
returned: always
type: dict
sample: {
"AnsiUser1": {
"privileges": [
"Alarm.Acknowledge",
"Alarm.Create",
"Alarm.Delete",
"Alarm.DisableActions",
],
"role_id": -12,
"role_info_label": "Ansible User",
"role_info_summary": "Ansible Automation user",
"role_system": true
},
"NoAccess": {
"privileges": [],
"role_id": -5,
"role_info_label": "No access",
"role_info_summary": "Used for restricting granted access",
"role_system": true
},
"View": {
"privileges": [
"System.Anonymous",
"System.View"
],
"role_id": -3,
"role_info_label": "View",
"role_info_summary": "Visibility access (cannot be granted)",
"role_system": true
}
}
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.vmware import PyVmomi, vmware_argument_spec
class VMwareLocalRoleFacts(PyVmomi):
def __init__(self, module):
super(VMwareLocalRoleFacts, self).__init__(module)
self.module = module
self.params = module.params
if self.content.authorizationManager is None:
self.module.fail_json(msg="Failed to get local authorization manager settings.",
details="It seems that %s is a vCenter server "
"instead of an ESXi server" % self.params['hostname'])
def gather_local_role_facts(self):
results = dict()
for role in self.content.authorizationManager.roleList:
results[role.name] = dict(
role_id=role.roleId,
privileges=[priv_name for priv_name in role.privilege],
role_system=role.system,
role_info_label=role.info.label,
role_info_summary=role.info.summary,
)
self.module.exit_json(changed=False, local_role_facts=results)
def main():
argument_spec = vmware_argument_spec()
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
vmware_local_role_facts = VMwareLocalRoleFacts(module)
vmware_local_role_facts.gather_local_role_facts()
if __name__ == '__main__':
main()

2
test/integration/targets/vmware_local_role_facts/aliases Normal file
View file

@ -0,0 +1,2 @@
shippable/vcenter/group1
cloud/vcenter

69
test/integration/targets/vmware_local_role_facts/tasks/main.yml Normal file
View file

@ -0,0 +1,69 @@
# Test code for the vmware_local_role_facts module
# Copyright: (c) 2018, Abhijeet Kasurde <akasurde@redhat.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: store the vcenter container ip
set_fact:
vcsim: "{{ lookup('env', 'vcenter_host') }}"
- debug: var=vcsim
- name: Wait for Flask controller to come up online
wait_for:
host: "{{ vcsim }}"
port: 5000
state: started
- name: kill vcsim
uri:
url: http://{{ vcsim }}:5000/killall
- name: start vcsim
uri:
url: http://{{ vcsim }}:5000/spawn?esx=1
register: vcsim_instance
- name: Wait for Flask controller to come up online
wait_for:
host: "{{ vcsim }}"
port: 443
state: started
- debug: var=vcsim_instance
- name: Gather facts about local role on ESXi
vmware_local_role_facts:
hostname: "{{ vcsim }}"
username: "{{ vcsim_instance['json']['username'] }}"
password: "{{ vcsim_instance['json']['password'] }}"
validate_certs: no
register: fact_details
- name: verify if role is defined
assert:
that:
- "{{ fact_details.changed == false }}"
- "{{ fact_details.local_role_facts['Admin']['privileges'] is defined }}"
- "{{ fact_details.local_role_facts['Admin']['role_id'] is defined }}"
- "{{ fact_details.local_role_facts['Admin']['role_info_label'] is defined }}"
- "{{ fact_details.local_role_facts['Admin']['role_info_summary'] is defined }}"
- "{{ fact_details.local_role_facts['Admin']['role_system'] is defined }}"
- name: Gather facts about local role on ESXi in check mode
vmware_local_role_facts:
hostname: "{{ vcsim }}"
username: "{{ vcsim_instance['json']['username'] }}"
password: "{{ vcsim_instance['json']['password'] }}"
validate_certs: no
register: fact_details
check_mode: yes
- name: verify if role is defined in check mode
assert:
that:
- "{{ fact_details.changed == false }}"
- "{{ fact_details.local_role_facts['Admin']['privileges'] is defined }}"
- "{{ fact_details.local_role_facts['Admin']['role_id'] is defined }}"
- "{{ fact_details.local_role_facts['Admin']['role_info_label'] is defined }}"
- "{{ fact_details.local_role_facts['Admin']['role_info_summary'] is defined }}"
- "{{ fact_details.local_role_facts['Admin']['role_system'] is defined }}"