Add ovirt role (#54600)

* innit of ovirt_role.py

* put permits to build_entity

* add manual update to role permit

* ovirt role add docs

* ovirt_role update syntax

* ovirt role dont use permit name

* use correct syntax fo get_all_permits

* add role description

* ovirt role update whitespace

* update pep8 syntax

* update permits description

* ovirt role add check_mode

* add remove all permits example

* update examples spacing
This commit is contained in:
Martin Nečas 2019-04-05 11:21:59 +02:00 committed by John R Barker
parent 0fe6bf911a
commit 6f5aacc168

View file

@ -0,0 +1,190 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# Copyright (c) 2016 Red Hat, Inc.
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = '''
---
module: ovirt_role
short_description: Module to manage roles in oVirt/RHV
version_added: "2.8"
author: "Martin Necas (@mnecas)"
description:
- "Module to manage roles in oVirt/RHV."
options:
name:
description:
- "Name of the role to manage."
id:
description:
- "ID of the role to manage."
description:
description:
- "Description of the role."
state:
description:
- "Should the role be present/absent."
choices: ['present', 'absent']
default: present
administrative:
description:
- "Defines the role as administrative-only or not."
type: bool
permits:
description:
- "List of permits which role will have"
- "Permit 'login' is default and all roles will have it."
- "List can contain name of permit."
extends_documentation_fragment: ovirt
'''
EXAMPLES = '''
# Examples don't contain auth parameter for simplicity,
# look at ovirt_auth module to see how to reuse authentication:
# Create administrative role with two permits
- ovirt_role:
name: role
administrative: true
permits:
- manipulate_permissions
- create_instance
# Remove role
- ovirt_role:
name: role
state: absent
# Remove all permit
- ovirt_role:
name: role
administrative: ture
permits:
- login
'''
RETURN = '''
ovirt_role:
description: "List of dictionaries describing the Roles. Role attributes are mapped to dictionary keys,
all Roles attributes can be found at following url: http://ovirt.github.io/ovirt-engine-api-model/master/#types/role."
returned: On success.
type: list
'''
from ansible.module_utils.ovirt import (
BaseModule,
check_sdk,
convert_to_bytes,
create_connection,
equal,
get_dict_of_struct,
get_link_name,
get_id_by_name,
ovirt_full_argument_spec,
search_by_attributes,
search_by_name,
)
from ansible.module_utils.basic import AnsibleModule
import traceback
try:
import ovirtsdk4.types as otypes
except ImportError:
pass
class RoleModule(BaseModule):
def build_entity(self):
if 'login' not in self.param('permits'):
self.param('permits').append('login')
all_permits = self.get_all_permits()
return otypes.Role(
id=self.param('id'),
name=self.param('name'),
administrative=self.param('administrative') if self.param(
'administrative') else None,
permits=[
otypes.Permit(id=all_permits.get(new_permit)) for new_permit in self.param('permits')
] if self.param('permits') else None,
description=self.param('description') if self.param('administrative') else None,
)
def get_all_permits(self):
return dict((permit.name, permit.id) for permit in self._connection.system_service().cluster_levels_service().level_service('4.3').get().permits)
def update_check(self, entity):
def check_permits():
if self.param('permits'):
if 'login' not in self.param('permits'):
self.param('permits').append('login')
permits_service = self._service.service(entity.id).permits_service()
current = [er.name for er in permits_service.list()]
passed = [pr for pr in self.param('permits')]
if not sorted(current) == sorted(passed):
if self._module.check_mode:
return False
# remove all
for permit in permits_service.list():
permits_service.permit_service(permit.id).remove()
# add passed permits
all_permits = self.get_all_permits()
for new_permit in passed:
permits_service.add(otypes.Permit(id=all_permits.get(new_permit)))
return False
return True
return (
check_permits() and
equal(self.param('administrative'), entity.administrative) and
equal(self.param('description'), entity.description)
)
def main():
argument_spec = ovirt_full_argument_spec(
state=dict(
choices=['present', 'absent'],
default='present',
),
id=dict(default=None),
name=dict(default=None),
description=dict(default=None),
administrative=dict(type='bool', default=False),
permits=dict(type='list', default=[]),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
required_one_of=[['id', 'name']],
)
check_sdk(module)
try:
auth = module.params.pop('auth')
connection = create_connection(auth)
roles_service = connection.system_service().roles_service()
roles_module = RoleModule(
connection=connection,
module=module,
service=roles_service,
)
state = module.params['state']
if state == 'present':
ret = roles_module.create()
elif state == 'absent':
ret = roles_module.remove()
module.exit_json(**ret)
except Exception as e:
module.fail_json(msg=str(e), exception=traceback.format_exc())
finally:
connection.close(logout=auth.get('token') is None)
if __name__ == "__main__":
main()