211 lines
5.4 KiB
Python
211 lines
5.4 KiB
Python
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
from __future__ import absolute_import, division, print_function
|
|
__metaclass__ = type
|
|
|
|
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
|
'status': ['preview'],
|
|
'supported_by': 'community'}
|
|
|
|
DOCUMENTATION = r'''
|
|
---
|
|
module: msc_role
|
|
short_description: Manage roles
|
|
description:
|
|
- Manage roles on Cisco ACI Multi-Site.
|
|
author:
|
|
- Dag Wieers (@dagwieers)
|
|
version_added: '2.8'
|
|
options:
|
|
role_id:
|
|
description:
|
|
- The ID of the role.
|
|
required: yes
|
|
role:
|
|
description:
|
|
- The name of the role.
|
|
required: yes
|
|
aliases: [ name, role_name ]
|
|
display_name:
|
|
description:
|
|
- The name of the role to be displayed in the web UI.
|
|
description:
|
|
description:
|
|
- The description of the role.
|
|
permissions:
|
|
description:
|
|
- A list of permissions tied to this role.
|
|
type: list
|
|
choices:
|
|
- manage-roles
|
|
- manage-schemas
|
|
- manage-sites
|
|
- manage-tenants
|
|
- manage-users
|
|
- view-roles
|
|
- view-schemas
|
|
- view-sites
|
|
- view-tenants
|
|
- view-tenant-schemas
|
|
- view-users
|
|
state:
|
|
description:
|
|
- Use C(present) or C(absent) for adding or removing.
|
|
- Use C(query) for listing an object or multiple objects.
|
|
choices: [ absent, present, query ]
|
|
default: present
|
|
extends_documentation_fragment: msc
|
|
'''
|
|
|
|
EXAMPLES = r'''
|
|
- name: Add a new role
|
|
msc_role:
|
|
host: msc_host
|
|
username: admin
|
|
password: SomeSecretPassword
|
|
name: north_europe
|
|
role_id: 101
|
|
description: North European Datacenter
|
|
state: present
|
|
delegate_to: localhost
|
|
|
|
- name: Remove a role
|
|
msc_role:
|
|
host: msc_host
|
|
username: admin
|
|
password: SomeSecretPassword
|
|
name: north_europe
|
|
state: absent
|
|
delegate_to: localhost
|
|
|
|
- name: Query a role
|
|
msc_role:
|
|
host: msc_host
|
|
username: admin
|
|
password: SomeSecretPassword
|
|
name: north_europe
|
|
state: query
|
|
delegate_to: localhost
|
|
register: query_result
|
|
|
|
- name: Query all roles
|
|
msc_role:
|
|
host: msc_host
|
|
username: admin
|
|
password: SomeSecretPassword
|
|
state: query
|
|
delegate_to: localhost
|
|
register: query_result
|
|
'''
|
|
|
|
RETURN = r'''
|
|
'''
|
|
|
|
from ansible.module_utils.basic import AnsibleModule
|
|
from ansible.module_utils.network.aci.msc import MSCModule, msc_argument_spec, issubset
|
|
|
|
|
|
def main():
|
|
argument_spec = msc_argument_spec()
|
|
argument_spec.update(
|
|
role=dict(type='str', required=False, aliases=['name', 'role_name']),
|
|
role_id=dict(type='str', required=False),
|
|
display_name=dict(type='str'),
|
|
description=dict(type='str'),
|
|
permissions=dict(type='list', choices=[
|
|
'manage-roles',
|
|
'manage-schemas',
|
|
'manage-sites',
|
|
'manage-tenants',
|
|
'manage-users',
|
|
'view-roles',
|
|
'view-schemas',
|
|
'view-sites',
|
|
'view-tenants',
|
|
'view-tenant-schemas',
|
|
'view-users',
|
|
]),
|
|
state=dict(type='str', default='present', choices=['absent', 'present', 'query']),
|
|
)
|
|
|
|
module = AnsibleModule(
|
|
argument_spec=argument_spec,
|
|
supports_check_mode=True,
|
|
required_if=[
|
|
['state', 'absent', ['role']],
|
|
['state', 'present', ['role']],
|
|
],
|
|
)
|
|
|
|
role = module.params['role']
|
|
role_id = module.params['role_id']
|
|
description = module.params['description']
|
|
permissions = module.params['permissions']
|
|
state = module.params['state']
|
|
|
|
msc = MSCModule(module)
|
|
|
|
path = 'roles'
|
|
|
|
# Query for existing object(s)
|
|
if role_id is None and role is None:
|
|
msc.existing = msc.query_objs(path)
|
|
elif role_id is None:
|
|
msc.existing = msc.get_obj(path, name=role)
|
|
if msc.existing:
|
|
role_id = msc.existing['id']
|
|
elif role is None:
|
|
msc.existing = msc.get_obj(path, id=role_id)
|
|
else:
|
|
msc.existing = msc.get_obj(path, id=role_id)
|
|
existing_by_name = msc.get_obj(path, name=role)
|
|
if existing_by_name and role_id != existing_by_name['id']:
|
|
msc.fail_json(msg="Provided role '{1}' with id '{2}' does not match existing id '{3}'.".format(role, role_id, existing_by_name['id']))
|
|
|
|
# If we found an existing object, continue with it
|
|
if role_id:
|
|
path = 'roles/{id}'.format(id=role_id)
|
|
|
|
if state == 'query':
|
|
pass
|
|
|
|
elif state == 'absent':
|
|
msc.previous = msc.existing
|
|
if msc.existing:
|
|
if module.check_mode:
|
|
msc.existing = {}
|
|
else:
|
|
msc.existing = msc.request(path, method='DELETE')
|
|
|
|
elif state == 'present':
|
|
msc.previous = msc.existing
|
|
|
|
msc.sanitize(dict(
|
|
id=role_id,
|
|
name=role,
|
|
displayName=role,
|
|
description=description,
|
|
permissions=permissions,
|
|
), collate=True)
|
|
|
|
if msc.existing:
|
|
if not issubset(msc.sent, msc.existing):
|
|
if module.check_mode:
|
|
msc.existing = msc.proposed
|
|
else:
|
|
msc.existing = msc.request(path, method='PUT', data=msc.sent)
|
|
else:
|
|
if module.check_mode:
|
|
msc.existing = msc.proposed
|
|
else:
|
|
msc.existing = msc.request(path, method='POST', data=msc.sent)
|
|
|
|
msc.exit_json()
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|