mirror of
https://opendev.org/openstack/ansible-collections-openstack.git
synced 2026-05-08 14:23:03 +00:00
Merge "Switch role_assignment module to OpenStackModule"
This commit is contained in:
Zuul
Gerrit Code Review
@@ -72,35 +72,11 @@ RETURN = '''
|
|||||||
#
|
#
|
||||||
'''
|
'''
|
||||||
|
|
||||||
from ansible.module_utils.basic import AnsibleModule
|
from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule
|
||||||
from ansible_collections.openstack.cloud.plugins.module_utils.openstack import (openstack_full_argument_spec,
|
|
||||||
openstack_module_kwargs,
|
|
||||||
openstack_cloud_from_module)
|
|
||||||
|
|
||||||
|
|
||||||
def _system_state_change(state, assignment):
|
class IdentityRoleAssignmentModule(OpenStackModule):
|
||||||
if state == 'present' and not assignment:
|
argument_spec = dict(
|
||||||
return True
|
|
||||||
elif state == 'absent' and assignment:
|
|
||||||
return True
|
|
||||||
return False
|
|
||||||
|
|
||||||
|
|
||||||
def _build_kwargs(user, group, project, domain):
|
|
||||||
kwargs = {}
|
|
||||||
if user:
|
|
||||||
kwargs['user'] = user
|
|
||||||
if group:
|
|
||||||
kwargs['group'] = group
|
|
||||||
if project:
|
|
||||||
kwargs['project'] = project
|
|
||||||
if domain:
|
|
||||||
kwargs['domain'] = domain
|
|
||||||
return kwargs
|
|
||||||
|
|
||||||
|
|
||||||
def main():
|
|
||||||
argument_spec = openstack_full_argument_spec(
|
|
||||||
role=dict(required=True),
|
role=dict(required=True),
|
||||||
user=dict(required=False),
|
user=dict(required=False),
|
||||||
group=dict(required=False),
|
group=dict(required=False),
|
||||||
@@ -109,92 +85,111 @@ def main():
|
|||||||
state=dict(default='present', choices=['absent', 'present']),
|
state=dict(default='present', choices=['absent', 'present']),
|
||||||
)
|
)
|
||||||
|
|
||||||
module_kwargs = openstack_module_kwargs(
|
module_kwargs = dict(
|
||||||
required_one_of=[
|
required_one_of=[
|
||||||
['user', 'group']
|
['user', 'group']
|
||||||
])
|
],
|
||||||
module = AnsibleModule(argument_spec,
|
supports_check_mode=True
|
||||||
supports_check_mode=True,
|
)
|
||||||
**module_kwargs)
|
|
||||||
|
|
||||||
role = module.params.get('role')
|
def _system_state_change(self, state, assignment):
|
||||||
user = module.params.get('user')
|
if state == 'present' and not assignment:
|
||||||
group = module.params.get('group')
|
return True
|
||||||
project = module.params.get('project')
|
elif state == 'absent' and assignment:
|
||||||
domain = module.params.get('domain')
|
return True
|
||||||
state = module.params.get('state')
|
return False
|
||||||
|
|
||||||
|
def _build_kwargs(self, user, group, project, domain):
|
||||||
|
kwargs = {}
|
||||||
|
if user:
|
||||||
|
kwargs['user'] = user
|
||||||
|
if group:
|
||||||
|
kwargs['group'] = group
|
||||||
|
if project:
|
||||||
|
kwargs['project'] = project
|
||||||
|
if domain:
|
||||||
|
kwargs['domain'] = domain
|
||||||
|
return kwargs
|
||||||
|
|
||||||
|
def run(self):
|
||||||
|
role = self.params.get('role')
|
||||||
|
user = self.params.get('user')
|
||||||
|
group = self.params.get('group')
|
||||||
|
project = self.params.get('project')
|
||||||
|
domain = self.params.get('domain')
|
||||||
|
state = self.params.get('state')
|
||||||
|
|
||||||
sdk, cloud = openstack_cloud_from_module(module)
|
|
||||||
try:
|
|
||||||
filters = {}
|
filters = {}
|
||||||
domain_id = None
|
domain_id = None
|
||||||
|
|
||||||
r = cloud.get_role(role)
|
r = self.conn.get_role(role)
|
||||||
if r is None:
|
if r is None:
|
||||||
module.fail_json(msg="Role %s is not valid" % role)
|
self.fail_json(msg="Role %s is not valid" % role)
|
||||||
filters['role'] = r['id']
|
filters['role'] = r['id']
|
||||||
|
|
||||||
if domain:
|
if domain:
|
||||||
d = cloud.get_domain(name_or_id=domain)
|
d = self.conn.get_domain(name_or_id=domain)
|
||||||
if d is None:
|
if d is None:
|
||||||
module.fail_json(msg="Domain %s is not valid" % domain)
|
self.fail_json(msg="Domain %s is not valid" % domain)
|
||||||
filters['domain'] = d['id']
|
filters['domain'] = d['id']
|
||||||
domain_id = d['id']
|
domain_id = d['id']
|
||||||
if user:
|
if user:
|
||||||
if domain:
|
if domain:
|
||||||
u = cloud.get_user(user, domain_id=filters['domain'])
|
u = self.conn.get_user(user, domain_id=filters['domain'])
|
||||||
else:
|
else:
|
||||||
u = cloud.get_user(user)
|
u = self.conn.get_user(user)
|
||||||
|
|
||||||
if u is None:
|
if u is None:
|
||||||
module.fail_json(msg="User %s is not valid" % user)
|
self.fail_json(msg="User %s is not valid" % user)
|
||||||
filters['user'] = u['id']
|
filters['user'] = u['id']
|
||||||
if group:
|
if group:
|
||||||
if domain:
|
if domain:
|
||||||
g = cloud.get_group(group, domain_id=filters['domain'])
|
g = self.conn.get_group(group, domain_id=filters['domain'])
|
||||||
else:
|
else:
|
||||||
g = cloud.get_group(group)
|
g = self.conn.get_group(group)
|
||||||
if g is None:
|
if g is None:
|
||||||
module.fail_json(msg="Group %s is not valid" % group)
|
self.fail_json(msg="Group %s is not valid" % group)
|
||||||
filters['group'] = g['id']
|
filters['group'] = g['id']
|
||||||
if project:
|
if project:
|
||||||
if domain:
|
if domain:
|
||||||
p = cloud.get_project(project, domain_id=filters['domain'])
|
p = self.conn.get_project(project, domain_id=filters['domain'])
|
||||||
# OpenStack won't allow us to use both a domain and project as
|
# OpenStack won't allow us to use both a domain and project as
|
||||||
# filter. Once we identified the project (using the domain as
|
# filter. Once we identified the project (using the domain as
|
||||||
# a filter criteria), we need to remove the domain itself from
|
# a filter criteria), we need to remove the domain itself from
|
||||||
# the filters list.
|
# the filters list.
|
||||||
domain_id = filters.pop('domain')
|
domain_id = filters.pop('domain')
|
||||||
else:
|
else:
|
||||||
p = cloud.get_project(project)
|
p = self.conn.get_project(project)
|
||||||
|
|
||||||
if p is None:
|
if p is None:
|
||||||
module.fail_json(msg="Project %s is not valid" % project)
|
self.fail_json(msg="Project %s is not valid" % project)
|
||||||
filters['project'] = p['id']
|
filters['project'] = p['id']
|
||||||
|
|
||||||
assignment = cloud.list_role_assignments(filters=filters)
|
assignment = self.conn.list_role_assignments(filters=filters)
|
||||||
|
|
||||||
if module.check_mode:
|
if self.ansible.check_mode:
|
||||||
module.exit_json(changed=_system_state_change(state, assignment))
|
self.exit_json(changed=self._system_state_change(state, assignment))
|
||||||
|
|
||||||
changed = False
|
changed = False
|
||||||
|
|
||||||
if state == 'present':
|
if state == 'present':
|
||||||
if not assignment:
|
if not assignment:
|
||||||
kwargs = _build_kwargs(user, group, project, domain_id)
|
kwargs = self._build_kwargs(user, group, project, domain_id)
|
||||||
cloud.grant_role(role, **kwargs)
|
self.conn.grant_role(role, **kwargs)
|
||||||
changed = True
|
changed = True
|
||||||
|
|
||||||
elif state == 'absent':
|
elif state == 'absent':
|
||||||
if assignment:
|
if assignment:
|
||||||
kwargs = _build_kwargs(user, group, project, domain_id)
|
kwargs = self._build_kwargs(user, group, project, domain_id)
|
||||||
cloud.revoke_role(role, **kwargs)
|
self.conn.revoke_role(role, **kwargs)
|
||||||
changed = True
|
changed = True
|
||||||
|
|
||||||
module.exit_json(changed=changed)
|
self.exit_json(changed=changed)
|
||||||
|
|
||||||
except sdk.exceptions.OpenStackCloudException as e:
|
|
||||||
module.fail_json(msg=str(e))
|
def main():
|
||||||
|
module = IdentityRoleAssignmentModule()
|
||||||
|
module()
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
|
|||||||
Reference in New Issue
Block a user