openshift admin prune auth (#130)

* openshift admin prune auth

* update change scope

plugins/modules/openshift_adm_prune_auth.py

@@ -0,0 +1,134 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2021, Red Hat
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+
+module: openshift_adm_prune_auth
+
+short_description: Removes references to the specified roles, clusterroles, users, and groups
+
+version_added: "2.2.0"
+
+author:
+  - Aubin Bikouo (@abikouo)
+
+description:
+  - This module allow administrators to remove references to the specified roles, clusterroles, users, and groups.
+  - Analogous to C(oc adm prune auth).
+
+extends_documentation_fragment:
+  - kubernetes.core.k8s_auth_options
+
+options:
+  resource:
+    description:
+    - The specified resource to remove.
+    choices:
+    - roles
+    - clusterroles
+    - users
+    - groups
+    type: str
+    required: True
+  name:
+    description:
+    - Use to specify an object name to remove.
+    - Mutually exclusive with option I(label_selectors).
+    - If neither I(name) nor I(label_selectors) are specified, prune all resources in the namespace.
+    type: str
+  namespace:
+    description:
+    - Use to specify an object namespace.
+    - Ignored when I(resource) is set to C(clusterroles).
+    type: str
+  label_selectors:
+    description:
+    - Selector (label query) to filter on.
+    - Mutually exclusive with option I(name).
+    type: list
+    elements: str
+
+requirements:
+  - python >= 3.6
+  - kubernetes >= 12.0.0
+'''
+
+EXAMPLES = r'''
+- name: Prune all roles from default namespace
+  openshift_adm_prune_auth:
+    resource: roles
+    namespace: testing
+
+- name: Prune clusterroles using label selectors
+  openshift_adm_prune_auth:
+    resource: roles
+    namespace: testing
+    label_selectors:
+      - phase=production
+'''
+
+
+RETURN = r'''
+cluster_role_binding:
+  type: list
+  description: list of cluster role binding deleted.
+  returned: always
+role_binding:
+  type: list
+  description: list of role binding deleted.
+  returned: I(resource=users) or I(resource=groups) or I(resource=clusterroles)
+security_context_constraints:
+  type: list
+  description: list of Security Context Constraints deleted.
+  returned: I(resource=users) or I(resource=groups)
+authorization:
+  type: list
+  description: list of OAuthClientAuthorization deleted.
+  returned: I(resource=users)
+group:
+  type: list
+  description: list of Security Context Constraints deleted.
+  returned: I(resource=users)
+'''
+
+
+import copy
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.kubernetes.core.plugins.module_utils.args_common import AUTH_ARG_SPEC
+
+
+def argument_spec():
+    args = copy.deepcopy(AUTH_ARG_SPEC)
+    args.update(
+        dict(
+            resource=dict(type='str', required=True, choices=['roles', 'clusterroles', 'users', 'groups']),
+            namespace=dict(type='str'),
+            name=dict(type='str'),
+            label_selectors=dict(type='list', elements='str'),
+        )
+    )
+    return args
+
+
+def main():
+    module = AnsibleModule(argument_spec=argument_spec(),
+                           mutually_exclusive=[("name", "label_selectors")],
+                           supports_check_mode=True)
+
+    from ansible_collections.community.okd.plugins.module_utils.openshift_adm_prune_auth import (
+        OpenShiftAdmPruneAuth)
+
+    adm_prune_auth = OpenShiftAdmPruneAuth(module)
+    adm_prune_auth.argspec = argument_spec
+    adm_prune_auth.execute_module()
+
+
+if __name__ == '__main__':
+    main()