1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Update user roles to NetAppModule format (#50992)

* changes to clusteR

* Revert "changes to clusteR"

This reverts commit 33ee1b71e4bc8435fb315762a871f8c4cb6c5f80.

* Rewrite of user roles

* Rewrite of user roles

* Fix author tag

* update

* fix author
This commit is contained in:
Chris Archibald 2019-02-19 06:54:49 -08:00 committed by John R Barker
parent 8c74df5e67
commit 1da29c8ebe
2 changed files with 338 additions and 46 deletions

View file

@ -1,6 +1,6 @@
#!/usr/bin/python
# (c) 2018, NetApp, Inc
# (c) 2018-2019, NetApp, Inc
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
@ -49,6 +49,12 @@ options:
choices: ['none', 'readonly', 'all']
default: all
query:
description:
- A query for the role. The query must apply to the specified command or directory name.
- Use double quotes "" for modifying a existing query to none.
version_added: '2.8'
vserver:
description:
- The name of the vserver to use.
@ -62,8 +68,21 @@ EXAMPLES = """
na_ontap_user_role:
state: present
name: ansibleRole
command_directory_name: DEFAULT
command_directory_name: volume
access_level: none
query: show
vserver: ansibleVServer
hostname: "{{ netapp_hostname }}"
username: "{{ netapp_username }}"
password: "{{ netapp_password }}"
- name: Modify User Role
na_ontap_user_role:
state: present
name: ansibleRole
command_directory_name: volume
access_level: none
query: ""
vserver: ansibleVServer
hostname: "{{ netapp_hostname }}"
username: "{{ netapp_username }}"
@ -78,6 +97,7 @@ import traceback
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils._text import to_native
from ansible.module_utils.netapp_module import NetAppModule
import ansible.module_utils.netapp as netapp_utils
@ -95,24 +115,20 @@ class NetAppOntapUserRole(object):
access_level=dict(required=False, type='str', default='all',
choices=['none', 'readonly', 'all']),
vserver=dict(required=True, type='str'),
query=dict(required=False, type='str')
))
self.module = AnsibleModule(
argument_spec=self.argument_spec,
supports_check_mode=True
)
parameters = self.module.params
# set up state variables
self.state = parameters['state']
self.name = parameters['name']
self.command_directory_name = parameters['command_directory_name']
self.access_level = parameters['access_level']
self.vserver = parameters['vserver']
self.na_helper = NetAppModule()
self.parameters = self.na_helper.set_parameters(self.module.params)
if HAS_NETAPP_LIB is False:
self.module.fail_json(msg="the python NetApp-Lib module is required")
else:
self.server = netapp_utils.setup_na_ontap_zapi(module=self.module)
self.server = netapp_utils.setup_na_ontap_zapi(module=self.module, vserver=self.parameters['vserver'])
def get_role(self):
"""
@ -123,14 +139,14 @@ class NetAppOntapUserRole(object):
False if role is not found
:rtype: bool
"""
options = {'vserver': self.parameters['vserver'],
'role-name': self.parameters['name'],
'command-directory-name': self.parameters['command_directory_name']}
security_login_role_get_iter = netapp_utils.zapi.NaElement(
'security-login-role-get-iter')
query_details = netapp_utils.zapi.NaElement.create_node_with_children(
'security-login-role-info', **{'vserver': self.vserver,
'role-name': self.name,
'command-directory-name':
self.command_directory_name})
'security-login-role-info', **options)
query = netapp_utils.zapi.NaElement('query')
query.add_child_elem(query_details)
security_login_role_get_iter.add_child_elem(query)
@ -141,68 +157,106 @@ class NetAppOntapUserRole(object):
except netapp_utils.zapi.NaApiError as e:
# Error 16031 denotes a role not being found.
if to_native(e.code) == "16031":
return False
return None
# Error 16039 denotes command directory not found.
elif to_native(e.code) == "16039":
return False
return None
else:
self.module.fail_json(msg='Error getting role %s: %s' % (self.name, to_native(e)),
exception=traceback.format_exc())
if (result.get_child_by_name('num-records') and
int(result.get_child_content('num-records')) >= 1):
return True
return False
role_info = result.get_child_by_name('attributes-list').get_child_by_name('security-login-role-info')
result = {
'name': role_info['role-name'],
'access_level': role_info['access-level'],
'command_directory_name': role_info['command-directory-name'],
'query': role_info['role-query']
}
return result
return None
def create_role(self):
role_create = netapp_utils.zapi.NaElement.create_node_with_children(
'security-login-role-create', **{'vserver': self.vserver,
'role-name': self.name,
'command-directory-name':
self.command_directory_name,
'access-level':
self.access_level})
options = {'vserver': self.parameters['vserver'],
'role-name': self.parameters['name'],
'command-directory-name': self.parameters['command_directory_name'],
'access-level': self.parameters['access_level']}
if self.parameters.get('query'):
options['role-query'] = self.parameters['query']
role_create = netapp_utils.zapi.NaElement.create_node_with_children('security-login-role-create', **options)
try:
self.server.invoke_successfully(role_create,
enable_tunneling=False)
except netapp_utils.zapi.NaApiError as error:
self.module.fail_json(msg='Error creating role %s: %s' % (self.name, to_native(error)),
self.module.fail_json(msg='Error creating role %s: %s' % (self.parameters['name'], to_native(error)),
exception=traceback.format_exc())
def delete_role(self):
role_delete = netapp_utils.zapi.NaElement.create_node_with_children(
'security-login-role-delete', **{'vserver': self.vserver,
'role-name': self.name,
'security-login-role-delete', **{'vserver': self.parameters['vserver'],
'role-name': self.parameters['name'],
'command-directory-name':
self.command_directory_name})
self.parameters['command_directory_name']})
try:
self.server.invoke_successfully(role_delete,
enable_tunneling=False)
except netapp_utils.zapi.NaApiError as error:
self.module.fail_json(msg='Error removing role %s: %s' % (self.name, to_native(error)),
self.module.fail_json(msg='Error removing role %s: %s' % (self.parameters['name'], to_native(error)),
exception=traceback.format_exc())
def modify_role(self, modify):
options = {'vserver': self.parameters['vserver'],
'role-name': self.parameters['name'],
'command-directory-name': self.parameters['command_directory_name']}
if 'access_level' in modify.keys():
options['access-level'] = self.parameters['access_level']
if 'query' in modify.keys():
options['role-query'] = self.parameters['query']
role_modify = netapp_utils.zapi.NaElement.create_node_with_children('security-login-role-modify', **options)
try:
self.server.invoke_successfully(role_modify,
enable_tunneling=False)
except netapp_utils.zapi.NaApiError as error:
self.module.fail_json(msg='Error modifying role %s: %s' % (self.parameters['name'], to_native(error)),
exception=traceback.format_exc())
def apply(self):
changed = False
vserver = netapp_utils.setup_na_ontap_zapi(module=self.module, vserver=self.vserver)
netapp_utils.ems_log_event("na_ontap_user_role", vserver)
role_exists = self.get_role()
if role_exists:
if self.state == 'absent':
changed = True
else:
if self.state == 'present':
changed = True
if changed:
self.asup_log_for_cserver('na_ontap_user_role')
current = self.get_role()
cd_action = self.na_helper.get_cd_action(current, self.parameters)
# if desired state specify empty quote query and current query is None, set desired query to None.
# otherwise na_helper.get_modified_attributes will detect a change.
if self.parameters.get('query') == '' and current is not None:
if current['query'] is None:
self.parameters['query'] = None
modify = self.na_helper.get_modified_attributes(current, self.parameters)
if self.na_helper.changed:
if self.module.check_mode:
pass
else:
if self.state == 'present':
if not role_exists:
if cd_action == 'create':
self.create_role()
elif self.state == 'absent':
elif cd_action == 'delete':
self.delete_role()
self.module.exit_json(changed=changed)
elif modify:
self.modify_role(modify)
self.module.exit_json(changed=self.na_helper.changed)
def asup_log_for_cserver(self, event_name):
"""
Fetch admin vserver for the given cluster
Create and Autosupport log event with the given module name
:param event_name: Name of the event log
:return: None
"""
netapp_utils.ems_log_event(event_name, self.server)
def main():

View file

@ -0,0 +1,238 @@
# (c) 2018, NetApp, Inc
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
''' unit test template for ONTAP Ansible module '''
from __future__ import print_function
import json
import pytest
from units.compat import unittest
from units.compat.mock import patch, Mock
from ansible.module_utils import basic
from ansible.module_utils._text import to_bytes
import ansible.module_utils.netapp as netapp_utils
from ansible.modules.storage.netapp.na_ontap_user_role \
import NetAppOntapUserRole as role_module # module under test
if not netapp_utils.has_netapp_lib():
pytestmark = pytest.mark.skip('skipping as missing required netapp_lib')
def set_module_args(args):
"""prepare arguments so that they will be picked up during module creation"""
args = json.dumps({'ANSIBLE_MODULE_ARGS': args})
basic._ANSIBLE_ARGS = to_bytes(args) # pylint: disable=protected-access
class AnsibleExitJson(Exception):
"""Exception class to be raised by module.exit_json and caught by the test case"""
pass
class AnsibleFailJson(Exception):
"""Exception class to be raised by module.fail_json and caught by the test case"""
pass
def exit_json(*args, **kwargs): # pylint: disable=unused-argument
"""function to patch over exit_json; package return data into an exception"""
if 'changed' not in kwargs:
kwargs['changed'] = False
raise AnsibleExitJson(kwargs)
def fail_json(*args, **kwargs): # pylint: disable=unused-argument
"""function to patch over fail_json; package return data into an exception"""
kwargs['failed'] = True
raise AnsibleFailJson(kwargs)
class MockONTAPConnection(object):
''' mock server connection to ONTAP host '''
def __init__(self, kind=None, data=None):
''' save arguments '''
self.kind = kind
self.params = data
self.xml_in = None
self.xml_out = None
def invoke_successfully(self, xml, enable_tunneling): # pylint: disable=unused-argument
''' mock invoke_successfully returning xml data '''
self.xml_in = xml
if self.kind == 'role':
xml = self.build_role_info(self.params)
if self.kind == 'error':
error = netapp_utils.zapi.NaApiError('test', 'error')
raise error
self.xml_out = xml
return xml
@staticmethod
def build_role_info(vol_details):
''' build xml data for role-attributes '''
xml = netapp_utils.zapi.NaElement('xml')
attributes = {
'num-records': 1,
'attributes-list': {
'security-login-role-info': {
'access-level': 'all',
'command-directory-name': 'volume',
'role-name': 'testrole',
'role-query': 'show',
'vserver': 'ansible'
}
}
}
xml.translate_struct(attributes)
return xml
class TestMyModule(unittest.TestCase):
''' a group of related Unit Tests '''
def setUp(self):
self.mock_module_helper = patch.multiple(basic.AnsibleModule,
exit_json=exit_json,
fail_json=fail_json)
self.mock_module_helper.start()
self.addCleanup(self.mock_module_helper.stop)
self.mock_role = {
'name': 'testrole',
'access_level': 'all',
'command_directory_name': 'volume',
'vserver': 'ansible'
}
def mock_args(self):
return {
'name': self.mock_role['name'],
'vserver': self.mock_role['vserver'],
'command_directory_name': self.mock_role['command_directory_name'],
'hostname': 'test',
'username': 'test_user',
'password': 'test_pass!',
'https': 'False'
}
def get_role_mock_object(self, kind=None):
"""
Helper method to return an na_ontap_user_role object
:param kind: passes this param to MockONTAPConnection()
:return: na_ontap_user_role object
"""
role_obj = role_module()
role_obj.asup_log_for_cserver = Mock(return_value=None)
role_obj.cluster = Mock()
role_obj.cluster.invoke_successfully = Mock()
if kind is None:
role_obj.server = MockONTAPConnection()
else:
role_obj.server = MockONTAPConnection(kind=kind, data=self.mock_role)
return role_obj
def test_module_fail_when_required_args_missing(self):
''' required arguments are reported as errors '''
with pytest.raises(AnsibleFailJson) as exc:
set_module_args({})
role_module()
print('Info: %s' % exc.value.args[0]['msg'])
def test_get_nonexistent_policy(self):
''' Test if get_role returns None for non-existent role '''
set_module_args(self.mock_args())
result = self.get_role_mock_object().get_role()
assert result is None
def test_get_existing_role(self):
''' Test if get_role returns details for existing role '''
set_module_args(self.mock_args())
result = self.get_role_mock_object('role').get_role()
assert result['name'] == self.mock_role['name']
def test_successful_create(self):
''' Test successful create '''
data = self.mock_args()
set_module_args(data)
with pytest.raises(AnsibleExitJson) as exc:
self.get_role_mock_object().apply()
assert exc.value.args[0]['changed']
def test_create_idempotency(self):
''' Test create idempotency '''
data = self.mock_args()
data['query'] = 'show'
set_module_args(data)
obj = self.get_role_mock_object('role')
with pytest.raises(AnsibleExitJson) as exc:
obj.apply()
assert not exc.value.args[0]['changed']
@patch('ansible.modules.storage.netapp.na_ontap_user_role.NetAppOntapUserRole.get_role')
def test_create_error(self, get_role):
''' Test create error '''
set_module_args(self.mock_args())
get_role.side_effect = [
None
]
with pytest.raises(AnsibleFailJson) as exc:
self.get_role_mock_object('error').apply()
assert exc.value.args[0]['msg'] == 'Error creating role testrole: NetApp API failed. Reason - test:error'
@patch('ansible.modules.storage.netapp.na_ontap_user_role.NetAppOntapUserRole.get_role')
def test_successful_modify(self, get_role):
''' Test successful modify '''
data = self.mock_args()
data['query'] = 'show'
set_module_args(data)
current = self.mock_role
current['query'] = 'show-space'
get_role.side_effect = [
current
]
obj = self.get_role_mock_object()
with pytest.raises(AnsibleExitJson) as exc:
obj.apply()
assert exc.value.args[0]['changed']
@patch('ansible.modules.storage.netapp.na_ontap_user_role.NetAppOntapUserRole.get_role')
def test_modify_idempotency(self, get_role):
''' Test modify idempotency '''
data = self.mock_args()
data['query'] = 'show'
set_module_args(data)
current = self.mock_role
current['query'] = 'show'
get_role.side_effect = [
current
]
obj = self.get_role_mock_object()
with pytest.raises(AnsibleExitJson) as exc:
obj.apply()
assert not exc.value.args[0]['changed']
@patch('ansible.modules.storage.netapp.na_ontap_user_role.NetAppOntapUserRole.get_role')
def test_modify_error(self, get_role):
''' Test modify error '''
data = self.mock_args()
data['query'] = 'show'
set_module_args(data)
current = self.mock_role
current['query'] = 'show-space'
get_role.side_effect = [
current
]
with pytest.raises(AnsibleFailJson) as exc:
self.get_role_mock_object('error').apply()
assert exc.value.args[0]['msg'] == 'Error modifying role testrole: NetApp API failed. Reason - test:error'
def test_successful_delete(self):
''' Test delete existing role '''
data = self.mock_args()
data['state'] = 'absent'
set_module_args(data)
with pytest.raises(AnsibleExitJson) as exc:
self.get_role_mock_object('role').apply()
assert exc.value.args[0]['changed']