mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
manageiq_policies_info: new module (#5321)
* manageiq_provider_info: new module * fix reference to manageiq.module * add missing alias in suboption * fix filename in botmeta * Update plugins/modules/remote_management/manageiq/manageiq_policies_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/remote_management/manageiq/manageiq_policies_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * fix description of parameters * Update plugins/modules/remote_management/manageiq/manageiq_policies_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/remote_management/manageiq/manageiq_policies_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * remove change applied on the wrong branch * fix the module name in metadata files * Update plugins/modules/remote_management/manageiq/manageiq_policies_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * adjust RETURN documentation * adjust RETURN documentation indentation * Update plugins/modules/remote_management/manageiq/manageiq_policies_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/remote_management/manageiq/manageiq_policies_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/remote_management/manageiq/manageiq_policies_info.py Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
e47845ab3a
commit
32f9d78fa3
5 changed files with 307 additions and 180 deletions
2
.github/BOTMETA.yml
vendored
2
.github/BOTMETA.yml
vendored
|
@ -980,6 +980,8 @@ files:
|
|||
maintainers: elad661
|
||||
$modules/remote_management/manageiq/manageiq_group.py:
|
||||
maintainers: evertmulder
|
||||
$modules/remote_management/manageiq/manageiq_policies_info.py:
|
||||
maintainers: russoz $team_manageiq
|
||||
$modules/remote_management/manageiq/manageiq_tenant.py:
|
||||
maintainers: evertmulder
|
||||
$modules/remote_management/oneview/:
|
||||
|
|
|
@ -710,6 +710,8 @@ plugin_routing:
|
|||
redirect: community.general.remote_management.manageiq.manageiq_group
|
||||
manageiq_policies:
|
||||
redirect: community.general.remote_management.manageiq.manageiq_policies
|
||||
manageiq_policies_info:
|
||||
redirect: community.general.remote_management.manageiq.manageiq_policies_info
|
||||
manageiq_provider:
|
||||
redirect: community.general.remote_management.manageiq.manageiq_provider
|
||||
manageiq_tags:
|
||||
|
|
|
@ -156,3 +156,179 @@ class ManageIQ(object):
|
|||
msg = "{collection_name} where {params} does not exist in manageiq".format(
|
||||
collection_name=collection_name, params=str(params))
|
||||
self.module.fail_json(msg=msg)
|
||||
|
||||
def policies(self, resource_id, resource_type, resource_name):
|
||||
manageiq = ManageIQ(self.module)
|
||||
|
||||
# query resource id, fail if resource does not exist
|
||||
if resource_id is None:
|
||||
resource_id = manageiq.find_collection_resource_or_fail(resource_type, name=resource_name)['id']
|
||||
|
||||
return ManageIQPolicies(manageiq, resource_type, resource_id)
|
||||
|
||||
|
||||
class ManageIQPolicies(object):
|
||||
"""
|
||||
Object to execute policies management operations of manageiq resources.
|
||||
"""
|
||||
|
||||
def __init__(self, manageiq, resource_type, resource_id):
|
||||
self.manageiq = manageiq
|
||||
|
||||
self.module = self.manageiq.module
|
||||
self.api_url = self.manageiq.api_url
|
||||
self.client = self.manageiq.client
|
||||
|
||||
self.resource_type = resource_type
|
||||
self.resource_id = resource_id
|
||||
self.resource_url = '{api_url}/{resource_type}/{resource_id}'.format(
|
||||
api_url=self.api_url,
|
||||
resource_type=resource_type,
|
||||
resource_id=resource_id)
|
||||
|
||||
def query_profile_href(self, profile):
|
||||
""" Add or Update the policy_profile href field
|
||||
|
||||
Example:
|
||||
{name: STR, ...} => {name: STR, href: STR}
|
||||
"""
|
||||
resource = self.manageiq.find_collection_resource_or_fail(
|
||||
"policy_profiles", **profile)
|
||||
return dict(name=profile['name'], href=resource['href'])
|
||||
|
||||
def query_resource_profiles(self):
|
||||
""" Returns a set of the profile objects objects assigned to the resource
|
||||
"""
|
||||
url = '{resource_url}/policy_profiles?expand=resources'
|
||||
try:
|
||||
response = self.client.get(url.format(resource_url=self.resource_url))
|
||||
except Exception as e:
|
||||
msg = "Failed to query {resource_type} policies: {error}".format(
|
||||
resource_type=self.resource_type,
|
||||
error=e)
|
||||
self.module.fail_json(msg=msg)
|
||||
|
||||
resources = response.get('resources', [])
|
||||
|
||||
# clean the returned rest api profile object to look like:
|
||||
# {profile_name: STR, profile_description: STR, policies: ARR<POLICIES>}
|
||||
profiles = [self.clean_profile_object(profile) for profile in resources]
|
||||
|
||||
return profiles
|
||||
|
||||
def query_profile_policies(self, profile_id):
|
||||
""" Returns a set of the policy objects assigned to the resource
|
||||
"""
|
||||
url = '{api_url}/policy_profiles/{profile_id}?expand=policies'
|
||||
try:
|
||||
response = self.client.get(url.format(api_url=self.api_url, profile_id=profile_id))
|
||||
except Exception as e:
|
||||
msg = "Failed to query {resource_type} policies: {error}".format(
|
||||
resource_type=self.resource_type,
|
||||
error=e)
|
||||
self.module.fail_json(msg=msg)
|
||||
|
||||
resources = response.get('policies', [])
|
||||
|
||||
# clean the returned rest api policy object to look like:
|
||||
# {name: STR, description: STR, active: BOOL}
|
||||
policies = [self.clean_policy_object(policy) for policy in resources]
|
||||
|
||||
return policies
|
||||
|
||||
def clean_policy_object(self, policy):
|
||||
""" Clean a policy object to have human readable form of:
|
||||
{
|
||||
name: STR,
|
||||
description: STR,
|
||||
active: BOOL
|
||||
}
|
||||
"""
|
||||
name = policy.get('name')
|
||||
description = policy.get('description')
|
||||
active = policy.get('active')
|
||||
|
||||
return dict(
|
||||
name=name,
|
||||
description=description,
|
||||
active=active)
|
||||
|
||||
def clean_profile_object(self, profile):
|
||||
""" Clean a profile object to have human readable form of:
|
||||
{
|
||||
profile_name: STR,
|
||||
profile_description: STR,
|
||||
policies: ARR<POLICIES>
|
||||
}
|
||||
"""
|
||||
profile_id = profile['id']
|
||||
name = profile.get('name')
|
||||
description = profile.get('description')
|
||||
policies = self.query_profile_policies(profile_id)
|
||||
|
||||
return dict(
|
||||
profile_name=name,
|
||||
profile_description=description,
|
||||
policies=policies)
|
||||
|
||||
def profiles_to_update(self, profiles, action):
|
||||
""" Create a list of policies we need to update in ManageIQ.
|
||||
|
||||
Returns:
|
||||
Whether or not a change took place and a message describing the
|
||||
operation executed.
|
||||
"""
|
||||
profiles_to_post = []
|
||||
assigned_profiles = self.query_resource_profiles()
|
||||
|
||||
# make a list of assigned full profile names strings
|
||||
# e.g. ['openscap profile', ...]
|
||||
assigned_profiles_set = set([profile['profile_name'] for profile in assigned_profiles])
|
||||
|
||||
for profile in profiles:
|
||||
assigned = profile.get('name') in assigned_profiles_set
|
||||
|
||||
if (action == 'unassign' and assigned) or (action == 'assign' and not assigned):
|
||||
# add/update the policy profile href field
|
||||
# {name: STR, ...} => {name: STR, href: STR}
|
||||
profile = self.query_profile_href(profile)
|
||||
profiles_to_post.append(profile)
|
||||
|
||||
return profiles_to_post
|
||||
|
||||
def assign_or_unassign_profiles(self, profiles, action):
|
||||
""" Perform assign/unassign action
|
||||
"""
|
||||
# get a list of profiles needed to be changed
|
||||
profiles_to_post = self.profiles_to_update(profiles, action)
|
||||
if not profiles_to_post:
|
||||
return dict(
|
||||
changed=False,
|
||||
msg="Profiles {profiles} already {action}ed, nothing to do".format(
|
||||
action=action,
|
||||
profiles=profiles))
|
||||
|
||||
# try to assign or unassign profiles to resource
|
||||
url = '{resource_url}/policy_profiles'.format(resource_url=self.resource_url)
|
||||
try:
|
||||
response = self.client.post(url, action=action, resources=profiles_to_post)
|
||||
except Exception as e:
|
||||
msg = "Failed to {action} profile: {error}".format(
|
||||
action=action,
|
||||
error=e)
|
||||
self.module.fail_json(msg=msg)
|
||||
|
||||
# check all entities in result to be successful
|
||||
for result in response['results']:
|
||||
if not result['success']:
|
||||
msg = "Failed to {action}: {message}".format(
|
||||
action=action,
|
||||
message=result['message'])
|
||||
self.module.fail_json(msg=msg)
|
||||
|
||||
# successfully changed all needed profiles
|
||||
return dict(
|
||||
changed=True,
|
||||
msg="Successfully {action}ed profiles: {profiles}".format(
|
||||
action=action,
|
||||
profiles=profiles))
|
||||
|
|
|
@ -25,17 +25,17 @@ options:
|
|||
state:
|
||||
type: str
|
||||
description:
|
||||
- absent - policy_profiles should not exist,
|
||||
- present - policy_profiles should exist,
|
||||
- list - list current policy_profiles and policies.
|
||||
- C(absent) - policy_profiles should not exist,
|
||||
- C(present) - policy_profiles should exist,
|
||||
- C(list) - list current policy_profiles and policies.
|
||||
choices: ['absent', 'present', 'list']
|
||||
default: 'present'
|
||||
policy_profiles:
|
||||
type: list
|
||||
elements: dict
|
||||
description:
|
||||
- list of dictionaries, each includes the policy_profile 'name' key.
|
||||
- required if state is present or absent.
|
||||
- List of dictionaries, each includes the policy_profile C(name) key.
|
||||
- Required if I(state) is C(present) or C(absent).
|
||||
resource_type:
|
||||
type: str
|
||||
description:
|
||||
|
@ -133,179 +133,12 @@ from ansible.module_utils.basic import AnsibleModule
|
|||
from ansible_collections.community.general.plugins.module_utils.manageiq import ManageIQ, manageiq_argument_spec, manageiq_entities
|
||||
|
||||
|
||||
class ManageIQPolicies(object):
|
||||
"""
|
||||
Object to execute policies management operations of manageiq resources.
|
||||
"""
|
||||
|
||||
def __init__(self, manageiq, resource_type, resource_id):
|
||||
self.manageiq = manageiq
|
||||
|
||||
self.module = self.manageiq.module
|
||||
self.api_url = self.manageiq.api_url
|
||||
self.client = self.manageiq.client
|
||||
|
||||
self.resource_type = resource_type
|
||||
self.resource_id = resource_id
|
||||
self.resource_url = '{api_url}/{resource_type}/{resource_id}'.format(
|
||||
api_url=self.api_url,
|
||||
resource_type=resource_type,
|
||||
resource_id=resource_id)
|
||||
|
||||
def query_profile_href(self, profile):
|
||||
""" Add or Update the policy_profile href field
|
||||
|
||||
Example:
|
||||
{name: STR, ...} => {name: STR, href: STR}
|
||||
"""
|
||||
resource = self.manageiq.find_collection_resource_or_fail(
|
||||
"policy_profiles", **profile)
|
||||
return dict(name=profile['name'], href=resource['href'])
|
||||
|
||||
def query_resource_profiles(self):
|
||||
""" Returns a set of the profile objects objects assigned to the resource
|
||||
"""
|
||||
url = '{resource_url}/policy_profiles?expand=resources'
|
||||
try:
|
||||
response = self.client.get(url.format(resource_url=self.resource_url))
|
||||
except Exception as e:
|
||||
msg = "Failed to query {resource_type} policies: {error}".format(
|
||||
resource_type=self.resource_type,
|
||||
error=e)
|
||||
self.module.fail_json(msg=msg)
|
||||
|
||||
resources = response.get('resources', [])
|
||||
|
||||
# clean the returned rest api profile object to look like:
|
||||
# {profile_name: STR, profile_description: STR, policies: ARR<POLICIES>}
|
||||
profiles = [self.clean_profile_object(profile) for profile in resources]
|
||||
|
||||
return profiles
|
||||
|
||||
def query_profile_policies(self, profile_id):
|
||||
""" Returns a set of the policy objects assigned to the resource
|
||||
"""
|
||||
url = '{api_url}/policy_profiles/{profile_id}?expand=policies'
|
||||
try:
|
||||
response = self.client.get(url.format(api_url=self.api_url, profile_id=profile_id))
|
||||
except Exception as e:
|
||||
msg = "Failed to query {resource_type} policies: {error}".format(
|
||||
resource_type=self.resource_type,
|
||||
error=e)
|
||||
self.module.fail_json(msg=msg)
|
||||
|
||||
resources = response.get('policies', [])
|
||||
|
||||
# clean the returned rest api policy object to look like:
|
||||
# {name: STR, description: STR, active: BOOL}
|
||||
policies = [self.clean_policy_object(policy) for policy in resources]
|
||||
|
||||
return policies
|
||||
|
||||
def clean_policy_object(self, policy):
|
||||
""" Clean a policy object to have human readable form of:
|
||||
{
|
||||
name: STR,
|
||||
description: STR,
|
||||
active: BOOL
|
||||
}
|
||||
"""
|
||||
name = policy.get('name')
|
||||
description = policy.get('description')
|
||||
active = policy.get('active')
|
||||
|
||||
return dict(
|
||||
name=name,
|
||||
description=description,
|
||||
active=active)
|
||||
|
||||
def clean_profile_object(self, profile):
|
||||
""" Clean a profile object to have human readable form of:
|
||||
{
|
||||
profile_name: STR,
|
||||
profile_description: STR,
|
||||
policies: ARR<POLICIES>
|
||||
}
|
||||
"""
|
||||
profile_id = profile['id']
|
||||
name = profile.get('name')
|
||||
description = profile.get('description')
|
||||
policies = self.query_profile_policies(profile_id)
|
||||
|
||||
return dict(
|
||||
profile_name=name,
|
||||
profile_description=description,
|
||||
policies=policies)
|
||||
|
||||
def profiles_to_update(self, profiles, action):
|
||||
""" Create a list of policies we need to update in ManageIQ.
|
||||
|
||||
Returns:
|
||||
Whether or not a change took place and a message describing the
|
||||
operation executed.
|
||||
"""
|
||||
profiles_to_post = []
|
||||
assigned_profiles = self.query_resource_profiles()
|
||||
|
||||
# make a list of assigned full profile names strings
|
||||
# e.g. ['openscap profile', ...]
|
||||
assigned_profiles_set = set([profile['profile_name'] for profile in assigned_profiles])
|
||||
|
||||
for profile in profiles:
|
||||
assigned = profile.get('name') in assigned_profiles_set
|
||||
|
||||
if (action == 'unassign' and assigned) or (action == 'assign' and not assigned):
|
||||
# add/update the policy profile href field
|
||||
# {name: STR, ...} => {name: STR, href: STR}
|
||||
profile = self.query_profile_href(profile)
|
||||
profiles_to_post.append(profile)
|
||||
|
||||
return profiles_to_post
|
||||
|
||||
def assign_or_unassign_profiles(self, profiles, action):
|
||||
""" Perform assign/unassign action
|
||||
"""
|
||||
# get a list of profiles needed to be changed
|
||||
profiles_to_post = self.profiles_to_update(profiles, action)
|
||||
if not profiles_to_post:
|
||||
return dict(
|
||||
changed=False,
|
||||
msg="Profiles {profiles} already {action}ed, nothing to do".format(
|
||||
action=action,
|
||||
profiles=profiles))
|
||||
|
||||
# try to assign or unassign profiles to resource
|
||||
url = '{resource_url}/policy_profiles'.format(resource_url=self.resource_url)
|
||||
try:
|
||||
response = self.client.post(url, action=action, resources=profiles_to_post)
|
||||
except Exception as e:
|
||||
msg = "Failed to {action} profile: {error}".format(
|
||||
action=action,
|
||||
error=e)
|
||||
self.module.fail_json(msg=msg)
|
||||
|
||||
# check all entities in result to be successful
|
||||
for result in response['results']:
|
||||
if not result['success']:
|
||||
msg = "Failed to {action}: {message}".format(
|
||||
action=action,
|
||||
message=result['message'])
|
||||
self.module.fail_json(msg=msg)
|
||||
|
||||
# successfully changed all needed profiles
|
||||
return dict(
|
||||
changed=True,
|
||||
msg="Successfully {action}ed profiles: {profiles}".format(
|
||||
action=action,
|
||||
profiles=profiles))
|
||||
|
||||
|
||||
def main():
|
||||
actions = {'present': 'assign', 'absent': 'unassign', 'list': 'list'}
|
||||
argument_spec = dict(
|
||||
policy_profiles=dict(type='list', elements='dict'),
|
||||
resource_id=dict(required=False, type='int'),
|
||||
resource_name=dict(required=False, type='str'),
|
||||
resource_id=dict(type='int'),
|
||||
resource_name=dict(type='str'),
|
||||
resource_type=dict(required=True, type='str',
|
||||
choices=list(manageiq_entities().keys())),
|
||||
state=dict(required=False, type='str',
|
||||
|
@ -335,12 +168,7 @@ def main():
|
|||
resource_type = manageiq_entities()[resource_type_key]
|
||||
|
||||
manageiq = ManageIQ(module)
|
||||
|
||||
# query resource id, fail if resource does not exist
|
||||
if resource_id is None:
|
||||
resource_id = manageiq.find_collection_resource_or_fail(resource_type, name=resource_name)['id']
|
||||
|
||||
manageiq_policies = ManageIQPolicies(manageiq, resource_type, resource_id)
|
||||
manageiq_policies = manageiq.policies(resource_id, resource_type, resource_name)
|
||||
|
||||
if action == 'list':
|
||||
# return a list of current profiles for this object
|
||||
|
|
|
@ -0,0 +1,119 @@
|
|||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
# Copyright (c) 2022, Alexei Znamensky <russoz@gmail.com>
|
||||
# Copyright (c) 2017, Daniel Korn <korndaniel1@gmail.com>
|
||||
# Copyright (c) 2017, Yaacov Zamir <yzamir@redhat.com>
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
|
||||
DOCUMENTATION = '''
|
||||
|
||||
module: manageiq_policies_info
|
||||
version_added: 5.8.0
|
||||
|
||||
short_description: Listing of resource policy_profiles in ManageIQ
|
||||
extends_documentation_fragment:
|
||||
- community.general.manageiq
|
||||
|
||||
author: Alexei Znamensky (@russoz)
|
||||
description:
|
||||
- The manageiq_policies module supports listing policy_profiles in ManageIQ.
|
||||
|
||||
options:
|
||||
resource_type:
|
||||
type: str
|
||||
description:
|
||||
- The type of the resource to obtain the profile for.
|
||||
required: true
|
||||
choices: ['provider', 'host', 'vm', 'blueprint', 'category', 'cluster',
|
||||
'data store', 'group', 'resource pool', 'service', 'service template',
|
||||
'template', 'tenant', 'user']
|
||||
resource_name:
|
||||
type: str
|
||||
description:
|
||||
- The name of the resource to obtain the profile for.
|
||||
- Must be specified if I(resource_id) is not set. Both options are mutually exclusive.
|
||||
resource_id:
|
||||
type: int
|
||||
description:
|
||||
- The ID of the resource to obtain the profile for.
|
||||
- Must be specified if I(resource_name) is not set. Both options are mutually exclusive.
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
- name: List current policy_profile and policies for a provider in ManageIQ
|
||||
community.general.manageiq_policies_info:
|
||||
resource_name: 'EngLab'
|
||||
resource_type: 'provider'
|
||||
manageiq_connection:
|
||||
url: 'http://127.0.0.1:3000'
|
||||
username: 'admin'
|
||||
password: 'smartvm'
|
||||
register: result
|
||||
'''
|
||||
|
||||
RETURN = '''
|
||||
profiles:
|
||||
description:
|
||||
- List current policy_profile and policies for a provider in ManageIQ.
|
||||
returned: always
|
||||
type: list
|
||||
elements: dict
|
||||
sample:
|
||||
- policies:
|
||||
- active: true
|
||||
description: OpenSCAP
|
||||
name: openscap policy
|
||||
- active: true,
|
||||
description: Analyse incoming container images
|
||||
name: analyse incoming container images
|
||||
- active: true
|
||||
description: Schedule compliance after smart state analysis
|
||||
name: schedule compliance after smart state analysis
|
||||
profile_description: OpenSCAP profile
|
||||
profile_name: openscap profile
|
||||
'''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible_collections.community.general.plugins.module_utils.manageiq import ManageIQ, ManageIQPolicies, manageiq_argument_spec, manageiq_entities
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = dict(
|
||||
resource_id=dict(required=False, type='int'),
|
||||
resource_name=dict(required=False, type='str'),
|
||||
resource_type=dict(required=True, type='str',
|
||||
choices=list(manageiq_entities().keys())),
|
||||
)
|
||||
# add the manageiq connection arguments to the arguments
|
||||
argument_spec.update(manageiq_argument_spec())
|
||||
|
||||
module = AnsibleModule(
|
||||
argument_spec=argument_spec,
|
||||
mutually_exclusive=[["resource_id", "resource_name"]],
|
||||
required_one_of=[["resource_id", "resource_name"]],
|
||||
supports_check_mode=True,
|
||||
)
|
||||
|
||||
resource_id = module.params['resource_id']
|
||||
resource_type_key = module.params['resource_type']
|
||||
resource_name = module.params['resource_name']
|
||||
|
||||
# get the resource type
|
||||
resource_type = manageiq_entities()[resource_type_key]
|
||||
|
||||
manageiq_policies = ManageIQ(module).policies(resource_id, resource_type, resource_name)
|
||||
|
||||
# return a list of current profiles for this object
|
||||
current_profiles = manageiq_policies.query_resource_profiles()
|
||||
res_args = dict(changed=False, profiles=current_profiles)
|
||||
|
||||
module.exit_json(**res_args)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
Loading…
Reference in a new issue