From 679e75189bc7635c7a2980a2b23ab96b9b71845c Mon Sep 17 00:00:00 2001 From: Simon Dodsley Date: Fri, 8 Mar 2019 17:19:12 -0500 Subject: [PATCH] Update purefa_ds to support new directory services format (#52865) * Update purefa_facts to collect admin accounts * Update purefa_ds to support new Directory Services format from Purity 5.2.0 --- .../modules/storage/purestorage/purefa_ds.py | 115 +++++++++++++----- 1 file changed, 82 insertions(+), 33 deletions(-) diff --git a/lib/ansible/modules/storage/purestorage/purefa_ds.py b/lib/ansible/modules/storage/purestorage/purefa_ds.py index 37ebaff57e..6c8ce457ce 100644 --- a/lib/ansible/modules/storage/purestorage/purefa_ds.py +++ b/lib/ansible/modules/storage/purestorage/purefa_ds.py @@ -69,12 +69,14 @@ options: specify OU= for each OU and multiple OUs should be separated by commas. The order of OUs is important and should get larger in scope from left to right. Each OU should not exceed 64 characters in length. + - Not Supported from Purity 5.2.0 or higher. Use I(purefa_dsrole) module. ro_group: description: - Sets the common Name (CN) of the configured directory service group containing users with read-only privileges on the FlashArray. This name should be just the Common Name of the group without the CN= specifier. Common Names should not exceed 64 characters in length. + - Not Supported from Purity 5.2.0 or higher. Use I(purefa_dsrole) module. sa_group: description: - Sets the common Name (CN) of the configured directory service group @@ -82,24 +84,26 @@ options: FlashArray. This name should be just the Common Name of the group without the CN= specifier. Common Names should not exceed 64 characters in length. + - Not Supported from Purity 5.2.0 or higher. Use I(purefa_dsrole) module. aa_group: description: - Sets the common Name (CN) of the directory service group containing administrators with full privileges when managing the FlashArray. The name should be just the Common Name of the group without the CN= specifier. Common Names should not exceed 64 characters in length. + - Not Supported from Purity 5.2.0 or higher. Use I(purefa_dsrole) module. extends_documentation_fragment: - purestorage.fa ''' EXAMPLES = r''' -- name: Delete exisitng directory service +- name: Delete existing directory service purefa_ds: state: absent fa_url: 10.10.10.2 api_token: e31060a7-21fc-e277-6240-25983c6c4592 -- name: Create directory service (disabled) +- name: Create directory service (disabled) - Pre-5.2.0 purefa_ds: uri: "ldap://lab.purestorage.com" base_dn: "DC=lab,DC=purestorage,DC=com" @@ -112,19 +116,28 @@ EXAMPLES = r''' fa_url: 10.10.10.2 api_token: e31060a7-21fc-e277-6240-25983c6c4592 -- name: Enable exisitng directory service +- name: Create directory service (disabled) - 5.2.0 or higher + purefa_ds: + uri: "ldap://lab.purestorage.com" + base_dn: "DC=lab,DC=purestorage,DC=com" + bind_user: Administrator + bind_password: password + fa_url: 10.10.10.2 + api_token: e31060a7-21fc-e277-6240-25983c6c4592 + +- name: Enable existing directory service purefa_ds: enable: true fa_url: 10.10.10.2 api_token: e31060a7-21fc-e277-6240-25983c6c4592 -- name: Disable exisitng directory service +- name: Disable existing directory service purefa_ds: enable: false fa_url: 10.10.10.2 api_token: e31060a7-21fc-e277-6240-25983c6c4592 -- name: Create directory service (enabled) +- name: Create directory service (enabled) - Pre-5.2.0 purefa_ds: enable: true uri: "ldap://lab.purestorage.com" @@ -137,6 +150,16 @@ EXAMPLES = r''' aa_group: PureAdmin fa_url: 10.10.10.2 api_token: e31060a7-21fc-e277-6240-25983c6c4592 + +- name: Create directory service (enabled) - 5.2.0 or higher + purefa_ds: + enable: true + uri: "ldap://lab.purestorage.com" + base_dn: "DC=lab,DC=purestorage,DC=com" + bind_user: Administrator + bind_password: password + fa_url: 10.10.10.2 + api_token: e31060a7-21fc-e277-6240-25983c6c4592 ''' RETURN = r''' @@ -146,6 +169,9 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.pure import get_system, purefa_argument_spec +DS_ROLE_REQUIRED_API_VERSION = '1.16' + + def update_ds(module, array): """Update Directory Service""" changed = False @@ -179,17 +205,26 @@ def delete_ds(module, array): """Delete Directory Service""" changed = False try: + api_version = array._list_available_rest_versions() array.set_directory_service(enabled=False) - array.set_directory_service(uri=[''], - base_dn="", - group_base="", - bind_user="", - bind_password="", - readonly_group="", - storage_admin_group="", - array_admin_group="", - certificate="") - changed = True + if DS_ROLE_REQUIRED_API_VERSION in api_version: + array.set_directory_service(uri=[''], + base_dn="", + bind_user="", + bind_password="", + certificate="") + changed = True + else: + array.set_directory_service(uri=[''], + base_dn="", + group_base="", + bind_user="", + bind_password="", + readonly_group="", + storage_admin_group="", + array_admin_group="", + certificate="") + changed = True except Exception: module.fail_json(msg='Delete Directory Service failed') module.exit_json(changed=changed) @@ -198,25 +233,39 @@ def delete_ds(module, array): def create_ds(module, array): """Create Directory Service""" changed = False - groups_rule = [not module.params['ro_group'], - not module.params['sa_group'], - not module.params['aa_group']] + api_version = array._list_available_rest_versions() + if DS_ROLE_REQUIRED_API_VERSION in api_version: + if not module.params['role']: + module.fail_json(msg='At least one role must be configured') + try: + array.set_directory_service(uri=module.params['uri'], + base_dn=module.params['base_dn'], + bind_user=module.params['bind_user'], + bind_password=module.params['bind_password']) + array.set_directory_service(enabled=module.params['enable']) + changed = True + except Exception: + module.fail_json(msg='Create Directory Service failed: Check configuration') + else: + groups_rule = [not module.params['ro_group'], + not module.params['sa_group'], + not module.params['aa_group']] - if all(groups_rule): - module.fail_json(msg='At least one group must be configured') - try: - array.set_directory_service(uri=module.params['uri'], - base_dn=module.params['base_dn'], - group_base=module.params['group_base'], - bind_user=module.params['bind_user'], - bind_password=module.params['bind_password'], - readonly_group=module.params['ro_group'], - storage_admin_group=module.params['sa_group'], - array_admin_group=module.params['aa_group']) - array.set_directory_service(enabled=module.params['enable']) - changed = True - except Exception: - module.fail_json(msg='Create Directory Service failed: Check configuration') + if all(groups_rule): + module.fail_json(msg='At least one group must be configured') + try: + array.set_directory_service(uri=module.params['uri'], + base_dn=module.params['base_dn'], + group_base=module.params['group_base'], + bind_user=module.params['bind_user'], + bind_password=module.params['bind_password'], + readonly_group=module.params['ro_group'], + storage_admin_group=module.params['sa_group'], + array_admin_group=module.params['aa_group']) + array.set_directory_service(enabled=module.params['enable']) + changed = True + except Exception: + module.fail_json(msg='Create Directory Service failed: Check configuration') module.exit_json(changed=changed)