diff --git a/lib/ansible/modules/cloud/google/gcp_sql_user.py b/lib/ansible/modules/cloud/google/gcp_sql_user.py new file mode 100644 index 0000000000..b913722210 --- /dev/null +++ b/lib/ansible/modules/cloud/google/gcp_sql_user.py @@ -0,0 +1,364 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# +# Copyright (C) 2017 Google +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file at +# https://www.github.com/GoogleCloudPlatform/magic-modules +# +# ---------------------------------------------------------------------------- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +################################################################################ +# Documentation +################################################################################ + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ["preview"], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: gcp_sql_user +description: + - The Users resource represents a database user in a Cloud SQL instance. +short_description: Creates a GCP User +version_added: 2.7 +author: Google Inc. (@googlecloudplatform) +requirements: + - python >= 2.6 + - requests >= 2.18.4 + - google-auth >= 1.3.0 +options: + state: + description: + - Whether the given object should exist in GCP + choices: ['present', 'absent'] + default: 'present' + host: + description: + - The host name from which the user can connect. For insert operations, host defaults + to an empty string. For update operations, host is specified as part of the request + URL. The host name cannot be updated after insertion. + required: true + name: + description: + - The name of the user in the Cloud SQL instance. + required: true + instance: + description: + - The name of the Cloud SQL instance. This does not include the project ID. + required: true + password: + description: + - The password for the user. + required: false +extends_documentation_fragment: gcp +''' + +EXAMPLES = ''' +- name: create a instance + gcp_sql_instance: + name: "instance-user" + settings: + ip_configuration: + authorized_networks: + - name: google dns server + value: 8.8.8.8/32 + tier: db-n1-standard-1 + region: us-central1 + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present + register: instance + +- name: create a user + gcp_sql_user: + name: test-user + host: 10.1.2.3 + password: secret-password + instance: "{{ instance }}" + project: "test_project" + auth_kind: "service_account" + service_account_file: "/tmp/auth.pem" + state: present +''' + +RETURN = ''' + host: + description: + - The host name from which the user can connect. For insert operations, host defaults + to an empty string. For update operations, host is specified as part of the request + URL. The host name cannot be updated after insertion. + returned: success + type: str + name: + description: + - The name of the user in the Cloud SQL instance. + returned: success + type: str + instance: + description: + - The name of the Cloud SQL instance. This does not include the project ID. + returned: success + type: dict + password: + description: + - The password for the user. + returned: success + type: str +''' + +################################################################################ +# Imports +################################################################################ + +from ansible.module_utils.gcp_utils import navigate_hash, GcpSession, GcpModule, GcpRequest, replace_resource_dict +import json +import time + +################################################################################ +# Main +################################################################################ + + +def main(): + """Main function""" + + module = GcpModule( + argument_spec=dict( + state=dict(default='present', choices=['present', 'absent'], type='str'), + host=dict(required=True, type='str'), + name=dict(required=True, type='str'), + instance=dict(required=True, type='dict'), + password=dict(type='str') + ) + ) + + if not module.params['scopes']: + module.params['scopes'] = ['https://www.googleapis.com/auth/sqlservice.admin'] + + state = module.params['state'] + kind = 'sql#user' + + fetch = fetch_wrapped_resource(module, 'sql#user', + 'sql#usersList', + 'items') + changed = False + + if fetch: + if state == 'present': + if is_different(module, fetch): + fetch = update(module, self_link(module), kind) + changed = True + else: + delete(module, self_link(module), kind) + fetch = {} + changed = True + else: + if state == 'present': + fetch = create(module, collection(module), kind) + changed = True + else: + fetch = {} + + fetch.update({'changed': changed}) + + module.exit_json(**fetch) + + +def create(module, link, kind): + auth = GcpSession(module, 'sql') + return wait_for_operation(module, auth.post(link, resource_to_request(module))) + + +def update(module, link, kind): + auth = GcpSession(module, 'sql') + return wait_for_operation(module, auth.put(link, resource_to_request(module))) + + +def delete(module, link, kind): + auth = GcpSession(module, 'sql') + return wait_for_operation(module, auth.delete(link)) + + +def resource_to_request(module): + request = { + u'kind': 'sql#user', + u'password': module.params.get('password'), + u'host': module.params.get('host'), + u'name': module.params.get('name') + } + return_vals = {} + for k, v in request.items(): + if v: + return_vals[k] = v + + return return_vals + + +def unwrap_resource_filter(module): + return { + 'host': module.params['host'], + 'name': module.params['name'] + } + + +def unwrap_resource(result, module): + query_predicate = unwrap_resource_filter(module) + matched_items = [] + for item in result: + if all(item[k] == query_predicate[k] for k in query_predicate.keys()): + matched_items.append(item) + if len(matched_items) > 1: + module.fail_json(msg="More than 1 result found: %s" % matched_items) + + if matched_items: + return matched_items[0] + else: + return None + + +def fetch_resource(module, link, kind): + auth = GcpSession(module, 'sql') + return return_if_object(module, auth.get(link), kind) + + +def fetch_wrapped_resource(module, kind, wrap_kind, wrap_path): + result = fetch_resource(module, self_link(module), wrap_kind) + if result is None or wrap_path not in result: + return None + + result = unwrap_resource(result[wrap_path], module) + + if result is None: + return None + + if result['kind'] != kind: + module.fail_json(msg="Incorrect result: {kind}".format(**result)) + + return result + + +def self_link(module): + res = { + 'project': module.params['project'], + 'instance': replace_resource_dict(module.params['instance'], 'name'), + 'name': module.params['name'], + 'host': module.params['host'] + } + return "https://www.googleapis.com/sql/v1beta4/projects/{project}/instances/{instance}/users?name={name}&host={host}".format(**res) + + +def collection(module): + res = { + 'project': module.params['project'], + 'instance': replace_resource_dict(module.params['instance'], 'name') + } + return "https://www.googleapis.com/sql/v1beta4/projects/{project}/instances/{instance}/users".format(**res) + + +def return_if_object(module, response, kind): + # If not found, return nothing. + if response.status_code == 404: + return None + + # If no content, return nothing. + if response.status_code == 204: + return None + + # SQL only: return on 403 if not exist + if response.status_code == 403: + return None + + try: + result = response.json() + except getattr(json.decoder, 'JSONDecodeError', ValueError) as inst: + module.fail_json(msg="Invalid JSON response with error: %s" % inst) + + if navigate_hash(result, ['error', 'errors']): + module.fail_json(msg=navigate_hash(result, ['error', 'errors'])) + if result['kind'] != kind: + module.fail_json(msg="Incorrect result: {kind}".format(**result)) + + return result + + +def is_different(module, response): + request = resource_to_request(module) + response = response_to_hash(module, response) + + # Remove all output-only from response. + response_vals = {} + for k, v in response.items(): + if k in request: + response_vals[k] = v + + request_vals = {} + for k, v in request.items(): + if k in response: + request_vals[k] = v + + return GcpRequest(request_vals) != GcpRequest(response_vals) + + +# Remove unnecessary properties from the response. +# This is for doing comparisons with Ansible's current parameters. +def response_to_hash(module, response): + return { + u'host': response.get(u'host'), + u'name': response.get(u'name') + } + + +def async_op_url(module, extra_data=None): + if extra_data is None: + extra_data = {} + url = "https://www.googleapis.com/sql/v1beta4/projects/{project}/operations/{op_id}" + combined = extra_data.copy() + combined.update(module.params) + return url.format(**combined) + + +def wait_for_operation(module, response): + op_result = return_if_object(module, response, 'sql#operation') + if op_result is None: + return {} + status = navigate_hash(op_result, ['status']) + wait_for_completion(status, op_result, module) + return fetch_wrapped_resource(module, 'sql#user', 'sql#usersList', 'items') + + +def wait_for_completion(status, op_result, module): + op_id = navigate_hash(op_result, ['name']) + op_uri = async_op_url(module, {'op_id': op_id}) + while status != 'DONE': + raise_if_errors(op_result, ['error', 'errors'], 'message') + time.sleep(1.0) + if status not in ['PENDING', 'RUNNING', 'DONE']: + module.fail_json(msg="Invalid result %s" % status) + op_result = fetch_resource(module, op_uri, 'sql#operation') + status = navigate_hash(op_result, ['status']) + return op_result + + +def raise_if_errors(response, err_path, module): + errors = navigate_hash(response, err_path) + if errors is not None: + module.fail_json(msg=errors) + + +if __name__ == '__main__': + main() diff --git a/test/integration/targets/gcp_sql_user/aliases b/test/integration/targets/gcp_sql_user/aliases new file mode 100644 index 0000000000..9812f019ca --- /dev/null +++ b/test/integration/targets/gcp_sql_user/aliases @@ -0,0 +1,2 @@ +cloud/gcp +unsupported diff --git a/test/integration/targets/gcp_sql_user/defaults/main.yml b/test/integration/targets/gcp_sql_user/defaults/main.yml new file mode 100644 index 0000000000..aa87a2a8e0 --- /dev/null +++ b/test/integration/targets/gcp_sql_user/defaults/main.yml @@ -0,0 +1,3 @@ +--- +# defaults file +resource_name: '{{resource_prefix}}' diff --git a/test/integration/targets/gcp_sql_user/meta/main.yml b/test/integration/targets/gcp_sql_user/meta/main.yml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/test/integration/targets/gcp_sql_user/tasks/main.yml b/test/integration/targets/gcp_sql_user/tasks/main.yml new file mode 100644 index 0000000000..4cc772c771 --- /dev/null +++ b/test/integration/targets/gcp_sql_user/tasks/main.yml @@ -0,0 +1,155 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file at +# https://www.github.com/GoogleCloudPlatform/magic-modules +# +# ---------------------------------------------------------------------------- +# Pre-test setup +- name: create a instance + gcp_sql_instance: + name: "instance-user" + settings: + ip_configuration: + authorized_networks: + - name: google dns server + value: 8.8.8.8/32 + tier: db-n1-standard-1 + region: us-central1 + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present + register: instance +- name: delete a user + gcp_sql_user: + name: test-user + host: 10.1.2.3 + password: secret-password + instance: "{{ instance }}" + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: absent +#---------------------------------------------------------- +- name: create a user + gcp_sql_user: + name: test-user + host: 10.1.2.3 + password: secret-password + instance: "{{ instance }}" + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present + register: result +- name: assert changed is true + assert: + that: + - result.changed == true + - "result.kind == 'sql#user'" +- name: verify that user was created + gcp_sql_user_facts: + filters: + - name = test-user + instance: {{ instance }} + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + scopes: + - https://www.googleapis.com/auth/sqlservice.admin + register: results +- name: verify that command succeeded + assert: + that: + - results['items'] | length == 1 +# ---------------------------------------------------------------------------- +- name: create a user that already exists + gcp_sql_user: + name: test-user + host: 10.1.2.3 + password: secret-password + instance: "{{ instance }}" + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: present + register: result +- name: assert changed is false + assert: + that: + - result.changed == false + - "result.kind == 'sql#user'" +#---------------------------------------------------------- +- name: delete a user + gcp_sql_user: + name: test-user + host: 10.1.2.3 + password: secret-password + instance: "{{ instance }}" + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: absent + register: result +- name: assert changed is true + assert: + that: + - result.changed == true + - result.has_key('kind') == False +- name: verify that user was deleted + gcp_sql_user_facts: + filters: + - name = test-user + instance: {{ instance }} + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + scopes: + - https://www.googleapis.com/auth/sqlservice.admin + register: results +- name: verify that command succeeded + assert: + that: + - results['items'] | length == 0 +# ---------------------------------------------------------------------------- +- name: delete a user that does not exist + gcp_sql_user: + name: test-user + host: 10.1.2.3 + password: secret-password + instance: "{{ instance }}" + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: absent + register: result +- name: assert changed is false + assert: + that: + - result.changed == false + - result.has_key('kind') == False +#--------------------------------------------------------- +# Post-test teardown +- name: delete a instance + gcp_sql_instance: + name: "instance-user" + settings: + ip_configuration: + authorized_networks: + - name: google dns server + value: 8.8.8.8/32 + tier: db-n1-standard-1 + region: us-central1 + project: "{{ gcp_project }}" + auth_kind: "{{ gcp_cred_kind }}" + service_account_file: "{{ gcp_cred_file }}" + state: absent + register: instance