1#!/usr/bin/python 2# -*- coding: utf-8 -*- 3 4# Copyright: (c) 2018, Dag Wieers (@dagwieers) <dag@wieers.com> 5# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 6 7from __future__ import absolute_import, division, print_function 8__metaclass__ = type 9 10ANSIBLE_METADATA = {'metadata_version': '1.1', 11 'status': ['preview'], 12 'supported_by': 'community'} 13 14DOCUMENTATION = r''' 15--- 16module: mso_role 17short_description: Manage roles 18description: 19- Manage roles on Cisco ACI Multi-Site. 20author: 21- Dag Wieers (@dagwieers) 22version_added: '2.8' 23options: 24 role: 25 description: 26 - The name of the role. 27 type: str 28 required: yes 29 aliases: [ name ] 30 display_name: 31 description: 32 - The name of the role to be displayed in the web UI. 33 type: str 34 description: 35 description: 36 - The description of the role. 37 type: str 38 permissions: 39 description: 40 - A list of permissions tied to this role. 41 type: list 42 choices: 43 - backup-db 44 - manage-audit-records 45 - manage-labels 46 - manage-roles 47 - manage-schemas 48 - manage-sites 49 - manage-tenants 50 - manage-tenant-schemas 51 - manage-users 52 - platform-logs 53 - view-all-audit-records 54 - view-labels 55 - view-roles 56 - view-schemas 57 - view-sites 58 - view-tenants 59 - view-tenant-schemas 60 - view-users 61 state: 62 description: 63 - Use C(present) or C(absent) for adding or removing. 64 - Use C(query) for listing an object or multiple objects. 65 type: str 66 choices: [ absent, present, query ] 67 default: present 68extends_documentation_fragment: mso 69''' 70 71EXAMPLES = r''' 72- name: Add a new role 73 mso_role: 74 host: mso_host 75 username: admin 76 password: SomeSecretPassword 77 role: readOnly 78 display_name: Read Only 79 description: Read-only access for troubleshooting 80 permissions: 81 - view-roles 82 - view-schemas 83 - view-sites 84 - view-tenants 85 - view-tenant-schemas 86 - view-users 87 state: present 88 delegate_to: localhost 89 90- name: Remove a role 91 mso_role: 92 host: mso_host 93 username: admin 94 password: SomeSecretPassword 95 role: readOnly 96 state: absent 97 delegate_to: localhost 98 99- name: Query a role 100 mso_role: 101 host: mso_host 102 username: admin 103 password: SomeSecretPassword 104 role: readOnly 105 state: query 106 delegate_to: localhost 107 register: query_result 108 109- name: Query all roles 110 mso_role: 111 host: mso_host 112 username: admin 113 password: SomeSecretPassword 114 state: query 115 delegate_to: localhost 116 register: query_result 117''' 118 119RETURN = r''' 120''' 121 122from ansible.module_utils.basic import AnsibleModule 123from ansible.module_utils.network.aci.mso import MSOModule, mso_argument_spec, issubset 124 125 126def main(): 127 argument_spec = mso_argument_spec() 128 argument_spec.update( 129 role=dict(type='str', aliases=['name']), 130 display_name=dict(type='str'), 131 description=dict(type='str'), 132 permissions=dict(type='list', choices=[ 133 'backup-db', 134 'manage-audit-records', 135 'manage-labels', 136 'manage-roles', 137 'manage-schemas', 138 'manage-sites', 139 'manage-tenants', 140 'manage-tenant-schemas', 141 'manage-users', 142 'platform-logs', 143 'view-all-audit-records', 144 'view-labels', 145 'view-roles', 146 'view-schemas', 147 'view-sites', 148 'view-tenants', 149 'view-tenant-schemas', 150 'view-users', 151 ]), 152 state=dict(type='str', default='present', choices=['absent', 'present', 'query']), 153 ) 154 155 module = AnsibleModule( 156 argument_spec=argument_spec, 157 supports_check_mode=True, 158 required_if=[ 159 ['state', 'absent', ['role']], 160 ['state', 'present', ['role']], 161 ], 162 ) 163 164 role = module.params['role'] 165 description = module.params['description'] 166 permissions = module.params['permissions'] 167 state = module.params['state'] 168 169 mso = MSOModule(module) 170 171 role_id = None 172 path = 'roles' 173 174 # Query for existing object(s) 175 if role: 176 mso.existing = mso.get_obj(path, name=role) 177 if mso.existing: 178 role_id = mso.existing['id'] 179 # If we found an existing object, continue with it 180 path = 'roles/{id}'.format(id=role_id) 181 else: 182 mso.existing = mso.query_objs(path) 183 184 if state == 'query': 185 pass 186 187 elif state == 'absent': 188 mso.previous = mso.existing 189 if mso.existing: 190 if module.check_mode: 191 mso.existing = {} 192 else: 193 mso.existing = mso.request(path, method='DELETE') 194 195 elif state == 'present': 196 mso.previous = mso.existing 197 198 payload = dict( 199 id=role_id, 200 name=role, 201 displayName=role, 202 description=description, 203 permissions=permissions, 204 ) 205 206 mso.sanitize(payload, collate=True) 207 208 if mso.existing: 209 if not issubset(mso.sent, mso.existing): 210 if module.check_mode: 211 mso.existing = mso.proposed 212 else: 213 mso.existing = mso.request(path, method='PUT', data=mso.sent) 214 else: 215 if module.check_mode: 216 mso.existing = mso.proposed 217 else: 218 mso.existing = mso.request(path, method='POST', data=mso.sent) 219 220 mso.exit_json() 221 222 223if __name__ == "__main__": 224 main() 225